in aws_emr_launch/constructs/emr_constructs/emr_profile.py [0:0]
def set_s3_encryption(self, mode: S3EncryptionMode, encryption_key: Optional[kms.Key] = None) -> "EMRProfile":
if self._rehydrated:
raise ReadOnlyEMRProfileError()
if mode == S3EncryptionMode.CSE_Custom:
raise NotImplementedError(
"Use of CSE-Custom currently requires setting a custom security "
"configuration with `set_custom_security_configuration()`"
)
self._s3_encryption_configuration = {"EncryptionMode": mode.value}
if mode in [S3EncryptionMode.SSE_KMS, S3EncryptionMode.CSE_KMS]:
if encryption_key:
self._s3_encryption_configuration["AwsKmsKey"] = encryption_key.key_arn
encryption_key.grant_encrypt(self._roles.instance_role)
else:
raise ValueError(f'Parameter "encryption_key" cannot be None when "mode" is of type {mode.value}')
self._construct_security_configuration()
return self