2025/07/31 - AWS IoT - 2 new api methods
Changes This release allows AWS IoT Core users to use their own AWS KMS keys for data protection
Updates the encryption configuration. By default, all Amazon Web Services IoT Core data at rest is encrypted using Amazon Web Services owned keys. Amazon Web Services IoT Core also supports symmetric customer managed keys from Amazon Web Services Key Management Service (KMS). With customer managed keys, you create, own, and manage the KMS keys in your Amazon Web Services account. For more information, see Data encryption in the Amazon Web Services IoT Core Developer Guide.
See also: AWS API Documentation
Request Syntax
client.update_encryption_configuration( encryptionType='CUSTOMER_MANAGED_KMS_KEY'|'AWS_OWNED_KMS_KEY', kmsKeyArn='string', kmsAccessRoleArn='string' )
string
[REQUIRED]
The type of the Amazon Web Services Key Management Service (KMS) key.
string
The ARN of the customer-managed KMS key.
string
The Amazon Resource Name (ARN) of the IAM role assumed by Amazon Web Services IoT Core to call KMS on behalf of the customer.
dict
Response Syntax
{}
Response Structure
(dict) --
Retrieves the encryption configuration for resources and data of your Amazon Web Services account in Amazon Web Services IoT Core. For more information, see Key management in IoT from the Amazon Web Services IoT Core Developer Guide.
See also: AWS API Documentation
Request Syntax
client.describe_encryption_configuration()
dict
Response Syntax
{ 'encryptionType': 'CUSTOMER_MANAGED_KMS_KEY'|'AWS_OWNED_KMS_KEY', 'kmsKeyArn': 'string', 'kmsAccessRoleArn': 'string', 'configurationDetails': { 'configurationStatus': 'HEALTHY'|'UNHEALTHY', 'errorCode': 'string', 'errorMessage': 'string' }, 'lastModifiedDate': datetime(2015, 1, 1) }
Response Structure
(dict) --
encryptionType (string) --
The type of the Amazon Web Services Key Management Service (KMS) key.
kmsKeyArn (string) --
The Amazon Resource Name (ARN) of the IAM role assumed by Amazon Web Services IoT Core to call KMS on behalf of the customer.
kmsAccessRoleArn (string) --
The ARN of the customer-managed KMS key.
configurationDetails (dict) --
The encryption configuration details that include the status information of the KMS key and the KMS access role.
configurationStatus (string) --
The health status of KMS key and KMS access role. If either KMS key or KMS access role is UNHEALTHY, the return value will be UNHEALTHY. To use a customer-managed KMS key, the value of configurationStatus must be HEALTHY.
errorCode (string) --
The error code that indicates either the KMS key or the KMS access role is UNHEALTHY. Valid values: KMS_KEY_VALIDATION_ERROR and ROLE_VALIDATION_ERROR.
errorMessage (string) --
The detailed error message that corresponds to the errorCode.
lastModifiedDate (datetime) --
The date when encryption configuration is last updated.