/AWS1/CL_S3=>PUTBUCKETENCRYPTION()
¶
About PutBucketEncryption¶
This operation is not supported by directory buckets.
This action uses the encryption
subresource to configure default encryption
and Amazon S3 Bucket Keys for an existing bucket.
By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). You can optionally configure default encryption for a bucket by using server-side encryption with Key Management Service (KMS) keys (SSE-KMS) or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS). If you specify default encryption by using SSE-KMS, you can also configure Amazon S3 Bucket Keys. If you use PutBucketEncryption to set your default bucket encryption to SSE-KMS, you should verify that your KMS key ID is correct. Amazon S3 does not validate the KMS key ID provided in PutBucketEncryption requests.
This action requires Amazon Web Services Signature Version 4. For more information, see Authenticating Requests (Amazon Web Services Signature Version 4).
To use this operation, you must have permission to perform the
s3:PutEncryptionConfiguration
action. The bucket owner has this permission
by default. The bucket owner can grant this permission to others. For more information
about permissions, see Permissions Related to Bucket Subresource Operations and Managing
Access Permissions to Your Amazon S3 Resources in the
Amazon S3 User Guide.
The following operations are related to PutBucketEncryption
:
Method Signature¶
IMPORTING¶
Required arguments:¶
IV_BUCKET
TYPE /AWS1/S3_BUCKETNAME
/AWS1/S3_BUCKETNAME
¶
Specifies default encryption for a bucket using server-side encryption with different key options. By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). You can optionally configure default encryption for a bucket by using server-side encryption with an Amazon Web Services KMS key (SSE-KMS) or a customer-provided key (SSE-C). For information about the bucket default encryption feature, see Amazon S3 Bucket Default Encryption in the Amazon S3 User Guide.
IO_SERVERSIDEENCRYPTIONCONF
TYPE REF TO /AWS1/CL_S3_SERVERSIDEENCCONF
/AWS1/CL_S3_SERVERSIDEENCCONF
¶
ServerSideEncryptionConfiguration
Optional arguments:¶
IV_CONTENTMD5
TYPE /AWS1/S3_CONTENTMD5
/AWS1/S3_CONTENTMD5
¶
The base64-encoded 128-bit MD5 digest of the server-side encryption configuration.
For requests made using the Amazon Web Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated automatically.
IV_CHECKSUMALGORITHM
TYPE /AWS1/S3_CHECKSUMALGORITHM
/AWS1/S3_CHECKSUMALGORITHM
¶
Indicates the algorithm used to create the checksum for the object when you use the SDK. This header will not provide any additional functionality if you don't use the SDK. When you send this header, there must be a corresponding
x-amz-checksum
orx-amz-trailer
header sent. Otherwise, Amazon S3 fails the request with the HTTP status code400 Bad Request
. For more information, see Checking object integrity in the Amazon S3 User Guide.If you provide an individual checksum, Amazon S3 ignores any provided
ChecksumAlgorithm
parameter.
IV_EXPECTEDBUCKETOWNER
TYPE /AWS1/S3_ACCOUNTID
/AWS1/S3_ACCOUNTID
¶
The account ID of the expected bucket owner. If the account ID that you provide does not match the actual owner of the bucket, the request fails with the HTTP status code
403 Forbidden
(access denied).