AWS::S3::Bucket MetadataTableEncryptionConfiguration - AWS CloudFormation
SyntaxProperties
Services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the AWS European Sovereign Cloud Region, see the AWS European Sovereign Cloud User Guide.

This is the new CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.

AWS::S3::Bucket MetadataTableEncryptionConfiguration

The encryption settings for an S3 Metadata journal table or inventory table configuration.

Syntax

To declare this entity in your CloudFormation template, use the following syntax:

JSON

{
  "KmsKeyArn" : String,
  "SseAlgorithm" : String
}

YAML

  KmsKeyArn: String
  SseAlgorithm: String

Properties

KmsKeyArn

If server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS) is specified, you must also specify the KMS key Amazon Resource Name (ARN). You must specify a customer-managed KMS key that's located in the same Region as the general purpose bucket that corresponds to the metadata table configuration.

Required: No

Type: String

Update requires: No interruption

SseAlgorithm

The encryption type specified for a metadata table. To specify server-side encryption with AWS Key Management Service (AWS KMS) keys (SSE-KMS), use the aws:kms value. To specify server-side encryption with Amazon S3 managed keys (SSE-S3), use the AES256 value.

Required: Yes

Type: String

Allowed values: aws:kms | AES256

Update requires: No interruption