AWS::S3::Bucket BlockedEncryptionTypes

A bucket-level setting for Amazon S3 general purpose buckets used to prevent the upload of new objects encrypted with the specified server-side encryption type. For example, blocking an encryption type will block PutObject, CopyObject, PostObject, multipart upload, and replication requests to the bucket for objects with the specified encryption type. However, you can continue to read and list any pre-existing objects already encrypted with the specified encryption type. For more information, see Blocking or unblocking SSE-C for a general purpose bucket.

This data type is used with the following actions:

Permissions

You must have the s3:PutEncryptionConfiguration permission to block or unblock an encryption type for a bucket.

You must have the s3:GetEncryptionConfiguration permission to view a bucket's encryption type.

Syntax

To declare this entity in your CloudFormation template, use the following syntax:

JSON


{
  "EncryptionType" : [ String, ... ]
}

YAML


  EncryptionType: 
    - String

Properties

EncryptionType

The object encryption type that you want to block or unblock for an Amazon S3 general purpose bucket.

Note

Currently, this parameter only supports blocking or unblocking server side encryption with customer-provided keys (SSE-C). For more information about SSE-C, see Using server-side encryption with customer-provided keys (SSE-C).

Required: No

Type: Array of String

Allowed values: NONE | SSE-C

Update requires: No interruption

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AnalyticsConfiguration

BucketEncryption