AWS::Athena::WorkGroup EncryptionConfiguration - AWS CloudFormation
SyntaxProperties
Services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the AWS European Sovereign Cloud Region, see the AWS European Sovereign Cloud User Guide.

This is the new CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.

AWS::Athena::WorkGroup EncryptionConfiguration

If query results are encrypted in Amazon S3, indicates the encryption option used (for example, SSE_KMS or CSE_KMS) and key information.

Syntax

To declare this entity in your CloudFormation template, use the following syntax:

JSON

{
  "EncryptionOption" : String,
  "KmsKey" : String
}

YAML

  EncryptionOption: String
  KmsKey: String

Properties

EncryptionOption

Indicates whether Amazon S3 server-side encryption with Amazon S3-managed keys (SSE_S3), server-side encryption with KMS-managed keys (SSE_KMS), or client-side encryption with KMS-managed keys (CSE_KMS) is used.

If a query runs in a workgroup and the workgroup overrides client-side settings, then the workgroup's setting for encryption is used. It specifies whether query results must be encrypted, for all queries that run in this workgroup.

Required: Yes

Type: String

Allowed values: SSE_S3 | SSE_KMS | CSE_KMS

Update requires: No interruption

KmsKey

For SSE_KMS and CSE_KMS, this is the KMS key ARN or ID.

Required: No

Type: String

Update requires: No interruption