pulumi-aws-native-kotlin/com.pulumi.awsnative.s3.kotlin.inputs/BucketServerSideEncryptionByDefaultArgs

BucketServerSideEncryptionByDefaultArgs

data class BucketServerSideEncryptionByDefaultArgs(val kmsMasterKeyId: Output<String>? = null, val sseAlgorithm: Output<BucketServerSideEncryptionByDefaultSseAlgorithm>) : ConvertibleToJava<BucketServerSideEncryptionByDefaultArgs>

Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see PutBucketEncryption. + General purpose buckets - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key (`aws/s3`) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS.

Directory buckets - Your SSE-KMS configuration can only support 1 customer managed key per directory bucket's lifetime. The managed key (`aws/s3`) isn't supported.
Directory buckets - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS.

Constructors

constructor(kmsMasterKeyId: Output<String>? = null, sseAlgorithm: Output<BucketServerSideEncryptionByDefaultSseAlgorithm>)

Properties

kmsMasterKeyId

val kmsMasterKeyId: Output<String>? = null

AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. + General purpose buckets - This parameter is allowed if and only if `SSEAlgorithm` is set to `aws:kms` or `aws:kms:dsse`.

sseAlgorithm

val sseAlgorithm: Output<BucketServerSideEncryptionByDefaultSseAlgorithm>

Server-side encryption algorithm to use for the default encryption. For directory buckets, there are only two supported values for server-side encryption: `AES256` and `aws:kms`.

Functions

toJava

open override fun toJava(): BucketServerSideEncryptionByDefaultArgs