Interface CfnBucket.ServerSideEncryptionByDefaultProperty

All Superinterfaces:
software.amazon.jsii.JsiiSerializable
All Known Implementing Classes:
CfnBucket.ServerSideEncryptionByDefaultProperty.Jsii$Proxy
Enclosing class:
CfnBucket

@Stability(Stable) public static interface CfnBucket.ServerSideEncryptionByDefaultProperty extends software.amazon.jsii.JsiiSerializable
Describes the default server-side encryption to apply to new objects in the bucket.

If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see PutBucketEncryption .

  • General purpose buckets - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key ( aws/s3 ) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS.
  • Directory buckets - Your SSE-KMS configuration can only support 1 customer managed key per directory bucket for the lifetime of the bucket. The AWS managed key ( aws/s3 ) isn't supported.
  • Directory buckets - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.s3.*;
 ServerSideEncryptionByDefaultProperty serverSideEncryptionByDefaultProperty = ServerSideEncryptionByDefaultProperty.builder()
         .sseAlgorithm("sseAlgorithm")
         // the properties below are optional
         .kmsMasterKeyId("kmsMasterKeyId")
         .build();
 

See Also: