pulumi-aws-kotlin/com.pulumi.aws.dynamodb.kotlin.outputs/TableServerSideEncryption

TableServerSideEncryption

data class TableServerSideEncryption(val enabled: Boolean, val kmsKeyArn: String? = null)

Constructors

constructor(enabled: Boolean, kmsKeyArn: String? = null)

Types

Companion

object Companion

Properties

enabled

val enabled: Boolean

Whether or not to enable encryption at rest using an AWS managed KMS customer master key (CMK). If enabled is false then server-side encryption is set to AWS-owned key (shown as DEFAULT in the AWS console). Potentially confusingly, if enabled is true and no kms_key_arn is specified then server-side encryption is set to the default KMS-managed key (shown as KMS in the AWS console). The AWS KMS documentation explains the difference between AWS-owned and KMS-managed keys.

kmsKeyArn

val kmsKeyArn: String? = null

ARN of the CMK that should be used for the AWS KMS encryption. This argument should only be used if the key is different from the default KMS-managed DynamoDB key, alias/aws/dynamodb. Note: This attribute will not be populated with the ARN of default keys.