serverSideEncryptionConfiguration

The configuration information for the customer managed key used for encryption.

This KMS key must have a policy that allows kms:CreateGrant, kms:DescribeKey, kms:Decrypt, and kms:GenerateDataKey* permissions to the IAM identity using the key to invoke Amazon Q.

For more information about setting up a customer managed key for Amazon Q, see Enable Amazon Q in Connect for your instance.