pulumi-aws-kotlin/com.pulumi.aws.dynamodb.kotlin.inputs/TableServerSideEncryptionArgs

TableServerSideEncryptionArgs

data class TableServerSideEncryptionArgs(val enabled: Output<Boolean>, val kmsKeyArn: Output<String>? = null) : ConvertibleToJava<TableServerSideEncryptionArgs>

Constructors

fun TableServerSideEncryptionArgs(enabled: Output<Boolean>, kmsKeyArn: Output<String>? = null)

Functions

toJava

open override fun toJava(): TableServerSideEncryptionArgs

Properties

enabled

val enabled: Output<Boolean>

Whether or not to enable encryption at rest using an AWS managed KMS customer master key (CMK). If enabled is false then server-side encryption is set to AWS-owned key (shown as DEFAULT in the AWS console). Potentially confusingly, if enabled is true and no kms_key_arn is specified then server-side encryption is set to the default KMS-managed key (shown as KMS in the AWS console). The AWS KMS documentation explains the difference between AWS-owned and KMS-managed keys.

kmsKeyArn

val kmsKeyArn: Output<String>? = null

ARN of the CMK that should be used for the AWS KMS encryption. This argument should only be used if the key is different from the default KMS-managed DynamoDB key, alias/aws/dynamodb. Note: This attribute will not be populated with the ARN of default keys.