enum BucketEncryption
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.S3.BucketEncryption |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awss3#BucketEncryption |
 Java | software.amazon.awscdk.services.s3.BucketEncryption |
 Python | aws_cdk.aws_s3.BucketEncryption |
 TypeScript (source) | aws-cdk-lib » aws_s3 » BucketEncryption |
What kind of server-side encryption to apply to this bucket.
Example
import { BucketEncryption } from 'aws-cdk-lib/aws-s3';
const app = new App({
defaultStackSynthesizer: AppStagingSynthesizer.defaultResources({
appId: 'my-app-id',
stagingBucketEncryption: BucketEncryption.S3_MANAGED,
fileAssetPublishingRole: BootstrapRole.fromRoleArn('arn:aws:iam::123456789012:role/S3Access'),
imageAssetPublishingRole: BootstrapRole.fromRoleArn('arn:aws:iam::123456789012:role/ECRAccess'),
}),
});
Members
| Name | Description |
|---|---|
| UNENCRYPTED | Previous option. |
| KMS_MANAGED | Server-side KMS encryption with a master key managed by KMS. |
| S3_MANAGED | Server-side encryption with a master key managed by S3. |
| KMS | Server-side encryption with a KMS key managed by the user. |
| DSSE_MANAGED | Double server-side KMS encryption with a master key managed by KMS. |
| DSSE | Double server-side encryption with a KMS key managed by the user. |
UNENCRYPTED
Previous option.
Buckets can not be unencrypted now.
See also: https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html
KMS_MANAGED
Server-side KMS encryption with a master key managed by KMS.
S3_MANAGED
Server-side encryption with a master key managed by S3.
KMS
Server-side encryption with a KMS key managed by the user.
If encryptionKey is specified, this key will be used, otherwise, one will be defined.
DSSE_MANAGED
Double server-side KMS encryption with a master key managed by KMS.
DSSE
Double server-side encryption with a KMS key managed by the user.
If encryptionKey is specified, this key will be used, otherwise, one will be defined.