Interface CfnStateMachine.IEncryptionConfigurationProperty
Settings to configure server-side encryption for a state machine.
Namespace: Amazon.CDK.AWS.StepFunctions
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface IEncryptionConfigurationProperty
Syntax (vb)
Public Interface IEncryptionConfigurationProperty
Remarks
By default, Step Functions provides transparent server-side encryption. With this configuration, you can specify a customer managed AWS KMS key for encryption.
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.StepFunctions;
var encryptionConfigurationProperty = new EncryptionConfigurationProperty {
Type = "type",
// the properties below are optional
KmsDataKeyReusePeriodSeconds = 123,
KmsKeyId = "kmsKeyId"
};
Synopsis
Properties
KmsDataKeyReusePeriodSeconds | Maximum duration that Step Functions will reuse data keys. |
KmsKeyId | An alias, alias ARN, key ID, or key ARN of a symmetric encryption AWS KMS key to encrypt data. |
Type | Encryption option for a state machine. |
Properties
KmsDataKeyReusePeriodSeconds
Maximum duration that Step Functions will reuse data keys.
virtual Nullable<double> KmsDataKeyReusePeriodSeconds { get; }
Property Value
System.Nullable<System.Double>
Remarks
When the period expires, Step Functions will call GenerateDataKey
. Only applies to customer managed keys.
KmsKeyId
An alias, alias ARN, key ID, or key ARN of a symmetric encryption AWS KMS key to encrypt data.
virtual string KmsKeyId { get; }
Property Value
System.String
Remarks
To specify a AWS KMS key in a different AWS account, you must use the key ARN or alias ARN.
Type
Encryption option for a state machine.
string Type { get; }
Property Value
System.String