EncryptionConfiguration

A complex type that contains optional AWS Key Management Service (KMS) encryption settings for your Network Firewall resources. Your data is encrypted by default with an AWS owned key that AWS owns and manages for you. You can use either the AWS owned key, or provide your own customer managed key. To learn more about KMS encryption of your Network Firewall resources, see Encryption at rest with AWS Key Managment Service in the Network Firewall Developer Guide.

Contents

Type

The type of AWS KMS key to use for encryption of your Network Firewall resources.

Type: String

Valid Values: CUSTOMER_KMS | AWS_OWNED_KMS_KEY

Required: Yes

KeyId

The ID of the AWS Key Management Service (KMS) customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN. For more information, see Key ID in the AWS KMS Developer Guide.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Pattern: .*\S.*

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++

• AWS SDK for Java V2

• AWS SDK for Ruby V3