CreateFieldLevelEncryptionProfile - Amazon CloudFront
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Create a field-level encryption profile.

Request Syntax

POST /2020-05-31/field-level-encryption-profile HTTP/1.1 <?xml version="1.0" encoding="UTF-8"?> <FieldLevelEncryptionProfileConfig xmlns=""> <CallerReference>string</CallerReference> <Comment>string</Comment> <EncryptionEntities> <Items> <EncryptionEntity> <FieldPatterns> <Items> <FieldPattern>string</FieldPattern> </Items> <Quantity>integer</Quantity> </FieldPatterns> <ProviderId>string</ProviderId> <PublicKeyId>string</PublicKeyId> </EncryptionEntity> </Items> <Quantity>integer</Quantity> </EncryptionEntities> <Name>string</Name> </FieldLevelEncryptionProfileConfig>

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in XML format.


Root level tag for the FieldLevelEncryptionProfileConfig parameters.

Required: Yes


A unique number that ensures that the request can't be replayed.

Type: String

Required: Yes


An optional comment for the field-level encryption profile. The comment cannot be longer than 128 characters.

Type: String

Required: No


A complex data type of encryption entities for the field-level encryption profile that include the public key ID, provider, and field patterns for specifying which fields to encrypt with this key.

Type: EncryptionEntities object

Required: Yes


Profile name for the field-level encryption profile.

Type: String

Required: Yes

Response Syntax

HTTP/1.1 201 <?xml version="1.0" encoding="UTF-8"?> <FieldLevelEncryptionProfile> <FieldLevelEncryptionProfileConfig> <CallerReference>string</CallerReference> <Comment>string</Comment> <EncryptionEntities> <Items> <EncryptionEntity> <FieldPatterns> <Items> <FieldPattern>string</FieldPattern> </Items> <Quantity>integer</Quantity> </FieldPatterns> <ProviderId>string</ProviderId> <PublicKeyId>string</PublicKeyId> </EncryptionEntity> </Items> <Quantity>integer</Quantity> </EncryptionEntities> <Name>string</Name> </FieldLevelEncryptionProfileConfig> <Id>string</Id> <LastModifiedTime>timestamp</LastModifiedTime> </FieldLevelEncryptionProfile>

Response Elements

If the action is successful, the service sends back an HTTP 201 response.

The following data is returned in XML format by the service.


Root level tag for the FieldLevelEncryptionProfile parameters.

Required: Yes


A complex data type that includes the profile name and the encryption entities for the field-level encryption profile.

Type: FieldLevelEncryptionProfileConfig object


The ID for a field-level encryption profile configuration which includes a set of profiles that specify certain selected data fields to be encrypted by specific public keys.

Type: String


The last time the field-level encryption profile was updated.

Type: Timestamp


For information about the errors that are common to all actions, see Common Errors.


The specified profile for field-level encryption already exists.

HTTP Status Code: 409


The maximum size of a profile for field-level encryption was exceeded.

HTTP Status Code: 400


The value of Quantity and the size of Items don't match.

HTTP Status Code: 400


An argument is invalid.

HTTP Status Code: 400


The specified public key doesn't exist.

HTTP Status Code: 404


The maximum number of encryption entities for field-level encryption have been created.

HTTP Status Code: 400


The maximum number of field patterns for field-level encryption have been created.

HTTP Status Code: 400


The maximum number of profiles for field-level encryption have been created.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: