EncryptionAtRestOptions

class aws_cdk.aws_elasticsearch.EncryptionAtRestOptions(*, enabled=None, kms_key=None)

Bases: object

Whether the domain should encrypt data at rest, and if so, the AWS Key Management Service (KMS) key to use.

Can only be used to create a new domain, not update an existing one. Requires Elasticsearch version 5.1 or later.

Parameters
  • enabled (Optional[bool]) – Specify true to enable encryption at rest. Default: - encryption at rest is disabled.

  • kms_key (Optional[IKey]) – Supply if using KMS key for encryption at rest. Default: - uses default aws/es KMS key.

Attributes

enabled

Specify true to enable encryption at rest.

Default
  • encryption at rest is disabled.

Return type

Optional[bool]

kms_key

Supply if using KMS key for encryption at rest.

Default
  • uses default aws/es KMS key.

Return type

Optional[IKey]