class Aws::S3::Types::ServerSideEncryptionRule


@see docs.aws.amazon.com/goto/WebAPI/s3-2006-03-01/ServerSideEncryptionRule AWS API Documentation
@return [Boolean]<br>: docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job<br>[4]: docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops<br>[3]: docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html<br>[2]: docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html<br>[1]: docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html<br><br><br><br></note>
KMS every time a copy request is made for a KMS-encrypted object.
or [the import jobs]. In this case, Amazon S3 makes a call to<br>[3], [the Copy operation in Batch Operations],
between directory buckets, through [CopyObject],
buckets, from directory buckets to general purpose buckets, or
encrypted objects from general purpose buckets to directory
disabled. S3 Bucket Keys aren’t supported, when you copy SSE-KMS
`GET` and ‘PUT` operations in a directory bucket and can’t be
* **Directory buckets** - S3 Bucket Keys are always enabled for
the *Amazon S3 User Guide*.
enabled. For more information, see [Amazon S3 Bucket Keys] in
<note markdown=“1”> * **General purpose buckets** - By default, S3 Bucket Key is not
Bucket Key.
`BucketKeyEnabled` element to `true` causes Amazon S3 to use an S3
bucket. Existing objects are not affected. Setting the
server-side encryption using KMS (SSE-KMS) for new objects in the
Specifies whether Amazon S3 should use an S3 Bucket Key with
@!attribute [rw] bucket_key_enabled
@return [Types::ServerSideEncryptionByDefault]
server-side encryption, this default encryption will be applied.
in the bucket. If a PUT Object request doesn’t specify any
Specifies the default server-side encryption to apply to new objects
@!attribute [rw] apply_server_side_encryption_by_default<br><br>: docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk<br><br><br><br></note>
or key ARN. The key alias format of the KMS key isn’t supported.<br>key] for encryption in your directory bucket, only use the key ID
* **Directory buckets** - When you specify an [KMS customer managed
bucket owner.
encrypted with a KMS key that belongs to the requester, and not the
the requester’s account. This behavior can result in data that’s
If you use a KMS key alias instead, then KMS resolves the key within
managed KMS key, we recommend using a fully qualified KMS key ARN.
<note markdown=“1”> * **General purpose buckets** - If you’re specifying a customer
Specifies the default server-side encryption configuration.