OnlineStoreSecurityConfig - Amazon SageMaker


The security configuration for OnlineStore.



The AWS Key Management Service (KMS) key ARN that SageMaker Feature Store uses to encrypt the Amazon S3 objects at rest using Amazon S3 server-side encryption.

The caller (either user or IAM role) of CreateFeatureGroup must have below permissions to the OnlineStore KmsKeyId:

  • "kms:Encrypt"

  • "kms:Decrypt"

  • "kms:DescribeKey"

  • "kms:CreateGrant"

  • "kms:RetireGrant"

  • "kms:ReEncryptFrom"

  • "kms:ReEncryptTo"

  • "kms:GenerateDataKey"

  • "kms:ListAliases"

  • "kms:ListGrants"

  • "kms:RevokeGrant"

The caller (either user or IAM role) to all DataPlane operations (PutRecord, GetRecord, DeleteRecord) must have the following permissions to the KmsKeyId:

  • "kms:Decrypt"

Type: String

Length Constraints: Maximum length of 2048.

Pattern: .*

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: