Class: Aws::Firehose::Types::DeliveryStreamEncryptionConfigurationInput
- Inherits:
-
Struct
- Object
- Struct
- Aws::Firehose::Types::DeliveryStreamEncryptionConfigurationInput
- Defined in:
- gems/aws-sdk-firehose/lib/aws-sdk-firehose/types.rb
Overview
Specifies the type and Amazon Resource Name (ARN) of the CMK to use for Server-Side Encryption (SSE).
Constant Summary collapse
- SENSITIVE =
[]
Instance Attribute Summary collapse
-
#key_arn ⇒ String
If you set
KeyType
toCUSTOMER_MANAGED_CMK
, you must specify the Amazon Resource Name (ARN) of the CMK. -
#key_type ⇒ String
Indicates the type of customer master key (CMK) to use for encryption.
Instance Attribute Details
#key_arn ⇒ String
If you set KeyType
to CUSTOMER_MANAGED_CMK
, you must specify the
Amazon Resource Name (ARN) of the CMK. If you set KeyType
to
Amazon Web Services_OWNED_CMK
, Firehose uses a service-account
CMK.
1168 1169 1170 1171 1172 1173 |
# File 'gems/aws-sdk-firehose/lib/aws-sdk-firehose/types.rb', line 1168 class DeliveryStreamEncryptionConfigurationInput < Struct.new( :key_arn, :key_type) SENSITIVE = [] include Aws::Structure end |
#key_type ⇒ String
Indicates the type of customer master key (CMK) to use for
encryption. The default setting is Amazon Web Services_OWNED_CMK
.
For more information about CMKs, see Customer Master Keys
(CMKs). When you invoke CreateDeliveryStream or
StartDeliveryStreamEncryption with KeyType
set to
CUSTOMER_MANAGED_CMK, Firehose invokes the Amazon KMS operation
CreateGrant to create a grant that allows the Firehose service
to use the customer managed CMK to perform encryption and
decryption. Firehose manages that grant.
When you invoke StartDeliveryStreamEncryption to change the CMK for a delivery stream that is encrypted with a customer managed CMK, Firehose schedules the grant it had on the old CMK for retirement.
You can use a CMK of type CUSTOMER_MANAGED_CMK to encrypt up to
500 delivery streams. If a CreateDeliveryStream or
StartDeliveryStreamEncryption operation exceeds this limit, Firehose
throws a LimitExceededException
.
To encrypt your delivery stream, use symmetric CMKs. Firehose doesn't support asymmetric CMKs. For information about symmetric and asymmetric CMKs, see About Symmetric and Asymmetric CMKs in the Amazon Web Services Key Management Service developer guide.
1168 1169 1170 1171 1172 1173 |
# File 'gems/aws-sdk-firehose/lib/aws-sdk-firehose/types.rb', line 1168 class DeliveryStreamEncryptionConfigurationInput < Struct.new( :key_arn, :key_type) SENSITIVE = [] include Aws::Structure end |