BucketEncryption

class aws_cdk.aws_s3.BucketEncryption(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: Enum

What kind of server-side encryption to apply to this bucket.

ExampleMetadata:

infused

Example:

from aws_cdk.aws_s3 import BucketEncryption


app = App(
    default_stack_synthesizer=AppStagingSynthesizer.default_resources(
        app_id="my-app-id",
        staging_bucket_encryption=BucketEncryption.S3_MANAGED,
        file_asset_publishing_role=BootstrapRole.from_role_arn("arn:aws:iam::123456789012:role/S3Access"),
        image_asset_publishing_role=BootstrapRole.from_role_arn("arn:aws:iam::123456789012:role/ECRAccess")
    )
)

Attributes

DSSE

Double server-side encryption with a KMS key managed by the user.

If encryptionKey is specified, this key will be used, otherwise, one will be defined.

DSSE_MANAGED

Double server-side KMS encryption with a master key managed by KMS.

KMS

Server-side encryption with a KMS key managed by the user.

If encryptionKey is specified, this key will be used, otherwise, one will be defined.

KMS_MANAGED

Server-side KMS encryption with a master key managed by KMS.

S3_MANAGED

Server-side encryption with a master key managed by S3.

UNENCRYPTED

(deprecated) Previous option.

Buckets can not be unencrypted now.

Deprecated:

S3 applies server-side encryption with SSE-S3 for every bucket that default encryption is not configured.

See:

https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html

Stability:

deprecated