Updates the encryption configuration for X-Ray data.
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
put-encryption-config
[--key-id <value>]
--type <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
--key-id
(string)
An Amazon Web Services KMS key in one of the following formats:
Alias - The name of the key. For example,
alias/MyKey
.Key ID - The KMS key ID of the key. For example,
ae4aa6d49-a4d8-9df9-a475-4ff6d7898456
. Amazon Web Services X-Ray does not support asymmetric KMS keys.ARN - The full Amazon Resource Name of the key ID or alias. For example,
arn:aws:kms:us-east-2:123456789012:key/ae4aa6d49-a4d8-9df9-a475-4ff6d7898456
. Use this format to specify a key in a different account.Omit this key if you set
Type
toNONE
.
--type
(string)
The type of encryption. Set to
KMS
to use your own key for encryption. Set toNONE
for default encryption.Possible values:
NONE
KMS
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
See ‘aws help’ for descriptions of global parameters.
To update the encryption configuration
The following put-encryption-config``example updates the encryption configuration for AWS X-Ray data to use the default AWS managed KMS key ``aws/xray
.
aws xray put-encryption-config \
--type KMS \
--key-id alias/aws/xray
Output:
{
"EncryptionConfig": {
"KeyId": "arn:aws:kms:us-west-2:123456789012:key/c234g4e8-39e9-4gb0-84e2-b0ea215cbba5",
"Status": "UPDATING",
"Type": "KMS"
}
}
For more information, see Configuring Sampling, Groups, and Encryption Settings with the AWS X-Ray API in the AWS X-Ray Developer Guide.
EncryptionConfig -> (structure)
The new encryption configuration.
KeyId -> (string)
The ID of the KMS key used for encryption, if applicable.
Status -> (string)
The encryption status. While the status is
UPDATING
, X-Ray may encrypt data with a combination of the new and old settings.Type -> (string)
The type of encryption. Set to
KMS
for encryption with KMS keys. Set toNONE
for default encryption.