aws-cdk-lib.aws_s3.CfnBucket.ServerSideEncryptionByDefaultProperty

interface ServerSideEncryptionByDefaultProperty

LanguageType name
.NETAmazon.CDK.AWS.S3.CfnBucket.ServerSideEncryptionByDefaultProperty
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awss3#CfnBucket_ServerSideEncryptionByDefaultProperty
Javasoftware.amazon.awscdk.services.s3.CfnBucket.ServerSideEncryptionByDefaultProperty
Pythonaws_cdk.aws_s3.CfnBucket.ServerSideEncryptionByDefaultProperty
TypeScript aws-cdk-lib » aws_s3 » CfnBucket » ServerSideEncryptionByDefaultProperty

Describes the default server-side encryption to apply to new objects in the bucket.

If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see PUT Bucket encryption in the Amazon S3 API Reference .

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_s3 as s3 } from 'aws-cdk-lib';
const serverSideEncryptionByDefaultProperty: s3.CfnBucket.ServerSideEncryptionByDefaultProperty = {
  sseAlgorithm: 'sseAlgorithm',

  // the properties below are optional
  kmsMasterKeyId: 'kmsMasterKeyId',
};

Properties

NameTypeDescription
sseAlgorithmstringServer-side encryption algorithm to use for the default encryption.
kmsMasterKeyId?stringKMS key ID to use for the default encryption. This parameter is allowed if SSEAlgorithm is aws:kms.

sseAlgorithm

Type: string

Server-side encryption algorithm to use for the default encryption.


kmsMasterKeyId?

Type: string (optional)

KMS key ID to use for the default encryption. This parameter is allowed if SSEAlgorithm is aws:kms.

You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the CMK. However, if you are using encryption with cross-account operations, you must use a fully qualified CMK ARN. For more information, see Using encryption for cross-account operations .

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

Amazon S3 only supports symmetric KMS keys and not asymmetric KMS keys. For more information, see Using Symmetric and Asymmetric Keys in the AWS Key Management Service Developer Guide .