UpdateEncryptionConfiguration
Updates the encryption configuration. By default, Amazon IoT Core encrypts your data at rest using Amazon owned keys. Amazon IoT Core also supports symmetric customer managed keys from Amazon Key Management Service (Amazon KMS). With customer managed keys, you create, own, and manage the KMS keys in your Amazon account.
Before using this API, you must set up permissions for Amazon IoT Core to access Amazon KMS. For more information, see Data encryption at rest in the Amazon IoT Core Developer Guide.
Request Syntax
PATCH /encryption-configuration HTTP/1.1
Content-type: application/json
{
"encryptionType": "string",
"kmsAccessRoleArn": "string",
"kmsKeyArn": "string"
}URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
- encryptionType
-
The type of the KMS key.
Type: String
Valid Values:
CUSTOMER_MANAGED_KMS_KEY | AWS_OWNED_KMS_KEYRequired: Yes
- kmsAccessRoleArn
-
The Amazon Resource Name (ARN) of the IAM role assumed by Amazon IoT Core to call Amazon KMS on behalf of the customer.
Type: String
Length Constraints: Maximum length of 2048.
Required: No
- kmsKeyArn
-
The ARN of the customer managedKMS key.
Type: String
Length Constraints: Maximum length of 2048.
Required: No
Response Syntax
HTTP/1.1 200
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
- InternalFailureException
-
An unexpected error has occurred.
HTTP Status Code: 500
- InvalidRequestException
-
The request is not valid.
HTTP Status Code: 400
- ServiceUnavailableException
-
The service is temporarily unavailable.
HTTP Status Code: 503
- ThrottlingException
-
The rate exceeds the limit.
HTTP Status Code: 400
- UnauthorizedException
-
You are not authorized to perform this operation.
HTTP Status Code: 401
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: