EncryptionSpecification
Amazon Keyspaces encrypts and decrypts the table data at rest transparently and integrates with Amazon Key Management Service for storing and managing the encryption key. You can choose one of the following Amazon KMS keys (KMS keys):
-
Amazon owned key - This is the default encryption type. The key is owned by Amazon Keyspaces (no additional charge).
-
Customer managed key - This key is stored in your account and is created, owned, and managed by you. You have full control over the customer managed key (Amazon KMS charges apply).
For more information about encryption at rest in Amazon Keyspaces, see Encryption at rest in the Amazon Keyspaces Developer Guide.
For more information about Amazon KMS, see Amazon KMS management service concepts in the Amazon Key Management Service Developer Guide.
Contents
- type
-
The encryption option specified for the table. You can choose one of the following KMS keys (KMS keys):
-
type:AWS_OWNED_KMS_KEY
- This key is owned by Amazon Keyspaces. -
type:CUSTOMER_MANAGED_KMS_KEY
- This key is stored in your account and is created, owned, and managed by you. This option requires thekms_key_identifier
of the KMS key in Amazon Resource Name (ARN) format as input.
The default is
type:AWS_OWNED_KMS_KEY
.For more information, see Encryption at rest in the Amazon Keyspaces Developer Guide.
Type: String
Valid Values:
CUSTOMER_MANAGED_KMS_KEY | AWS_OWNED_KMS_KEY
Required: Yes
-
- kmsKeyIdentifier
-
The Amazon Resource Name (ARN) of the customer managed KMS key, for example
kms_key_identifier:ARN
.Type: String
Length Constraints: Minimum length of 1. Maximum length of 5096.
Required: No
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: