Configuration specifying how data should be encrypted. This structure defines the encryption algorithm and optional KMS key to be used for server-side encryption.
Contents
- sseAlgorithm
-
The server-side encryption algorithm to use. Valid values are
AES256for S3-managed encryption keys, oraws:kmsfor AWS KMS-managed encryption keys. If you choose SSE-KMS encryption you must grant the S3 Tables maintenance principal access to your KMS key. For more information, see Permissions requirements for S3 Tables SSE-KMS encryption.Type: String
Valid Values:
AES256 | aws:kmsRequired: Yes
- kmsKeyArn
-
The Amazon Resource Name (ARN) of the KMS key to use for encryption. This field is required only when
sseAlgorithmis set toaws:kms.Type: String
Length Constraints: Minimum length of 1. Maximum length of 2048.
Pattern:
(arn:aws[-a-z0-9]*:kms:[-a-z0-9]*:[0-9]{12}:key/.+)Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
