docdb/aws.sdk.kotlin.services.docdb.model/RestoreDbClusterToPointInTimeRequest/kmsKeyId

kmsKeyId

val kmsKeyId: String?

The KMS key identifier to use when restoring an encrypted cluster from an encrypted cluster.

The KMS key identifier is the Amazon Resource Name (ARN) for the KMS encryption key. If you are restoring a cluster with the same Amazon Web Services account that owns the KMS encryption key used to encrypt the new cluster, then you can use the KMS key alias instead of the ARN for the KMS encryption key.

You can restore to a new cluster and encrypt the new cluster with an KMS key that is different from the KMS key used to encrypt the source cluster. The new DB cluster is encrypted with the KMS key identified by the KmsKeyId parameter.

If you do not specify a value for the KmsKeyId parameter, then the following occurs:

  • If the cluster is encrypted, then the restored cluster is encrypted using the KMS key that was used to encrypt the source cluster.

  • If the cluster is not encrypted, then the restored cluster is not encrypted.

If DBClusterIdentifier refers to a cluster that is not encrypted, then the restore request is rejected.