class Aws::S3::Types::ServerSideEncryptionByDefault
Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object
request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PUT Bucket
encryption] in the *Amazon S3
API Reference*.
[1]: docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html
@note When making an API call, you may pass ServerSideEncryptionByDefault
data as a hash: { sse_algorithm: "AES256", # required, accepts AES256, aws:kms kms_master_key_id: "SSEKMSKeyId", }
@!attribute [rw] sse_algorithm
Server-side encryption algorithm to use for the default encryption. @return [String]
@!attribute [rw] kms_master_key_id
Amazon Web Services Key Management Service (KMS) customer Amazon Web Services KMS key ID to use for the default encryption. This parameter is allowed if and only if `SSEAlgorithm` is set to `aws:kms`. You can specify the key ID or the Amazon Resource Name (ARN) of the KMS key. However, if you are using encryption with cross-account operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations][1]. **For example:** * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab` * Key ARN: `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab` Amazon S3 only supports symmetric KMS keys and not asymmetric KMS keys. For more information, see [Using symmetric and asymmetric keys][2] in the *Amazon Web Services Key Management Service Developer Guide*. [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy [2]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html @return [String]
@see docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ServerSideEncryptionByDefault AWS API Documentation
Constants
- SENSITIVE