Class: Aws::Firehose::Types::DeliveryStreamEncryptionConfigurationInput
- Inherits:
-
Struct
- Object
- Struct
- Aws::Firehose::Types::DeliveryStreamEncryptionConfigurationInput
- Defined in:
- gems/aws-sdk-firehose/lib/aws-sdk-firehose/types.rb
Overview
When making an API call, you may pass DeliveryStreamEncryptionConfigurationInput data as a hash:
{
key_arn: "AWSKMSKeyARN",
key_type: "AWS_OWNED_CMK", # required, accepts AWS_OWNED_CMK, CUSTOMER_MANAGED_CMK
}
Specifies the type and Amazon Resource Name (ARN) of the CMK to use for Server-Side Encryption (SSE).
Constant Summary collapse
- SENSITIVE =
[]
Instance Attribute Summary collapse
-
#key_arn ⇒ String
If you set
KeyType
toCUSTOMER_MANAGED_CMK
, you must specify the Amazon Resource Name (ARN) of the CMK. -
#key_type ⇒ String
Indicates the type of customer master key (CMK) to use for encryption.
Instance Attribute Details
#key_arn ⇒ String
If you set KeyType
to CUSTOMER_MANAGED_CMK
, you must specify the
Amazon Resource Name (ARN) of the CMK. If you set KeyType
to
AWS_OWNED_CMK
, Kinesis Data Firehose uses a service-account CMK.
1013 1014 1015 1016 1017 1018 |
# File 'gems/aws-sdk-firehose/lib/aws-sdk-firehose/types.rb', line 1013 class DeliveryStreamEncryptionConfigurationInput < Struct.new( :key_arn, :key_type) SENSITIVE = [] include Aws::Structure end |
#key_type ⇒ String
Indicates the type of customer master key (CMK) to use for
encryption. The default setting is AWS_OWNED_CMK
. For more
information about CMKs, see Customer Master Keys (CMKs). When
you invoke CreateDeliveryStream or StartDeliveryStreamEncryption
with KeyType
set to CUSTOMER_MANAGED_CMK, Kinesis Data Firehose
invokes the Amazon KMS operation CreateGrant to create a grant
that allows the Kinesis Data Firehose service to use the customer
managed CMK to perform encryption and decryption. Kinesis Data
Firehose manages that grant.
When you invoke StartDeliveryStreamEncryption to change the CMK for a delivery stream that is encrypted with a customer managed CMK, Kinesis Data Firehose schedules the grant it had on the old CMK for retirement.
You can use a CMK of type CUSTOMER_MANAGED_CMK to encrypt up to
500 delivery streams. If a CreateDeliveryStream or
StartDeliveryStreamEncryption operation exceeds this limit, Kinesis
Data Firehose throws a LimitExceededException
.
To encrypt your delivery stream, use symmetric CMKs. Kinesis Data Firehose doesn't support asymmetric CMKs. For information about symmetric and asymmetric CMKs, see About Symmetric and Asymmetric CMKs in the AWS Key Management Service developer guide.
1013 1014 1015 1016 1017 1018 |
# File 'gems/aws-sdk-firehose/lib/aws-sdk-firehose/types.rb', line 1013 class DeliveryStreamEncryptionConfigurationInput < Struct.new( :key_arn, :key_type) SENSITIVE = [] include Aws::Structure end |