AWS::S3::Bucket BucketEncryption - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::S3::Bucket BucketEncryption

Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3), Amazon KMS-managed keys (SSE-KMS), or dual-layer server-side encryption with KMS-managed keys (DSSE-KMS). For information about the Amazon S3 default encryption feature, see Amazon S3 Default Encryption for S3 Buckets in the Amazon S3 User Guide.


To declare this entity in your Amazon CloudFormation template, use the following syntax:



Specifies the default server-side-encryption configuration.

Required: Yes

Type: Array of ServerSideEncryptionRule

Update requires: No interruption

See also