This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.
AWS::DataSync::LocationObjectStorage CmkSecretConfig
Specifies configuration information for a DataSync-managed secret, such as an authentication token or secret key that DataSync uses to access a specific storage location, with a customer-managed Amazon KMS key.
Note
You can use either CmkSecretConfig or CustomSecretConfig to
provide credentials for a CreateLocation request. Do not provide both
parameters for the same request.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
Properties
KmsKeyArn-
Specifies the ARN for the customer-managed Amazon KMS key that DataSync uses to encrypt the DataSync-managed secret stored for
SecretArn. DataSync provides this key to Amazon Secrets Manager.Required: No
Type: String
Pattern:
^(arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):kms:[a-z-0-9]+:[0-9]{12}:key/.*|)$Maximum:
2048Update requires: No interruption
SecretArn-
Specifies the ARN for the DataSync-managed Amazon Secrets Manager secret that that is used to access a specific storage location. This property is generated by DataSync and is read-only. DataSync encrypts this secret with the KMS key that you specify for
KmsKeyArn.Required: No
Type: String
Pattern:
^(arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):secretsmanager:[a-z-0-9]+:[0-9]{12}:secret:.*|)$Maximum:
2048Update requires: No interruption