interface EncryptionConfigurationProperty
Language | Type name |
---|---|
![]() | Amazon.CDK.AWS.StepFunctions.CfnStateMachine.EncryptionConfigurationProperty |
![]() | github.com/aws/aws-cdk-go/awscdk/v2/awsstepfunctions#CfnStateMachine_EncryptionConfigurationProperty |
![]() | software.amazon.awscdk.services.stepfunctions.CfnStateMachine.EncryptionConfigurationProperty |
![]() | aws_cdk.aws_stepfunctions.CfnStateMachine.EncryptionConfigurationProperty |
![]() | aws-cdk-lib » aws_stepfunctions » CfnStateMachine » EncryptionConfigurationProperty |
Settings to configure server-side encryption for a state machine.
By default, Step Functions provides transparent server-side encryption. With this configuration, you can specify a customer managed AWS KMS key for encryption.
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_stepfunctions as stepfunctions } from 'aws-cdk-lib';
const encryptionConfigurationProperty: stepfunctions.CfnStateMachine.EncryptionConfigurationProperty = {
type: 'type',
// the properties below are optional
kmsDataKeyReusePeriodSeconds: 123,
kmsKeyId: 'kmsKeyId',
};
Properties
Name | Type | Description |
---|---|---|
type | string | Encryption option for a state machine. |
kms | number | Maximum duration that Step Functions will reuse data keys. |
kms | string | An alias, alias ARN, key ID, or key ARN of a symmetric encryption AWS KMS key to encrypt data. |
type
Type:
string
Encryption option for a state machine.
kmsDataKeyReusePeriodSeconds?
Type:
number
(optional)
Maximum duration that Step Functions will reuse data keys.
When the period expires, Step Functions will call GenerateDataKey
. Only applies to customer managed keys.
kmsKeyId?
Type:
string
(optional)
An alias, alias ARN, key ID, or key ARN of a symmetric encryption AWS KMS key to encrypt data.
To specify a AWS KMS key in a different AWS account, you must use the key ARN or alias ARN.