Class CfnBucket.ServerSideEncryptionByDefaultProperty

Describes the default server-side encryption to apply to new objects in the bucket.

Inheritance

System.Object

CfnBucket.ServerSideEncryptionByDefaultProperty

Implements

CfnBucket.IServerSideEncryptionByDefaultProperty

Namespace: Amazon.CDK.AWS.S3

Assembly: Amazon.CDK.AWS.S3.dll

Syntax (csharp)

public class ServerSideEncryptionByDefaultProperty : Object, CfnBucket.IServerSideEncryptionByDefaultProperty

Syntax (vb)

Public Class ServerSideEncryptionByDefaultProperty
    Inherits Object
    Implements CfnBucket.IServerSideEncryptionByDefaultProperty

Remarks

If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see PUT Bucket encryption in the Amazon S3 API Reference .

Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionbydefault.html

ExampleMetadata: fixture=_generated

Examples

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.S3;

ServerSideEncryptionByDefaultProperty serverSideEncryptionByDefaultProperty = new ServerSideEncryptionByDefaultProperty {
    SseAlgorithm = "sseAlgorithm",

    // the properties below are optional
    KmsMasterKeyId = "kmsMasterKeyId"
};

Synopsis

Constructors

ServerSideEncryptionByDefaultProperty()

Properties

KmsMasterKeyId	KMS key ID to use for the default encryption. This parameter is allowed if SSEAlgorithm is aws:kms.
SseAlgorithm	Server-side encryption algorithm to use for the default encryption.

Constructors

ServerSideEncryptionByDefaultProperty()

public ServerSideEncryptionByDefaultProperty()

Properties

KmsMasterKeyId

KMS key ID to use for the default encryption. This parameter is allowed if SSEAlgorithm is aws:kms.

public string KmsMasterKeyId { get; set; }

Property Value

System.String

Remarks

You can specify the key ID or the Amazon Resource Name (ARN) of the CMK. However, if you are using encryption with cross-account operations, you must use a fully qualified CMK ARN. For more information, see Using encryption for cross-account operations .

For example:

Amazon S3 only supports symmetric KMS keys and not asymmetric KMS keys. For more information, see <a href="https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html">Using Symmetric and Asymmetric Keys</a> in the <em>AWS Key Management Service Developer Guide</em> .

Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionbydefault.html#cfn-s3-bucket-serversideencryptionbydefault-kmsmasterkeyid

SseAlgorithm

Server-side encryption algorithm to use for the default encryption.

public string SseAlgorithm { get; set; }

Property Value

System.String

Remarks

Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionbydefault.html#cfn-s3-bucket-serversideencryptionbydefault-ssealgorithm

Implements

CfnBucket.IServerSideEncryptionByDefaultProperty