This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::S3::Bucket MetadataTableEncryptionConfiguration The encryption settings for an S3 Metadata journal table or inventory table configuration. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[KmsKeyArn](#cfn-s3-bucket-metadatatableencryptionconfiguration-kmskeyarn)" : String, "[SseAlgorithm](#cfn-s3-bucket-metadatatableencryptionconfiguration-ssealgorithm)" : String } ``` ### YAML ``` [KmsKeyArn](#cfn-s3-bucket-metadatatableencryptionconfiguration-kmskeyarn): String [SseAlgorithm](#cfn-s3-bucket-metadatatableencryptionconfiguration-ssealgorithm): String ``` ## Properties `KmsKeyArn` If server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS) is specified, you must also specify the KMS key Amazon Resource Name (ARN). You must specify a customer-managed KMS key that's located in the same Region as the general purpose bucket that corresponds to the metadata table configuration. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SseAlgorithm` The encryption type specified for a metadata table. To specify server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS), use the `aws:kms` value. To specify server-side encryption with Amazon S3 managed keys (SSE-S3), use the `AES256` value. *Required*: Yes *Type*: String *Allowed values*: `aws:kms | AES256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)