Class: Aws::States::Types::EncryptionConfiguration

Inherits:
Struct
  • Object
show all
Includes:
Aws::Structure
Defined in:
lib/aws-sdk-states/types.rb

Overview

Settings to configure server-side encryption.

For additional control over security, you can encrypt your data using a **customer-managed key** for Step Functions state machines and activities. You can configure a symmetric KMS key and data key reuse period when creating or updating a **State Machine**, and when creating an Activity. The execution history and state machine definition will be encrypted with the key applied to the State Machine. Activity inputs will be encrypted with the key applied to the Activity.

<note markdown=“1”> Step Functions automatically enables encryption at rest using Amazon Web Services owned keys at no charge. However, KMS charges apply when using a customer managed key. For more information about pricing, see [Key Management Service pricing].

</note>

For more information on KMS, see [What is Key Management Service?]

[1]: aws.amazon.com/kms/pricing/ [2]: docs.aws.amazon.com/kms/latest/developerguide/overview.html

Constant Summary collapse

SENSITIVE =
[]

Instance Attribute Summary collapse

Instance Attribute Details

#kms_data_key_reuse_period_secondsInteger

Maximum duration that Step Functions will reuse data keys. When the period expires, Step Functions will call ‘GenerateDataKey`. Only applies to customer managed keys.

Returns:

  • (Integer)


1358
1359
1360
1361
1362
1363
1364
# File 'lib/aws-sdk-states/types.rb', line 1358

class EncryptionConfiguration < Struct.new(
  :kms_key_id,
  :kms_data_key_reuse_period_seconds,
  :type)
  SENSITIVE = []
  include Aws::Structure
end

#kms_key_idString

An alias, alias ARN, key ID, or key ARN of a symmetric encryption KMS key to encrypt data. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.

Returns:

  • (String)


1358
1359
1360
1361
1362
1363
1364
# File 'lib/aws-sdk-states/types.rb', line 1358

class EncryptionConfiguration < Struct.new(
  :kms_key_id,
  :kms_data_key_reuse_period_seconds,
  :type)
  SENSITIVE = []
  include Aws::Structure
end

#typeString

Encryption type

Returns:

  • (String)


1358
1359
1360
1361
1362
1363
1364
# File 'lib/aws-sdk-states/types.rb', line 1358

class EncryptionConfiguration < Struct.new(
  :kms_key_id,
  :kms_data_key_reuse_period_seconds,
  :type)
  SENSITIVE = []
  include Aws::Structure
end