Interface CfnDirectoryBucket.ServerSideEncryptionByDefaultProperty
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CfnDirectoryBucket.ServerSideEncryptionByDefaultProperty.Jsii$Proxy
- Enclosing class:
CfnDirectoryBucket
If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see PutBucketEncryption in the Amazon S3 API Reference .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import software.amazon.awscdk.services.s3express.*;
ServerSideEncryptionByDefaultProperty serverSideEncryptionByDefaultProperty = ServerSideEncryptionByDefaultProperty.builder()
.sseAlgorithm("sseAlgorithm")
// the properties below are optional
.kmsMasterKeyId("kmsMasterKeyId")
.build();
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic final classA builder forCfnDirectoryBucket.ServerSideEncryptionByDefaultPropertystatic final classAn implementation forCfnDirectoryBucket.ServerSideEncryptionByDefaultProperty -
Method Summary
Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getSseAlgorithm
Server-side encryption algorithm to use for the default encryption.For directory buckets, there are only two supported values for server-side encryption:
AES256andaws:kms.- See Also:
-
getKmsMasterKeyId
AWS Key Management Service (KMS) customer managed key ID to use for the default encryption.This parameter is allowed only if
SSEAlgorithmis set toaws:kms.You can specify this parameter with the key ID or the Amazon Resource Name (ARN) of the KMS key. You can’t use the key alias of the KMS key.
- Key ID:
1234abcd-12ab-34cd-56ef-1234567890ab - Key ARN:
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see Using encryption for cross-account operations .
Your SSE-KMS configuration can only support 1 customer managed key per directory bucket for the lifetime of the bucket. AWS managed key (
aws/s3) isn't supported. Also, after you specify a customer managed key for SSE-KMS and upload objects with this configuration, you can't override the customer managed key for your SSE-KMS configuration. To use a new customer manager key for your data, we recommend copying your existing objects to a new directory bucket with a new customer managed key. > Amazon S3 only supports symmetric encryption KMS keys. For more information, see Asymmetric keys in AWS KMS in the AWS Key Management Service Developer Guide .- See Also:
- Key ID:
-
builder
@Stability(Stable) static CfnDirectoryBucket.ServerSideEncryptionByDefaultProperty.Builder builder()
-