Interface OnlineStoreSecurityConfig.Builder

All Superinterfaces:
Buildable, CopyableBuilder<OnlineStoreSecurityConfig.Builder,OnlineStoreSecurityConfig>, SdkBuilder<OnlineStoreSecurityConfig.Builder,OnlineStoreSecurityConfig>, SdkPojo
Enclosing class:
OnlineStoreSecurityConfig
@Mutable @NotThreadSafe public static interface OnlineStoreSecurityConfig.Builder extends SdkPojo, CopyableBuilder<OnlineStoreSecurityConfig.Builder,OnlineStoreSecurityConfig>

  • Method Details

    • kmsKeyId

      OnlineStoreSecurityConfig.Builder kmsKeyId(String kmsKeyId)

      The Amazon Web Services Key Management Service (KMS) key ARN that SageMaker Feature Store uses to encrypt the Amazon S3 objects at rest using Amazon S3 server-side encryption.

      The caller (either user or IAM role) of CreateFeatureGroup must have below permissions to the OnlineStore KmsKeyId:

      • "kms:Encrypt"

      • "kms:Decrypt"

      • "kms:DescribeKey"

      • "kms:CreateGrant"

      • "kms:RetireGrant"

      • "kms:ReEncryptFrom"

      • "kms:ReEncryptTo"

      • "kms:GenerateDataKey"

      • "kms:ListAliases"

      • "kms:ListGrants"

      • "kms:RevokeGrant"

      The caller (either user or IAM role) to all DataPlane operations (PutRecord, GetRecord, DeleteRecord) must have the following permissions to the KmsKeyId:

      • "kms:Decrypt"

      Parameters:
      kmsKeyId - The Amazon Web Services Key Management Service (KMS) key ARN that SageMaker Feature Store uses to encrypt the Amazon S3 objects at rest using Amazon S3 server-side encryption.

      The caller (either user or IAM role) of CreateFeatureGroup must have below permissions to the OnlineStore KmsKeyId:

      • "kms:Encrypt"

      • "kms:Decrypt"

      • "kms:DescribeKey"

      • "kms:CreateGrant"

      • "kms:RetireGrant"

      • "kms:ReEncryptFrom"

      • "kms:ReEncryptTo"

      • "kms:GenerateDataKey"

      • "kms:ListAliases"

      • "kms:ListGrants"

      • "kms:RevokeGrant"

      The caller (either user or IAM role) to all DataPlane operations (PutRecord, GetRecord, DeleteRecord) must have the following permissions to the KmsKeyId:

      • "kms:Decrypt"

      Returns:
      Returns a reference to this object so that method calls can be chained together.