Package software.amazon.awscdk.services.s3

Interface CfnBucket.ServerSideEncryptionRuleProperty

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

CfnBucket.ServerSideEncryptionRuleProperty.Jsii$Proxy

Enclosing class:

CfnBucket

@Stability(Stable)
public static interface CfnBucket.ServerSideEncryptionRuleProperty
extends software.amazon.jsii.JsiiSerializable

Specifies the default server-side encryption configuration.

• General purpose buckets - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
• Directory buckets - When you specify an AWS customer managed key for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.s3.*;
 ServerSideEncryptionRuleProperty serverSideEncryptionRuleProperty = ServerSideEncryptionRuleProperty.builder()
         .blockedEncryptionTypes(BlockedEncryptionTypesProperty.builder()
                 .encryptionType(List.of("encryptionType"))
                 .build())
         .bucketKeyEnabled(false)
         .serverSideEncryptionByDefault(ServerSideEncryptionByDefaultProperty.builder()
                 .sseAlgorithm("sseAlgorithm")
                 // the properties below are optional
                 .kmsMasterKeyId("kmsMasterKeyId")
                 .build())
         .build();
 

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionrule.html

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	CfnBucket.ServerSideEncryptionRuleProperty.Builder	A builder for CfnBucket.ServerSideEncryptionRuleProperty
static final class	CfnBucket.ServerSideEncryptionRuleProperty.Jsii$Proxy	An implementation for CfnBucket.ServerSideEncryptionRuleProperty

Method Summary

Modifier and Type	Method	Description
static CfnBucket.ServerSideEncryptionRuleProperty.Builder	builder()
default Object	getBlockedEncryptionTypes()	A bucket-level setting for Amazon S3 general purpose buckets used to prevent the upload of new objects encrypted with the specified server-side encryption type.
default Object	getBucketKeyEnabled()	Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket.
default Object	getServerSideEncryptionByDefault()	Specifies the default server-side encryption to apply to new objects in the bucket.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getBlockedEncryptionTypes

@Stability(Stable)
@Nullable
default Object getBlockedEncryptionTypes()

A bucket-level setting for Amazon S3 general purpose buckets used to prevent the upload of new objects encrypted with the specified server-side encryption type.

For example, blocking an encryption type will block PutObject , CopyObject , PostObject , multipart upload, and replication requests to the bucket for objects with the specified encryption type. However, you can continue to read and list any pre-existing objects already encrypted with the specified encryption type. For more information, see Blocking or unblocking SSE-C for a general purpose bucket .

Currently, this parameter only supports blocking or unblocking server-side encryption with customer-provided keys (SSE-C). For more information about SSE-C, see Using server-side encryption with customer-provided keys (SSE-C) .

Returns union: either IResolvable or CfnBucket.BlockedEncryptionTypesProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionrule.html#cfn-s3-bucket-serversideencryptionrule-blockedencryptiontypes

getBucketKeyEnabled

@Stability(Stable)
@Nullable
default Object getBucketKeyEnabled()

Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket.

Existing objects are not affected. Setting the BucketKeyEnabled element to true causes Amazon S3 to use an S3 Bucket Key. By default, S3 Bucket Key is not enabled.

For more information, see Amazon S3 Bucket Keys in the Amazon S3 User Guide .

Returns union: either Boolean or IResolvable

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionrule.html#cfn-s3-bucket-serversideencryptionrule-bucketkeyenabled

getServerSideEncryptionByDefault

@Stability(Stable)
@Nullable
default Object getServerSideEncryptionByDefault()

Specifies the default server-side encryption to apply to new objects in the bucket.

If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied.

Returns union: either IResolvable or CfnBucket.ServerSideEncryptionByDefaultProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket-serversideencryptionrule.html#cfn-s3-bucket-serversideencryptionrule-serversideencryptionbydefault

builder

@Stability(Stable)
static CfnBucket.ServerSideEncryptionRuleProperty.Builder builder()

Returns:

a CfnBucket.ServerSideEncryptionRuleProperty.Builder of CfnBucket.ServerSideEncryptionRuleProperty