• Home
• org.virtuslab
• pulumi-aws-native-kotlin
• 0.122.0.0
• source code
• BucketServerSideEncryptionByDefault.kt

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.pulumi.awsnative.s3.kotlin.outputs.BucketServerSideEncryptionByDefault.kt Maven / Gradle / Ivy

@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.awsnative.s3.kotlin.outputs

import com.pulumi.awsnative.s3.kotlin.enums.BucketServerSideEncryptionByDefaultSseAlgorithm
import kotlin.String
import kotlin.Suppress

/**
 * Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see [PUT Bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) in the *Amazon S3 API Reference*.
 *   If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
 * @property kmsMasterKeyId AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption. This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``.
 *  You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key.
 *   +  Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab``
 *   +  Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab``
 *   +  Key Alias: ``alias/alias-name``
 *  If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log.
 *  If you are using encryption with cross-account or AWS service operations you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy).
 *   Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*.
 * @property sseAlgorithm Server-side encryption algorithm to use for the default encryption.
 */
public data class BucketServerSideEncryptionByDefault(
    public val kmsMasterKeyId: String? = null,
    public val sseAlgorithm: BucketServerSideEncryptionByDefaultSseAlgorithm,
) {
    public companion object {
        public fun toKotlin(javaType: com.pulumi.awsnative.s3.outputs.BucketServerSideEncryptionByDefault): BucketServerSideEncryptionByDefault = BucketServerSideEncryptionByDefault(
            kmsMasterKeyId = javaType.kmsMasterKeyId().map({ args0 -> args0 }).orElse(null),
            sseAlgorithm = javaType.sseAlgorithm().let({ args0 ->
                com.pulumi.awsnative.s3.kotlin.enums.BucketServerSideEncryptionByDefaultSseAlgorithm.Companion.toKotlin(args0)
            }),
        )
    }
}