AWS::Synthetics::Canary S3Encryption - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::Synthetics::Canary S3Encryption

A structure that contains the configuration of the encryption-at-rest settings for artifacts that the canary uploads to Amazon S3. Artifact encryption functionality is available only for canaries that use Synthetics runtime version syn-nodejs-puppeteer-3.3 or later. For more information, see Encrypting canary artifacts.


To declare this entity in your Amazon CloudFormation template, use the following syntax:


{ "EncryptionMode" : String, "KmsKeyArn" : String }


EncryptionMode: String KmsKeyArn: String



The encryption method to use for artifacts created by this canary. Specify SSE_S3 to use server-side encryption (SSE) with an Amazon S3-managed key. Specify SSE-KMS to use server-side encryption with a customer-managed Amazon KMS key.

If you omit this parameter, an Amazon-managed Amazon KMS key is used.

Required: No

Type: String

Update requires: No interruption


The ARN of the customer-managed Amazon KMS key to use, if you specify SSE-KMS for EncryptionMode

Required: No

Type: String

Update requires: No interruption