OnlineStoreSecurityConfig
import type { OnlineStoreSecurityConfig } from "https://aws-api.deno.dev/v0.3/services/sagemaker.ts?docs=full";
The security configuration for OnlineStore
.
interface OnlineStoreSecurityConfig {
KmsKeyId?: string | null;
}§Properties
§
KmsKeyId?: string | null
[src]The ID of the Amazon Web Services Key Management Service (Amazon Web Services KMS) key that SageMaker Feature Store uses to encrypt the Amazon S3 objects at rest using Amazon S3 server-side encryption.
The caller (either IAM user or IAM role) of CreateFeatureGroup
must have below permissions to the OnlineStore
KmsKeyId
:
-
"kms:Encrypt"
-
"kms:Decrypt"
-
"kms:DescribeKey"
-
"kms:CreateGrant"
-
"kms:RetireGrant"
-
"kms:ReEncryptFrom"
-
"kms:ReEncryptTo"
-
"kms:GenerateDataKey"
-
"kms:ListAliases"
-
"kms:ListGrants"
-
"kms:RevokeGrant"
The caller (either IAM user or IAM role) to all DataPlane operations (PutRecord
, GetRecord
, DeleteRecord
) must have the following permissions to the KmsKeyId
:
-
"kms:Decrypt"