SSEKMSFilter - Amazon Simple Storage Service
ContentsSee Also
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

SSEKMSFilter

A filter that returns objects that are encrypted by server-side encryption with Amazon KMS (SSE-KMS).

Contents

BucketKeyEnabled

Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with server-side encryption using Amazon Key Management Service (Amazon KMS) keys (SSE-KMS). If specified, will filter SSE-KMS encrypted objects by S3 Bucket Key status. For more information, see Reducing the cost of SSE-KMS with Amazon S3 Bucket Keys in the Amazon S3 User Guide.

Type: Boolean

Required: No

KmsKeyArn

The Amazon Resource Name (ARN) of the customer managed KMS key to use for the filter to return objects that are encrypted by the specified key. For best performance, we recommend using the KMSKeyArn filter in conjunction with other object metadata filters, like MatchAnyPrefix, CreatedAfter, or MatchAnyStorageClass.

Note

You must provide the full KMS Key ARN. You can't use an alias name or alias ARN. For more information, see Amazon KMS keys in the Amazon Key Management Service Developer Guide.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2000.

Pattern: arn:aws[a-zA-Z0-9-]*:kms:[a-z0-9-]+:[0-9]{12}:key/[a-zA-Z0-9-]+

Required: No

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: