AWS::Athena::WorkGroup EncryptionConfiguration

If query results are encrypted in Amazon S3, indicates the encryption option used (for example, SSE_KMS or CSE_KMS) and key information.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "EncryptionOption" : String,
  "KmsKey" : String
}

YAML


  EncryptionOption: String
  KmsKey: String

Properties

EncryptionOption

Indicates whether Amazon S3 server-side encryption with Amazon S3-managed keys (SSE_S3), server-side encryption with KMS-managed keys (SSE_KMS), or client-side encryption with KMS-managed keys (CSE_KMS) is used.

If a query runs in a workgroup and the workgroup overrides client-side settings, then the workgroup's setting for encryption is used. It specifies whether query results must be encrypted, for all queries that run in this workgroup.

Required: Yes

Type: String

Allowed values: SSE_S3 | SSE_KMS | CSE_KMS

Update requires: No interruption

KmsKey

For SSE_KMS and CSE_KMS, this is the KMS key ARN or ID.

Required: No

Type: String

Update requires: No interruption

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

CustomerContentEncryptionConfiguration

EngineVersion