AWS::StepFunctions::Activity EncryptionConfiguration - AWS CloudFormation

AWS::StepFunctions::Activity EncryptionConfiguration

Settings to configure server-side encryption for an activity. By default, Step Functions provides transparent server-side encryption. With this configuration, you can specify a customer managed AWS KMS key for encryption.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "KmsDataKeyReusePeriodSeconds" : Integer, "KmsKeyId" : String, "Type" : String }

YAML

KmsDataKeyReusePeriodSeconds: Integer KmsKeyId: String Type: String

Properties

KmsDataKeyReusePeriodSeconds

Maximum duration that Step Functions will reuse data keys. When the period expires, Step Functions will call GenerateDataKey. Only applies to customer managed keys.

Required: No

Type: Integer

Minimum: 60

Maximum: 900

Update requires: Replacement

KmsKeyId

An alias, alias ARN, key ID, or key ARN of a symmetric encryption AWS KMS key to encrypt data. To specify a AWS KMS key in a different AWS account, you must use the key ARN or alias ARN.

Required: No

Type: String

Minimum: 1

Maximum: 2048

Update requires: Replacement

Type

Encryption option for an activity.

Required: Yes

Type: String

Allowed values: CUSTOMER_MANAGED_KMS_KEY | AWS_OWNED_KEY

Update requires: Replacement