AWS::StepFunctions::Activity EncryptionConfiguration
Settings to configure server-side encryption for an activity. By default, Step Functions provides transparent server-side encryption. With this configuration, you can specify a customer managed AWS KMS key for encryption.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "KmsDataKeyReusePeriodSeconds" :
Integer
, "KmsKeyId" :String
, "Type" :String
}
YAML
KmsDataKeyReusePeriodSeconds:
Integer
KmsKeyId:String
Type:String
Properties
KmsDataKeyReusePeriodSeconds
-
Maximum duration that Step Functions will reuse data keys. When the period expires, Step Functions will call
GenerateDataKey
. Only applies to customer managed keys.Required: No
Type: Integer
Minimum:
60
Maximum:
900
Update requires: Replacement
KmsKeyId
-
An alias, alias ARN, key ID, or key ARN of a symmetric encryption AWS KMS key to encrypt data. To specify a AWS KMS key in a different AWS account, you must use the key ARN or alias ARN.
Required: No
Type: String
Minimum:
1
Maximum:
2048
Update requires: Replacement
Type
-
Encryption option for an activity.
Required: Yes
Type: String
Allowed values:
CUSTOMER_MANAGED_KMS_KEY | AWS_OWNED_KEY
Update requires: Replacement