This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::EC2::VPCEncryptionControl Describes the configuration and state of VPC encryption controls. For more information, see [Enforce VPC encryption in transit](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-encryption-controls.html) in the *Amazon VPC User Guide*. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::EC2::VPCEncryptionControl", "Properties" : { "[EgressOnlyInternetGatewayExclusionInput](#cfn-ec2-vpcencryptioncontrol-egressonlyinternetgatewayexclusioninput)" : {{String}}, "[ElasticFileSystemExclusionInput](#cfn-ec2-vpcencryptioncontrol-elasticfilesystemexclusioninput)" : {{String}}, "[InternetGatewayExclusionInput](#cfn-ec2-vpcencryptioncontrol-internetgatewayexclusioninput)" : {{String}}, "[LambdaExclusionInput](#cfn-ec2-vpcencryptioncontrol-lambdaexclusioninput)" : {{String}}, "[Mode](#cfn-ec2-vpcencryptioncontrol-mode)" : {{String}}, "[NatGatewayExclusionInput](#cfn-ec2-vpcencryptioncontrol-natgatewayexclusioninput)" : {{String}}, "[Tags](#cfn-ec2-vpcencryptioncontrol-tags)" : {{[ Tag, ... ]}}, "[VirtualPrivateGatewayExclusionInput](#cfn-ec2-vpcencryptioncontrol-virtualprivategatewayexclusioninput)" : {{String}}, "[VpcId](#cfn-ec2-vpcencryptioncontrol-vpcid)" : {{String}}, "[VpcLatticeExclusionInput](#cfn-ec2-vpcencryptioncontrol-vpclatticeexclusioninput)" : {{String}}, "[VpcPeeringExclusionInput](#cfn-ec2-vpcencryptioncontrol-vpcpeeringexclusioninput)" : {{String}} } } ``` ### YAML ``` Type: AWS::EC2::VPCEncryptionControl Properties: [EgressOnlyInternetGatewayExclusionInput](#cfn-ec2-vpcencryptioncontrol-egressonlyinternetgatewayexclusioninput): {{String}} [ElasticFileSystemExclusionInput](#cfn-ec2-vpcencryptioncontrol-elasticfilesystemexclusioninput): {{String}} [InternetGatewayExclusionInput](#cfn-ec2-vpcencryptioncontrol-internetgatewayexclusioninput): {{String}} [LambdaExclusionInput](#cfn-ec2-vpcencryptioncontrol-lambdaexclusioninput): {{String}} [Mode](#cfn-ec2-vpcencryptioncontrol-mode): {{String}} [NatGatewayExclusionInput](#cfn-ec2-vpcencryptioncontrol-natgatewayexclusioninput): {{String}} [Tags](#cfn-ec2-vpcencryptioncontrol-tags): {{ - Tag}} [VirtualPrivateGatewayExclusionInput](#cfn-ec2-vpcencryptioncontrol-virtualprivategatewayexclusioninput): {{String}} [VpcId](#cfn-ec2-vpcencryptioncontrol-vpcid): {{String}} [VpcLatticeExclusionInput](#cfn-ec2-vpcencryptioncontrol-vpclatticeexclusioninput): {{String}} [VpcPeeringExclusionInput](#cfn-ec2-vpcencryptioncontrol-vpcpeeringexclusioninput): {{String}} ``` ## Properties `EgressOnlyInternetGatewayExclusionInput` Specifies whether to exclude egress-only internet gateway traffic from encryption enforcement. *Required*: No *Type*: String *Allowed values*: `enable | disable` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ElasticFileSystemExclusionInput` Specifies whether to exclude Elastic File System traffic from encryption enforcement. *Required*: No *Type*: String *Allowed values*: `enable | disable` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `InternetGatewayExclusionInput` Specifies whether to exclude internet gateway traffic from encryption enforcement. *Required*: No *Type*: String *Allowed values*: `enable | disable` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `LambdaExclusionInput` Specifies whether to exclude Lambda function traffic from encryption enforcement. *Required*: No *Type*: String *Allowed values*: `enable | disable` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Mode` The encryption mode for the VPC Encryption Control configuration. *Required*: No *Type*: String *Allowed values*: `monitor | enforce` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `NatGatewayExclusionInput` Specifies whether to exclude NAT gateway traffic from encryption enforcement. *Required*: No *Type*: String *Allowed values*: `enable | disable` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` The tags assigned to the VPC Encryption Control configuration. *Required*: No *Type*: Array of [Tag](aws-properties-ec2-vpcencryptioncontrol-tag.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `VirtualPrivateGatewayExclusionInput` Specifies whether to exclude virtual private gateway traffic from encryption enforcement. *Required*: No *Type*: String *Allowed values*: `enable | disable` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `VpcId` The ID of the VPC for which to create the encryption control configuration. *Required*: No *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `VpcLatticeExclusionInput` Specifies whether to exclude VPC Lattice traffic from encryption enforcement. *Required*: No *Type*: String *Allowed values*: `enable | disable` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `VpcPeeringExclusionInput` Specifies whether to exclude VPC peering connection traffic from encryption enforcement. *Required*: No *Type*: String *Allowed values*: `enable | disable` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the VPC Encryption Control ID. For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt Describes the configuration and state of VPC encryption controls. For more information, see [Enforce VPC encryption in transit](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-encryption-controls.html) in the *Amazon VPC User Guide*. #### `ResourceExclusions.EgressOnlyInternetGateway.State` The current state of the exclusion configuration. `ResourceExclusions.EgressOnlyInternetGateway.StateMessage` A message providing additional information about the exclusion state. `ResourceExclusions.ElasticFileSystem.State` The current state of the exclusion configuration. `ResourceExclusions.ElasticFileSystem.StateMessage` A message providing additional information about the exclusion state. `ResourceExclusions.InternetGateway.State` The current state of the exclusion configuration. `ResourceExclusions.InternetGateway.StateMessage` A message providing additional information about the exclusion state. `ResourceExclusions.Lambda.State` The current state of the exclusion configuration. `ResourceExclusions.Lambda.StateMessage` A message providing additional information about the exclusion state. `ResourceExclusions.NatGateway.State` The current state of the exclusion configuration. `ResourceExclusions.NatGateway.StateMessage` A message providing additional information about the exclusion state. `ResourceExclusions.VirtualPrivateGateway.State` The current state of the exclusion configuration. `ResourceExclusions.VirtualPrivateGateway.StateMessage` A message providing additional information about the exclusion state. `ResourceExclusions.VpcLattice.State` The current state of the exclusion configuration. `ResourceExclusions.VpcLattice.StateMessage` A message providing additional information about the exclusion state. `ResourceExclusions.VpcPeering.State` The current state of the exclusion configuration. `ResourceExclusions.VpcPeering.StateMessage` A message providing additional information about the exclusion state. `State` The current state of the VPC Encryption Control configuration. `StateMessage` A message providing additional information about the encryption control state. `VpcEncryptionControlId` The ID of the VPC Encryption Control configuration.

AltStyle によって変換されたページ (->オリジナル) /