AWS SDK Version 3 for .NET
API Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Enables or updates server-side encryption using an AWS KMS key for a specified stream.

Starting encryption is an asynchronous operation. Upon receiving the request, Amazon Kinesis returns immediately and sets the status of the stream to UPDATING. After the update is complete, Amazon Kinesis sets the status of the stream back to ACTIVE. Updating or applying encryption normally takes a few seconds to complete but it can take minutes. You can continue to read and write data to your stream while its status is UPDATING. Once the status of the stream is ACTIVE, records written to the stream will begin to be encrypted.

API Limits: You can successfully apply a new AWS KMS key for server-side encryption 25 times in a rolling 24 hour period.

Note: It can take up to 5 seconds after the stream is in an ACTIVE status before all records written to the stream are encrypted. After you’ve enabled encryption, you can verify encryption was applied by inspecting the API response from PutRecord or PutRecords.

Note:

For PCL and Unity this operation is only available in asynchronous form. Please refer to StartStreamEncryptionAsync.

Namespace: Amazon.Kinesis
Assembly: AWSSDK.Kinesis.dll
Version: 3.x.y.z

Syntax

C#
public abstract StartStreamEncryptionResponse StartStreamEncryption(
         StartStreamEncryptionRequest request
)
Parameters
request
Type: Amazon.Kinesis.Model.StartStreamEncryptionRequest

Container for the necessary parameters to execute the StartStreamEncryption service method.

Return Value
The response from the StartStreamEncryption service method, as returned by Kinesis.

Exceptions

ExceptionCondition
InvalidArgumentException A specified parameter exceeds its restrictions, is not supported, or can't be used. For more information, see the returned message.
KMSAccessDeniedException The ciphertext references a key that doesn't exist or that you don't have access to.
KMSDisabledException The request was rejected because the specified CMK isn't enabled.
KMSInvalidStateException The request was rejected because the state of the specified resource isn't valid for this request. For more information, see How Key State Affects Use of a Customer Master Key in the AWS Key Management Service Developer Guide.
KMSNotFoundException The request was rejected because the specified entity or resource couldn't be found.
KMSOptInRequiredException The AWS access key ID needs a subscription for the service.
KMSThrottlingException The request was denied due to request throttling. For more information about throttling, see Limits in the AWS Key Management Service Developer Guide.
LimitExceededException The requested resource exceeds the maximum number allowed, or the number of concurrent stream requests exceeds the maximum number allowed (5).
ResourceInUseException The resource is not available for this operation. For successful operation, the resource needs to be in the ACTIVE state.
ResourceNotFoundException The requested resource could not be found. The stream might not be specified correctly.

Version Information

.NET Framework:
Supported in: 4.5, 4.0, 3.5

Portable Class Library:
Supported in: Windows Store Apps
Supported in: Windows Phone 8.1
Supported in: Xamarin Android
Supported in: Xamarin iOS (Unified)
Supported in: Xamarin.Forms

Unity:
Supported Versions: 4.6 and above
Supported Platforms: Android, iOS, Standalone

See Also