Class: AWSCDK::S3::CfnBucket::ServerSideEncryptionRuleProperty
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::S3::CfnBucket::ServerSideEncryptionRuleProperty
- Defined in:
- s3/cfn_bucket.rb
Overview
Specifies the default server-side encryption configuration.
- General purpose buckets - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then AWS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
- Directory buckets - When you specify an AWS customer managed key for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.
Instance Attribute Summary collapse
-
#blocked_encryption_types ⇒ AWSCDK::IResolvable, ...
readonly
A bucket-level setting for Amazon S3 general purpose buckets used to prevent the upload of new objects encrypted with the specified server-side encryption type.
-
#bucket_key_enabled ⇒ Boolean, ...
readonly
Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket.
-
#server_side_encryption_by_default ⇒ AWSCDK::IResolvable, ...
readonly
Specifies the default server-side encryption to apply to new objects in the bucket.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(blocked_encryption_types: nil, bucket_key_enabled: nil, server_side_encryption_by_default: nil) ⇒ ServerSideEncryptionRuleProperty
constructor
A new instance of ServerSideEncryptionRuleProperty.
- #to_jsii ⇒ Object
Constructor Details
#initialize(blocked_encryption_types: nil, bucket_key_enabled: nil, server_side_encryption_by_default: nil) ⇒ ServerSideEncryptionRuleProperty
Returns a new instance of ServerSideEncryptionRuleProperty.
4302 4303 4304 4305 4306 4307 4308 4309 |
# File 's3/cfn_bucket.rb', line 4302 def initialize(blocked_encryption_types: nil, bucket_key_enabled: nil, server_side_encryption_by_default: nil) @blocked_encryption_types = blocked_encryption_types.is_a?(Hash) ? ::AWSCDK::S3::CfnBucket::BlockedEncryptionTypesProperty.new(**blocked_encryption_types.transform_keys(&:to_sym)) : blocked_encryption_types Jsii::Type.check_type(@blocked_encryption_types, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19zMy5DZm5CdWNrZXQuQmxvY2tlZEVuY3J5cHRpb25UeXBlc1Byb3BlcnR5In1dfX0=")), "blockedEncryptionTypes") unless @blocked_encryption_types.nil? @bucket_key_enabled = bucket_key_enabled Jsii::Type.check_type(@bucket_key_enabled, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "bucketKeyEnabled") unless @bucket_key_enabled.nil? @server_side_encryption_by_default = server_side_encryption_by_default.is_a?(Hash) ? ::AWSCDK::S3::CfnBucket::ServerSideEncryptionByDefaultProperty.new(**server_side_encryption_by_default.transform_keys(&:to_sym)) : server_side_encryption_by_default Jsii::Type.check_type(@server_side_encryption_by_default, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19zMy5DZm5CdWNrZXQuU2VydmVyU2lkZUVuY3J5cHRpb25CeURlZmF1bHRQcm9wZXJ0eSJ9XX19")), "serverSideEncryptionByDefault") unless @server_side_encryption_by_default.nil? end |
Instance Attribute Details
#blocked_encryption_types ⇒ AWSCDK::IResolvable, ... (readonly)
A bucket-level setting for Amazon S3 general purpose buckets used to prevent the upload of new objects encrypted with the specified server-side encryption type.
For example, blocking an encryption type will block PutObject , CopyObject , PostObject , multipart upload, and replication requests to the bucket for objects with the specified encryption type. However, you can continue to read and list any pre-existing objects already encrypted with the specified encryption type. For more information, see Blocking or unblocking SSE-C for a general purpose bucket .
Currently, this parameter only supports blocking or unblocking server-side encryption with customer-provided keys (SSE-C). For more information about SSE-C, see Using server-side encryption with customer-provided keys (SSE-C) .
4319 4320 4321 |
# File 's3/cfn_bucket.rb', line 4319 def blocked_encryption_types @blocked_encryption_types end |
#bucket_key_enabled ⇒ Boolean, ... (readonly)
Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket.
Existing objects are not affected. Setting the BucketKeyEnabled element to true causes Amazon S3 to use an S3 Bucket Key. By default, S3 Bucket Key is not enabled.
For more information, see Amazon S3 Bucket Keys in the Amazon S3 User Guide .
4328 4329 4330 |
# File 's3/cfn_bucket.rb', line 4328 def bucket_key_enabled @bucket_key_enabled end |
#server_side_encryption_by_default ⇒ AWSCDK::IResolvable, ... (readonly)
Specifies the default server-side encryption to apply to new objects in the bucket.
If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied.
4335 4336 4337 |
# File 's3/cfn_bucket.rb', line 4335 def server_side_encryption_by_default @server_side_encryption_by_default end |
Class Method Details
.jsii_properties ⇒ Object
4337 4338 4339 4340 4341 4342 4343 |
# File 's3/cfn_bucket.rb', line 4337 def self.jsii_properties { :blocked_encryption_types => "blockedEncryptionTypes", :bucket_key_enabled => "bucketKeyEnabled", :server_side_encryption_by_default => "serverSideEncryptionByDefault", } end |
Instance Method Details
#to_jsii ⇒ Object
4345 4346 4347 4348 4349 4350 4351 4352 4353 |
# File 's3/cfn_bucket.rb', line 4345 def to_jsii result = {} result.merge!({ "blockedEncryptionTypes" => @blocked_encryption_types, "bucketKeyEnabled" => @bucket_key_enabled, "serverSideEncryptionByDefault" => @server_side_encryption_by_default, }) result.compact end |