aws-cdk-lib.aws_s3.BucketEncryption

enum BucketEncryption

LanguageType name
.NETAmazon.CDK.AWS.S3.BucketEncryption
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awss3#BucketEncryption
Javasoftware.amazon.awscdk.services.s3.BucketEncryption
Pythonaws_cdk.aws_s3.BucketEncryption
TypeScript (source)aws-cdk-lib » aws_s3 » BucketEncryption

What kind of server-side encryption to apply to this bucket.

Example

const bucket = new s3.Bucket(this, 'MyEncryptedBucket', {
  encryption: s3.BucketEncryption.KMS,
});

// you can access the encryption key:
assert(bucket.encryptionKey instanceof kms.Key);

Members

NameDescription
UNENCRYPTEDPrevious option.
KMS_MANAGEDServer-side KMS encryption with a master key managed by KMS.
S3_MANAGEDServer-side encryption with a master key managed by S3.
KMSServer-side encryption with a KMS key managed by the user.
DSSE_MANAGEDDouble server-side KMS encryption with a master key managed by KMS.
DSSEDouble server-side encryption with a KMS key managed by the user.

UNENCRYPTED

Previous option.

Buckets can not be unencrypted now.

See also: https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html


KMS_MANAGED

Server-side KMS encryption with a master key managed by KMS.


S3_MANAGED

Server-side encryption with a master key managed by S3.


KMS

Server-side encryption with a KMS key managed by the user.

If encryptionKey is specified, this key will be used, otherwise, one will be defined.


DSSE_MANAGED

Double server-side KMS encryption with a master key managed by KMS.


DSSE

Double server-side encryption with a KMS key managed by the user.

If encryptionKey is specified, this key will be used, otherwise, one will be defined.