JavaScript admin.groupSetS3ServerSideEncryptionKmsKey

admin:group-set-s3-server-side-encryption-kms-key

admin:group-set-s3-server-side-encryption-kms-key(
   $config as element(configuration),
   $group-id as xs:unsignedLong,
   $key as xs:string
) as element(configuration)

Summary

This function sets the KMS key that is used by server side encryption for data at rest on the simple storage service. This key will only be used when the server side encryption method is "aws:kms".

Parameters
config	A configuration specification, typically as returned from one of the Admin module functions.
group-id	The ID of the group. Typically, this is the result of an `admin:group-get-id` call.
key	A string specifying the key that will be used by "aws:kms" server side encryption. This key can be the ID or ARN of the encryption key you want to use. You can set this parameter to empty to use the default encryption key, typically named aws/ebs in the S3 bucket region. If the server side encryption method is not "aws:kms", this key will be ignored.

Required Privileges

This operation requires at least one of the following privileges:

http://marklogic.com/xdmp/privileges/admin/group-security

http://marklogic.com/xdmp/privileges/admin/group-security/{id}

Usage Notes

An encryption key will not be transferred out of the region where it is created. Therefore, you cannot use an encryption key that is in a different region from the S3 bucket.

Example


  xquery version "1.0-ml";

  import module namespace admin = "http://marklogic.com/xdmp/admin"
		  at "/MarkLogic/admin.xqy";

  let $config := admin:get-configuration()
  let $groupid := admin:group-get-id($config, "Default")
  return admin:group-set-s3-server-side-encryption-kms-key($config, $groupid, "f4cefc8d-f64d-4fd1-8e93-064db9c26968")

  (: returns the new configuration element -- use admin:save-configuration
     to save the changes to the configuration or pass the configuration
     to other Admin API functions to make other changes.  :)