AWS::S3Tables::TableBucket EncryptionConfiguration - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.

AWS::S3Tables::TableBucket EncryptionConfiguration

Configuration specifying how data should be encrypted. This structure defines the encryption algorithm and optional KMS key to be used for server-side encryption.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "KMSKeyArn" : String,
  "SSEAlgorithm" : String
}

YAML

  KMSKeyArn: String
  SSEAlgorithm: String

Properties

KMSKeyArn

The Amazon Resource Name (ARN) of the KMS key to use for encryption. This field is required only when sseAlgorithm is set to aws:kms.

Required: No

Type: String

Pattern: (arn:aws[-a-z0-9]*:kms:[-a-z0-9]*:[0-9]{12}:key/.+)

Minimum: 1

Maximum: 2048

Update requires: No interruption

SSEAlgorithm

The server-side encryption algorithm to use. Valid values are AES256 for S3-managed encryption keys, or aws:kms for Amazon KMS-managed encryption keys. If you choose SSE-KMS encryption you must grant the S3 Tables maintenance principal access to your KMS key. For more information, see Permissions requirements for S3 Tables SSE-KMS encryption.

Required: No

Type: String

Allowed values: AES256 | aws:kms

Update requires: No interruption