Class: AWSCDK::S3Express::CfnDirectoryBucket::ServerSideEncryptionByDefaultProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
s3_express/cfn_directory_bucket.rb

Overview

Describes the default server-side encryption to apply to new objects in the bucket.

If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see PutBucketEncryption in the Amazon S3 API Reference .

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(sse_algorithm:, kms_master_key_id: nil) ⇒ ServerSideEncryptionByDefaultProperty

Returns a new instance of ServerSideEncryptionByDefaultProperty.

Parameters:

  • sse_algorithm (String)

    Server-side encryption algorithm to use for the default encryption.

  • kms_master_key_id (String, nil) (defaults to: nil)

    AWS Key Management Service (KMS) customer managed key ID to use for the default encryption.



1110
1111
1112
1113
1114
1115
# File 's3_express/cfn_directory_bucket.rb', line 1110

def initialize(sse_algorithm:, kms_master_key_id: nil)
  @sse_algorithm = sse_algorithm
  Jsii::Type.check_type(@sse_algorithm, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sseAlgorithm")
  @kms_master_key_id = kms_master_key_id
  Jsii::Type.check_type(@kms_master_key_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "kmsMasterKeyId") unless @kms_master_key_id.nil?
end

Instance Attribute Details

#kms_master_key_idString? (readonly)

AWS Key Management Service (KMS) customer managed key ID to use for the default encryption.

This parameter is allowed only if SSEAlgorithm is set to aws:kms .

You can specify this parameter with the key ID or the Amazon Resource Name (ARN) of the KMS key. You can’t use the key alias of the KMS key.

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see Using encryption for cross-account operations .

Your SSE-KMS configuration can only support 1 customer managed key per directory bucket for the lifetime of the bucket. AWS managed key ( aws/s3 ) isn't supported. Also, after you specify a customer managed key for SSE-KMS and upload objects with this configuration, you can't override the customer managed key for your SSE-KMS configuration. To use a new customer manager key for your data, we recommend copying your existing objects to a new directory bucket with a new customer managed key. > Amazon S3 only supports symmetric encryption KMS keys. For more information, see Asymmetric keys in AWS KMS in the AWS Key Management Service Developer Guide .



1139
1140
1141
# File 's3_express/cfn_directory_bucket.rb', line 1139

def kms_master_key_id
  @kms_master_key_id
end

#sse_algorithmString (readonly)

Server-side encryption algorithm to use for the default encryption.

For directory buckets, there are only two supported values for server-side encryption: AES256 and aws:kms .



1123
1124
1125
# File 's3_express/cfn_directory_bucket.rb', line 1123

def sse_algorithm
  @sse_algorithm
end

Class Method Details

.jsii_propertiesObject



1141
1142
1143
1144
1145
1146
# File 's3_express/cfn_directory_bucket.rb', line 1141

def self.jsii_properties
  {
    :sse_algorithm => "sseAlgorithm",
    :kms_master_key_id => "kmsMasterKeyId",
  }
end

Instance Method Details

#to_jsiiObject



1148
1149
1150
1151
1152
1153
1154
1155
# File 's3_express/cfn_directory_bucket.rb', line 1148

def to_jsii
  result = {}
  result.merge!({
    "sseAlgorithm" => @sse_algorithm,
    "kmsMasterKeyId" => @kms_master_key_id,
  })
  result.compact
end