Sign In to the Console
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS Documentation » AWS CloudFormation » User Guide » Template Reference » AWS Resource and Property Types Reference » Amazon Kinesis Resource Types Reference » AWS::Kinesis::Stream » Kinesis StreamEncryption

Kinesis StreamEncryption

The StreamEncryption property is part of the AWS::Kinesis::Stream resource that enables or updates server-side encryption using an AWS KMS key for a specified stream. For more information, see StartStreamEncryption in the Amazon Kinesis Data Streams API Reference.

Syntax

JSON

{
  "EncryptionType" : String,
  "KeyId" : String
}

YAML

EncryptionType: String
KeyId: String

Properties

EncryptionType

The encryption type to use. The only valid value is KMS.

Required: Yes

Type: String

KeyId

The GUID for the customer-managed KMS key to use for encryption. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/". You can also use a master key owned by Kinesis Streams by specifying the alias aws/kinesis.

  • Key ARN example: arn:aws: kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012

  • Alias ARN example: arn:aws:kms:us-east-1:123456789012:alias/MyAliasName

  • Globally unique key ID example: 12345678-1234-1234-1234-123456789012

  • Alias name example: alias/MyAliasName

  • Master key owned by Kinesis Streams: alias/aws/kinesis

Required: Yes

Type: String

On this page: