2.233.0

interface ServerSideEncryptionRuleProperty

LanguageType name
.NETAmazon.CDK.Mixins.Preview.AWS.S3Express.Mixins.CfnDirectoryBucketPropsMixin.ServerSideEncryptionRuleProperty
Gogithub.com/aws/aws-cdk-go/awscdkmixinspreview/v2/awss3express/mixins#CfnDirectoryBucketPropsMixin_ServerSideEncryptionRuleProperty
Javasoftware.amazon.awscdk.mixins.preview.services.s3express.mixins.CfnDirectoryBucketPropsMixin.ServerSideEncryptionRuleProperty
Pythonaws_cdk.mixins_preview.aws_s3express.mixins.CfnDirectoryBucketPropsMixin.ServerSideEncryptionRuleProperty
TypeScript @aws-cdk/mixins-preview » aws_s3express » mixins » CfnDirectoryBucketPropsMixin » ServerSideEncryptionRuleProperty

Specifies the default server-side encryption configuration.

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3express-directorybucket-serversideencryptionrule.html

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { mixins as s3express_mixins } from '@aws-cdk/mixins-preview/aws-s3express';
const serverSideEncryptionRuleProperty: s3express_mixins.CfnDirectoryBucketPropsMixin.ServerSideEncryptionRuleProperty = {
  bucketKeyEnabled: false,
  serverSideEncryptionByDefault: {
    kmsMasterKeyId: 'kmsMasterKeyId',
    sseAlgorithm: 'sseAlgorithm',
  },
};

Properties

NameTypeDescription
bucketKeyEnabled?boolean | IResolvableSpecifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket.
serverSideEncryptionByDefault?IResolvable | ServerSideEncryptionByDefaultPropertySpecifies the default server-side encryption to apply to new objects in the bucket.

bucketKeyEnabled?

Type: boolean | IResolvable (optional)

Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket.

S3 Bucket Keys are always enabled for GET and PUT operations on a directory bucket and can’t be disabled. It's only allowed to set the BucketKeyEnabled element to true .

S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through CopyObject , UploadPartCopy , the Copy operation in Batch Operations , or the import jobs . In this case, Amazon S3 makes a call to AWS KMS every time a copy request is made for a KMS-encrypted object.

For more information, see Amazon S3 Bucket Keys in the Amazon S3 User Guide .

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3express-directorybucket-serversideencryptionrule.html#cfn-s3express-directorybucket-serversideencryptionrule-bucketkeyenabled

serverSideEncryptionByDefault?

Type: IResolvable | ServerSideEncryptionByDefaultProperty (optional)

Specifies the default server-side encryption to apply to new objects in the bucket.

If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied.

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3express-directorybucket-serversideencryptionrule.html#cfn-s3express-directorybucket-serversideencryptionrule-serversideencryptionbydefault

PreviousNext