Class: Aws::S3::Types::SSEKMSEncryption

Inherits:

Struct

Object
Struct
Aws::S3::Types::SSEKMSEncryption

show all

Includes:: Aws::Structure

Defined in:: lib/aws-sdk-s3/types.rb

Overview

If ‘SSEKMS` is specified for `ObjectEncryption`, this data type specifies the Amazon Web Services KMS key Amazon Resource Name (ARN) to use and whether to use an S3 Bucket Key for server-side encryption using Key Management Service (KMS) keys (SSE-KMS).

Constant Summary collapse

SENSITIVE =

[:kms_key_arn]

Instance Attribute Summary collapse

#bucket_key_enabled ⇒ Boolean

Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Key Management Service (KMS) keys (SSE-KMS).
#kms_key_arn ⇒ String

Specifies the Amazon Web Services KMS key Amazon Resource Name (ARN) to use for the updated server-side encryption type.

Instance Attribute Details

#bucket_key_enabled ⇒ `Boolean`

Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Key Management Service (KMS) keys (SSE-KMS). If this value isn’t specified, it defaults to ‘false`. Setting this value to `true` causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS. For more information, see [ Using Amazon S3 Bucket Keys] in the *Amazon S3 User Guide*.

Valid Values: ‘true` | `false`

[1]: docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html

Returns:

(Boolean)

# File 'lib/aws-sdk-s3/types.rb', line 19453

class SSEKMSEncryption < Struct.new(
  :kms_key_arn,
  :bucket_key_enabled)
  SENSITIVE = [:kms_key_arn]
  include Aws::Structure
end

#kms_key_arn ⇒ `String`

Specifies the Amazon Web Services KMS key Amazon Resource Name (ARN) to use for the updated server-side encryption type. Required if ‘ObjectEncryption` specifies `SSEKMS`.

<note markdown=“1”> You must specify the full Amazon Web Services KMS key ARN. The KMS key ID and KMS key alias aren’t supported.

</note>

Pattern: (‘arn:aws:kms:[-a-z0-9]:[0-9]12:key/.+`)