class Aws::S3::Types::ServerSideEncryptionByDefault

Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PUT Bucket encryption] in the *Amazon S3 API Reference*.

[1]: docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html

@note When making an API call, you may pass ServerSideEncryptionByDefault

data as a hash:

    {
      sse_algorithm: "AES256", # required, accepts AES256, aws:kms
      kms_master_key_id: "SSEKMSKeyId",
    }

@!attribute [rw] sse_algorithm

Server-side encryption algorithm to use for the default encryption.
@return [String]

@!attribute [rw] kms_master_key_id

Amazon Web Services Key Management Service (KMS) customer Amazon Web
Services KMS key ID to use for the default encryption. This
parameter is allowed if and only if `SSEAlgorithm` is set to
`aws:kms`.

You can specify the key ID or the Amazon Resource Name (ARN) of the
KMS key. However, if you are using encryption with cross-account
operations, you must use a fully qualified KMS key ARN. For more
information, see [Using encryption for cross-account operations][1].

**For example:**

* Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`

* Key ARN:
  `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`

Amazon S3 only supports symmetric KMS keys and not asymmetric KMS
keys. For more information, see [Using symmetric and asymmetric
keys][2] in the *Amazon Web Services Key Management Service
Developer Guide*.

[1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy
[2]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
@return [String]

@see docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ServerSideEncryptionByDefault AWS API Documentation

Constants

SENSITIVE