2.182.0

interface ServerSideEncryptionRuleProperty

LanguageType name
.NETAmazon.CDK.aws_s3express.CfnDirectoryBucket.ServerSideEncryptionRuleProperty
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awss3express#CfnDirectoryBucket_ServerSideEncryptionRuleProperty
Javasoftware.amazon.awscdk.services.s3express.CfnDirectoryBucket.ServerSideEncryptionRuleProperty
Pythonaws_cdk.aws_s3express.CfnDirectoryBucket.ServerSideEncryptionRuleProperty
TypeScript aws-cdk-lib » aws_s3express » CfnDirectoryBucket » ServerSideEncryptionRuleProperty

Specifies the default server-side encryption configuration.

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3express-directorybucket-serversideencryptionrule.html

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_s3express as s3express } from 'aws-cdk-lib';
const serverSideEncryptionRuleProperty: s3express.CfnDirectoryBucket.ServerSideEncryptionRuleProperty = {
  bucketKeyEnabled: false,
  serverSideEncryptionByDefault: {
    sseAlgorithm: 'sseAlgorithm',

    // the properties below are optional
    kmsMasterKeyId: 'kmsMasterKeyId',
  },
};

Properties

NameTypeDescription
bucketKeyEnabled?boolean | IResolvableSpecifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket.
serverSideEncryptionByDefault?IResolvable | ServerSideEncryptionByDefaultPropertySpecifies the default server-side encryption to apply to new objects in the bucket.

bucketKeyEnabled?

Type: boolean | IResolvable (optional)

Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket.

S3 Bucket Keys are always enabled for GET and PUT operations on a directory bucket and can’t be disabled. It's only allowed to set the BucketKeyEnabled element to true .

S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through CopyObject , UploadPartCopy , the Copy operation in Batch Operations , or the import jobs . In this case, Amazon S3 makes a call to AWS KMS every time a copy request is made for a KMS-encrypted object.

For more information, see Amazon S3 Bucket Keys in the Amazon S3 User Guide .

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3express-directorybucket-serversideencryptionrule.html#cfn-s3express-directorybucket-serversideencryptionrule-bucketkeyenabled

serverSideEncryptionByDefault?

Type: IResolvable | ServerSideEncryptionByDefaultProperty (optional)

Specifies the default server-side encryption to apply to new objects in the bucket.

If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied.

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3express-directorybucket-serversideencryptionrule.html#cfn-s3express-directorybucket-serversideencryptionrule-serversideencryptionbydefault

PreviousNext