AWS::SageMaker::FeatureGroup OnlineStoreSecurityConfig - AWS CloudFormation
SyntaxProperties
Services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the AWS European Sovereign Cloud Region, see the AWS European Sovereign Cloud User Guide.

This is the new CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.

AWS::SageMaker::FeatureGroup OnlineStoreSecurityConfig

The security configuration for OnlineStore.

Syntax

To declare this entity in your CloudFormation template, use the following syntax:

JSON

{
  "KmsKeyId" : String
}

YAML

  KmsKeyId: String

Properties

KmsKeyId

The AWS Key Management Service (KMS) key ARN that SageMaker Feature Store uses to encrypt the Amazon S3 objects at rest using Amazon S3 server-side encryption.

The caller (either user or IAM role) of CreateFeatureGroup must have below permissions to the OnlineStoreKmsKeyId:

  • "kms:Encrypt"

  • "kms:Decrypt"

  • "kms:DescribeKey"

  • "kms:CreateGrant"

  • "kms:RetireGrant"

  • "kms:ReEncryptFrom"

  • "kms:ReEncryptTo"

  • "kms:GenerateDataKey"

  • "kms:ListAliases"

  • "kms:ListGrants"

  • "kms:RevokeGrant"

The caller (either user or IAM role) to all DataPlane operations (PutRecord, GetRecord, DeleteRecord) must have the following permissions to the KmsKeyId:

  • "kms:Decrypt"

Required: No

Type: String

Maximum: 2048

Update requires: Replacement