Class ServiceEncryptionConfig

GlobalConfig / ServiceEncryptionConfig

AWS service encryption configuration settings

Example

 encryption:
   useCMK: true
   deploymentTargets:
     organizationalUnits:
       - Root

Hierarchy

ServiceEncryptionConfig

Implements

TypeOf<typeof serviceEncryptionConfig>

Index

Constructors

constructor

Properties

deploymentTargets useCMK

Constructors

constructor

new ServiceEncryptionConfig(): ServiceEncryptionConfig
Returns ServiceEncryptionConfig

Properties

`Readonly` deploymentTargets

deploymentTargets: undefined | DeploymentTargets = undefined

To control target environments (AWS Account and Region) for the given useCMK setting, you may optionally specify deployment targets. Leaving deploymentTargets undefined will apply useCMK setting to all accounts and enabled regions.

`Readonly` useCMK

useCMK: boolean = false

Flag indicates whether Accelerator deployed AWS Service will use AWS KMS CMK for encryption or Service managed KMS.

Remarks

When set to true, the solution will create AWS KMS CMK which will be used by the service for encryption. Example, when flag set to true for AWS Lambda service, the solution will create AWS KMS CMK to encrypt lambda function environment variables, otherwise AWS managed key will be used for environment variables encryption.

Default

false

Class ServiceEncryptionConfig

Example

Hierarchy

Implements

Index

Constructors

Properties

Constructors

constructor

Returns ServiceEncryptionConfig

Properties

`Readonly` deploymentTargets

`Readonly` useCMK

Remarks

Default

Settings

Member Visibility

Theme

Class ServiceEncryptionConfig

Example

Hierarchy

Implements

Index

Constructors

Properties

Constructors

constructor

Returns ServiceEncryptionConfig

Properties

Readonly deploymentTargets

Readonly useCMK

Remarks

Default

Settings

Member Visibility

Theme

`Readonly` deploymentTargets

`Readonly` useCMK