# UpdateEncryptionConfiguration Updates the encryption configuration. By default, Amazon IoT Core encrypts your data at rest using Amazon owned keys. Amazon IoT Core also supports symmetric customer managed keys from Amazon Key Management Service (Amazon KMS). With customer managed keys, you create, own, and manage the KMS keys in your Amazon account. Before using this API, you must set up permissions for Amazon IoT Core to access Amazon KMS. For more information, see [Data encryption at rest](https://docs.amazonaws.cn/iot/latest/developerguide/encryption-at-rest.html) in the * Amazon IoT Core Developer Guide*. ## Request Syntax ``` PATCH /encryption-configuration HTTP/1.1 Content-type: application/json { "encryptionType": "{{string}}", "kmsAccessRoleArn": "{{string}}", "kmsKeyArn": "{{string}}" } ``` ## URI Request Parameters The request does not use any URI parameters. ## Request Body The request accepts the following data in JSON format. ** [encryptionType](#API_UpdateEncryptionConfiguration_RequestSyntax) ** The type of the KMS key. Type: String Valid Values: `CUSTOMER_MANAGED_KMS_KEY | AWS_OWNED_KMS_KEY` Required: Yes ** [kmsAccessRoleArn](#API_UpdateEncryptionConfiguration_RequestSyntax) ** The Amazon Resource Name (ARN) of the IAM role assumed by Amazon IoT Core to call Amazon KMS on behalf of the customer. Type: String Length Constraints: Maximum length of 2048. Required: No ** [kmsKeyArn](#API_UpdateEncryptionConfiguration_RequestSyntax) ** The ARN of the customer managedKMS key. Type: String Length Constraints: Maximum length of 2048. Required: No ## Response Syntax ``` HTTP/1.1 200 ``` ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## Errors ** InternalFailureException ** An unexpected error has occurred. ** message ** The message for the exception. HTTP Status Code: 500 ** InvalidRequestException ** The request is not valid. ** message ** The message for the exception. HTTP Status Code: 400 ** ServiceUnavailableException ** The service is temporarily unavailable. ** message ** The message for the exception. HTTP Status Code: 503 ** ThrottlingException ** The rate exceeds the limit. ** message ** The message for the exception. HTTP Status Code: 400 ** UnauthorizedException ** You are not authorized to perform this operation. ** message ** The message for the exception. HTTP Status Code: 401 ## See Also For more information about using this API in one of the language-specific Amazon SDKs, see the following: + [Amazon Command Line Interface V2](https://docs.amazonaws.cn/goto/cli2/iot-2015-05-28/UpdateEncryptionConfiguration) + [Amazon SDK for .NET V4](https://docs.amazonaws.cn/goto/DotNetSDKV4/iot-2015-05-28/UpdateEncryptionConfiguration) + [Amazon SDK for C\+\+](https://docs.amazonaws.cn/goto/SdkForCpp/iot-2015-05-28/UpdateEncryptionConfiguration) + [Amazon SDK for Go v2](https://docs.amazonaws.cn/goto/SdkForGoV2/iot-2015-05-28/UpdateEncryptionConfiguration) + [Amazon SDK for Java V2](https://docs.amazonaws.cn/goto/SdkForJavaV2/iot-2015-05-28/UpdateEncryptionConfiguration) + [Amazon SDK for JavaScript V3](https://docs.amazonaws.cn/goto/SdkForJavaScriptV3/iot-2015-05-28/UpdateEncryptionConfiguration) + [Amazon SDK for Kotlin](https://docs.amazonaws.cn/goto/SdkForKotlin/iot-2015-05-28/UpdateEncryptionConfiguration) + [Amazon SDK for PHP V3](https://docs.amazonaws.cn/goto/SdkForPHPV3/iot-2015-05-28/UpdateEncryptionConfiguration) + [Amazon SDK for Python](https://docs.amazonaws.cn/goto/boto3/iot-2015-05-28/UpdateEncryptionConfiguration) + [Amazon SDK for Ruby V3](https://docs.amazonaws.cn/goto/SdkForRubyV3/iot-2015-05-28/UpdateEncryptionConfiguration)