AWSFirehoseDeliveryStreamEncryptionConfigurationInput

@interface AWSFirehoseDeliveryStreamEncryptionConfigurationInput

Used to specify the type and Amazon Resource Name (ARN) of the CMK needed for Server-Side Encryption (SSE).

Required parameters: [KeyType]

  • If you set KeyType to CUSTOMER_MANAGED_CMK, you must specify the Amazon Resource Name (ARN) of the CMK. If you set KeyType to AWS_OWNED_CMK, Kinesis Data Firehose uses a service-account CMK.

    Declaration

    Objective-C

    @property (nonatomic, strong) NSString *_Nullable keyARN;

    Swift

    var keyARN: String? { get set }
  • Indicates the type of customer master key (CMK) to use for encryption. The default setting is AWS_OWNED_CMK. For more information about CMKs, see Customer Master Keys (CMKs). When you invoke CreateDeliveryStream or StartDeliveryStreamEncryption with KeyType set to CUSTOMER_MANAGED_CMK, Kinesis Data Firehose invokes the Amazon KMS operation CreateGrant to create a grant that allows the Kinesis Data Firehose service to use the customer managed CMK to perform encryption and decryption. Kinesis Data Firehose manages that grant.

    When you invoke StartDeliveryStreamEncryption to change the CMK for a delivery stream that is already encrypted with a customer managed CMK, Kinesis Data Firehose schedules the grant it had on the old CMK for retirement.

    Declaration

    Objective-C

    @property (nonatomic) AWSFirehoseKeyType keyType;

    Swift

    var keyType: AWSFirehoseKeyType { get set }