Class CfnBucket.ServerSideEncryptionByDefaultProperty
Describes the default server-side encryption to apply to new objects in the bucket.
Inheritance
Namespace: Amazon.CDK.AWS.S3
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class ServerSideEncryptionByDefaultProperty : Object, CfnBucket.IServerSideEncryptionByDefaultProperty
Syntax (vb)
Public Class ServerSideEncryptionByDefaultProperty
Inherits Object
Implements CfnBucket.IServerSideEncryptionByDefaultProperty
Remarks
If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see PUT Bucket encryption in the Amazon S3 API Reference .
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.S3;
var serverSideEncryptionByDefaultProperty = new ServerSideEncryptionByDefaultProperty {
SseAlgorithm = "sseAlgorithm",
// the properties below are optional
KmsMasterKeyId = "kmsMasterKeyId"
};
Synopsis
Constructors
ServerSideEncryptionByDefaultProperty() |
Properties
KmsMasterKeyId | AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption. |
SseAlgorithm | Server-side encryption algorithm to use for the default encryption. |
Constructors
ServerSideEncryptionByDefaultProperty()
public ServerSideEncryptionByDefaultProperty()
Properties
KmsMasterKeyId
AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption.
public string KmsMasterKeyId { get; set; }
Property Value
System.String
Remarks
This parameter is allowed if and only if SSEAlgorithm
is set to aws:kms
or aws:kms:dsse
.
You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key.
If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log.
If you are using encryption with cross-account or AWS service operations you must use a fully qualified KMS key ARN. For more information, see Using encryption for cross-account operations .
Amazon S3 only supports symmetric encryption KMS keys. For more information, see <a href="https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html">Asymmetric keys in AWS KMS</a> in the <em>AWS Key Management Service Developer Guide</em> .
SseAlgorithm
Server-side encryption algorithm to use for the default encryption.
public string SseAlgorithm { get; set; }
Property Value
System.String