AWS::S3::Bucket - AWS CloudFormation
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

AWS::S3::Bucket

AWS::S3::Bucket 资源将在您创建 AWS CloudFormation 堆栈的同一 AWS 区域中创建 Amazon S3 存储桶。

您可以为您的存储桶设置删除策略,以控制在堆栈删除后 AWS CloudFormation 如何处理实例。您可以选择保留存储桶或删除存储桶。有关更多信息,请参阅 DeletionPolicy 属性

重要

您只能删除空存储桶。如果存储桶中包含内容,则删除操作会失败。

语法

要在 AWS CloudFormation 模板中声明此实体,请使用以下语法:

属性

AccelerateConfiguration

配置 Amazon S3 存储桶的传输加速状态。有关更多信息,请参阅 Amazon Simple Storage Service 开发人员指南中的 Amazon S3 传输加速

必需:否

类型AccelerateConfiguration

Update requires: No interruption

AccessControl

对存储桶授予预定义权限的预装访问控制列表 (ACL)。有关标准 ACL 的更多信息,请参阅 Amazon Simple Storage Service 开发人员指南中的标准 ACL

请注意,此属性的语法不同于 Amazon Simple Storage Service 开发人员指南中提供的信息。AccessControl 属性区分大小写,且必须为以下值之一:Private、PublicRead、PublicReadWrite、AuthenticatedRead、LogDeliveryWrite、BucketOwnerRead、BucketOwnerFullControl 或 AwsExecRead。

必需:否

类型:字符串

Update requires: No interruption

AnalyticsConfigurations

为 Amazon S3 存储桶的分析筛选器指定配置和任何分析。

必需:否

类型AnalyticsConfiguration 的列表

Update requires: No interruption

BucketEncryption

为存储桶指定默认加密,即为 Amazon S3 托管密钥 (SSE-S3) 或 AWS KMS 托管密钥 (SSE-KMS) 存储桶使用服务器端加密。有关 Amazon S3 默认加密功能的信息,请参阅 Amazon Simple Storage Service 开发人员指南中的 Amazon S3 默认 S3 存储桶加密

必需:否

类型BucketEncryption

Update requires: No interruption

BucketName

存储桶的名称。如果未指定名称,AWS CloudFormation 将生成一个唯一的 ID 并将该 ID 用于存储桶名称。有关更多信息,请参阅名称类型。存储桶名称必须仅包含小写字母、数字、句点 (.) 和短划线 (-)。

重要

如果您指定一个名称,则无法执行需要替换此资源的更新。您可以执行不需要或者只需要部分中断的更新。如果需要替换资源,请指定新名称。

必需:否

类型:字符串

Update requires: Replacement

CorsConfiguration

描述用于 Amazon S3 存储桶中对象的跨源访问配置。有关更多信息,请参阅 Amazon Simple Storage Service 开发人员指南中的启用跨源资源共享

必需:否

类型CorsConfiguration

Update requires: No interruption

InventoryConfigurations

为 Amazon S3 存储桶指定清单配置。有关更多信息,请参阅 Amazon Simple Storage Service API 参考中的 GET 存储桶清单

必需:否

类型InventoryConfiguration 的列表

Update requires: No interruption

LifecycleConfiguration

为 Amazon S3 存储桶中的对象指定生命周期配置。有关更多信息,请参阅 Amazon Simple Storage Service 开发人员指南中的对象生命周期管理

必需:否

类型LifecycleConfiguration

Update requires: No interruption

LoggingConfiguration

定义日志存储位置的设置。

必需:否

类型LoggingConfiguration

Update requires: No interruption

MetricsConfigurations

Not currently supported by AWS CloudFormation.

必需:否

类型MetricsConfiguration 的列表

Update requires: No interruption

NotificationConfiguration

定义 Amazon S3 如何处理存储桶通知的配置。

必需:否

类型NotificationConfiguration

Update requires: No interruption

ObjectLockConfiguration

将对象锁定配置放入指定存储桶中。默认情况下,在对象锁定配置中指定的规则将应用于放入指定存储桶中的每个新对象。

注意

DefaultRetention 需要使用天数或年数。您不能同时指定二者。

相关资源

必需:否

类型ObjectLockConfiguration

Update requires: No interruption

ObjectLockEnabled

指示此存储桶是否已启用对象锁定配置。

必需:否

类型:布尔值

Update requires: Replacement

PublicAccessBlockConfiguration

定义 Amazon S3 如何处理公有访问的配置。

必需:否

类型PublicAccessBlockConfiguration

Update requires: No interruption

ReplicationConfiguration

用于复制 S3 存储桶中对象的配置。要启用复制,您还必须通过 VersioningConfiguration 属性启用版本控制。

Amazon S3 只能在一个目标存储桶中存储复制对象。目标存储桶必须已存在,并且与来源存储桶位于不同的 AWS 区域。

必需:否

类型ReplicationConfiguration

Update requires: No interruption

Tags

此 S3 存储桶的任意标记组 (键值对)。

必需:否

类型Tag 的列表

Update requires: No interruption

VersioningConfiguration

为此存储桶中所有对象启用多个版本。您可以启用版本控制来防止对象被错误删除或覆盖,或者是将对象存档以便检索对象的早期版本。

必需:否

类型VersioningConfiguration

Update requires: No interruption

WebsiteConfiguration

用于将存储桶配置为静态网站的信息。有关更多信息,请参阅在 Amazon S3 上托管网站

必需:否

类型WebsiteConfiguration

Update requires: No interruption

返回值

Ref

在将此资源的逻辑 ID 传递给内部 Ref 函数时,Ref 返回存储桶名称。

示例:mystack-mybucket-kdwwxmddtr2g

For more information about using the Ref function, see Ref.

Fn::GetAtt

Fn::GetAtt 内部函数返回此类型的一个指定属性的值。以下为可用属性和示例返回值。

有关使用 Fn::GetAtt 内部函数的更多信息,请参阅 Fn::GetAtt

Arn

返回指定存储桶的 Amazon 资源名称 (ARN)。

示例:arn:aws:s3:::mybucket

DomainName

返回指定存储桶的 IPv4 DNS 名称。

示例:mystack-mybucket-kdwwxmddtr2g.s3.amazonaws.com

DualStackDomainName

返回指定存储桶的 IPv6 DNS 名称。

示例: mystack-mybucket-kdwwxmddtr2g.s3.dualstack.us-east-2.amazonaws.com

有关双堆栈终端节点的更多信息,请参阅使用 Amazon S3 双堆栈终端节点

RegionalDomainName

返回指定存储桶的区域域名。

示例:mystack-mybucket-kdwwxmddtr2g.s3.us-east-2.amazonaws.com

WebsiteURL

返回指定存储桶的 Amazon S3 网站终端节点。

示例 (IPv4):http://mystack-mybucket-kdwwxmddtr2g.s3-website-us-east-2.amazonaws.com

示例 (IPv6):http://mystack-mybucket-kdwwxmddtr2g.s3.dualstack.us-east-2.amazonaws.com

示例

创建 S3 存储桶

以下示例创建带有 Retain 删除策略的 S3 存储桶。

JSON

"Resources" : { "S3Bucket" : { "Type" : "AWS::S3::Bucket", "DeletionPolicy": "Retain", "Properties" : { "BucketName" : "my-bucket" } } }

YAML

Resources: S3Bucket: Type: AWS::S3::Bucket DeletionPolicy: Retain Properties: BucketName: my-bucket

将复制配置 IAM 角色与 S3 存储桶关联

以下示例创建一个 S3 存储桶,并使用 AWS Identity 和 Access Management (IAM) 角色向该存储桶授予对复制存储桶进行写入的权限。为避免循环依赖,角色的策略声明为单独的资源。存储桶依赖于 WorkItemBucketBackupRole 角色。如果策略已包含在角色中,则角色也依赖于存储桶。

JSON

"Resources": { "RecordServiceS3Bucket": { "Type": "AWS::S3::Bucket", "DeletionPolicy": "Retain", "Properties": { "ReplicationConfiguration": { "Role": { "Fn::GetAtt": [ "WorkItemBucketBackupRole", "Arn" ] }, "Rules": [{ "Destination": { "Bucket": { "Fn::Join": [ "", [ "arn:aws:s3:::", { "Fn::Join": [ "-", [ { "Ref": "AWS::Region" }, { "Ref": "AWS::StackName" }, "replicationbucket" ]] } ]] }, "StorageClass": "STANDARD" }, "Id": "Backup", "Prefix": "", "Status": "Enabled" }] }, "VersioningConfiguration": { "Status": "Enabled" } } }, "WorkItemBucketBackupRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [{ "Action": [ "sts:AssumeRole" ], "Effect": "Allow", "Principal": { "Service": [ "s3.amazonaws.com" ] } }] } } }, "BucketBackupPolicy": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [{ "Action": [ "s3:GetReplicationConfiguration", "s3:ListBucket" ], "Effect": "Allow", "Resource": [{ "Fn::Join": [ "", [ "arn:aws:s3:::", { "Ref": "RecordServiceS3Bucket" } ] ] }] },{ "Action": [ "s3:GetObjectVersion", "s3:GetObjectVersionAcl" ], "Effect": "Allow", "Resource": [{ "Fn::Join": [ "", [ "arn:aws:s3:::", { "Ref": "RecordServiceS3Bucket" }, "/*" ] ] }] }, { "Action": [ "s3:ReplicateObject", "s3:ReplicateDelete" ], "Effect": "Allow", "Resource": [{ "Fn::Join": [ "", [ "arn:aws:s3:::", { "Fn::Join": [ "-", [ { "Ref": "AWS::Region" }, { "Ref": "AWS::StackName" }, "replicationbucket" ]] }, "/*" ]] }] }] }, "PolicyName": "BucketBackupPolicy", "Roles": [{ "Ref": "WorkItemBucketBackupRole" }] } } }

YAML

Resources: RecordServiceS3Bucket: Type: AWS::S3::Bucket DeletionPolicy: Retain Properties: ReplicationConfiguration: Role: !GetAtt [WorkItemBucketBackupRole, Arn] Rules: - Destination: Bucket: !Join ['', ['arn:aws:s3:::', !Join ['-', [!Ref 'AWS::Region', !Ref 'AWS::StackName', replicationbucket]]]] StorageClass: STANDARD Id: Backup Prefix: '' Status: Enabled VersioningConfiguration: Status: Enabled WorkItemBucketBackupRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Action: ['sts:AssumeRole'] Effect: Allow Principal: Service: [s3.amazonaws.com] BucketBackupPolicy: Type: AWS::IAM::Policy Properties: PolicyDocument: Statement: - Action: ['s3:GetReplicationConfiguration', 's3:ListBucket'] Effect: Allow Resource: - !Join ['', ['arn:aws:s3:::', !Ref 'RecordServiceS3Bucket']] - Action: ['s3:GetObjectVersion', 's3:GetObjectVersionAcl'] Effect: Allow Resource: - !Join ['', ['arn:aws:s3:::', !Ref 'RecordServiceS3Bucket', /*]] - Action: ['s3:ReplicateObject', 's3:ReplicateDelete'] Effect: Allow Resource: - !Join ['', ['arn:aws:s3:::', !Join ['-', [!Ref 'AWS::Region', !Ref 'AWS::StackName', replicationbucket]], /*]] PolicyName: BucketBackupPolicy Roles: [!Ref 'WorkItemBucketBackupRole']

配置具有路由规则的静态网站

在本示例中,AWS::S3::Bucket's Fn::GetAtt 值用于提供输出。如果发生 HTTP 404 错误,则路由规则将请求重定向到 EC2 实例,并在重定向中插入对象键前缀 report-404/。例如,如果请求名为 ExamplePage.html 的页面,而它导致了 HTTP 404 错误,该请求将路由到指定实例上的名为 report-404/ExamplePage.html 的页面。对于其他所有 HTTP 错误代码,会返回 error.html

该示例还指定一个名为 EntireBucket 的指标配置,以便在存储桶级别启用 CloudWatch 请求。

JSON

{ "Resources" : { "S3Bucket" : { "Type" : "AWS::S3::Bucket", "Properties" : { "AccessControl" : "PublicRead", "BucketName" : "public-bucket", "MetricsConfigurations": [ { "Id": "EntireBucket" } ], "WebsiteConfiguration" : { "IndexDocument" : "index.html", "ErrorDocument" : "error.html", "RoutingRules": [ { "RoutingRuleCondition": { "HttpErrorCodeReturnedEquals": "404", "KeyPrefixEquals": "out1/" }, "RedirectRule": { "HostName": "ec2-11-22-333-44.compute-1.amazonaws.com", "ReplaceKeyPrefixWith": "report-404/" } } ] } }, "DeletionPolicy" : "Retain" } }, "Outputs" : { "WebsiteURL" : { "Value" : { "Fn::GetAtt" : [ "S3Bucket", "WebsiteURL" ] }, "Description" : "URL for website hosted on S3" }, "S3BucketSecureURL" : { "Value" : { "Fn::Join" : [ "", [ "https://", { "Fn::GetAtt" : [ "S3Bucket", "DomainName" ] } ] ] }, "Description" : "Name of S3 bucket to hold website content" } } }

YAML

Resources: S3Bucket: Type: AWS::S3::Bucket Properties: AccessControl: PublicRead BucketName: public-bucket MetricsConfigurations: - Id: EntireBucket WebsiteConfiguration: IndexDocument: index.html ErrorDocument: error.html RoutingRules: - RoutingRuleCondition: HttpErrorCodeReturnedEquals: '404' KeyPrefixEquals: out1/ RedirectRule: HostName: ec2-11-22-333-44.compute-1.amazonaws.com ReplaceKeyPrefixWith: report-404/ DeletionPolicy: Retain Outputs: WebsiteURL: Value: !GetAtt [S3Bucket, WebsiteURL] Description: URL for website hosted on S3 S3BucketSecureURL: Value: !Join ['', ['https://', !GetAtt [S3Bucket, DomainName]]] Description: Name of S3 bucket to hold website content

启用跨源资源共享

以下示例模板显示具有两个跨域资源共享规则的公有 S3 存储桶。

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "S3Bucket": { "Type": "AWS::S3::Bucket", "Properties": { "AccessControl": "PublicRead", "CorsConfiguration": { "CorsRules": [ { "AllowedHeaders": [ "*" ], "AllowedMethods": [ "GET" ], "AllowedOrigins": [ "*" ], "ExposedHeaders": [ "Date" ], "Id": "myCORSRuleId1", "MaxAge": "3600" }, { "AllowedHeaders": [ "x-amz-*" ], "AllowedMethods": [ "DELETE" ], "AllowedOrigins": [ "http://www.example1.com", "http://www.example2.com" ], "ExposedHeaders": [ "Connection", "Server", "Date" ], "Id": "myCORSRuleId2", "MaxAge": "1800" } ] } } } }, "Outputs": { "BucketName": { "Value": { "Ref": "S3Bucket" }, "Description": "Name of the sample Amazon S3 bucket with CORS enabled." } } }

YAML

AWSTemplateFormatVersion: '2010-09-09' Resources: S3Bucket: Type: AWS::S3::Bucket Properties: AccessControl: PublicRead CorsConfiguration: CorsRules: - AllowedHeaders: ['*'] AllowedMethods: [GET] AllowedOrigins: ['*'] ExposedHeaders: [Date] Id: myCORSRuleId1 MaxAge: '3600' - AllowedHeaders: [x-amz-*] AllowedMethods: [DELETE] AllowedOrigins: ['http://www.example1.com', 'http://www.example2.com'] ExposedHeaders: [Connection, Server, Date] Id: myCORSRuleId2 MaxAge: '1800' Outputs: BucketName: Value: !Ref 'S3Bucket' Description: Name of the sample Amazon S3 bucket with CORS enabled.

管理 Amazon S3 对象的生命周期

以下示例模板演示一个具有生命周期配置规则的 S3 存储桶。该规则应用于键前缀为 glacier 的所有对象。这些对象在一天之后转移到 Glacier,在一年之后删除。

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "S3Bucket": { "Type": "AWS::S3::Bucket", "Properties": { "AccessControl": "Private", "LifecycleConfiguration": { "Rules": [ { "Id": "GlacierRule", "Prefix": "glacier", "Status": "Enabled", "ExpirationInDays": "365", "Transitions": [ { "TransitionInDays": "1", "StorageClass": "GLACIER" } ] } ] } } } }, "Outputs": { "BucketName": { "Value": { "Ref": "S3Bucket" }, "Description": "Name of the sample Amazon S3 bucket with a lifecycle configuration." } } }

YAML

AWSTemplateFormatVersion: '2010-09-09' Resources: S3Bucket: Type: AWS::S3::Bucket Properties: AccessControl: Private LifecycleConfiguration: Rules: - Id: GlacierRule Prefix: glacier Status: Enabled ExpirationInDays: '365' Transitions: - TransitionInDays: '1' StorageClass: GLACIER Outputs: BucketName: Value: !Ref 'S3Bucket' Description: Name of the sample Amazon S3 bucket with a lifecycle configuration.

针对特定 S3 存储桶的日志访问请求

以下示例模板创建两个 S3 存储桶。LoggingBucket 存储桶存储来自 S3Bucket 存储桶的日志。日志记录存储桶需要日志传输写入权限才能接收来自 S3Bucket 存储桶的日志。

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "S3Bucket": { "Type": "AWS::S3::Bucket", "Properties": { "AccessControl": "Private", "LoggingConfiguration": { "DestinationBucketName": {"Ref" : "LoggingBucket"}, "LogFilePrefix": "testing-logs" } } }, "LoggingBucket": { "Type": "AWS::S3::Bucket", "Properties": { "AccessControl": "LogDeliveryWrite" } } }, "Outputs": { "BucketName": { "Value": { "Ref": "S3Bucket" }, "Description": "Name of the sample Amazon S3 bucket with a logging configuration." } } }

YAML

AWSTemplateFormatVersion: '2010-09-09' Resources: S3Bucket: Type: AWS::S3::Bucket Properties: AccessControl: Private LoggingConfiguration: DestinationBucketName: !Ref 'LoggingBucket' LogFilePrefix: testing-logs LoggingBucket: Type: AWS::S3::Bucket Properties: AccessControl: LogDeliveryWrite Outputs: BucketName: Value: !Ref 'S3Bucket' Description: Name of the sample Amazon S3 bucket with a logging configuration.

接收发送到 SNS 主题的 S3 存储桶通知

以下示例模板演示一个 Amazon S3 存储桶,该存储桶具有一个在 S3 丢失对象的所有副本时向指定 SNS 主题发送事件的通知配置。

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "S3Bucket": { "Type": "AWS::S3::Bucket", "Properties": { "AccessControl": "Private", "NotificationConfiguration": { "TopicConfigurations": [ { "Topic": "arn:aws:sns:us-east-1:123456789012:TestTopic", "Event": "s3:ReducedRedundancyLostObject" } ] } } } }, "Outputs": { "BucketName": { "Value": { "Ref": "S3Bucket" }, "Description": "Name of the sample Amazon S3 bucket with a notification configuration." } } }

YAML

AWSTemplateFormatVersion: '2010-09-09' Resources: S3Bucket: Type: AWS::S3::Bucket Properties: AccessControl: Private NotificationConfiguration: TopicConfigurations: - Topic: arn:aws:sns:us-east-1:123456789012:TestTopic Event: s3:ReducedRedundancyLostObject Outputs: BucketName: Value: !Ref 'S3Bucket' Description: Name of the sample Amazon S3 bucket with a notification configuration.

复制对象并将它们存储在另一个 S3 存储桶中

以下示例包含两条复制规则。Amazon S3 复制带有 MyPrefixMyOtherPrefix 前缀的对象,并将它们存储在 my-replication-bucket 存储桶中,此存储桶必须与 S3Bucket 存储桶位于不同的 AWS 区域中。

JSON

"S3Bucket": { "Type": "AWS::S3::Bucket", "Properties": { "VersioningConfiguration":{ "Status":"Enabled" }, "ReplicationConfiguration": { "Role": "arn:aws:iam::123456789012:role/replication_role", "Rules": [ { "Id": "MyRule1", "Status": "Enabled", "Prefix": "MyPrefix", "Destination": { "Bucket": "arn:aws:s3:::my-replication-bucket", "StorageClass": "STANDARD" } }, { "Status": "Enabled", "Prefix": "MyOtherPrefix", "Destination": { "Bucket": "arn:aws:s3:::my-replication-bucket" } } ] } } }

YAML

S3Bucket: Type: AWS::S3::Bucket Properties: VersioningConfiguration: Status: Enabled ReplicationConfiguration: Role: arn:aws:iam::123456789012:role/replication_role Rules: - Id: MyRule1 Status: Enabled Prefix: MyPrefix Destination: Bucket: arn:aws:s3:::my-replication-bucket StorageClass: STANDARD - Status: Enabled Prefix: MyOtherPrefix Destination: Bucket: arn:aws:s3:::my-replication-bucket

为 Amazon S3 存储桶指定分析和清单配置

以下示例指定要为 S3 存储桶生成的分析和清单结果,包括结果格式以及要将结果发布到的存储桶。该清单列表设置为每周生成一次,并且仅包含每个对象的当前版本。

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "S3 Bucket with Inventory and Analytics Configurations", "Resources": { "Helper": { "Type": "AWS::S3::Bucket" }, "S3Bucket": { "Type": "AWS::S3::Bucket", "Properties": { "AnalyticsConfigurations": [ { "Id": "AnalyticsConfigurationId", "StorageClassAnalysis": { "DataExport": { "Destination": { "BucketArn": { "Fn::GetAtt": [ "Helper", "Arn" ] }, "Format": "CSV", "Prefix": "AnalyticsDestinationPrefix" }, "OutputSchemaVersion": "V_1" } }, "Prefix": "AnalyticsConfigurationPrefix", "TagFilters": [ { "Key": "AnalyticsTagKey", "Value": "AnalyticsTagValue" } ] } ], "InventoryConfigurations": [ { "Id": "InventoryConfigurationId", "Destination": { "BucketArn": { "Fn::GetAtt": [ "Helper", "Arn" ] }, "Format": "CSV", "Prefix": "InventoryDestinationPrefix" }, "Enabled": "true", "IncludedObjectVersions": "Current", "Prefix": "InventoryConfigurationPrefix", "ScheduleFrequency": "Weekly" } ] } } } }

YAML

AWSTemplateFormatVersion: 2010-09-09 Description: S3 Bucket with Inventory and Analytics Configurations Resources: Helper: Type: AWS::S3::Bucket S3Bucket: Type: AWS::S3::Bucket Properties: AnalyticsConfigurations: - Id: AnalyticsConfigurationId StorageClassAnalysis: DataExport: Destination: BucketArn: !GetAtt - Helper - Arn Format: CSV Prefix: AnalyticsDestinationPrefix OutputSchemaVersion: V_1 Prefix: AnalyticsConfigurationPrefix TagFilters: - Key: AnalyticsTagKey Value: AnalyticsTagValue InventoryConfigurations: - Id: InventoryConfigurationId Destination: BucketArn: !GetAtt - Helper - Arn Format: CSV Prefix: InventoryDestinationPrefix Enabled: 'true' IncludedObjectVersions: Current Prefix: InventoryConfigurationPrefix ScheduleFrequency: Weekly

创建存储桶并启用默认加密

以下示例创建一个存储桶并配置了服务器端存储桶加密。该示例使用 S3 托管密钥。您可以通过修改 Amazon S3 Bucket ServerSideEncryptionByDefault 属性,改为使用 KMS 托管密钥。

JSON

{ "AWSTemplateFormatVersion": "2010-09-09", "Description": "S3 bucket with default encryption", "Resources": { "EncryptedS3Bucket": { "Type": "AWS::S3::Bucket", "Properties": { "BucketName": { "Fn::Sub": "encryptedbucket-${AWS::Region}-${AWS::AccountId}" }, "BucketEncryption": { "ServerSideEncryptionConfiguration": [{ "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256" } }] } }, "DeletionPolicy": "Delete" } } }

YAML

AWSTemplateFormatVersion: 2010-09-09 Description: S3 bucket with default encryption Resources: EncryptedS3Bucket: Type: AWS::S3::Bucket Properties: BucketName: !Sub 'encryptedbucket-${AWS::Region}-${AWS::AccountId}' BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: AES256 DeletionPolicy: Delete

另请参阅