Interface CfnBucket.ServerSideEncryptionRuleProperty

All Superinterfaces:
software.amazon.jsii.JsiiSerializable
All Known Implementing Classes:
CfnBucket.ServerSideEncryptionRuleProperty.Jsii$Proxy
Enclosing class:
CfnBucket

@Stability(Stable) public static interface CfnBucket.ServerSideEncryptionRuleProperty extends software.amazon.jsii.JsiiSerializable
Specifies the default server-side encryption configuration.

  • General purpose buckets - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
  • Directory buckets - When you specify an AWS KMS customer managed key for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.s3.*;
 ServerSideEncryptionRuleProperty serverSideEncryptionRuleProperty = ServerSideEncryptionRuleProperty.builder()
         .bucketKeyEnabled(false)
         .serverSideEncryptionByDefault(ServerSideEncryptionByDefaultProperty.builder()
                 .sseAlgorithm("sseAlgorithm")
                 // the properties below are optional
                 .kmsMasterKeyId("kmsMasterKeyId")
                 .build())
         .build();
 

See Also: