aws_dbesdk_dynamodb.encrypted.resource

High-level helper classes to provide encrypting wrappers for boto3 DynamoDB resources.

Classes

`EncryptedResource`(*, resource, encryption_config)	Wrapper for a boto3 DynamoDB resource.
`EncryptedTablesCollectionManager`(*, ...)	Collection manager that yields EncryptedTable objects.

class aws_dbesdk_dynamodb.encrypted.resource.EncryptedTablesCollectionManager(*, collection: CollectionManager, encryption_config: DynamoDbTablesEncryptionConfig)

Bases: EncryptedBotoInterface

Collection manager that yields EncryptedTable objects.

The API matches boto3’s tables collection manager interface:

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/service-resource/tables.html

All operations on this class will yield EncryptedTable objects.

Create an EncryptedTablesCollectionManager object.

Parameters:

collection (CollectionManager) – Pre-configured boto3 DynamoDB table collection manager
encryption_config (DynamoDbTablesEncryptionConfig) – Initialized DynamoDbTablesEncryptionConfig

__init__(*, collection: CollectionManager, encryption_config: DynamoDbTablesEncryptionConfig)

Create an EncryptedTablesCollectionManager object.

Parameters:

collection (CollectionManager) – Pre-configured boto3 DynamoDB table collection manager
encryption_config (DynamoDbTablesEncryptionConfig) – Initialized DynamoDbTablesEncryptionConfig

all() → Generator[EncryptedTable, None, None]

Create an iterable of all EncryptedTable resources in the collection.

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/service-resource/tables.html#DynamoDB.ServiceResource.all

Returns:: An iterable of EncryptedTable objects
Return type:: Generator[EncryptedTable, None, None]

filter(**kwargs) → Generator[EncryptedTable, None, None]

Create an iterable of all EncryptedTable resources in the collection filtered by kwargs passed to method.

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/service-resource/tables.html#filter

Returns:: An iterable of EncryptedTable objects
Return type:: Generator[EncryptedTable, None, None]

limit(**kwargs) → Generator[EncryptedTable, None, None]

Create an iterable of all EncryptedTable resources in the collection filtered by kwargs passed to method.

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/service-resource/tables.html#limit

Returns:: An iterable of EncryptedTable objects
Return type:: Generator[EncryptedTable, None, None]

page_size(**kwargs) → Generator[EncryptedTable, None, None]

Create an iterable of all EncryptedTable resources in the collection.

This limits the number of items returned by each service call by the specified amount.

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/service-resource/tables.html#page_size

Returns:: An iterable of EncryptedTable objects
Return type:: Generator[EncryptedTable, None, None]

class aws_dbesdk_dynamodb.encrypted.resource.EncryptedResource(*, resource: ServiceResource, encryption_config: DynamoDbTablesEncryptionConfig)

Bases: EncryptedBotoInterface

Wrapper for a boto3 DynamoDB resource.

This class implements the complete boto3 DynamoDB resource API, allowing it to serve as a drop-in replacement that transparently handles encryption and decryption of items.

The API matches the standard boto3 DynamoDB resource interface:

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/service-resource/index.html

This class will encrypt/decrypt items for the following operations:

batch_get_item

batch_write_item

Calling Table() will return an EncryptedTable object.

Any other operations on this class will defer to the underlying boto3 DynamoDB resource’s implementation and will not be encrypted/decrypted.

Create an EncryptedResource object.

Parameters:

resource (ServiceResource) – Initialized boto3 DynamoDB resource
encryption_config (DynamoDbTablesEncryptionConfig) – Initialized DynamoDbTablesEncryptionConfig

__init__(*, resource: ServiceResource, encryption_config: DynamoDbTablesEncryptionConfig)

Create an EncryptedResource object.

Parameters:

resource (ServiceResource) – Initialized boto3 DynamoDB resource
encryption_config (DynamoDbTablesEncryptionConfig) – Initialized DynamoDbTablesEncryptionConfig

Table(name)

Create an EncryptedTable resource.

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/service-resource/Table.html

Parameters:: name (str) – The EncryptedTable’s name identifier. This must be set.
Returns:: An EncryptedTable resource
Return type:: EncryptedTable

batch_get_item(**kwargs)

Get multiple items from one or more tables. Decrypts any returned items.

The input and output syntaxes match those for the boto3 DynamoDB resource batch_get_item API:

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/service-resource/batch_get_item.html

Parameters:: **kwargs – Keyword arguments to pass to the operation. These match the boto3 resource batch_get_item request syntax.
Returns:: The response from DynamoDB. This matches the boto3 resource batch_get_item response syntax. The "Responses" field will be decrypted locally after being read from DynamoDB.
Return type:: dict

batch_write_item(**kwargs)

Put or delete multiple items in one or more tables.

For put operations, encrypts items before writing.

The input and output syntaxes match those for the boto3 DynamoDB resource batch_write_item API:

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/service-resource/batch_write_item.html

Parameters:: **kwargs – Keyword arguments to pass to the operation. These match the boto3 resource batch_write_item request syntax. Any "PutRequest" values in the "RequestItems" argument will be encrypted locally before being written to DynamoDB.
Returns:: The response from DynamoDB. This matches the boto3 resource batch_write_item response syntax.
Return type:: dict