AWS::StepFunctions::StateMachine EncryptionConfiguration

Settings to configure server-side encryption for a state machine. By default, Step Functions provides transparent server-side encryption. With this configuration, you can specify a customer managed AWS KMS key for encryption.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "KmsDataKeyReusePeriodSeconds" : Integer,
  "KmsKeyId" : String,
  "Type" : String
}

YAML


  KmsDataKeyReusePeriodSeconds: Integer
  KmsKeyId: String
  Type: String

Properties

KmsDataKeyReusePeriodSeconds

Maximum duration that Step Functions will reuse data keys. When the period expires, Step Functions will call GenerateDataKey. Only applies to customer managed keys.

Required: No

Type: Integer

Minimum: 60

Maximum: 900

Update requires: No interruption

KmsKeyId

An alias, alias ARN, key ID, or key ARN of a symmetric encryption AWS KMS key to encrypt data. To specify a AWS KMS key in a different AWS account, you must use the key ARN or alias ARN.

Required: No

Type: String

Minimum: 1

Maximum: 2048

Update requires: No interruption

Type

Encryption option for a state machine.

Required: Yes

Type: String

Allowed values: CUSTOMER_MANAGED_KMS_KEY | AWS_OWNED_KEY

Update requires: No interruption

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

CloudWatchLogsLogGroup

LogDestination