AWS::StepFunctions::Activity EncryptionConfiguration - AWS CloudFormation
SyntaxProperties
Services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the AWS European Sovereign Cloud Region, see the AWS European Sovereign Cloud User Guide.

This is the new CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.

AWS::StepFunctions::Activity EncryptionConfiguration

Settings to configure server-side encryption for an activity. By default, Step Functions provides transparent server-side encryption. With this configuration, you can specify a customer managed AWS KMS key for encryption.

Syntax

To declare this entity in your CloudFormation template, use the following syntax:

JSON

{
  "KmsDataKeyReusePeriodSeconds" : Integer,
  "KmsKeyId" : String,
  "Type" : String
}

YAML

  KmsDataKeyReusePeriodSeconds: Integer
  KmsKeyId: String
  Type: String

Properties

KmsDataKeyReusePeriodSeconds

Maximum duration that Step Functions will reuse data keys. When the period expires, Step Functions will call GenerateDataKey. Only applies to customer managed keys.

Required: No

Type: Integer

Minimum: 60

Maximum: 900

Update requires: Replacement

KmsKeyId

An alias, alias ARN, key ID, or key ARN of a symmetric encryption AWS KMS key to encrypt data. To specify a AWS KMS key in a different AWS account, you must use the key ARN or alias ARN.

Required: No

Type: String

Minimum: 1

Maximum: 2048

Update requires: Replacement

Type

Encryption option for an activity.

Required: Yes

Type: String

Allowed values: CUSTOMER_MANAGED_KMS_KEY | AWS_OWNED_KEY

Update requires: Replacement