AWS::DataSync::LocationHDFS CmkSecretConfig - AWS CloudFormation
SyntaxProperties
Services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the AWS European Sovereign Cloud Region, see the AWS European Sovereign Cloud User Guide.

This is the new CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.

AWS::DataSync::LocationHDFS CmkSecretConfig

Specifies configuration information for a DataSync-managed secret, such as an authentication token, secret key, password, or Kerberos keytab that DataSync uses to access a specific storage location, with a customer-managed AWS KMS key.

Note

You can use either CmkSecretConfig or CustomSecretConfig to provide credentials for a CreateLocation request. Do not provide both parameters for the same request.

Syntax

To declare this entity in your CloudFormation template, use the following syntax:

JSON

{
  "KmsKeyArn" : String,
  "SecretArn" : String
}

YAML

  KmsKeyArn: String
  SecretArn: String

Properties

KmsKeyArn

Specifies the ARN for the customer-managed AWS KMS key that DataSync uses to encrypt the DataSync-managed secret stored for SecretArn. DataSync provides this key to AWS Secrets Manager.

Required: No

Type: String

Pattern: ^(arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):kms:[a-z-0-9]+:[0-9]{12}:key/.*|)$

Maximum: 2048

Update requires: No interruption

SecretArn

Specifies the ARN for the DataSync-managed AWS Secrets Manager secret that that is used to access a specific storage location. This property is generated by DataSync and is read-only. DataSync encrypts this secret with the KMS key that you specify for KmsKeyArn.

Required: No

Type: String

Pattern: ^(arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):secretsmanager:[a-z-0-9]+:[0-9]{12}:secret:.*|)$

Maximum: 2048

Update requires: No interruption