AWS Cloud Control v1.35.0, Sep 22 25

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.35.0 published on Monday, Sep 22, 2025 by Pulumi

pulumi/pulumi-aws-native

aws-native.iot.getEncryptionConfiguration

Explore with Pulumi AI

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.35.0 published on Monday, Sep 22, 2025 by Pulumi

pulumi/pulumi-aws-native

Using getEncryptionConfiguration

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getEncryptionConfiguration(args: GetEncryptionConfigurationArgs, opts?: InvokeOptions): Promise<GetEncryptionConfigurationResult>
function getEncryptionConfigurationOutput(args: GetEncryptionConfigurationOutputArgs, opts?: InvokeOptions): Output<GetEncryptionConfigurationResult>

def get_encryption_configuration(account_id: Optional[str] = None,
                                 opts: Optional[InvokeOptions] = None) -> GetEncryptionConfigurationResult
def get_encryption_configuration_output(account_id: Optional[pulumi.Input[str]] = None,
                                 opts: Optional[InvokeOptions] = None) -> Output[GetEncryptionConfigurationResult]

func LookupEncryptionConfiguration(ctx *Context, args *LookupEncryptionConfigurationArgs, opts ...InvokeOption) (*LookupEncryptionConfigurationResult, error)
func LookupEncryptionConfigurationOutput(ctx *Context, args *LookupEncryptionConfigurationOutputArgs, opts ...InvokeOption) LookupEncryptionConfigurationResultOutput

> Note: This function is named LookupEncryptionConfiguration in the Go SDK.

public static class GetEncryptionConfiguration 
{
    public static Task<GetEncryptionConfigurationResult> InvokeAsync(GetEncryptionConfigurationArgs args, InvokeOptions? opts = null)
    public static Output<GetEncryptionConfigurationResult> Invoke(GetEncryptionConfigurationInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetEncryptionConfigurationResult> getEncryptionConfiguration(GetEncryptionConfigurationArgs args, InvokeOptions options)
public static Output<GetEncryptionConfigurationResult> getEncryptionConfiguration(GetEncryptionConfigurationArgs args, InvokeOptions options)

fn::invoke:
  function: aws-native:iot:getEncryptionConfiguration
  arguments:
    # arguments dictionary

The following arguments are supported:

AccountId string: The unique identifier (ID) of an AWS account.

AccountId string: The unique identifier (ID) of an AWS account.

accountId String: The unique identifier (ID) of an AWS account.

accountId string: The unique identifier (ID) of an AWS account.

account_id str: The unique identifier (ID) of an AWS account.

accountId String: The unique identifier (ID) of an AWS account.

getEncryptionConfiguration Result

The following output properties are available:

AccountId string: The unique identifier (ID) of an AWS account.
ConfigurationDetails Pulumi.AwsNative.IoT.Outputs.ConfigurationDetailsProperties
EncryptionType Pulumi.AwsNative.IoT.EncryptionConfigurationEncryptionType: The type of the KMS key.
KmsAccessRoleArn string: The Amazon Resource Name (ARN) of the IAM role assumed by AWS IoT Core to call AWS KMS on behalf of the customer.
KmsKeyArn string: The ARN of the customer managed KMS key.
LastModifiedDate string: The date when encryption configuration is last updated.

AccountId string: The unique identifier (ID) of an AWS account.
ConfigurationDetails ConfigurationDetailsProperties
EncryptionType EncryptionConfigurationEncryptionType: The type of the KMS key.
KmsAccessRoleArn string: The Amazon Resource Name (ARN) of the IAM role assumed by AWS IoT Core to call AWS KMS on behalf of the customer.
KmsKeyArn string: The ARN of the customer managed KMS key.
LastModifiedDate string: The date when encryption configuration is last updated.

accountId String: The unique identifier (ID) of an AWS account.
configurationDetails ConfigurationDetailsProperties
encryptionType EncryptionConfigurationEncryptionType: The type of the KMS key.
kmsAccessRoleArn String: The Amazon Resource Name (ARN) of the IAM role assumed by AWS IoT Core to call AWS KMS on behalf of the customer.
kmsKeyArn String: The ARN of the customer managed KMS key.
lastModifiedDate String: The date when encryption configuration is last updated.

accountId string: The unique identifier (ID) of an AWS account.
configurationDetails ConfigurationDetailsProperties
encryptionType EncryptionConfigurationEncryptionType: The type of the KMS key.
kmsAccessRoleArn string: The Amazon Resource Name (ARN) of the IAM role assumed by AWS IoT Core to call AWS KMS on behalf of the customer.
kmsKeyArn string: The ARN of the customer managed KMS key.
lastModifiedDate string: The date when encryption configuration is last updated.

account_id str: The unique identifier (ID) of an AWS account.
configuration_details ConfigurationDetailsProperties
encryption_type EncryptionConfigurationEncryptionType: The type of the KMS key.
kms_access_role_arn str: The Amazon Resource Name (ARN) of the IAM role assumed by AWS IoT Core to call AWS KMS on behalf of the customer.
kms_key_arn str: The ARN of the customer managed KMS key.
last_modified_date str: The date when encryption configuration is last updated.

accountId String: The unique identifier (ID) of an AWS account.
configurationDetails Property Map
encryptionType "CUSTOMER_MANAGED_KMS_KEY" | "AWS_OWNED_KMS_KEY": The type of the KMS key.
kmsAccessRoleArn String: The Amazon Resource Name (ARN) of the IAM role assumed by AWS IoT Core to call AWS KMS on behalf of the customer.
kmsKeyArn String: The ARN of the customer managed KMS key.
lastModifiedDate String: The date when encryption configuration is last updated.

Supporting Types

ConfigurationDetailsProperties

ConfigurationStatus Pulumi.AwsNative.IoT.EncryptionConfigurationConfigurationDetailsPropertiesConfigurationStatus: The health status of KMS key and AWS KMS access role. If either KMS key or AWS KMS access role is UNHEALTHY , the return value will be UNHEALTHY . To use a customer managed KMS key, the value of configurationStatus must be HEALTHY .
ErrorCode string: The error code that indicates either the KMS key or the AWS KMS access role is UNHEALTHY . Valid values: KMS_KEY_VALIDATION_ERROR and ROLE_VALIDATION_ERROR .
ErrorMessage string: The detailed error message that corresponds to the errorCode .

ConfigurationStatus EncryptionConfigurationConfigurationDetailsPropertiesConfigurationStatus: The health status of KMS key and AWS KMS access role. If either KMS key or AWS KMS access role is UNHEALTHY , the return value will be UNHEALTHY . To use a customer managed KMS key, the value of configurationStatus must be HEALTHY .
ErrorCode string: The error code that indicates either the KMS key or the AWS KMS access role is UNHEALTHY . Valid values: KMS_KEY_VALIDATION_ERROR and ROLE_VALIDATION_ERROR .
ErrorMessage string: The detailed error message that corresponds to the errorCode .

configurationStatus EncryptionConfigurationConfigurationDetailsPropertiesConfigurationStatus: The health status of KMS key and AWS KMS access role. If either KMS key or AWS KMS access role is UNHEALTHY , the return value will be UNHEALTHY . To use a customer managed KMS key, the value of configurationStatus must be HEALTHY .
errorCode String: The error code that indicates either the KMS key or the AWS KMS access role is UNHEALTHY . Valid values: KMS_KEY_VALIDATION_ERROR and ROLE_VALIDATION_ERROR .
errorMessage String: The detailed error message that corresponds to the errorCode .

configurationStatus EncryptionConfigurationConfigurationDetailsPropertiesConfigurationStatus: The health status of KMS key and AWS KMS access role. If either KMS key or AWS KMS access role is UNHEALTHY , the return value will be UNHEALTHY . To use a customer managed KMS key, the value of configurationStatus must be HEALTHY .
errorCode string: The error code that indicates either the KMS key or the AWS KMS access role is UNHEALTHY . Valid values: KMS_KEY_VALIDATION_ERROR and ROLE_VALIDATION_ERROR .
errorMessage string: The detailed error message that corresponds to the errorCode .

configuration_status EncryptionConfigurationConfigurationDetailsPropertiesConfigurationStatus: The health status of KMS key and AWS KMS access role. If either KMS key or AWS KMS access role is UNHEALTHY , the return value will be UNHEALTHY . To use a customer managed KMS key, the value of configurationStatus must be HEALTHY .
error_code str: The error code that indicates either the KMS key or the AWS KMS access role is UNHEALTHY . Valid values: KMS_KEY_VALIDATION_ERROR and ROLE_VALIDATION_ERROR .
error_message str: The detailed error message that corresponds to the errorCode .

configurationStatus "HEALTHY" | "UNHEALTHY": The health status of KMS key and AWS KMS access role. If either KMS key or AWS KMS access role is UNHEALTHY , the return value will be UNHEALTHY . To use a customer managed KMS key, the value of configurationStatus must be HEALTHY .
errorCode String: The error code that indicates either the KMS key or the AWS KMS access role is UNHEALTHY . Valid values: KMS_KEY_VALIDATION_ERROR and ROLE_VALIDATION_ERROR .
errorMessage String: The detailed error message that corresponds to the errorCode .

EncryptionConfigurationConfigurationDetailsPropertiesConfigurationStatus

EncryptionConfigurationEncryptionType

Package Details

Repository: AWS Native pulumi/pulumi-aws-native
License: Apache-2.0

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.35.0 published on Monday, Sep 22, 2025 by Pulumi

pulumi/pulumi-aws-native

aws-native.iot.getEncryptionConfiguration

On this page

On this page

Using getEncryptionConfiguration

getEncryptionConfiguration Result

Supporting Types

ConfigurationDetailsProperties

EncryptionConfigurationConfigurationDetailsPropertiesConfigurationStatus

EncryptionConfigurationEncryptionType

Package Details

On this page

On this page