amazonka-qldb-2.0: gen/Amazonka/QLDB/Types/LedgerEncryptionDescription.hs
{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-- Derived from AWS service descriptions, licensed under Apache 2.0.
-- |
-- Module : Amazonka.QLDB.Types.LedgerEncryptionDescription
-- Copyright : (c) 2013-2023 Brendan Hay
-- License : Mozilla Public License, v. 2.0.
-- Maintainer : Brendan Hay
-- Stability : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.QLDB.Types.LedgerEncryptionDescription where
import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude
import Amazonka.QLDB.Types.EncryptionStatus
-- | Information about the encryption of data at rest in an Amazon QLDB
-- ledger. This includes the current status, the key in Key Management
-- Service (KMS), and when the key became inaccessible (in the case of an
-- error).
--
-- For more information, see
-- <https://docs.aws.amazon.com/qldb/latest/developerguide/encryption-at-rest.html Encryption at rest>
-- in the /Amazon QLDB Developer Guide/.
--
-- /See:/ 'newLedgerEncryptionDescription' smart constructor.
data LedgerEncryptionDescription = LedgerEncryptionDescription'
{ -- | The date and time, in epoch time format, when the KMS key first became
-- inaccessible, in the case of an error. (Epoch time format is the number
-- of seconds that have elapsed since 12:00:00 AM January 1, 1970 UTC.)
--
-- This parameter is undefined if the KMS key is accessible.
inaccessibleKmsKeyDateTime :: Prelude.Maybe Data.POSIX,
-- | The Amazon Resource Name (ARN) of the customer managed KMS key that the
-- ledger uses for encryption at rest. If this parameter is undefined, the
-- ledger uses an Amazon Web Services owned KMS key for encryption.
kmsKeyArn :: Prelude.Text,
-- | The current state of encryption at rest for the ledger. This can be one
-- of the following values:
--
-- - @ENABLED@: Encryption is fully enabled using the specified key.
--
-- - @UPDATING@: The ledger is actively processing the specified key
-- change.
--
-- Key changes in QLDB are asynchronous. The ledger is fully accessible
-- without any performance impact while the key change is being
-- processed. The amount of time it takes to update a key varies
-- depending on the ledger size.
--
-- - @KMS_KEY_INACCESSIBLE@: The specified customer managed KMS key is
-- not accessible, and the ledger is impaired. Either the key was
-- disabled or deleted, or the grants on the key were revoked. When a
-- ledger is impaired, it is not accessible and does not accept any
-- read or write requests.
--
-- An impaired ledger automatically returns to an active state after
-- you restore the grants on the key, or re-enable the key that was
-- disabled. However, deleting a customer managed KMS key is
-- irreversible. After a key is deleted, you can no longer access the
-- ledgers that are protected with that key, and the data becomes
-- unrecoverable permanently.
encryptionStatus :: EncryptionStatus
}
deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
-- |
-- Create a value of 'LedgerEncryptionDescription' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'inaccessibleKmsKeyDateTime', 'ledgerEncryptionDescription_inaccessibleKmsKeyDateTime' - The date and time, in epoch time format, when the KMS key first became
-- inaccessible, in the case of an error. (Epoch time format is the number
-- of seconds that have elapsed since 12:00:00 AM January 1, 1970 UTC.)
--
-- This parameter is undefined if the KMS key is accessible.
--
-- 'kmsKeyArn', 'ledgerEncryptionDescription_kmsKeyArn' - The Amazon Resource Name (ARN) of the customer managed KMS key that the
-- ledger uses for encryption at rest. If this parameter is undefined, the
-- ledger uses an Amazon Web Services owned KMS key for encryption.
--
-- 'encryptionStatus', 'ledgerEncryptionDescription_encryptionStatus' - The current state of encryption at rest for the ledger. This can be one
-- of the following values:
--
-- - @ENABLED@: Encryption is fully enabled using the specified key.
--
-- - @UPDATING@: The ledger is actively processing the specified key
-- change.
--
-- Key changes in QLDB are asynchronous. The ledger is fully accessible
-- without any performance impact while the key change is being
-- processed. The amount of time it takes to update a key varies
-- depending on the ledger size.
--
-- - @KMS_KEY_INACCESSIBLE@: The specified customer managed KMS key is
-- not accessible, and the ledger is impaired. Either the key was
-- disabled or deleted, or the grants on the key were revoked. When a
-- ledger is impaired, it is not accessible and does not accept any
-- read or write requests.
--
-- An impaired ledger automatically returns to an active state after
-- you restore the grants on the key, or re-enable the key that was
-- disabled. However, deleting a customer managed KMS key is
-- irreversible. After a key is deleted, you can no longer access the
-- ledgers that are protected with that key, and the data becomes
-- unrecoverable permanently.
newLedgerEncryptionDescription ::
-- | 'kmsKeyArn'
Prelude.Text ->
-- | 'encryptionStatus'
EncryptionStatus ->
LedgerEncryptionDescription
newLedgerEncryptionDescription
pKmsKeyArn_
pEncryptionStatus_ =
LedgerEncryptionDescription'
{ inaccessibleKmsKeyDateTime =
Prelude.Nothing,
kmsKeyArn = pKmsKeyArn_,
encryptionStatus = pEncryptionStatus_
}
-- | The date and time, in epoch time format, when the KMS key first became
-- inaccessible, in the case of an error. (Epoch time format is the number
-- of seconds that have elapsed since 12:00:00 AM January 1, 1970 UTC.)
--
-- This parameter is undefined if the KMS key is accessible.
ledgerEncryptionDescription_inaccessibleKmsKeyDateTime :: Lens.Lens' LedgerEncryptionDescription (Prelude.Maybe Prelude.UTCTime)
ledgerEncryptionDescription_inaccessibleKmsKeyDateTime = Lens.lens (\LedgerEncryptionDescription' {inaccessibleKmsKeyDateTime} -> inaccessibleKmsKeyDateTime) (\s@LedgerEncryptionDescription' {} a -> s {inaccessibleKmsKeyDateTime = a} :: LedgerEncryptionDescription) Prelude.. Lens.mapping Data._Time
-- | The Amazon Resource Name (ARN) of the customer managed KMS key that the
-- ledger uses for encryption at rest. If this parameter is undefined, the
-- ledger uses an Amazon Web Services owned KMS key for encryption.
ledgerEncryptionDescription_kmsKeyArn :: Lens.Lens' LedgerEncryptionDescription Prelude.Text
ledgerEncryptionDescription_kmsKeyArn = Lens.lens (\LedgerEncryptionDescription' {kmsKeyArn} -> kmsKeyArn) (\s@LedgerEncryptionDescription' {} a -> s {kmsKeyArn = a} :: LedgerEncryptionDescription)
-- | The current state of encryption at rest for the ledger. This can be one
-- of the following values:
--
-- - @ENABLED@: Encryption is fully enabled using the specified key.
--
-- - @UPDATING@: The ledger is actively processing the specified key
-- change.
--
-- Key changes in QLDB are asynchronous. The ledger is fully accessible
-- without any performance impact while the key change is being
-- processed. The amount of time it takes to update a key varies
-- depending on the ledger size.
--
-- - @KMS_KEY_INACCESSIBLE@: The specified customer managed KMS key is
-- not accessible, and the ledger is impaired. Either the key was
-- disabled or deleted, or the grants on the key were revoked. When a
-- ledger is impaired, it is not accessible and does not accept any
-- read or write requests.
--
-- An impaired ledger automatically returns to an active state after
-- you restore the grants on the key, or re-enable the key that was
-- disabled. However, deleting a customer managed KMS key is
-- irreversible. After a key is deleted, you can no longer access the
-- ledgers that are protected with that key, and the data becomes
-- unrecoverable permanently.
ledgerEncryptionDescription_encryptionStatus :: Lens.Lens' LedgerEncryptionDescription EncryptionStatus
ledgerEncryptionDescription_encryptionStatus = Lens.lens (\LedgerEncryptionDescription' {encryptionStatus} -> encryptionStatus) (\s@LedgerEncryptionDescription' {} a -> s {encryptionStatus = a} :: LedgerEncryptionDescription)
instance Data.FromJSON LedgerEncryptionDescription where
parseJSON =
Data.withObject
"LedgerEncryptionDescription"
( \x ->
LedgerEncryptionDescription'
Prelude.<$> (x Data..:? "InaccessibleKmsKeyDateTime")
Prelude.<*> (x Data..: "KmsKeyArn")
Prelude.<*> (x Data..: "EncryptionStatus")
)
instance Prelude.Hashable LedgerEncryptionDescription where
hashWithSalt _salt LedgerEncryptionDescription' {..} =
_salt
`Prelude.hashWithSalt` inaccessibleKmsKeyDateTime
`Prelude.hashWithSalt` kmsKeyArn
`Prelude.hashWithSalt` encryptionStatus
instance Prelude.NFData LedgerEncryptionDescription where
rnf LedgerEncryptionDescription' {..} =
Prelude.rnf inaccessibleKmsKeyDateTime
`Prelude.seq` Prelude.rnf kmsKeyArn
`Prelude.seq` Prelude.rnf encryptionStatus