文件 AWS 開發套件範例 GitHub 儲存庫中有更多可用的 [AWS SDK 範例](https://github.com/awsdocs/aws-doc-sdk-examples)。 本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。 # `PutBucketEncryption` 搭配 AWS SDK 使用 以下程式碼範例顯示如何使用 `PutBucketEncryption`。 ------ #### [ Java ] **SDK for Java 2.x** GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/s3/src/main/java/com/example/s3/directorybucket#code-examples)中設定和執行。 將儲存貯體加密設定為目錄儲存貯體。 ``` import org.slf4j.Logger; import org.slf4j.LoggerFactory; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.kms.KmsClient; import software.amazon.awssdk.services.s3.S3Client; import software.amazon.awssdk.services.s3.model.PutBucketEncryptionRequest; import software.amazon.awssdk.services.s3.model.S3Exception; import software.amazon.awssdk.services.s3.model.ServerSideEncryption; import software.amazon.awssdk.services.s3.model.ServerSideEncryptionByDefault; import software.amazon.awssdk.services.s3.model.ServerSideEncryptionConfiguration; import software.amazon.awssdk.services.s3.model.ServerSideEncryptionRule; import static com.example.s3.util.S3DirectoryBucketUtils.createDirectoryBucket; import static com.example.s3.util.S3DirectoryBucketUtils.createKmsClient; import static com.example.s3.util.S3DirectoryBucketUtils.createKmsKey; import static com.example.s3.util.S3DirectoryBucketUtils.deleteDirectoryBucket; import static com.example.s3.util.S3DirectoryBucketUtils.scheduleKeyDeletion; /** * Sets the default encryption configuration for an S3 bucket as SSE-KMS. * * @param s3Client The S3 client used to interact with S3 * @param bucketName The name of the directory bucket * @param kmsKeyId The ID of the customer-managed KMS key */ public static void putDirectoryBucketEncryption(S3Client s3Client, String bucketName, String kmsKeyId) { // Define the default encryption configuration to use SSE-KMS. For directory // buckets, AWS managed KMS keys aren't supported. Only customer-managed keys // are supported. ServerSideEncryptionByDefault encryptionByDefault = ServerSideEncryptionByDefault.builder() .sseAlgorithm(ServerSideEncryption.AWS_KMS) .kmsMasterKeyID(kmsKeyId) .build(); // Create a server-side encryption rule to apply the default encryption // configuration. For directory buckets, the bucketKeyEnabled field is enforced // to be true. ServerSideEncryptionRule rule = ServerSideEncryptionRule.builder() .bucketKeyEnabled(true) .applyServerSideEncryptionByDefault(encryptionByDefault) .build(); // Create the server-side encryption configuration for the bucket ServerSideEncryptionConfiguration encryptionConfiguration = ServerSideEncryptionConfiguration.builder() .rules(rule) .build(); // Create the PutBucketEncryption request PutBucketEncryptionRequest putRequest = PutBucketEncryptionRequest.builder() .bucket(bucketName) .serverSideEncryptionConfiguration(encryptionConfiguration) .build(); // Set the bucket encryption try { s3Client.putBucketEncryption(putRequest); logger.info("SSE-KMS Bucket encryption configuration set for the directory bucket: {}", bucketName); } catch (S3Exception e) { logger.error("Failed to set bucket encryption: {} - Error code: {}", e.awsErrorDetails().errorMessage(), e.awsErrorDetails().errorCode()); throw e; } } ``` + 如需 API 詳細資訊,請參閱《*AWS SDK for Java 2.x API 參考*》中的 [PutBucketEncryption](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutBucketEncryption)。 ------