EncryptionConfiguration
Settings to configure server-side encryption.
For additional control over security, you can encrypt your data using a customer-managed key for Step Functions state machines and activities. You can configure a symmetric Amazon KMS key and data key reuse period when creating or updating a State Machine, and when creating an Activity. The execution history and state machine definition will be encrypted with the key applied to the State Machine. Activity inputs will be encrypted with the key applied to the Activity.
Note
Step Functions automatically enables encryption at rest using Amazon owned keys at no charge. However, Amazon KMS charges apply when using a customer managed key. For more information about pricing, see Amazon Key Management Service pricing
For more information on Amazon KMS, see What is Amazon Key Management Service?
Contents
- type
-
Encryption type
Type: String
Valid Values:
AWS_OWNED_KEY | CUSTOMER_MANAGED_KMS_KEYRequired: Yes
- kmsDataKeyReusePeriodSeconds
-
Maximum duration that Step Functions will reuse data keys. When the period expires, Step Functions will call
GenerateDataKey. Only applies to customer managed keys.Type: Integer
Valid Range: Minimum value of 60. Maximum value of 900.
Required: No
- kmsKeyId
-
An alias, alias ARN, key ID, or key ARN of a symmetric encryption Amazon KMS key to encrypt data. To specify a Amazon KMS key in a different Amazon account, you must use the key ARN or alias ARN.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 2048.
Required: No
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: