pulumi-aws-native-kotlin/com.pulumi.awsnative.s3.kotlin.inputs/BucketServerSideEncryptionByDefaultArgs

BucketServerSideEncryptionByDefaultArgs

data class BucketServerSideEncryptionByDefaultArgs(val kmsMasterKeyId: Output<String>? = null, val sseAlgorithm: Output<BucketServerSideEncryptionByDefaultSseAlgorithm>) : ConvertibleToJava<BucketServerSideEncryptionByDefaultArgs>

Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see PUT Bucket encryption in the Amazon S3 API Reference. If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.

Constructors

Link copied to clipboard
constructor(kmsMasterKeyId: Output<String>? = null, sseAlgorithm: Output<BucketServerSideEncryptionByDefaultSseAlgorithm>)

Properties

Link copied to clipboard
val kmsMasterKeyId: Output<String>? = null

AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption. This parameter is allowed if and only if `SSEAlgorithm` is set to `aws:kms` or `aws:kms:dsse`. You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key.

Link copied to clipboard
val sseAlgorithm: Output<BucketServerSideEncryptionByDefaultSseAlgorithm>

Server-side encryption algorithm to use for the default encryption.

Functions

Link copied to clipboard
open override fun toJava(): BucketServerSideEncryptionByDefaultArgs