AWS::VerifiedPermissions::PolicyStore KmsEncryptionSettings - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.

AWS::VerifiedPermissions::PolicyStore KmsEncryptionSettings

A structure that contains the KMS encryption configuration for the policy store. The encryption settings determine what customer-managed KMS key will be used to encrypt all resources within the policy store, and any user-defined context key-value pairs to append during encryption processes.

This data type is used as a field that is part of the EncryptionSettings type.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "EncryptionContext" : {Key: Value, ...},
  "Key" : String
}

YAML

  EncryptionContext: 
    Key: Value
  Key: String

Properties

EncryptionContext

User-defined, additional context to be added to encryption processes.

Required: No

Type: Object of String

Pattern: ^.+$

Minimum: 1

Update requires: No interruption

Key

The customer-managed KMS key Amazon Resource Name (ARN), alias or ID to be used for encryption processes.

Users can provide the full KMS key ARN, a KMS key alias, or a KMS key ID, but it will be mapped to the full KMS key ARN after policy store creation, and referenced when encrypting child resources.

Required: Yes

Type: String

Pattern: ^[a-zA-Z0-9:/_-]+$

Update requires: No interruption