AWS::StepFunctions::StateMachine EncryptionConfiguration - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::StepFunctions::StateMachine EncryptionConfiguration

Settings to configure server-side encryption for a state machine. By default, Step Functions provides transparent server-side encryption. With this configuration, you can specify a customer managed Amazon KMS key for encryption.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "KmsDataKeyReusePeriodSeconds" : Integer,
  "KmsKeyId" : String,
  "Type" : String
}

YAML

  KmsDataKeyReusePeriodSeconds: Integer
  KmsKeyId: String
  Type: String

Properties

KmsDataKeyReusePeriodSeconds

Maximum duration that Step Functions will reuse data keys. When the period expires, Step Functions will call GenerateDataKey. Only applies to customer managed keys.

Required: No

Type: Integer

Minimum: 60

Maximum: 900

Update requires: No interruption

KmsKeyId

An alias, alias ARN, key ID, or key ARN of a symmetric encryption Amazon KMS key to encrypt data. To specify a Amazon KMS key in a different Amazon account, you must use the key ARN or alias ARN.

Required: No

Type: String

Minimum: 1

Maximum: 2048

Update requires: No interruption

Type

Encryption option for a state machine.

Required: Yes

Type: String

Allowed values: CUSTOMER_MANAGED_KMS_KEY | AWS_OWNED_KEY

Update requires: No interruption