EncryptionSpecification - Amazon Keyspaces (for Apache Cassandra)

EncryptionSpecification

Amazon Keyspaces encrypts and decrypts the table data at rest transparently and integrates with AWS Key Management Service for storing and managing the encryption key. You can choose one of the following AWS KMS keys (KMS keys):

  • AWS owned key - This is the default encryption type. The key is owned by Amazon Keyspaces (no additional charge).

  • Customer managed key - This key is stored in your account and is created, owned, and managed by you. You have full control over the customer managed key (AWS KMS charges apply).

For more information about encryption at rest in Amazon Keyspaces, see Encryption at rest in the Amazon Keyspaces Developer Guide.

For more information about AWS KMS, see AWS KMS management service concepts in the AWS Key Management Service Developer Guide.

Contents

kmsKeyIdentifier

The Amazon Resource Name (ARN) of the customer managed KMS key, for example kms_key_identifier:ARN.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 5096.

Required: No

type

The encryption option specified for the table. You can choose one of the following KMS keys (KMS keys):

  • type:AWS_OWNED_KMS_KEY - This key is owned by Amazon Keyspaces.

  • type:CUSTOMER_MANAGED_KMS_KEY - This key is stored in your account and is created, owned, and managed by you. This option requires the kms_key_identifier of the KMS key in Amazon Resource Name (ARN) format as input.

The default is type:AWS_OWNED_KMS_KEY.

For more information, see Encryption at rest in the Amazon Keyspaces Developer Guide.

Type: String

Valid Values: CUSTOMER_MANAGED_KMS_KEY | AWS_OWNED_KMS_KEY

Required: Yes

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: