UpdateEncryptionConfiguration
Updates the encryption configuration. By default, AWS IoT Core encrypts your data at rest using AWS owned keys. AWS IoT Core also supports symmetric customer managed keys from AWS Key Management Service (AWS KMS). With customer managed keys, you create, own, and manage the KMS keys in your AWS account.
Before using this API, you must set up permissions for AWS IoT Core to access AWS KMS. For more information, see Data encryption at rest in the AWS IoT Core Developer Guide.
Request Syntax
PATCH /encryption-configuration HTTP/1.1
Content-type: application/json
{
"encryptionType": "string",
"kmsAccessRoleArn": "string",
"kmsKeyArn": "string"
}URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
- encryptionType
-
The type of the KMS key.
Type: String
Valid Values:
CUSTOMER_MANAGED_KMS_KEY | AWS_OWNED_KMS_KEYRequired: Yes
- kmsAccessRoleArn
-
The Amazon Resource Name (ARN) of the IAM role assumed by AWS IoT Core to call AWS KMS on behalf of the customer.
Type: String
Length Constraints: Maximum length of 2048.
Required: No
- kmsKeyArn
-
The ARN of the customer managedKMS key.
Type: String
Length Constraints: Maximum length of 2048.
Required: No
Response Syntax
HTTP/1.1 200
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
- InternalFailureException
-
An unexpected error has occurred.
HTTP Status Code: 500
- InvalidRequestException
-
The request is not valid.
HTTP Status Code: 400
- ServiceUnavailableException
-
The service is temporarily unavailable.
HTTP Status Code: 503
- ThrottlingException
-
The rate exceeds the limit.
HTTP Status Code: 400
- UnauthorizedException
-
You are not authorized to perform this operation.
HTTP Status Code: 401
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
