:doc:`IoT <../../iot>` / Client / describe_encryption_configuration

*********************************
describe_encryption_configuration
*********************************



.. py:method:: IoT.Client.describe_encryption_configuration()

  

  Retrieves the encryption configuration for resources and data of your Amazon Web Services account in Amazon Web Services IoT Core. For more information, see `Data encryption at rest <https://docs.aws.amazon.com/iot/latest/developerguide/encryption-at-rest.html>`__ in the *Amazon Web Services IoT Core Developer Guide*.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/iot-2015-05-28/DescribeEncryptionConfiguration>`_  


  **Request Syntax**
  ::

    response = client.describe_encryption_configuration()
    
    
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'encryptionType': 'CUSTOMER_MANAGED_KMS_KEY'|'AWS_OWNED_KMS_KEY',
          'kmsKeyArn': 'string',
          'kmsAccessRoleArn': 'string',
          'configurationDetails': {
              'configurationStatus': 'HEALTHY'|'UNHEALTHY',
              'errorCode': 'string',
              'errorMessage': 'string'
          },
          'lastModifiedDate': datetime(2015, 1, 1)
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **encryptionType** *(string) --* 

        The type of the KMS key.

        
      

      - **kmsKeyArn** *(string) --* 

        The ARN of the customer managed KMS key.

        
      

      - **kmsAccessRoleArn** *(string) --* 

        The Amazon Resource Name (ARN) of the IAM role assumed by Amazon Web Services IoT Core to call KMS on behalf of the customer.

        
      

      - **configurationDetails** *(dict) --* 

        The encryption configuration details that include the status information of the KMS key and the KMS access role.

        
        

        - **configurationStatus** *(string) --* 

          The health status of KMS key and KMS access role. If either KMS key or KMS access role is ``UNHEALTHY``, the return value will be ``UNHEALTHY``. To use a customer managed KMS key, the value of ``configurationStatus`` must be ``HEALTHY``.

          
        

        - **errorCode** *(string) --* 

          The error code that indicates either the KMS key or the KMS access role is ``UNHEALTHY``. Valid values: ``KMS_KEY_VALIDATION_ERROR`` and ``ROLE_VALIDATION_ERROR``.

          
        

        - **errorMessage** *(string) --* 

          The detailed error message that corresponds to the ``errorCode``.

          
    
      

      - **lastModifiedDate** *(datetime) --* 

        The date when encryption configuration is last updated.

        
  
  **Exceptions**
  
  *   :py:class:`IoT.Client.exceptions.InvalidRequestException`

  
  *   :py:class:`IoT.Client.exceptions.ThrottlingException`

  
  *   :py:class:`IoT.Client.exceptions.UnauthorizedException`

  
  *   :py:class:`IoT.Client.exceptions.ServiceUnavailableException`

  
  *   :py:class:`IoT.Client.exceptions.InternalFailureException`

  