The aws:workspacesweb/dataProtectionSettings:DataProtectionSettings resource, part of the Pulumi AWS provider, defines data protection settings that control how WorkSpaces Web redacts sensitive information in streaming browser sessions. This guide focuses on three capabilities: built-in pattern redaction, custom regex patterns for organization-specific data, and URL-based enforcement rules.
Data protection settings must be associated with a WorkSpaces Web portal to take effect. The examples are intentionally small. Combine them with portal associations and your own KMS keys for production deployments.
Create data protection settings with minimal configuration
Most deployments start by creating the settings resource with just a display name, establishing it before configuring redaction rules.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.workspacesweb.DataProtectionSettings("example", {displayName: "example"});
import pulumi
import pulumi_aws as aws
example = aws.workspacesweb.DataProtectionSettings("example", display_name="example")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/workspacesweb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := workspacesweb.NewDataProtectionSettings(ctx, "example", &workspacesweb.DataProtectionSettingsArgs{
DisplayName: pulumi.String("example"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.WorkSpacesWeb.DataProtectionSettings("example", new()
{
DisplayName = "example",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.workspacesweb.DataProtectionSettings;
import com.pulumi.aws.workspacesweb.DataProtectionSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new DataProtectionSettings("example", DataProtectionSettingsArgs.builder()
.displayName("example")
.build());
}
}
resources:
example:
type: aws:workspacesweb:DataProtectionSettings
properties:
displayName: example
The displayName property identifies the settings resource. Without inline redaction configuration, the settings exist but don’t apply any redaction rules until you add patterns.
Redact sensitive data with built-in patterns
Streaming sessions often need to hide Social Security numbers or credit card data automatically.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.workspacesweb.DataProtectionSettings("example", {
displayName: "example",
description: "Example data protection settings",
inlineRedactionConfiguration: {
globalConfidenceLevel: 2,
globalEnforcedUrls: ["https://example.com"],
inlineRedactionPatterns: [{
builtInPatternId: "ssn",
confidenceLevel: 3,
redactionPlaceHolders: [{
redactionPlaceHolderType: "CustomText",
redactionPlaceHolderText: "REDACTED",
}],
}],
},
});
import pulumi
import pulumi_aws as aws
example = aws.workspacesweb.DataProtectionSettings("example",
display_name="example",
description="Example data protection settings",
inline_redaction_configuration={
"global_confidence_level": 2,
"global_enforced_urls": ["https://example.com"],
"inline_redaction_patterns": [{
"built_in_pattern_id": "ssn",
"confidence_level": 3,
"redaction_place_holders": [{
"redaction_place_holder_type": "CustomText",
"redaction_place_holder_text": "REDACTED",
}],
}],
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/workspacesweb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := workspacesweb.NewDataProtectionSettings(ctx, "example", &workspacesweb.DataProtectionSettingsArgs{
DisplayName: pulumi.String("example"),
Description: pulumi.String("Example data protection settings"),
InlineRedactionConfiguration: &workspacesweb.DataProtectionSettingsInlineRedactionConfigurationArgs{
GlobalConfidenceLevel: pulumi.Int(2),
GlobalEnforcedUrls: pulumi.StringArray{
pulumi.String("https://example.com"),
},
InlineRedactionPatterns: workspacesweb.DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternArray{
&workspacesweb.DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternArgs{
BuiltInPatternId: pulumi.String("ssn"),
ConfidenceLevel: pulumi.Int(3),
RedactionPlaceHolders: workspacesweb.DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternRedactionPlaceHolderArray{
&workspacesweb.DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternRedactionPlaceHolderArgs{
RedactionPlaceHolderType: pulumi.String("CustomText"),
RedactionPlaceHolderText: pulumi.String("REDACTED"),
},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.WorkSpacesWeb.DataProtectionSettings("example", new()
{
DisplayName = "example",
Description = "Example data protection settings",
InlineRedactionConfiguration = new Aws.WorkSpacesWeb.Inputs.DataProtectionSettingsInlineRedactionConfigurationArgs
{
GlobalConfidenceLevel = 2,
GlobalEnforcedUrls = new[]
{
"https://example.com",
},
InlineRedactionPatterns = new[]
{
new Aws.WorkSpacesWeb.Inputs.DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternArgs
{
BuiltInPatternId = "ssn",
ConfidenceLevel = 3,
RedactionPlaceHolders = new[]
{
new Aws.WorkSpacesWeb.Inputs.DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternRedactionPlaceHolderArgs
{
RedactionPlaceHolderType = "CustomText",
RedactionPlaceHolderText = "REDACTED",
},
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.workspacesweb.DataProtectionSettings;
import com.pulumi.aws.workspacesweb.DataProtectionSettingsArgs;
import com.pulumi.aws.workspacesweb.inputs.DataProtectionSettingsInlineRedactionConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new DataProtectionSettings("example", DataProtectionSettingsArgs.builder()
.displayName("example")
.description("Example data protection settings")
.inlineRedactionConfiguration(DataProtectionSettingsInlineRedactionConfigurationArgs.builder()
.globalConfidenceLevel(2)
.globalEnforcedUrls("https://example.com")
.inlineRedactionPatterns(DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternArgs.builder()
.builtInPatternId("ssn")
.confidenceLevel(3)
.redactionPlaceHolders(DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternRedactionPlaceHolderArgs.builder()
.redactionPlaceHolderType("CustomText")
.redactionPlaceHolderText("REDACTED")
.build())
.build())
.build())
.build());
}
}
resources:
example:
type: aws:workspacesweb:DataProtectionSettings
properties:
displayName: example
description: Example data protection settings
inlineRedactionConfiguration:
globalConfidenceLevel: 2
globalEnforcedUrls:
- https://example.com
inlineRedactionPatterns:
- builtInPatternId: ssn
confidenceLevel: 3
redactionPlaceHolders:
- redactionPlaceHolderType: CustomText
redactionPlaceHolderText: REDACTED
The inlineRedactionConfiguration property defines what gets redacted and how. The builtInPatternId references AWS-managed patterns like “ssn” for Social Security numbers. The confidenceLevel (1-3) controls detection sensitivity: higher values reduce false positives but may miss some matches. The redactionPlaceHolders property specifies what replaces detected data; here, “REDACTED” appears in place of SSNs. The globalEnforcedUrls property limits redaction to specific domains.
Combine encryption, custom patterns, and URL controls
Production deployments often require customer-managed encryption, custom regex for organization-specific formats, and fine-grained URL controls.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.kms.Key("example", {
description: "KMS key for WorkSpaces Web Data Protection Settings",
deletionWindowInDays: 7,
});
const exampleDataProtectionSettings = new aws.workspacesweb.DataProtectionSettings("example", {
displayName: "example-complete",
description: "Complete example data protection settings",
customerManagedKey: example.arn,
additionalEncryptionContext: {
Environment: "Production",
},
inlineRedactionConfiguration: {
globalConfidenceLevel: 2,
globalEnforcedUrls: [
"https://example.com",
"https://test.example.com",
],
globalExemptUrls: ["https://exempt.example.com"],
inlineRedactionPatterns: [
{
builtInPatternId: "ssn",
confidenceLevel: 3,
enforcedUrls: ["https://pattern1.example.com"],
exemptUrls: ["https://exempt-pattern1.example.com"],
redactionPlaceHolders: [{
redactionPlaceHolderType: "CustomText",
redactionPlaceHolderText: "REDACTED-SSN",
}],
},
{
customPattern: {
patternName: "CustomPattern",
patternRegex: "/\\d{3}-\\d{2}-\\d{4}/g",
keywordRegex: "/SSN|Social Security/gi",
patternDescription: "Custom SSN pattern",
},
redactionPlaceHolders: [{
redactionPlaceHolderType: "CustomText",
redactionPlaceHolderText: "REDACTED-CUSTOM",
}],
},
],
},
tags: {
Name: "example-data-protection-settings",
},
});
import pulumi
import pulumi_aws as aws
example = aws.kms.Key("example",
description="KMS key for WorkSpaces Web Data Protection Settings",
deletion_window_in_days=7)
example_data_protection_settings = aws.workspacesweb.DataProtectionSettings("example",
display_name="example-complete",
description="Complete example data protection settings",
customer_managed_key=example.arn,
additional_encryption_context={
"Environment": "Production",
},
inline_redaction_configuration={
"global_confidence_level": 2,
"global_enforced_urls": [
"https://example.com",
"https://test.example.com",
],
"global_exempt_urls": ["https://exempt.example.com"],
"inline_redaction_patterns": [
{
"built_in_pattern_id": "ssn",
"confidence_level": 3,
"enforced_urls": ["https://pattern1.example.com"],
"exempt_urls": ["https://exempt-pattern1.example.com"],
"redaction_place_holders": [{
"redaction_place_holder_type": "CustomText",
"redaction_place_holder_text": "REDACTED-SSN",
}],
},
{
"custom_pattern": {
"pattern_name": "CustomPattern",
"pattern_regex": "/\\d{3}-\\d{2}-\\d{4}/g",
"keyword_regex": "/SSN|Social Security/gi",
"pattern_description": "Custom SSN pattern",
},
"redaction_place_holders": [{
"redaction_place_holder_type": "CustomText",
"redaction_place_holder_text": "REDACTED-CUSTOM",
}],
},
],
},
tags={
"Name": "example-data-protection-settings",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/kms"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/workspacesweb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := kms.NewKey(ctx, "example", &kms.KeyArgs{
Description: pulumi.String("KMS key for WorkSpaces Web Data Protection Settings"),
DeletionWindowInDays: pulumi.Int(7),
})
if err != nil {
return err
}
_, err = workspacesweb.NewDataProtectionSettings(ctx, "example", &workspacesweb.DataProtectionSettingsArgs{
DisplayName: pulumi.String("example-complete"),
Description: pulumi.String("Complete example data protection settings"),
CustomerManagedKey: example.Arn,
AdditionalEncryptionContext: pulumi.StringMap{
"Environment": pulumi.String("Production"),
},
InlineRedactionConfiguration: &workspacesweb.DataProtectionSettingsInlineRedactionConfigurationArgs{
GlobalConfidenceLevel: pulumi.Int(2),
GlobalEnforcedUrls: pulumi.StringArray{
pulumi.String("https://example.com"),
pulumi.String("https://test.example.com"),
},
GlobalExemptUrls: pulumi.StringArray{
pulumi.String("https://exempt.example.com"),
},
InlineRedactionPatterns: workspacesweb.DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternArray{
&workspacesweb.DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternArgs{
BuiltInPatternId: pulumi.String("ssn"),
ConfidenceLevel: pulumi.Int(3),
EnforcedUrls: pulumi.StringArray{
pulumi.String("https://pattern1.example.com"),
},
ExemptUrls: pulumi.StringArray{
pulumi.String("https://exempt-pattern1.example.com"),
},
RedactionPlaceHolders: workspacesweb.DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternRedactionPlaceHolderArray{
&workspacesweb.DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternRedactionPlaceHolderArgs{
RedactionPlaceHolderType: pulumi.String("CustomText"),
RedactionPlaceHolderText: pulumi.String("REDACTED-SSN"),
},
},
},
&workspacesweb.DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternArgs{
CustomPattern: &workspacesweb.DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternCustomPatternArgs{
PatternName: pulumi.String("CustomPattern"),
PatternRegex: pulumi.String("/\\d{3}-\\d{2}-\\d{4}/g"),
KeywordRegex: pulumi.String("/SSN|Social Security/gi"),
PatternDescription: pulumi.String("Custom SSN pattern"),
},
RedactionPlaceHolders: workspacesweb.DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternRedactionPlaceHolderArray{
&workspacesweb.DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternRedactionPlaceHolderArgs{
RedactionPlaceHolderType: pulumi.String("CustomText"),
RedactionPlaceHolderText: pulumi.String("REDACTED-CUSTOM"),
},
},
},
},
},
Tags: pulumi.StringMap{
"Name": pulumi.String("example-data-protection-settings"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Kms.Key("example", new()
{
Description = "KMS key for WorkSpaces Web Data Protection Settings",
DeletionWindowInDays = 7,
});
var exampleDataProtectionSettings = new Aws.WorkSpacesWeb.DataProtectionSettings("example", new()
{
DisplayName = "example-complete",
Description = "Complete example data protection settings",
CustomerManagedKey = example.Arn,
AdditionalEncryptionContext =
{
{ "Environment", "Production" },
},
InlineRedactionConfiguration = new Aws.WorkSpacesWeb.Inputs.DataProtectionSettingsInlineRedactionConfigurationArgs
{
GlobalConfidenceLevel = 2,
GlobalEnforcedUrls = new[]
{
"https://example.com",
"https://test.example.com",
},
GlobalExemptUrls = new[]
{
"https://exempt.example.com",
},
InlineRedactionPatterns = new[]
{
new Aws.WorkSpacesWeb.Inputs.DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternArgs
{
BuiltInPatternId = "ssn",
ConfidenceLevel = 3,
EnforcedUrls = new[]
{
"https://pattern1.example.com",
},
ExemptUrls = new[]
{
"https://exempt-pattern1.example.com",
},
RedactionPlaceHolders = new[]
{
new Aws.WorkSpacesWeb.Inputs.DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternRedactionPlaceHolderArgs
{
RedactionPlaceHolderType = "CustomText",
RedactionPlaceHolderText = "REDACTED-SSN",
},
},
},
new Aws.WorkSpacesWeb.Inputs.DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternArgs
{
CustomPattern = new Aws.WorkSpacesWeb.Inputs.DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternCustomPatternArgs
{
PatternName = "CustomPattern",
PatternRegex = "/\\d{3}-\\d{2}-\\d{4}/g",
KeywordRegex = "/SSN|Social Security/gi",
PatternDescription = "Custom SSN pattern",
},
RedactionPlaceHolders = new[]
{
new Aws.WorkSpacesWeb.Inputs.DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternRedactionPlaceHolderArgs
{
RedactionPlaceHolderType = "CustomText",
RedactionPlaceHolderText = "REDACTED-CUSTOM",
},
},
},
},
},
Tags =
{
{ "Name", "example-data-protection-settings" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.kms.Key;
import com.pulumi.aws.kms.KeyArgs;
import com.pulumi.aws.workspacesweb.DataProtectionSettings;
import com.pulumi.aws.workspacesweb.DataProtectionSettingsArgs;
import com.pulumi.aws.workspacesweb.inputs.DataProtectionSettingsInlineRedactionConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Key("example", KeyArgs.builder()
.description("KMS key for WorkSpaces Web Data Protection Settings")
.deletionWindowInDays(7)
.build());
var exampleDataProtectionSettings = new DataProtectionSettings("exampleDataProtectionSettings", DataProtectionSettingsArgs.builder()
.displayName("example-complete")
.description("Complete example data protection settings")
.customerManagedKey(example.arn())
.additionalEncryptionContext(Map.of("Environment", "Production"))
.inlineRedactionConfiguration(DataProtectionSettingsInlineRedactionConfigurationArgs.builder()
.globalConfidenceLevel(2)
.globalEnforcedUrls(
"https://example.com",
"https://test.example.com")
.globalExemptUrls("https://exempt.example.com")
.inlineRedactionPatterns(
DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternArgs.builder()
.builtInPatternId("ssn")
.confidenceLevel(3)
.enforcedUrls("https://pattern1.example.com")
.exemptUrls("https://exempt-pattern1.example.com")
.redactionPlaceHolders(DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternRedactionPlaceHolderArgs.builder()
.redactionPlaceHolderType("CustomText")
.redactionPlaceHolderText("REDACTED-SSN")
.build())
.build(),
DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternArgs.builder()
.customPattern(DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternCustomPatternArgs.builder()
.patternName("CustomPattern")
.patternRegex("/\\d{3}-\\d{2}-\\d{4}/g")
.keywordRegex("/SSN|Social Security/gi")
.patternDescription("Custom SSN pattern")
.build())
.redactionPlaceHolders(DataProtectionSettingsInlineRedactionConfigurationInlineRedactionPatternRedactionPlaceHolderArgs.builder()
.redactionPlaceHolderType("CustomText")
.redactionPlaceHolderText("REDACTED-CUSTOM")
.build())
.build())
.build())
.tags(Map.of("Name", "example-data-protection-settings"))
.build());
}
}
resources:
example:
type: aws:kms:Key
properties:
description: KMS key for WorkSpaces Web Data Protection Settings
deletionWindowInDays: 7
exampleDataProtectionSettings:
type: aws:workspacesweb:DataProtectionSettings
name: example
properties:
displayName: example-complete
description: Complete example data protection settings
customerManagedKey: ${example.arn}
additionalEncryptionContext:
Environment: Production
inlineRedactionConfiguration:
globalConfidenceLevel: 2
globalEnforcedUrls:
- https://example.com
- https://test.example.com
globalExemptUrls:
- https://exempt.example.com
inlineRedactionPatterns:
- builtInPatternId: ssn
confidenceLevel: 3
enforcedUrls:
- https://pattern1.example.com
exemptUrls:
- https://exempt-pattern1.example.com
redactionPlaceHolders:
- redactionPlaceHolderType: CustomText
redactionPlaceHolderText: REDACTED-SSN
- customPattern:
patternName: CustomPattern
patternRegex: /\d{3}-\d{2}-\d{4}/g
keywordRegex: /SSN|Social Security/gi
patternDescription: Custom SSN pattern
redactionPlaceHolders:
- redactionPlaceHolderType: CustomText
redactionPlaceHolderText: REDACTED-CUSTOM
tags:
Name: example-data-protection-settings
The customerManagedKey property encrypts the settings data with your KMS key. Custom patterns use patternRegex to match organization-specific formats; keywordRegex adds context clues to improve accuracy. URL controls work at two levels: globalEnforcedUrls and globalExemptUrls apply to all patterns, while per-pattern enforcedUrls and exemptUrls override global settings. This lets you enforce strict redaction on public sites while exempting internal tools.
Beyond these examples
These snippets focus on specific data protection features: inline redaction with built-in and custom patterns, KMS encryption for settings data, and URL-based redaction controls. They’re intentionally minimal rather than full WorkSpaces Web deployments.
The examples may reference pre-existing infrastructure such as KMS keys for customer-managed encryption and WorkSpaces Web portals for association. They focus on configuring the settings rather than provisioning the surrounding infrastructure.
To keep things focused, common data protection patterns are omitted, including:
- Portal association (handled via separate PortalDataProtectionSettingsAssociation resource)
- Pattern testing and validation workflows
- Confidence level tuning for false positive reduction
- Multi-region deployment considerations
These omissions are intentional: the goal is to illustrate how each data protection feature is wired, not provide drop-in security modules. See the WorkSpaces Web Data Protection Settings resource reference for all available configuration options.
Let's configure AWS WorkSpaces Web Data Protection Settings
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Redaction Patterns & Configuration
What's the difference between built-in and custom redaction patterns?
Built-in patterns use
builtInPatternId (like "ssn" for Social Security Numbers), while custom patterns use customPattern with your own patternRegex and optional keywordRegex.How do I redact Social Security Numbers in streaming sessions?
Configure
inlineRedactionConfiguration with an inlineRedactionPattern using builtInPatternId: "ssn" and specify a redactionPlaceHolder for the replacement text.Can I create custom redaction patterns with my own regex?
Yes, use
customPattern within inlineRedactionPatterns and provide patternRegex (e.g., "/\\\d{3}-\\\d{2}-\\\d{4}/g"), optional keywordRegex, and a patternName.What placeholder text appears when data is redacted?
Configure
redactionPlaceHolders with redactionPlaceHolderType: "CustomText" and your desired redactionPlaceHolderText (e.g., "REDACTED").URL Controls & Scope
How do I control which URLs get redaction applied?
Use
globalEnforcedUrls to apply redaction site-wide, globalExemptUrls for exceptions, or configure pattern-specific enforcedUrls and exemptUrls for granular control.Can I set different confidence levels for different patterns?
Yes, set
globalConfidenceLevel for all patterns, then override with pattern-specific confidenceLevel values in individual inlineRedactionPatterns.Encryption & Integration
Can I use my own KMS key to encrypt data protection settings?
Yes, set
customerManagedKey to your KMS key ARN. You can also provide additionalEncryptionContext for additional encryption metadata.How do I associate these settings with a WorkSpaces Web portal?
Once created, data protection settings control redaction when associated with a web portal. The
associatedPortalArns output shows which portals use these settings.