AWS IoT

2025/07/31 - AWS IoT - 2 new api methods

Changes  This release allows AWS IoT Core users to use their own AWS KMS keys for data protection

UpdateEncryptionConfiguration (new) Link ¶

Updates the encryption configuration. By default, all Amazon Web Services IoT Core data at rest is encrypted using Amazon Web Services owned keys. Amazon Web Services IoT Core also supports symmetric customer managed keys from Amazon Web Services Key Management Service (KMS). With customer managed keys, you create, own, and manage the KMS keys in your Amazon Web Services account. For more information, see Data encryption in the Amazon Web Services IoT Core Developer Guide.

See also: AWS API Documentation

Request Syntax

client.update_encryption_configuration(
    encryptionType='CUSTOMER_MANAGED_KMS_KEY'|'AWS_OWNED_KMS_KEY',
    kmsKeyArn='string',
    kmsAccessRoleArn='string'
)
type encryptionType:

string

param encryptionType:

[REQUIRED]

The type of the Amazon Web Services Key Management Service (KMS) key.

type kmsKeyArn:

string

param kmsKeyArn:

The ARN of the customer-managed KMS key.

type kmsAccessRoleArn:

string

param kmsAccessRoleArn:

The Amazon Resource Name (ARN) of the IAM role assumed by Amazon Web Services IoT Core to call KMS on behalf of the customer.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

DescribeEncryptionConfiguration (new) Link ¶

Retrieves the encryption configuration for resources and data of your Amazon Web Services account in Amazon Web Services IoT Core. For more information, see Key management in IoT from the Amazon Web Services IoT Core Developer Guide.

See also: AWS API Documentation

Request Syntax

client.describe_encryption_configuration()
rtype:

dict

returns:

Response Syntax

{
    'encryptionType': 'CUSTOMER_MANAGED_KMS_KEY'|'AWS_OWNED_KMS_KEY',
    'kmsKeyArn': 'string',
    'kmsAccessRoleArn': 'string',
    'configurationDetails': {
        'configurationStatus': 'HEALTHY'|'UNHEALTHY',
        'errorCode': 'string',
        'errorMessage': 'string'
    },
    'lastModifiedDate': datetime(2015, 1, 1)
}

Response Structure

  • (dict) --

    • encryptionType (string) --

      The type of the Amazon Web Services Key Management Service (KMS) key.

    • kmsKeyArn (string) --

      The Amazon Resource Name (ARN) of the IAM role assumed by Amazon Web Services IoT Core to call KMS on behalf of the customer.

    • kmsAccessRoleArn (string) --

      The ARN of the customer-managed KMS key.

    • configurationDetails (dict) --

      The encryption configuration details that include the status information of the KMS key and the KMS access role.

      • configurationStatus (string) --

        The health status of KMS key and KMS access role. If either KMS key or KMS access role is UNHEALTHY, the return value will be UNHEALTHY. To use a customer-managed KMS key, the value of configurationStatus must be HEALTHY.

      • errorCode (string) --

        The error code that indicates either the KMS key or the KMS access role is UNHEALTHY. Valid values: KMS_KEY_VALIDATION_ERROR and ROLE_VALIDATION_ERROR.

      • errorMessage (string) --

        The detailed error message that corresponds to the errorCode.

    • lastModifiedDate (datetime) --

      The date when encryption configuration is last updated.