This action uses the encryption subresource to configure default encryption
and Amazon S3 Bucket Keys for an existing bucket.
By default, all buckets have a default encryption configuration that uses server-side
encryption with Amazon S3 managed keys (SSE-S3). You can optionally configure default encryption
for a bucket by using server-side encryption with Key Management Service (KMS) keys (SSE-KMS) or
dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS). If you specify default encryption by using
SSE-KMS, you can also configure Amazon S3 Bucket
Keys. If you use PutBucketEncryption to set your default bucket encryption to SSE-KMS, you should verify that your KMS key ID is correct. Amazon S3 does not validate the KMS key ID provided in PutBucketEncryption requests.
This action uses the
encryption
subresource to configure default encryption and Amazon S3 Bucket Keys for an existing bucket.By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). You can optionally configure default encryption for a bucket by using server-side encryption with Key Management Service (KMS) keys (SSE-KMS) or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS). If you specify default encryption by using SSE-KMS, you can also configure Amazon S3 Bucket Keys. If you use PutBucketEncryption to set your default bucket encryption to SSE-KMS, you should verify that your KMS key ID is correct. Amazon S3 does not validate the KMS key ID provided in PutBucketEncryption requests.
This action requires Amazon Web Services Signature Version 4. For more information, see Authenticating Requests (Amazon Web Services Signature Version 4).
To use this operation, you must have permission to perform the
s3:PutEncryptionConfiguration
action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.The following operations are related to
PutBucketEncryption
:GetBucketEncryption
DeleteBucketEncryption
Example
Use a bare-bones client and the command you need to make an API call.
Param
PutBucketEncryptionCommandInput
Returns
PutBucketEncryptionCommandOutput
See
input
shape.response
shape.config
shape.Throws
S3ServiceException
Base exception class for all service exceptions from S3 service.