AWS::S3Vectors::VectorBucket EncryptionConfiguration - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.

AWS::S3Vectors::VectorBucket EncryptionConfiguration

Specifies the encryption configuration for the vector bucket. By default, all new vectors in Amazon S3 vector buckets use server-side encryption with Amazon S3 managed keys (SSE-S3), specifically AES256.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "KmsKeyArn" : String,
  "SseType" : String
}

YAML

  KmsKeyArn: String
  SseType: String

Properties

KmsKeyArn

AWS Key Management Service (KMS) customer managed key ARN to use for the encryption configuration. This parameter is required if and only if SseType is set to aws:kms.

You must specify the full ARN of the KMS key. Key IDs or key aliases aren't supported.

Important

Amazon S3 Vectors only supports symmetric encryption KMS keys. For more information, see Asymmetric keys in Amazon KMS in the Amazon Key Management Service Developer Guide.

Required: No

Type: String

Pattern: ^(arn:aws[-a-z0-9]*:kms:[-a-z0-9]*:[0-9]{12}:key/.+)$

Minimum: 1

Maximum: 2048

Update requires: Replacement

SseType

The server-side encryption type to use for the encryption configuration of the vector bucket. Valid values are AES256 for Amazon S3 managed keys and aws:kms for Amazon KMS keys.

Required: No

Type: String

Allowed values: AES256 | aws:kms

Update requires: Replacement