AWS::S3::Bucket BucketEncryption - AWS CloudFormation

AWS::S3::Bucket BucketEncryption

Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3), AWS KMS-managed keys (SSE-KMS), or dual-layer server-side encryption with KMS-managed keys (DSSE-KMS). For information about the Amazon S3 default encryption feature, see Amazon S3 Default Encryption for S3 Buckets in the Amazon S3 User Guide.


To declare this entity in your AWS CloudFormation template, use the following syntax:



Specifies the default server-side-encryption configuration.

Required: Yes

Type: Array of ServerSideEncryptionRule

Update requires: No interruption

See also