singhpk234 commented on code in PR #8370:
URL: https://github.com/apache/iceberg/pull/8370#discussion_r1301993578
##########
aws/src/main/java/org/apache/iceberg/aws/s3/S3FileIOProperties.java:
##########
@@ -84,9 +92,9 @@ public class S3FileIOProperties implements Serializable {
public static final String SSE_TYPE_CUSTOM = "custom";
/**
- * If S3 encryption type is SSE-KMS, input is a KMS Key ID or ARN. In case
this property is not
- * set, default key "aws/s3" is used. If encryption type is SSE-C, input is
a custom base-64
- * AES256 symmetric key.
+ * If S3 encryption type is SSE-KMS or DSSE-KMS, input is a KMS Key ID or
ARN. In case this
Review Comment:
can rephrase this
##########
docs/aws.md:
##########
@@ -322,13 +322,14 @@ Here are the configurations that users can tune related
to this feature:
*
[SSE-S3](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html):
When you use Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3), each
object is encrypted with a unique key. As an additional safeguard, it encrypts
the key itself with a master key that it regularly rotates. Amazon S3
server-side encryption uses one of the strongest block ciphers available,
256-bit Advanced Encryption Standard (AES-256), to encrypt your data.
*
[SSE-KMS](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html):
Server-Side Encryption with Customer Master Keys (CMKs) Stored in AWS Key
Management Service (SSE-KMS) is similar to SSE-S3, but with some additional
benefits and charges for using this service. There are separate permissions for
the use of a CMK that provides added protection against unauthorized access of
your objects in Amazon S3. SSE-KMS also provides you with an audit trail that
shows when your CMK was used and by whom. Additionally, you can create and
manage customer managed CMKs or use AWS managed CMKs that are unique to you,
your service, and your Region.
+*
[DSSE-KMS](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingDSSEncryption.html):
Dual-layer Server-Side Encryption with AWS Key Management Service keys
(DSSE-KMS) is similar to SSE-KMS, but applies two layers of encryption to
objects when they are uploaded to Amazon S3. DSSE-KMS can be used to fulfill
compliance standaards that require you to apply multilayer encryption to your
data and have full control of your encryption keys.
Review Comment:
``
```suggestion
*
[DSSE-KMS](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingDSSEncryption.html):
Dual-layer Server-Side Encryption with AWS Key Management Service keys
(DSSE-KMS) is similar to SSE-KMS, but applies two layers of encryption to
objects when they are uploaded to Amazon S3. DSSE-KMS can be used to fulfill
compliance standards that require you to apply multilayer encryption to your
data and have full control of your encryption keys.
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
