Class: AWSCDK::S3Express::CfnDirectoryBucket::ServerSideEncryptionByDefaultProperty
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::S3Express::CfnDirectoryBucket::ServerSideEncryptionByDefaultProperty
- Defined in:
- s3_express/cfn_directory_bucket.rb
Overview
Describes the default server-side encryption to apply to new objects in the bucket.
If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see PutBucketEncryption in the Amazon S3 API Reference .
Instance Attribute Summary collapse
-
#kms_master_key_id ⇒ String?
readonly
AWS Key Management Service (KMS) customer managed key ID to use for the default encryption.
-
#sse_algorithm ⇒ String
readonly
Server-side encryption algorithm to use for the default encryption.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(sse_algorithm:, kms_master_key_id: nil) ⇒ ServerSideEncryptionByDefaultProperty
constructor
A new instance of ServerSideEncryptionByDefaultProperty.
- #to_jsii ⇒ Object
Constructor Details
#initialize(sse_algorithm:, kms_master_key_id: nil) ⇒ ServerSideEncryptionByDefaultProperty
Returns a new instance of ServerSideEncryptionByDefaultProperty.
1110 1111 1112 1113 1114 1115 |
# File 's3_express/cfn_directory_bucket.rb', line 1110 def initialize(sse_algorithm:, kms_master_key_id: nil) @sse_algorithm = sse_algorithm Jsii::Type.check_type(@sse_algorithm, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sseAlgorithm") @kms_master_key_id = kms_master_key_id Jsii::Type.check_type(@kms_master_key_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "kmsMasterKeyId") unless @kms_master_key_id.nil? end |
Instance Attribute Details
#kms_master_key_id ⇒ String? (readonly)
AWS Key Management Service (KMS) customer managed key ID to use for the default encryption.
This parameter is allowed only if SSEAlgorithm is set to aws:kms .
You can specify this parameter with the key ID or the Amazon Resource Name (ARN) of the KMS key. You can’t use the key alias of the KMS key.
- Key ID:
1234abcd-12ab-34cd-56ef-1234567890ab - Key ARN:
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see Using encryption for cross-account operations .
Your SSE-KMS configuration can only support 1 customer managed key per directory bucket for the lifetime of the bucket. AWS managed key (
aws/s3) isn't supported. Also, after you specify a customer managed key for SSE-KMS and upload objects with this configuration, you can't override the customer managed key for your SSE-KMS configuration. To use a new customer manager key for your data, we recommend copying your existing objects to a new directory bucket with a new customer managed key. > Amazon S3 only supports symmetric encryption KMS keys. For more information, see Asymmetric keys in AWS KMS in the AWS Key Management Service Developer Guide .
1139 1140 1141 |
# File 's3_express/cfn_directory_bucket.rb', line 1139 def kms_master_key_id @kms_master_key_id end |
#sse_algorithm ⇒ String (readonly)
Server-side encryption algorithm to use for the default encryption.
For directory buckets, there are only two supported values for server-side encryption:
AES256andaws:kms.
1123 1124 1125 |
# File 's3_express/cfn_directory_bucket.rb', line 1123 def sse_algorithm @sse_algorithm end |
Class Method Details
.jsii_properties ⇒ Object
1141 1142 1143 1144 1145 1146 |
# File 's3_express/cfn_directory_bucket.rb', line 1141 def self.jsii_properties { :sse_algorithm => "sseAlgorithm", :kms_master_key_id => "kmsMasterKeyId", } end |
Instance Method Details
#to_jsii ⇒ Object
1148 1149 1150 1151 1152 1153 1154 1155 |
# File 's3_express/cfn_directory_bucket.rb', line 1148 def to_jsii result = {} result.merge!({ "sseAlgorithm" => @sse_algorithm, "kmsMasterKeyId" => @kms_master_key_id, }) result.compact end |