This is the new CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::EC2::VPCEncryptionControl
Describes the configuration and state of VPC encryption controls.
For more information, see Enforce VPC encryption in transit in the Amazon VPC User Guide.
Syntax
To declare this entity in your CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::EC2::VPCEncryptionControl", "Properties" : { "EgressOnlyInternetGatewayExclusionInput" :String, "ElasticFileSystemExclusionInput" :String, "InternetGatewayExclusionInput" :String, "LambdaExclusionInput" :String, "Mode" :String, "NatGatewayExclusionInput" :String, "Tags" :[ Tag, ... ], "VirtualPrivateGatewayExclusionInput" :String, "VpcId" :String, "VpcLatticeExclusionInput" :String, "VpcPeeringExclusionInput" :String} }
YAML
Type: AWS::EC2::VPCEncryptionControl Properties: EgressOnlyInternetGatewayExclusionInput:StringElasticFileSystemExclusionInput:StringInternetGatewayExclusionInput:StringLambdaExclusionInput:StringMode:StringNatGatewayExclusionInput:StringTags:- TagVirtualPrivateGatewayExclusionInput:StringVpcId:StringVpcLatticeExclusionInput:StringVpcPeeringExclusionInput:String
Properties
EgressOnlyInternetGatewayExclusionInput-
Specifies whether to exclude egress-only internet gateway traffic from encryption enforcement.
Required: No
Type: String
Allowed values:
enable | disableUpdate requires: No interruption
ElasticFileSystemExclusionInput-
Specifies whether to exclude Elastic File System traffic from encryption enforcement.
Required: No
Type: String
Allowed values:
enable | disableUpdate requires: No interruption
InternetGatewayExclusionInput-
Specifies whether to exclude internet gateway traffic from encryption enforcement.
Required: No
Type: String
Allowed values:
enable | disableUpdate requires: No interruption
LambdaExclusionInput-
Specifies whether to exclude Lambda function traffic from encryption enforcement.
Required: No
Type: String
Allowed values:
enable | disableUpdate requires: No interruption
Mode-
The encryption mode for the VPC Encryption Control configuration.
Required: No
Type: String
Allowed values:
monitor | enforceUpdate requires: No interruption
NatGatewayExclusionInput-
Specifies whether to exclude NAT gateway traffic from encryption enforcement.
Required: No
Type: String
Allowed values:
enable | disableUpdate requires: No interruption
-
The tags assigned to the VPC Encryption Control configuration.
Required: No
Type: Array of Tag
Update requires: No interruption
VirtualPrivateGatewayExclusionInput-
Specifies whether to exclude virtual private gateway traffic from encryption enforcement.
Required: No
Type: String
Allowed values:
enable | disableUpdate requires: No interruption
VpcId-
The ID of the VPC for which to create the encryption control configuration.
Required: No
Type: String
Update requires: Replacement
VpcLatticeExclusionInput-
Specifies whether to exclude VPC Lattice traffic from encryption enforcement.
Required: No
Type: String
Allowed values:
enable | disableUpdate requires: No interruption
VpcPeeringExclusionInput-
Specifies whether to exclude VPC peering connection traffic from encryption enforcement.
Required: No
Type: String
Allowed values:
enable | disableUpdate requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the VPC Encryption Control ID.
For more information about using the Ref function, see Ref.
Fn::GetAtt
Describes the configuration and state of VPC encryption controls.
For more information, see Enforce VPC encryption in transit in the Amazon VPC User Guide.
ResourceExclusions.EgressOnlyInternetGateway.State-
The current state of the exclusion configuration.
ResourceExclusions.EgressOnlyInternetGateway.StateMessage-
A message providing additional information about the exclusion state.
ResourceExclusions.ElasticFileSystem.State-
The current state of the exclusion configuration.
ResourceExclusions.ElasticFileSystem.StateMessage-
A message providing additional information about the exclusion state.
ResourceExclusions.InternetGateway.State-
The current state of the exclusion configuration.
ResourceExclusions.InternetGateway.StateMessage-
A message providing additional information about the exclusion state.
ResourceExclusions.Lambda.State-
The current state of the exclusion configuration.
ResourceExclusions.Lambda.StateMessage-
A message providing additional information about the exclusion state.
ResourceExclusions.NatGateway.State-
The current state of the exclusion configuration.
ResourceExclusions.NatGateway.StateMessage-
A message providing additional information about the exclusion state.
ResourceExclusions.VirtualPrivateGateway.State-
The current state of the exclusion configuration.
ResourceExclusions.VirtualPrivateGateway.StateMessage-
A message providing additional information about the exclusion state.
ResourceExclusions.VpcLattice.State-
The current state of the exclusion configuration.
ResourceExclusions.VpcLattice.StateMessage-
A message providing additional information about the exclusion state.
ResourceExclusions.VpcPeering.State-
The current state of the exclusion configuration.
ResourceExclusions.VpcPeering.StateMessage-
A message providing additional information about the exclusion state.
State-
The current state of the VPC Encryption Control configuration.
StateMessage-
A message providing additional information about the encryption control state.
VpcEncryptionControlId-
The ID of the VPC Encryption Control configuration.
