This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::StepFunctions::Activity EncryptionConfiguration
Settings to configure server-side encryption for an activity. By default, Step Functions provides transparent server-side encryption. With this configuration, you can specify a customer managed AWS KMS key for encryption.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "KmsDataKeyReusePeriodSeconds" :Integer, "KmsKeyId" :String, "Type" :String}
YAML
KmsDataKeyReusePeriodSeconds:IntegerKmsKeyId:StringType:String
Properties
KmsDataKeyReusePeriodSeconds-
Maximum duration that Step Functions will reuse data keys. When the period expires, Step Functions will call
GenerateDataKey. Only applies to customer managed keys.Required: No
Type: Integer
Minimum:
60Maximum:
900Update requires: Replacement
KmsKeyId-
An alias, alias ARN, key ID, or key ARN of a symmetric encryption AWS KMS key to encrypt data. To specify a AWS KMS key in a different AWS account, you must use the key ARN or alias ARN.
Required: No
Type: String
Minimum:
1Maximum:
2048Update requires: Replacement
Type-
Encryption option for an activity.
Required: Yes
Type: String
Allowed values:
CUSTOMER_MANAGED_KMS_KEY | AWS_OWNED_KEYUpdate requires: Replacement
