class CustomerManagedEncryptionConfiguration
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.StepFunctions.CustomerManagedEncryptionConfiguration |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awsstepfunctions#CustomerManagedEncryptionConfiguration |
 Java | software.amazon.awscdk.services.stepfunctions.CustomerManagedEncryptionConfiguration |
 Python | aws_cdk.aws_stepfunctions.CustomerManagedEncryptionConfiguration |
 TypeScript (source) | aws-cdk-lib » aws_stepfunctions » CustomerManagedEncryptionConfiguration |
Extends
Encryption
Define a new CustomerManagedEncryptionConfiguration.
Example
import * as kms from 'aws-cdk-lib/aws-kms';
import * as cdk from 'aws-cdk-lib';
const kmsKey = new kms.Key(this, 'Key');
const stateMachine = new sfn.StateMachine(this, 'StateMachineWithCMKEncryptionConfiguration', {
stateMachineName: 'StateMachineWithCMKEncryptionConfiguration',
definitionBody: sfn.DefinitionBody.fromChainable(sfn.Chain.start(new sfn.Pass(this, 'Pass'))),
stateMachineType: sfn.StateMachineType.STANDARD,
encryptionConfiguration: new sfn.CustomerManagedEncryptionConfiguration(kmsKey, cdk.Duration.seconds(60)),
});
Initializer
new CustomerManagedEncryptionConfiguration(kmsKey: IKey, kmsDataKeyReusePeriodSeconds?: Duration)
Parameters
Properties
| Name | Type | Description |
|---|---|---|
| kms | IKey | The symmetric customer managed KMS key for server-side encryption of the state machine definition, and execution history or activity inputs. |
| type | string | Encryption option for the state machine or activity. |
| kms | Duration | Maximum duration that Step Functions will reuse customer managed data keys. When the period expires, Step Functions will call GenerateDataKey. |
kmsKey
Type:
IKey
The symmetric customer managed KMS key for server-side encryption of the state machine definition, and execution history or activity inputs.
Step Functions will reuse the key for a maximum of kmsDataKeyReusePeriodSeconds.
type
Type:
string
Encryption option for the state machine or activity.
Can be either CUSTOMER_MANAGED_KMS_KEY or AWS_OWNED_KEY.
kmsDataKeyReusePeriodSeconds?
Type:
Duration
(optional, default: Duration.seconds(300))
Maximum duration that Step Functions will reuse customer managed data keys. When the period expires, Step Functions will call GenerateDataKey.
Must be between 60 and 900 seconds.