KmsEncryptionSettings - Amazon Verified Permissions
ContentsSee Also
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

KmsEncryptionSettings

A structure that contains the KMS encryption configuration for the policy store. The encryption settings determine what customer-managed KMS key will be used to encrypt all resources within the policy store, and any user-defined context key-value pairs to append during encryption processes.

This data type is used as a field that is part of the EncryptionSettings type.

Contents

Note

In the following list, the required parameters are described first.

key

The customer-managed KMS key Amazon Resource Name (ARN), alias or ID to be used for encryption processes.

Users can provide the full KMS key ARN, a KMS key alias, or a KMS key ID, but it will be mapped to the full KMS key ARN after policy store creation, and referenced when encrypting child resources.

Type: String

Pattern: [a-zA-Z0-9:/_-]+

Required: Yes

encryptionContext

User-defined, additional context to be added to encryption processes.

Type: String to string map

Map Entries: Minimum number of 0 items. Maximum number of 8192 items.

Key Length Constraints: Minimum length of 1.

Value Length Constraints: Minimum length of 1.

Required: No

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: