SseAwsKeyManagementParams

Contains server side encryption parameters to be used by media capture pipeline. The parameters can also be used by media concatenation pipeline taking media capture pipeline as a media source.

AwsKmsKeyId

The AWS KMS key you want to use to encrypt your media pipeline output. Decryption is required for concatenation pipeline. If using a key located in the current AWS account, you can specify your AWS KMS key in one of four ways:

Use the AWS KMS key ID itself. For example, 1234abcd-12ab-34cd-56ef-1234567890ab.
Use an alias for the AWS KMS key ID. For example, alias/ExampleAlias.
Use the Amazon Resource Name (ARN) for the AWS KMS key ID. For example, arn:aws:kms:region:account-ID:key/1234abcd-12ab-34cd-56ef-1234567890ab.
Use the ARN for the AWS KMS key alias. For example, arn:aws:kms:region:account-ID:alias/ExampleAlias.

If using a key located in a different AWS account than the current AWS account, you can specify your AWS KMS key in one of two ways:

Use the ARN for the AWS KMS key ID. For example, arn:aws:kms:region:account-ID:key/1234abcd-12ab-34cd-56ef-1234567890ab.
Use the ARN for the AWS KMS key alias. For example, arn:aws:kms:region:account-ID:alias/ExampleAlias.

If you don't specify an encryption key, your output is encrypted with the default Amazon S3 key (SSE-S3).

Note that the role specified in the SinkIamRoleArn request parameter must have permission to use the specified KMS key.

Type: String

Length Constraints: Maximum length of 4096.

Pattern: .*

Required: Yes

AwsKmsEncryptionContext

Base64-encoded string of a UTF-8 encoded JSON, which contains the encryption context as non-secret key-value pair known as encryption context pairs, that provides an added layer of security for your data. For more information, see AWS KMS encryption context and Asymmetric keys in AWS KMS in the AWS Key Management Service Developer Guide.

Type: String

Length Constraints: Maximum length of 4096.

Pattern: .*

Required: No

SseAwsKeyManagementParams

Contents

See Also