# EncryptionConfiguration


A complex type that contains optional Amazon Key Management Service (KMS) encryption settings for your Network Firewall resources. Your data is encrypted by default with an Amazon owned key that Amazon owns and manages for you. You can use either the Amazon owned key, or provide your own customer managed key. To learn more about KMS encryption of your Network Firewall resources, see [Encryption at rest with Amazon Key Managment Service](https://docs.amazonaws.cn/kms/latest/developerguide/kms-encryption-at-rest.html) in the *Network Firewall Developer Guide*.

## Contents


 ** Type **   <a name="networkfirewall-Type-EncryptionConfiguration-Type"></a>
The type of Amazon KMS key to use for encryption of your Network Firewall resources.  
Type: String  
Valid Values: `CUSTOMER_KMS | AWS_OWNED_KMS_KEY`   
Required: Yes

 ** KeyId **   <a name="networkfirewall-Type-EncryptionConfiguration-KeyId"></a>
The ID of the Amazon Key Management Service (KMS) customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN. For more information, see [Key ID](https://docs.amazonaws.cn/kms/latest/developerguide/concepts.html#key-id) in the * Amazon KMS Developer Guide*.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 2048.  
Pattern: `.*\S.*`   
Required: No

## See Also


For more information about using this API in one of the language-specific Amazon SDKs, see the following:
+  [Amazon SDK for C\$1\$1](https://docs.amazonaws.cn/goto/SdkForCpp/network-firewall-2020-11-12/EncryptionConfiguration) 
+  [Amazon SDK for Java V2](https://docs.amazonaws.cn/goto/SdkForJavaV2/network-firewall-2020-11-12/EncryptionConfiguration) 
+  [Amazon SDK for Ruby V3](https://docs.amazonaws.cn/goto/SdkForRubyV3/network-firewall-2020-11-12/EncryptionConfiguration)