AWS CloudFormation
User Guide (Version )

AWS::S3::Bucket ServerSideEncryptionByDefault

Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see PUT Bucket encryption in the Amazon Simple Storage Service API Reference.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "KMSMasterKeyID" : String, "SSEAlgorithm" : String }

YAML

KMSMasterKeyID: String SSEAlgorithm: String

Properties

KMSMasterKeyID

KMS master key ID to use for the default encryption. This parameter is allowed if and only if SSEAlgorithm is set to aws:kms.

Required: No

Type: String

Update requires: No interruption

SSEAlgorithm

Server-side encryption algorithm to use for the default encryption.

Required: Yes

Type: String

Allowed Values: AES256 | aws:kms

Update requires: No interruption

On this page: