BucketEncryption

class aws_cdk.aws_s3.BucketEncryption(*values)

Bases: Enum

What kind of server-side encryption to apply to this bucket.

ExampleMetadata:

infused

Example:

# application: appconfig.Application


bucket = s3.Bucket(self, "MyBucket",
    versioned=True,
    encryption=s3.BucketEncryption.KMS
)

appconfig.SourcedConfiguration(self, "MySourcedConfiguration",
    application=application,
    location=appconfig.ConfigurationSource.from_bucket(bucket, "path/to/file.json")
)

Attributes

DSSE

Double server-side encryption with a KMS key managed by the user.

If encryptionKey is specified, this key will be used, otherwise, one will be defined.

DSSE_MANAGED

Double server-side KMS encryption with a master key managed by KMS.

KMS

Server-side encryption with a KMS key managed by the user.

If encryptionKey is specified, this key will be used, otherwise, one will be defined.

KMS_MANAGED

Server-side KMS encryption with a master key managed by KMS.

S3_MANAGED

Server-side encryption with a master key managed by S3.

UNENCRYPTED

(deprecated) Previous option.

Buckets can not be unencrypted now.

Deprecated:

S3 applies server-side encryption with SSE-S3 for every bucket that default encryption is not configured.

See:

https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html

Stability:

deprecated