AWS::OpenSearchService::Domain EncryptionAtRestOptions
Whether the domain should encrypt data at rest, and if so, the Amazon Key Management Service key to use.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
Properties
Enabled
-
Specify
true
to enable encryption at rest. Required if you enable fine-grained access control in AdvancedSecurityOptionsInput.If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.
Required: Conditional
Type: Boolean
Update requires: Some interruptions
KmsKeyId
-
The KMS key ID. Takes the form
1a2a3a4-1a2a-3a4a-5a6a-1a2a3a4a5a6a
. Required if you enable encryption at rest.You can also use
keyAlias
as a value.If no encryption at rest options were initially specified in the template, updating this property by adding it causes no interruption. However, if you change this property after it's already been set within a template, the domain is deleted and recreated in order to modify the property.
Required: Conditional
Type: String
Pattern:
.*
Minimum:
1
Maximum:
500
Update requires: Some interruptions
See also
-
CreateDomain in the Amazon OpenSearch Service Developer Guide.