AWS::S3::Bucket EncryptionConfiguration
Specifies encryption-related information for an Amazon S3 bucket that is a destination for replicated objects.
Note
If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then Amazon KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "ReplicaKmsKeyID" :
String
}
YAML
ReplicaKmsKeyID:
String
Properties
ReplicaKmsKeyID
-
Specifies the ID (Key ARN or Alias ARN) of the customer managed Amazon KMS key stored in Amazon Key Management Service (KMS) for the destination bucket. Amazon S3 uses this key to encrypt replica objects. Amazon S3 only supports symmetric encryption KMS keys. For more information, see Asymmetric keys in Amazon KMS in the Amazon Key Management Service Developer Guide.
Required: Yes
Type: String
Update requires: No interruption
See also
-
AWS::S3::Bucket Examples