OnlineStoreSecurityConfig
The security configuration for OnlineStore
.
Contents
- KmsKeyId
-
The Amazon Key Management Service (KMS) key ARN that SageMaker Feature Store uses to encrypt the Amazon S3 objects at rest using Amazon S3 server-side encryption.
The caller (either user or IAM role) of
CreateFeatureGroup
must have below permissions to theOnlineStore
KmsKeyId
:-
"kms:Encrypt"
-
"kms:Decrypt"
-
"kms:DescribeKey"
-
"kms:CreateGrant"
-
"kms:RetireGrant"
-
"kms:ReEncryptFrom"
-
"kms:ReEncryptTo"
-
"kms:GenerateDataKey"
-
"kms:ListAliases"
-
"kms:ListGrants"
-
"kms:RevokeGrant"
The caller (either user or IAM role) to all DataPlane operations (
PutRecord
,GetRecord
,DeleteRecord
) must have the following permissions to theKmsKeyId
:-
"kms:Decrypt"
Type: String
Length Constraints: Maximum length of 2048.
Pattern:
^[a-zA-Z0-9:/_-]*$
Required: No
-
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: