AWS::SageMaker::FeatureGroup OnlineStoreSecurityConfig
The security configuration for OnlineStore
.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "KmsKeyId" :
String
}
YAML
KmsKeyId:
String
Properties
KmsKeyId
-
The Amazon Key Management Service (KMS) key ARN that SageMaker Feature Store uses to encrypt the Amazon S3 objects at rest using Amazon S3 server-side encryption.
The caller (either user or IAM role) of
CreateFeatureGroup
must have below permissions to theOnlineStore
KmsKeyId
:-
"kms:Encrypt"
-
"kms:Decrypt"
-
"kms:DescribeKey"
-
"kms:CreateGrant"
-
"kms:RetireGrant"
-
"kms:ReEncryptFrom"
-
"kms:ReEncryptTo"
-
"kms:GenerateDataKey"
-
"kms:ListAliases"
-
"kms:ListGrants"
-
"kms:RevokeGrant"
The caller (either user or IAM role) to all DataPlane operations (
PutRecord
,GetRecord
,DeleteRecord
) must have the following permissions to theKmsKeyId
:-
"kms:Decrypt"
Required: No
Type: String
Maximum:
2048
Update requires: Replacement
-