AWS CloudFormation
User Guide (API Version 2010-05-15)

Amazon S3 Bucket ServerSideEncryptionByDefault

The ServerSideEncryptionByDefault property is part of the AWS::S3::Bucket resource that specifies the server-side encryption by default. For more information, see PUT Bucket encryption in the Amazon Simple Storage Service API Reference.



{   "KMSMasterKeyID" : String, "SSEAlgorithm" : String }


KMSMasterKeyID: String SSEAlgorithm: String



The AWS KMS master key ID used for the SSE-KMS encryption.

Constraint: Can only be used when you set the value of SSEAlgorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this property is absent while SSEAlgorithm is aws:kms.

Required: No

Type: String

Update requires: No interruption


The server-side encryption algorithm to use. Valid values include AES256 and aws:kms.

Required: Yes

Type: String

Update requires: No interruption

On this page: