Interface CfnDirectoryBucketPropsMixin.IServerSideEncryptionRuleProperty

Specifies the default server-side encryption configuration.

Namespace: Amazon.CDK.Mixins.Preview.AWS.S3Express.Mixins

Assembly: Amazon.CDK.Mixins.Preview.dll

Syntax (csharp)

public interface CfnDirectoryBucketPropsMixin.IServerSideEncryptionRuleProperty

Syntax (vb)

Public Interface CfnDirectoryBucketPropsMixin.IServerSideEncryptionRuleProperty

Remarks

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3express-directorybucket-serversideencryptionrule.html

ExampleMetadata: fixture=_generated

Examples

// The code below shows an example of how to instantiate this type.
             // The values are placeholders you should change.
             using Amazon.CDK.Mixins.Preview.AWS.S3Express.Mixins;

             var serverSideEncryptionRuleProperty = new ServerSideEncryptionRuleProperty {
                 BucketKeyEnabled = false,
                 ServerSideEncryptionByDefault = new ServerSideEncryptionByDefaultProperty {
                     KmsMasterKeyId = "kmsMasterKeyId",
                     SseAlgorithm = "sseAlgorithm"
                 }
             };

Synopsis

Properties

BucketKeyEnabled	Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket.
ServerSideEncryptionByDefault	Specifies the default server-side encryption to apply to new objects in the bucket.

Properties

BucketKeyEnabled

Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket.

object? BucketKeyEnabled { get; }

Property Value

object

Remarks

S3 Bucket Keys are always enabled for GET and PUT operations on a directory bucket and can’t be disabled. It's only allowed to set the BucketKeyEnabled element to true .

S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through CopyObject , UploadPartCopy , the Copy operation in Batch Operations , or the import jobs . In this case, Amazon S3 makes a call to AWS KMS every time a copy request is made for a KMS-encrypted object.

For more information, see Amazon S3 Bucket Keys in the Amazon S3 User Guide .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3express-directorybucket-serversideencryptionrule.html#cfn-s3express-directorybucket-serversideencryptionrule-bucketkeyenabled

Type union: either bool or IResolvable

ServerSideEncryptionByDefault

Specifies the default server-side encryption to apply to new objects in the bucket.

object? ServerSideEncryptionByDefault { get; }

Property Value

object

Remarks

If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied.

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3express-directorybucket-serversideencryptionrule.html#cfn-s3express-directorybucket-serversideencryptionrule-serversideencryptionbydefault

Type union: either IResolvable or CfnDirectoryBucketPropsMixin.IServerSideEncryptionByDefaultProperty