Sign In to the Console
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS Documentation » AWS CloudFormation » User Guide » Template Reference » AWS Resource and Property Types Reference » Amazon Simple Storage Service Resource Types Reference » AWS::S3::Bucket » Amazon S3 Bucket ServerSideEncryptionByDefault

Amazon S3 Bucket ServerSideEncryptionByDefault

The ServerSideEncryptionByDefault property is part of the AWS::S3::Bucket resource that specifies the server-side encryption by default. For more information, see PUT Bucket encryption in the Amazon Simple Storage Service API Reference.

Syntax

JSON

{
  "KMSMasterKeyID" : String,
  "SSEAlgorithm" : String
}

YAML

KMSMasterKeyID: String
SSEAlgorithm: String

Properties

KMSMasterKeyID

The AWS KMS master key ID used for the SSE-KMS encryption.

Constraint: Can only be used when you set the value of SSEAlgorithm as aws:kms. The default aws/s3 AWS KMS master key is used if this property is absent while SSEAlgorithm is aws:kms.

Required: No

Type: String

Update requires: No interruption

SSEAlgorithm

The server-side encryption algorithm to use. Valid values include AES256 and aws:kms.

Required: Yes

Type: String

Update requires: No interruption

On this page: