AWS::S3::Bucket MetadataTableEncryptionConfiguration - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.

AWS::S3::Bucket MetadataTableEncryptionConfiguration

The encryption settings for an S3 Metadata journal table or inventory table configuration.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "KmsKeyArn" : String,
  "SseAlgorithm" : String
}

YAML

  KmsKeyArn: String
  SseAlgorithm: String

Properties

KmsKeyArn

If server-side encryption with Amazon Key Management Service (Amazon KMS) keys (SSE-KMS) is specified, you must also specify the KMS key Amazon Resource Name (ARN). You must specify a customer-managed KMS key that's located in the same Region as the general purpose bucket that corresponds to the metadata table configuration.

Required: No

Type: String

Update requires: No interruption

SseAlgorithm

The encryption type specified for a metadata table. To specify server-side encryption with Amazon Key Management Service (Amazon KMS) keys (SSE-KMS), use the aws:kms value. To specify server-side encryption with Amazon S3 managed keys (SSE-S3), use the AES256 value.

Required: Yes

Type: String

Allowed values: aws:kms | AES256

Update requires: No interruption