AWS::StepFunctions::StateMachine EncryptionConfiguration - AWS CloudFormation (original) (raw)

Settings to configure server-side encryption for a state machine. By default, Step Functions provides transparent server-side encryption. With this configuration, you can specify a customer managed AWS KMS key for encryption.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "KmsDataKeyReusePeriodSeconds" : Integer,
  "KmsKeyId" : String,
  "Type" : String
}

YAML

  KmsDataKeyReusePeriodSeconds: Integer
  KmsKeyId: String
  Type: String

Properties

KmsDataKeyReusePeriodSeconds

Maximum duration that Step Functions will reuse data keys. When the period expires, Step Functions will call GenerateDataKey. Only applies to customer managed keys.

Required: No

Type: Integer

Minimum: 60

Maximum: 900

Update requires: No interruption

KmsKeyId

An alias, alias ARN, key ID, or key ARN of a symmetric encryption AWS KMS key to encrypt data. To specify a AWS KMS key in a different AWS account, you must use the key ARN or alias ARN.

Required: No

Type: String

Minimum: 1

Maximum: 2048

Update requires: No interruption

Type

Encryption option for a state machine.

Required: Yes

Type: String

Allowed values: CUSTOMER_MANAGED_KMS_KEY | AWS_OWNED_KEY

Update requires: No interruption

CloudWatchLogsLogGroup

LogDestination

Did this page help you? - Yes

Thanks for letting us know we're doing a good job!

If you've got a moment, please tell us what we did right so we can do more of it.

Did this page help you? - No

Thanks for letting us know this page needs work. We're sorry we let you down.

If you've got a moment, please tell us how we can make the documentation better.