Decrypt class - Amazon Glue
ExampleOutput — methods —__call__applynamedescribeArgsdescribeReturndescribeTransformdescribeErrorsdescribe
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Decrypt class

The Decrypt transform decrypts inside of Amazon Glue. Your data can also be decrypted outside of Amazon Glue with the Amazon Encryption SDK. If the provided KMS key ARN does not match what was used to encrypt the column, the decrypt operation fails.

Example

from pyspark.context import SparkContext
from pyspark.sql import SparkSession
from awsgluedi.transforms import *

kms = "${KMS}"
sc = SparkContext()
spark = SparkSession(sc)

input_df = spark.createDataFrame(
    [
        (1, "1234560000"),
        (2, "1234560001"),
        (3, "1234560002"),
        (4, "1234560003"),
        (5, "1234560004"),
        (6, "1234560005"),
        (7, "1234560006"),
        (8, "1234560007"),
        (9, "1234560008"),
        (10, "1234560009"),
    ],
    ["id", "phone"],
)

try:
    df_encrypt = pii.Encrypt.apply(
        data_frame=input_df,
        spark_context=sc,
        source_columns=["phone"],
        kms_key_arn=kms
    )
    df_decrypt = pii.Decrypt.apply(
        data_frame=df_encrypt,
        spark_context=sc,
        source_columns=["phone"],
        kms_key_arn=kms
    )
    df_decrypt.show()
except:
    print("Unexpected Error happened ")
    raise

Output

The output will be a PySpark DataFrame with the original `id` column and the decrypted `phone` column: 

```
+---+------------+
| id| phone|
+---+------------+
| 1| 1234560000|
| 2| 1234560001|
| 3| 1234560002|
| 4| 1234560003|
| 5| 1234560004|
| 6| 1234560005|
| 7| 1234560006|
| 8| 1234560007|
| 9| 1234560008|
| 10| 1234560009|
+---+------------+
```

The Encrypt transform takes the `source_columns` as `["phone"]` and the `kms_key_arn` as the value of the `${KMS}` environment variable. The transformation encrypts the values in the `phone` column using the specified KMS key. The encrypted DataFrame `df_encrypt` is then passed to the Decrypt transform from the `awsglue.pii` module. It takes the `source_columns` as `["phone"]` and the `kms_key_arn` as the value of the `${KMS}` environment variable. The transformation decrypts the encrypted values in the `phone` column using the same KMS key. The resulting `df_decrypt` DataFrame contains the original `id` column and the decrypted `phone` column.

Methods

__call__(spark_context, data_frame, source_columns, kms_key_arn)

The Decrypt transform decrypts inside of Amazon Glue. Your data can also be decrypted outside of Amazon Glue with the Amazon Encryption SDK. If the provided KMS key ARN does not match what was used to encrypt the column, the decrypt operation fails.

  • source_columns – An array of existing columns.

  • kms_key_arn – The key ARN of the Amazon Key Management Service key to use to decrypt the source columns.

apply(cls, *args, **kwargs)

Inherited from GlueTransform apply.

name(cls)

Inherited from GlueTransform name.

describeArgs(cls)

Inherited from GlueTransform describeArgs.

describeReturn(cls)

Inherited from GlueTransform describeReturn.

describeTransform(cls)

Inherited from GlueTransform describeTransform.

describeErrors(cls)

Inherited from GlueTransform describeErrors.

describe(cls)

Inherited from GlueTransform describe.