aws-cdk-lib.aws_s3.CfnBucket.ServerSideEncryptionRuleProperty

interface ServerSideEncryptionRuleProperty

LanguageType name
.NETAmazon.CDK.AWS.S3.CfnBucket.ServerSideEncryptionRuleProperty
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awss3#CfnBucket_ServerSideEncryptionRuleProperty
Javasoftware.amazon.awscdk.services.s3.CfnBucket.ServerSideEncryptionRuleProperty
Pythonaws_cdk.aws_s3.CfnBucket.ServerSideEncryptionRuleProperty
TypeScript aws-cdk-lib » aws_s3 » CfnBucket » ServerSideEncryptionRuleProperty

Specifies the default server-side encryption configuration.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_s3 as s3 } from 'aws-cdk-lib';
const serverSideEncryptionRuleProperty: s3.CfnBucket.ServerSideEncryptionRuleProperty = {
  bucketKeyEnabled: false,
  serverSideEncryptionByDefault: {
    sseAlgorithm: 'sseAlgorithm',

    // the properties below are optional
    kmsMasterKeyId: 'kmsMasterKeyId',
  },
};

Properties

NameTypeDescription
bucketKeyEnabled?boolean | IResolvableSpecifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket.
serverSideEncryptionByDefault?IResolvable | ServerSideEncryptionByDefaultPropertySpecifies the default server-side encryption to apply to new objects in the bucket.

bucketKeyEnabled?

Type: boolean | IResolvable (optional)

Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket.

Existing objects are not affected. Setting the BucketKeyEnabled element to true causes Amazon S3 to use an S3 Bucket Key. By default, S3 Bucket Key is not enabled.

For more information, see Amazon S3 Bucket Keys in the Amazon S3 User Guide .


serverSideEncryptionByDefault?

Type: IResolvable | ServerSideEncryptionByDefaultProperty (optional)

Specifies the default server-side encryption to apply to new objects in the bucket.

If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied.