Jump to Content

This API Documentation is now deprecated

We are excited to announce our new API Documentation.

Class PutBucketEncryptionCommandProtected

This action uses the encryption subresource to configure default encryption and Amazon S3 Bucket Keys for an existing bucket.

By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). You can optionally configure default encryption for a bucket by using server-side encryption with Key Management Service (KMS) keys (SSE-KMS) or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS). If you specify default encryption by using SSE-KMS, you can also configure Amazon S3 Bucket Keys. If you use PutBucketEncryption to set your default bucket encryption to SSE-KMS, you should verify that your KMS key ID is correct. Amazon S3 does not validate the KMS key ID provided in PutBucketEncryption requests.

This action requires Amazon Web Services Signature Version 4. For more information, see Authenticating Requests (Amazon Web Services Signature Version 4).

To use this operation, you must have permission to perform the s3:PutEncryptionConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.

The following operations are related to PutBucketEncryption:

Example

Use a bare-bones client and the command you need to make an API call.

import { S3Client, PutBucketEncryptionCommand } from "@aws-sdk/client-s3"; // ES Modules import
// const { S3Client, PutBucketEncryptionCommand } = require("@aws-sdk/client-s3"); // CommonJS import
const client = new S3Client(config);
const input = { // PutBucketEncryptionRequest
Bucket: "STRING_VALUE", // required
ContentMD5: "STRING_VALUE",
ChecksumAlgorithm: "CRC32" || "CRC32C" || "SHA1" || "SHA256",
ServerSideEncryptionConfiguration: { // ServerSideEncryptionConfiguration
Rules: [ // ServerSideEncryptionRules // required
{ // ServerSideEncryptionRule
ApplyServerSideEncryptionByDefault: { // ServerSideEncryptionByDefault
SSEAlgorithm: "AES256" || "aws:kms" || "aws:kms:dsse", // required
KMSMasterKeyID: "STRING_VALUE",
},
BucketKeyEnabled: true || false,
},
],
},
ExpectedBucketOwner: "STRING_VALUE",
};
const command = new PutBucketEncryptionCommand(input);
const response = await client.send(command);
// {};

Param

PutBucketEncryptionCommandInput

Returns

PutBucketEncryptionCommandOutput

See

Throws

S3ServiceException

Base exception class for all service exceptions from S3 service.

Hierarchy

Constructors

Properties

Methods

Constructors

Properties

Methods