AWS::Athena::WorkGroup EncryptionConfiguration - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.

AWS::Athena::WorkGroup EncryptionConfiguration

If query results are encrypted in Amazon S3, indicates the encryption option used (for example, SSE_KMS or CSE_KMS) and key information.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "EncryptionOption" : String,
  "KmsKey" : String
}

YAML

  EncryptionOption: String
  KmsKey: String

Properties

EncryptionOption

Indicates whether Amazon S3 server-side encryption with Amazon S3-managed keys (SSE_S3), server-side encryption with KMS-managed keys (SSE_KMS), or client-side encryption with KMS-managed keys (CSE_KMS) is used.

If a query runs in a workgroup and the workgroup overrides client-side settings, then the workgroup's setting for encryption is used. It specifies whether query results must be encrypted, for all queries that run in this workgroup.

Required: Yes

Type: String

Allowed values: SSE_S3 | SSE_KMS | CSE_KMS

Update requires: No interruption

KmsKey

For SSE_KMS and CSE_KMS, this is the KMS key ARN or ID.

Required: No

Type: String

Update requires: No interruption