kmsKeyId property
The ID of the AWS Key Management Service (AWS KMS) key that SageMaker Feature Store uses to encrypt the Amazon S3 objects at rest using Amazon S3 server-side encryption.
The caller (either IAM user or IAM role) of CreateFeatureGroup
must have below permissions to the OnlineStore
KmsKeyId
:
-
"kms:Encrypt"
-
"kms:Decrypt"
-
"kms:DescribeKey"
-
"kms:CreateGrant"
-
"kms:RetireGrant"
-
"kms:ReEncryptFrom"
-
"kms:ReEncryptTo"
-
"kms:GenerateDataKey"
-
"kms:ListAliases"
-
"kms:ListGrants"
-
"kms:RevokeGrant"
PutRecord
, GetRecord
, DeleteRecord
)
must have the following permissions to the KmsKeyId
:
-
"kms:Decrypt"
Implementation
final String? kmsKeyId;