BucketEncryption
- class aws_cdk.aws_s3.BucketEncryption(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)
Bases:
Enum
What kind of server-side encryption to apply to this bucket.
- ExampleMetadata:
infused
Example:
from aws_cdk.aws_s3 import BucketEncryption app = App( default_stack_synthesizer=AppStagingSynthesizer.default_resources( app_id="my-app-id", staging_bucket_encryption=BucketEncryption.S3_MANAGED, file_asset_publishing_role=BootstrapRole.from_role_arn("arn:aws:iam::123456789012:role/S3Access"), image_asset_publishing_role=BootstrapRole.from_role_arn("arn:aws:iam::123456789012:role/ECRAccess") ) )
Attributes
- DSSE
Double server-side encryption with a KMS key managed by the user.
If
encryptionKey
is specified, this key will be used, otherwise, one will be defined.
- DSSE_MANAGED
Double server-side KMS encryption with a master key managed by KMS.
- KMS
Server-side encryption with a KMS key managed by the user.
If
encryptionKey
is specified, this key will be used, otherwise, one will be defined.
- KMS_MANAGED
Server-side KMS encryption with a master key managed by KMS.
- S3_MANAGED
Server-side encryption with a master key managed by S3.
- UNENCRYPTED
(deprecated) Previous option.
Buckets can not be unencrypted now.
- Deprecated:
S3 applies server-side encryption with SSE-S3 for every bucket that default encryption is not configured.
- See:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html
- Stability:
deprecated