# s3-bucket-server-side-encryption-enabled
<a name="s3-bucket-server-side-encryption-enabled"></a>

Checks if your Amazon S3 bucket either has the Amazon S3 default encryption enabled or that the Amazon S3 bucket policy explicitly denies `put-object` requests without server side encryption that uses AES-256 or Amazon Key Management Service. The rule is NON\$1COMPLIANT if your Amazon S3 bucket is not encrypted by default.



**Identifier:** S3\$1BUCKET\$1SERVER\$1SIDE\$1ENCRYPTION\$1ENABLED

**Resource Types:** AWS::S3::Bucket

**Trigger type:** Configuration changes

**Amazon Web Services Region:** All supported Amazon regions

**Parameters:**

None  

## Amazon CloudFormation template
<a name="w2aac20c16c17b7e1405c19"></a>

To create Amazon Config managed rules with Amazon CloudFormation templates, see [Creating Amazon Config Managed Rules With Amazon CloudFormation Templates](aws-config-managed-rules-cloudformation-templates.md).