StreamEncryption

class aws_cdk.aws_kinesis.StreamEncryption(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: Enum

What kind of server-side encryption to apply to this stream.

ExampleMetadata:

infused

Example:

lambda_role = iam.Role(self, "Role",
    assumed_by=iam.ServicePrincipal("lambda.amazonaws.com"),
    description="Example role..."
)

stream = kinesis.Stream(self, "MyEncryptedStream",
    encryption=kinesis.StreamEncryption.KMS
)

# give lambda permissions to read stream
stream.grant_read(lambda_role)

Attributes

KMS

Server-side encryption with a KMS key managed by the user.

If encryptionKey is specified, this key will be used, otherwise, one will be defined.

MANAGED

Server-side encryption with a master key managed by Amazon Kinesis.

UNENCRYPTED

Records in the stream are not encrypted.