AWS::Glue::DataCatalogEncryptionSettings EncryptionAtRest - AWS CloudFormation
SyntaxProperties
Services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the AWS European Sovereign Cloud Region, see the AWS European Sovereign Cloud User Guide.

This is the new CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.

AWS::Glue::DataCatalogEncryptionSettings EncryptionAtRest

Specifies the encryption-at-rest configuration for the Data Catalog.

Syntax

To declare this entity in your CloudFormation template, use the following syntax:

JSON

{
  "CatalogEncryptionMode" : String,
  "CatalogEncryptionServiceRole" : String,
  "SseAwsKmsKeyId" : String
}

Properties

CatalogEncryptionMode

The encryption-at-rest mode for encrypting Data Catalog data.

Required: No

Type: String

Allowed values: DISABLED | SSE-KMS | SSE-KMS-WITH-SERVICE-ROLE

Update requires: No interruption

CatalogEncryptionServiceRole

The role that AWS Glue assumes to encrypt and decrypt the Data Catalog objects on the caller's behalf.

Required: No

Type: String

Pattern: ^arn:aws(-(cn|us-gov|iso(-[bef])?))?:iam::[0-9]{12}:role/.+

Update requires: No interruption

SseAwsKmsKeyId

The ID of the AWS KMS key to use for encryption at rest.

Required: No

Type: String

Pattern: [\u0020-\uD7FF\uE000-\uFFFD\uD800\uDC00-\uDBFF\uDFFF\t]*

Minimum: 1

Maximum: 255

Update requires: No interruption