AWS::SageMaker::FeatureGroup OnlineStoreSecurityConfig

The security configuration for OnlineStore.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "KmsKeyId" : String
}

YAML


  KmsKeyId: String

Properties

KmsKeyId

The AWS Key Management Service (KMS) key ARN that SageMaker Feature Store uses to encrypt the Amazon S3 objects at rest using Amazon S3 server-side encryption.

The caller (either user or IAM role) of CreateFeatureGroup must have below permissions to the OnlineStore KmsKeyId:

"kms:Encrypt"
"kms:Decrypt"
"kms:DescribeKey"
"kms:CreateGrant"
"kms:RetireGrant"
"kms:ReEncryptFrom"
"kms:ReEncryptTo"
"kms:GenerateDataKey"
"kms:ListAliases"
"kms:ListGrants"
"kms:RevokeGrant"

The caller (either user or IAM role) to all DataPlane operations (PutRecord, GetRecord, DeleteRecord) must have the following permissions to the KmsKeyId:

"kms:Decrypt"

Required: No

Type: String

Maximum: 2048

Update requires: Replacement

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

OnlineStoreConfig

S3StorageConfig