Google Git
Sign in
apache / druid-website-src / refs/heads/33.0.0 / . / published_versions / assets / js / 694a9a02.68d1f3b9.js
blob: 99fe5a4bdfb5f08e9994e03b86ddc0715dac1b2b [file] [log] [blame]
"use strict";(self.webpackChunk=self.webpackChunk||[]).push([[1993],{28453:(e,s,n)=>{n.d(s,{R:()=>d,x:()=>o});var i=n(96540);const r={},t=i.createContext(r);function d(e){const s=i.useContext(t);return i.useMemo((function(){return"function"==typeof e?e(s):{...s,...e}}),[s,e])}function o(e){let s;return s=e.disableParentContext?"function"==typeof e.components?e.components(r):e.components||r:d(e.components),i.createElement(t.Provider,{value:s},e.children)}},35721:(e,s,n)=>{n.r(s),n.d(s,{assets:()=>c,contentTitle:()=>o,default:()=>h,frontMatter:()=>d,metadata:()=>i,toc:()=>l});const i=JSON.parse('{"id":"development/extensions-core/s3","title":"S3-compatible","description":"\x3c!--","source":"@site/docs/33.0.0/development/extensions-core/s3.md","sourceDirName":"development/extensions-core","slug":"/development/extensions-core/s3","permalink":"/docs/33.0.0/development/extensions-core/s3","draft":false,"unlisted":false,"tags":[],"version":"current","frontMatter":{"id":"s3","title":"S3-compatible"}}');var r=n(74848),t=n(28453);const d={id:"s3",title:"S3-compatible"},o=void 0,c={},l=[{value:"S3 extension",id:"s3-extension",level:2},{value:"Reading data from S3",id:"reading-data-from-s3",level:3},{value:"Deep Storage",id:"deep-storage",level:3},{value:"Deep storage specific configuration",id:"deep-storage-specific-configuration",level:4},{value:"Configuration",id:"configuration",level:2},{value:"S3 authentication methods",id:"s3-authentication-methods",level:3},{value:"S3 permissions settings",id:"s3-permissions-settings",level:3},{value:"ACL permissions",id:"acl-permissions",level:4},{value:"Object Ownership permissions",id:"object-ownership-permissions",level:4},{value:"AWS region",id:"aws-region",level:3},{value:"Connecting to S3 configuration",id:"connecting-to-s3-configuration",level:3},{value:"Server-side encryption",id:"server-side-encryption",level:2}];function a(e){const s={a:"a",code:"code",em:"em",h2:"h2",h3:"h3",h4:"h4",li:"li",p:"p",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",ul:"ul",...(0,t.R)(),...e.components};return(0,r.jsxs)(r.Fragment,{children:[(0,r.jsx)(s.h2,{id:"s3-extension",children:"S3 extension"}),"\n",(0,r.jsx)(s.p,{children:"This extension allows you to do 2 things:"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:[(0,r.jsx)(s.a,{href:"#reading-data-from-s3",children:"Ingest data"})," from files stored in S3."]}),"\n",(0,r.jsxs)(s.li,{children:["Write segments to ",(0,r.jsx)(s.a,{href:"#deep-storage",children:"deep storage"})," in S3."]}),"\n"]}),"\n",(0,r.jsxs)(s.p,{children:["To use this Apache Druid extension, ",(0,r.jsx)(s.a,{href:"/docs/33.0.0/configuration/extensions#loading-extensions",children:"include"})," ",(0,r.jsx)(s.code,{children:"druid-s3-extensions"})," in the extensions load list."]}),"\n",(0,r.jsx)(s.h3,{id:"reading-data-from-s3",children:"Reading data from S3"}),"\n",(0,r.jsxs)(s.p,{children:["Use a native batch ",(0,r.jsx)(s.a,{href:"/docs/33.0.0/ingestion/native-batch",children:"Parallel task"})," with an ",(0,r.jsx)(s.a,{href:"/docs/33.0.0/ingestion/input-sources#s3-input-source",children:"S3 input source"})," to read objects directly from S3."]}),"\n",(0,r.jsxs)(s.p,{children:["Alternatively, use a ",(0,r.jsx)(s.a,{href:"/docs/33.0.0/ingestion/hadoop",children:"Hadoop task"}),",\nand specify S3 paths in your ",(0,r.jsx)(s.a,{href:"/docs/33.0.0/ingestion/hadoop#inputspec",children:(0,r.jsx)(s.code,{children:"inputSpec"})}),"."]}),"\n",(0,r.jsxs)(s.p,{children:["To read objects from S3, you must supply ",(0,r.jsx)(s.a,{href:"#configuration",children:"connection information"})," in configuration."]}),"\n",(0,r.jsx)(s.h3,{id:"deep-storage",children:"Deep Storage"}),"\n",(0,r.jsx)(s.p,{children:"S3-compatible deep storage means either Amazon S3 or a compatible service like Google Storage which exposes the same API as S3."}),"\n",(0,r.jsxs)(s.p,{children:["S3 deep storage needs to be explicitly enabled by setting ",(0,r.jsx)(s.code,{children:"druid.storage.type=s3"}),". ",(0,r.jsx)(s.strong,{children:"Only after setting the storage type to S3 will any of the settings below take effect."})]}),"\n",(0,r.jsxs)(s.p,{children:["To use S3 for Deep Storage, you must supply ",(0,r.jsx)(s.a,{href:"#configuration",children:"connection information"})," in configuration ",(0,r.jsx)(s.em,{children:"and"})," set additional configuration, specific for ",(0,r.jsx)(s.a,{href:"#deep-storage-specific-configuration",children:"Deep Storage"}),"."]}),"\n",(0,r.jsx)(s.h4,{id:"deep-storage-specific-configuration",children:"Deep storage specific configuration"}),"\n",(0,r.jsxs)(s.table,{children:[(0,r.jsx)(s.thead,{children:(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.th,{children:"Property"}),(0,r.jsx)(s.th,{children:"Description"}),(0,r.jsx)(s.th,{children:"Default"})]})}),(0,r.jsxs)(s.tbody,{children:[(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"druid.storage.bucket"})}),(0,r.jsx)(s.td,{children:"Bucket to store in."}),(0,r.jsx)(s.td,{children:"Must be set."})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"druid.storage.baseKey"})}),(0,r.jsx)(s.td,{children:"A prefix string that will be prepended to the object names for the segments published to S3 deep storage"}),(0,r.jsx)(s.td,{children:"Must be set."})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"druid.storage.type"})}),(0,r.jsxs)(s.td,{children:["Global deep storage provider. Must be set to ",(0,r.jsx)(s.code,{children:"s3"})," to make use of this extension."]}),(0,r.jsxs)(s.td,{children:["Must be set (likely ",(0,r.jsx)(s.code,{children:"s3"}),")."]})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"druid.storage.disableAcl"})}),(0,r.jsxs)(s.td,{children:["Boolean flag for how object permissions are handled. To use ACLs, set this property to ",(0,r.jsx)(s.code,{children:"false"}),". To use Object Ownership, set it to ",(0,r.jsx)(s.code,{children:"true"}),". The permission requirements for ACLs and Object Ownership are different. For more information, see ",(0,r.jsx)(s.a,{href:"#s3-permissions-settings",children:"S3 permissions settings"}),"."]}),(0,r.jsx)(s.td,{children:"false"})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"druid.storage.useS3aSchema"})}),(0,r.jsx)(s.td,{children:'If true, use the "s3a" filesystem when using Hadoop-based ingestion. If false, the "s3n" filesystem will be used. Only affects Hadoop-based ingestion.'}),(0,r.jsx)(s.td,{children:"false"})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"druid.storage.transfer.useTransferManager"})}),(0,r.jsx)(s.td,{children:"If true, use AWS S3 Transfer Manager to upload segments to S3."}),(0,r.jsx)(s.td,{children:"true"})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"druid.storage.transfer.minimumUploadPartSize"})}),(0,r.jsx)(s.td,{children:"Minimum size (in bytes) of each part in a multipart upload."}),(0,r.jsx)(s.td,{children:"20971520 (20 MB)"})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"druid.storage.transfer.multipartUploadThreshold"})}),(0,r.jsx)(s.td,{children:"The file size threshold (in bytes) above which a file upload is converted into a multipart upload instead of a single PUT request."}),(0,r.jsx)(s.td,{children:"20971520 (20 MB)"})]})]})]}),"\n",(0,r.jsx)(s.h2,{id:"configuration",children:"Configuration"}),"\n",(0,r.jsx)(s.h3,{id:"s3-authentication-methods",children:"S3 authentication methods"}),"\n",(0,r.jsxs)(s.p,{children:["You can provide credentials to connect to S3 in a number of ways, whether for ",(0,r.jsx)(s.a,{href:"#deep-storage",children:"deep storage"})," or as an ",(0,r.jsx)(s.a,{href:"#reading-data-from-s3",children:"ingestion source"}),"."]}),"\n",(0,r.jsxs)(s.p,{children:["The configuration options are listed in order of precedence. For example, if you would like to use profile information given in ",(0,r.jsx)(s.code,{children:"~/.aws/credentials"}),", do not set ",(0,r.jsx)(s.code,{children:"druid.s3.accessKey"})," and ",(0,r.jsx)(s.code,{children:"druid.s3.secretKey"})," in your Druid config file because they would take precedence."]}),"\n",(0,r.jsxs)(s.table,{children:[(0,r.jsx)(s.thead,{children:(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.th,{children:"order"}),(0,r.jsx)(s.th,{children:"type"}),(0,r.jsx)(s.th,{children:"details"})]})}),(0,r.jsxs)(s.tbody,{children:[(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:"1"}),(0,r.jsx)(s.td,{children:"Druid config file"}),(0,r.jsxs)(s.td,{children:["Based on your runtime.properties if it contains values ",(0,r.jsx)(s.code,{children:"druid.s3.accessKey"})," and ",(0,r.jsx)(s.code,{children:"druid.s3.secretKey"})]})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:"2"}),(0,r.jsx)(s.td,{children:"Custom properties file"}),(0,r.jsxs)(s.td,{children:["Based on custom properties file where you can supply ",(0,r.jsx)(s.code,{children:"sessionToken"}),", ",(0,r.jsx)(s.code,{children:"accessKey"})," and ",(0,r.jsx)(s.code,{children:"secretKey"})," values. This file is provided to Druid through ",(0,r.jsx)(s.code,{children:"druid.s3.fileSessionCredentials"})," properties"]})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:"3"}),(0,r.jsx)(s.td,{children:"Environment variables"}),(0,r.jsxs)(s.td,{children:["Based on environment variables ",(0,r.jsx)(s.code,{children:"AWS_ACCESS_KEY_ID"})," and ",(0,r.jsx)(s.code,{children:"AWS_SECRET_ACCESS_KEY"})]})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:"4"}),(0,r.jsx)(s.td,{children:"Java system properties"}),(0,r.jsxs)(s.td,{children:["Based on JVM properties ",(0,r.jsx)(s.code,{children:"aws.accessKeyId"})," and ",(0,r.jsx)(s.code,{children:"aws.secretKey"})]})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:"5"}),(0,r.jsx)(s.td,{children:"Profile information"}),(0,r.jsxs)(s.td,{children:["Based on credentials you may have on your druid instance (generally in ",(0,r.jsx)(s.code,{children:"~/.aws/credentials"}),")"]})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:"6"}),(0,r.jsx)(s.td,{children:"ECS container credentials"}),(0,r.jsxs)(s.td,{children:["Based on environment variables available on AWS ECS (AWS_CONTAINER_CREDENTIALS_RELATIVE_URI or AWS_CONTAINER_CREDENTIALS_FULL_URI) as described in the ",(0,r.jsx)(s.a,{href:"https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/EC2ContainerCredentialsProviderWrapper.html",children:"EC2ContainerCredentialsProviderWrapper documentation"})]})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:"7"}),(0,r.jsx)(s.td,{children:"Instance profile information"}),(0,r.jsx)(s.td,{children:"Based on the instance profile you may have attached to your druid instance"})]})]})]}),"\n",(0,r.jsxs)(s.p,{children:["For more information, refer to the ",(0,r.jsx)(s.a,{href:"https://docs.aws.amazon.com/fr_fr/sdk-for-java/v1/developer-guide/credentials",children:"Amazon Developer Guide"}),"."]}),"\n",(0,r.jsxs)(s.p,{children:["Alternatively, you can bypass this chain by specifying an access key and secret key using a ",(0,r.jsx)(s.a,{href:"/docs/33.0.0/ingestion/input-sources#s3-input-source",children:"Properties Object"})," inside your ingestion specification."]}),"\n",(0,r.jsxs)(s.p,{children:["Use the property ",(0,r.jsx)(s.a,{href:"/docs/33.0.0/configuration/#startup-logging",children:(0,r.jsx)(s.code,{children:"druid.startup.logging.maskProperties"})})," to mask credentials information in Druid logs. For example, ",(0,r.jsx)(s.code,{children:'["password", "secretKey", "awsSecretAccessKey"]'}),"."]}),"\n",(0,r.jsx)(s.h3,{id:"s3-permissions-settings",children:"S3 permissions settings"}),"\n",(0,r.jsx)(s.p,{children:"To manage the permissions for objects in an S3 bucket, you can use either ACLs or Object Ownership. The permissions required for each method are different."}),"\n",(0,r.jsx)(s.p,{children:"By default, Druid uses ACLs. With ACLs, any object that Druid puts into the bucket inherits the ACL settings from the bucket."}),"\n",(0,r.jsxs)(s.p,{children:["You can switch from using ACLs to Object Ownership by setting ",(0,r.jsx)(s.code,{children:"druid.storage.disableAcl"})," to ",(0,r.jsx)(s.code,{children:"true"}),". The bucket owner owns any object that gets created, so you need to use S3's bucket policies to manage permissions."]}),"\n",(0,r.jsxs)(s.p,{children:["Note that this setting only affects Druid's behavior. Changing S3 to use Object Ownership requires additional configuration. For more information, see the AWS documentation on ",(0,r.jsx)(s.a,{href:"https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html",children:"Controlling ownership of objects and disabling ACLs for your bucket"}),"."]}),"\n",(0,r.jsx)(s.h4,{id:"acl-permissions",children:"ACL permissions"}),"\n",(0,r.jsx)(s.p,{children:"If you're using ACLs, Druid needs the following permissions:"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:(0,r.jsx)(s.code,{children:"s3:GetObject"})}),"\n",(0,r.jsx)(s.li,{children:(0,r.jsx)(s.code,{children:"s3:PutObject"})}),"\n",(0,r.jsx)(s.li,{children:(0,r.jsx)(s.code,{children:"s3:DeleteObject"})}),"\n",(0,r.jsx)(s.li,{children:(0,r.jsx)(s.code,{children:"s3:GetBucketAcl"})}),"\n",(0,r.jsx)(s.li,{children:(0,r.jsx)(s.code,{children:"s3:PutObjectAcl"})}),"\n"]}),"\n",(0,r.jsx)(s.h4,{id:"object-ownership-permissions",children:"Object Ownership permissions"}),"\n",(0,r.jsx)(s.p,{children:"If you're using Object Ownership, Druid needs the following permissions:"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsx)(s.li,{children:(0,r.jsx)(s.code,{children:"s3:GetObject"})}),"\n",(0,r.jsx)(s.li,{children:(0,r.jsx)(s.code,{children:"s3:PutObject"})}),"\n",(0,r.jsx)(s.li,{children:(0,r.jsx)(s.code,{children:"s3:DeleteObject"})}),"\n"]}),"\n",(0,r.jsx)(s.h3,{id:"aws-region",children:"AWS region"}),"\n",(0,r.jsxs)(s.p,{children:["The AWS SDK requires that a target region be specified. You can set these by using the JVM system property ",(0,r.jsx)(s.code,{children:"aws.region"})," or by setting an environment variable ",(0,r.jsx)(s.code,{children:"AWS_REGION"}),"."]}),"\n",(0,r.jsx)(s.p,{children:"For example, to set the region to 'us-east-1' through system properties:"}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["Add ",(0,r.jsx)(s.code,{children:"-Daws.region=us-east-1"})," to the ",(0,r.jsx)(s.code,{children:"jvm.config"})," file for all Druid services."]}),"\n",(0,r.jsxs)(s.li,{children:["Add ",(0,r.jsx)(s.code,{children:'"-Daws.region=us-east-1"'})," to ",(0,r.jsx)(s.code,{children:"druid.indexer.runner.javaOptsArray"})," in ",(0,r.jsx)(s.a,{href:"/docs/33.0.0/configuration/#middle-manager-configuration",children:"Middle Manager configuration"})," so that the property will be passed to Peon (worker) processes."]}),"\n"]}),"\n",(0,r.jsx)(s.h3,{id:"connecting-to-s3-configuration",children:"Connecting to S3 configuration"}),"\n",(0,r.jsxs)(s.table,{children:[(0,r.jsx)(s.thead,{children:(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.th,{children:"Property"}),(0,r.jsx)(s.th,{children:"Description"}),(0,r.jsx)(s.th,{children:"Default"})]})}),(0,r.jsxs)(s.tbody,{children:[(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"druid.s3.accessKey"})}),(0,r.jsxs)(s.td,{children:["S3 access key. See ",(0,r.jsx)(s.a,{href:"#s3-authentication-methods",children:"S3 authentication methods"})," for more details"]}),(0,r.jsx)(s.td,{children:"Can be omitted according to authentication methods chosen."})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"druid.s3.secretKey"})}),(0,r.jsxs)(s.td,{children:["S3 secret key. See ",(0,r.jsx)(s.a,{href:"#s3-authentication-methods",children:"S3 authentication methods"})," for more details"]}),(0,r.jsx)(s.td,{children:"Can be omitted according to authentication methods chosen."})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"druid.s3.fileSessionCredentials"})}),(0,r.jsxs)(s.td,{children:["Path to properties file containing ",(0,r.jsx)(s.code,{children:"sessionToken"}),", ",(0,r.jsx)(s.code,{children:"accessKey"})," and ",(0,r.jsx)(s.code,{children:"secretKey"})," value. One key/value pair per line (format ",(0,r.jsx)(s.code,{children:"key=value"}),"). See ",(0,r.jsx)(s.a,{href:"#s3-authentication-methods",children:"S3 authentication methods"})," for more details"]}),(0,r.jsx)(s.td,{children:"Can be omitted according to authentication methods chosen."})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"druid.s3.protocol"})}),(0,r.jsxs)(s.td,{children:["Communication protocol type to use when sending requests to AWS. ",(0,r.jsx)(s.code,{children:"http"})," or ",(0,r.jsx)(s.code,{children:"https"})," can be used. This configuration would be ignored if ",(0,r.jsx)(s.code,{children:"druid.s3.endpoint.url"})," is filled with a URL with a different protocol."]}),(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"https"})})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"druid.s3.disableChunkedEncoding"})}),(0,r.jsxs)(s.td,{children:["Disables chunked encoding. See ",(0,r.jsx)(s.a,{href:"https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/AmazonS3Builder.html#disableChunkedEncoding--",children:"AWS document"})," for details."]}),(0,r.jsx)(s.td,{children:"false"})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"druid.s3.enablePathStyleAccess"})}),(0,r.jsxs)(s.td,{children:["Enables path style access. See ",(0,r.jsx)(s.a,{href:"https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/AmazonS3Builder.html#enablePathStyleAccess--",children:"AWS document"})," for details."]}),(0,r.jsx)(s.td,{children:"false"})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"druid.s3.forceGlobalBucketAccessEnabled"})}),(0,r.jsxs)(s.td,{children:["Enables global bucket access. See ",(0,r.jsx)(s.a,{href:"https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/s3/AmazonS3Builder.html#setForceGlobalBucketAccessEnabled-java.lang.Boolean-",children:"AWS document"})," for details."]}),(0,r.jsx)(s.td,{children:"false"})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"druid.s3.endpoint.url"})}),(0,r.jsx)(s.td,{children:"Service endpoint either with or without the protocol."}),(0,r.jsx)(s.td,{children:"None"})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"druid.s3.endpoint.signingRegion"})}),(0,r.jsx)(s.td,{children:"Region to use for SigV4 signing of requests (e.g. us-west-1)."}),(0,r.jsx)(s.td,{children:"None"})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"druid.s3.proxy.host"})}),(0,r.jsx)(s.td,{children:"Proxy host to connect through."}),(0,r.jsx)(s.td,{children:"None"})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"druid.s3.proxy.port"})}),(0,r.jsx)(s.td,{children:"Port on the proxy host to connect through."}),(0,r.jsx)(s.td,{children:"None"})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"druid.s3.proxy.username"})}),(0,r.jsx)(s.td,{children:"User name to use when connecting through a proxy."}),(0,r.jsx)(s.td,{children:"None"})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"druid.s3.proxy.password"})}),(0,r.jsx)(s.td,{children:"Password to use when connecting through a proxy."}),(0,r.jsx)(s.td,{children:"None"})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"druid.storage.sse.type"})}),(0,r.jsxs)(s.td,{children:["Server-side encryption type. Should be one of ",(0,r.jsx)(s.code,{children:"s3"}),", ",(0,r.jsx)(s.code,{children:"kms"}),", and ",(0,r.jsx)(s.code,{children:"custom"}),". See the below ",(0,r.jsx)(s.a,{href:"#server-side-encryption",children:"Server-side encryption section"})," for more details."]}),(0,r.jsx)(s.td,{children:"None"})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"druid.storage.sse.kms.keyId"})}),(0,r.jsxs)(s.td,{children:["AWS KMS key ID. This is used only when ",(0,r.jsx)(s.code,{children:"druid.storage.sse.type"})," is ",(0,r.jsx)(s.code,{children:"kms"})," and can be empty to use the default key ID."]}),(0,r.jsx)(s.td,{children:"None"})]}),(0,r.jsxs)(s.tr,{children:[(0,r.jsx)(s.td,{children:(0,r.jsx)(s.code,{children:"druid.storage.sse.custom.base64EncodedKey"})}),(0,r.jsxs)(s.td,{children:["Base64-encoded key. Should be specified if ",(0,r.jsx)(s.code,{children:"druid.storage.sse.type"})," is ",(0,r.jsx)(s.code,{children:"custom"}),"."]}),(0,r.jsx)(s.td,{children:"None"})]})]})]}),"\n",(0,r.jsx)(s.h2,{id:"server-side-encryption",children:"Server-side encryption"}),"\n",(0,r.jsxs)(s.p,{children:["You can enable ",(0,r.jsx)(s.a,{href:"https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption",children:"server-side encryption"})," by setting\n",(0,r.jsx)(s.code,{children:"druid.storage.sse.type"})," to a supported type of server-side encryption. The current supported types are:"]}),"\n",(0,r.jsxs)(s.ul,{children:["\n",(0,r.jsxs)(s.li,{children:["s3: ",(0,r.jsx)(s.a,{href:"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption",children:"Server-side encryption with S3-managed encryption keys"})]}),"\n",(0,r.jsxs)(s.li,{children:["kms: ",(0,r.jsx)(s.a,{href:"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption",children:"Server-side encryption with AWS KMS\u2013Managed Keys"})]}),"\n",(0,r.jsxs)(s.li,{children:["custom: ",(0,r.jsx)(s.a,{href:"https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys",children:"Server-side encryption with Customer-Provided Encryption Keys"})]}),"\n"]})]})}function h(e={}){const{wrapper:s}={...(0,t.R)(),...e.components};return s?(0,r.jsx)(s,{...e,children:(0,r.jsx)(a,{...e})}):a(e)}}}]);