/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include namespace Aws { namespace Utils { namespace Xml { class XmlNode; } // namespace Xml } // namespace Utils namespace S3 { namespace Model { /** *

Describes the default server-side encryption to apply to new objects in the * bucket. If a PUT Object request doesn't specify any server-side encryption, this * default encryption will be applied. If you don't specify a customer managed key * at configuration, Amazon S3 automatically creates an Amazon Web Services KMS key * in your Amazon Web Services account the first time that you add an object * encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for * SSE-KMS. For more information, see PUT * Bucket encryption in the Amazon S3 API Reference.

See * Also:

AWS * API Reference

*/ class ServerSideEncryptionByDefault { public: AWS_S3_API ServerSideEncryptionByDefault(); AWS_S3_API ServerSideEncryptionByDefault(const Aws::Utils::Xml::XmlNode& xmlNode); AWS_S3_API ServerSideEncryptionByDefault& operator=(const Aws::Utils::Xml::XmlNode& xmlNode); AWS_S3_API void AddToNode(Aws::Utils::Xml::XmlNode& parentNode) const; /** *

Server-side encryption algorithm to use for the default encryption.

*/ inline const ServerSideEncryption& GetSSEAlgorithm() const{ return m_sSEAlgorithm; } /** *

Server-side encryption algorithm to use for the default encryption.

*/ inline bool SSEAlgorithmHasBeenSet() const { return m_sSEAlgorithmHasBeenSet; } /** *

Server-side encryption algorithm to use for the default encryption.

*/ inline void SetSSEAlgorithm(const ServerSideEncryption& value) { m_sSEAlgorithmHasBeenSet = true; m_sSEAlgorithm = value; } /** *

Server-side encryption algorithm to use for the default encryption.

*/ inline void SetSSEAlgorithm(ServerSideEncryption&& value) { m_sSEAlgorithmHasBeenSet = true; m_sSEAlgorithm = std::move(value); } /** *

Server-side encryption algorithm to use for the default encryption.

*/ inline ServerSideEncryptionByDefault& WithSSEAlgorithm(const ServerSideEncryption& value) { SetSSEAlgorithm(value); return *this;} /** *

Server-side encryption algorithm to use for the default encryption.

*/ inline ServerSideEncryptionByDefault& WithSSEAlgorithm(ServerSideEncryption&& value) { SetSSEAlgorithm(std::move(value)); return *this;} /** *

Amazon Web Services Key Management Service (KMS) customer Amazon Web Services * KMS key ID to use for the default encryption. This parameter is allowed if and * only if SSEAlgorithm is set to aws:kms or * aws:kms:dsse.

You can specify the key ID, key alias, or the * Amazon Resource Name (ARN) of the KMS key.

  • Key ID: * 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

  • Key Alias: alias/alias-name

*

If you use a key ID, you can run into a LogDestination undeliverable error * when creating a VPC flow log.

If you are using encryption with * cross-account or Amazon Web Services service operations you must use a fully * qualified KMS key ARN. For more information, see Using * encryption for cross-account operations.

Amazon S3 only * supports symmetric encryption KMS keys. For more information, see Asymmetric * keys in Amazon Web Services KMS in the Amazon Web Services Key Management * Service Developer Guide.

*/ inline const Aws::String& GetKMSMasterKeyID() const{ return m_kMSMasterKeyID; } /** *

Amazon Web Services Key Management Service (KMS) customer Amazon Web Services * KMS key ID to use for the default encryption. This parameter is allowed if and * only if SSEAlgorithm is set to aws:kms or * aws:kms:dsse.

You can specify the key ID, key alias, or the * Amazon Resource Name (ARN) of the KMS key.

  • Key ID: * 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

  • Key Alias: alias/alias-name

*

If you use a key ID, you can run into a LogDestination undeliverable error * when creating a VPC flow log.

If you are using encryption with * cross-account or Amazon Web Services service operations you must use a fully * qualified KMS key ARN. For more information, see Using * encryption for cross-account operations.

Amazon S3 only * supports symmetric encryption KMS keys. For more information, see Asymmetric * keys in Amazon Web Services KMS in the Amazon Web Services Key Management * Service Developer Guide.

*/ inline bool KMSMasterKeyIDHasBeenSet() const { return m_kMSMasterKeyIDHasBeenSet; } /** *

Amazon Web Services Key Management Service (KMS) customer Amazon Web Services * KMS key ID to use for the default encryption. This parameter is allowed if and * only if SSEAlgorithm is set to aws:kms or * aws:kms:dsse.

You can specify the key ID, key alias, or the * Amazon Resource Name (ARN) of the KMS key.

  • Key ID: * 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

  • Key Alias: alias/alias-name

*

If you use a key ID, you can run into a LogDestination undeliverable error * when creating a VPC flow log.

If you are using encryption with * cross-account or Amazon Web Services service operations you must use a fully * qualified KMS key ARN. For more information, see Using * encryption for cross-account operations.

Amazon S3 only * supports symmetric encryption KMS keys. For more information, see Asymmetric * keys in Amazon Web Services KMS in the Amazon Web Services Key Management * Service Developer Guide.

*/ inline void SetKMSMasterKeyID(const Aws::String& value) { m_kMSMasterKeyIDHasBeenSet = true; m_kMSMasterKeyID = value; } /** *

Amazon Web Services Key Management Service (KMS) customer Amazon Web Services * KMS key ID to use for the default encryption. This parameter is allowed if and * only if SSEAlgorithm is set to aws:kms or * aws:kms:dsse.

You can specify the key ID, key alias, or the * Amazon Resource Name (ARN) of the KMS key.

  • Key ID: * 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

  • Key Alias: alias/alias-name

*

If you use a key ID, you can run into a LogDestination undeliverable error * when creating a VPC flow log.

If you are using encryption with * cross-account or Amazon Web Services service operations you must use a fully * qualified KMS key ARN. For more information, see Using * encryption for cross-account operations.

Amazon S3 only * supports symmetric encryption KMS keys. For more information, see Asymmetric * keys in Amazon Web Services KMS in the Amazon Web Services Key Management * Service Developer Guide.

*/ inline void SetKMSMasterKeyID(Aws::String&& value) { m_kMSMasterKeyIDHasBeenSet = true; m_kMSMasterKeyID = std::move(value); } /** *

Amazon Web Services Key Management Service (KMS) customer Amazon Web Services * KMS key ID to use for the default encryption. This parameter is allowed if and * only if SSEAlgorithm is set to aws:kms or * aws:kms:dsse.

You can specify the key ID, key alias, or the * Amazon Resource Name (ARN) of the KMS key.

  • Key ID: * 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

  • Key Alias: alias/alias-name

*

If you use a key ID, you can run into a LogDestination undeliverable error * when creating a VPC flow log.

If you are using encryption with * cross-account or Amazon Web Services service operations you must use a fully * qualified KMS key ARN. For more information, see Using * encryption for cross-account operations.

Amazon S3 only * supports symmetric encryption KMS keys. For more information, see Asymmetric * keys in Amazon Web Services KMS in the Amazon Web Services Key Management * Service Developer Guide.

*/ inline void SetKMSMasterKeyID(const char* value) { m_kMSMasterKeyIDHasBeenSet = true; m_kMSMasterKeyID.assign(value); } /** *

Amazon Web Services Key Management Service (KMS) customer Amazon Web Services * KMS key ID to use for the default encryption. This parameter is allowed if and * only if SSEAlgorithm is set to aws:kms or * aws:kms:dsse.

You can specify the key ID, key alias, or the * Amazon Resource Name (ARN) of the KMS key.

  • Key ID: * 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

  • Key Alias: alias/alias-name

*

If you use a key ID, you can run into a LogDestination undeliverable error * when creating a VPC flow log.

If you are using encryption with * cross-account or Amazon Web Services service operations you must use a fully * qualified KMS key ARN. For more information, see Using * encryption for cross-account operations.

Amazon S3 only * supports symmetric encryption KMS keys. For more information, see Asymmetric * keys in Amazon Web Services KMS in the Amazon Web Services Key Management * Service Developer Guide.

*/ inline ServerSideEncryptionByDefault& WithKMSMasterKeyID(const Aws::String& value) { SetKMSMasterKeyID(value); return *this;} /** *

Amazon Web Services Key Management Service (KMS) customer Amazon Web Services * KMS key ID to use for the default encryption. This parameter is allowed if and * only if SSEAlgorithm is set to aws:kms or * aws:kms:dsse.

You can specify the key ID, key alias, or the * Amazon Resource Name (ARN) of the KMS key.

  • Key ID: * 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

  • Key Alias: alias/alias-name

*

If you use a key ID, you can run into a LogDestination undeliverable error * when creating a VPC flow log.

If you are using encryption with * cross-account or Amazon Web Services service operations you must use a fully * qualified KMS key ARN. For more information, see Using * encryption for cross-account operations.

Amazon S3 only * supports symmetric encryption KMS keys. For more information, see Asymmetric * keys in Amazon Web Services KMS in the Amazon Web Services Key Management * Service Developer Guide.

*/ inline ServerSideEncryptionByDefault& WithKMSMasterKeyID(Aws::String&& value) { SetKMSMasterKeyID(std::move(value)); return *this;} /** *

Amazon Web Services Key Management Service (KMS) customer Amazon Web Services * KMS key ID to use for the default encryption. This parameter is allowed if and * only if SSEAlgorithm is set to aws:kms or * aws:kms:dsse.

You can specify the key ID, key alias, or the * Amazon Resource Name (ARN) of the KMS key.

  • Key ID: * 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

  • Key Alias: alias/alias-name

*

If you use a key ID, you can run into a LogDestination undeliverable error * when creating a VPC flow log.

If you are using encryption with * cross-account or Amazon Web Services service operations you must use a fully * qualified KMS key ARN. For more information, see Using * encryption for cross-account operations.

Amazon S3 only * supports symmetric encryption KMS keys. For more information, see Asymmetric * keys in Amazon Web Services KMS in the Amazon Web Services Key Management * Service Developer Guide.

*/ inline ServerSideEncryptionByDefault& WithKMSMasterKeyID(const char* value) { SetKMSMasterKeyID(value); return *this;} private: ServerSideEncryption m_sSEAlgorithm; bool m_sSEAlgorithmHasBeenSet = false; Aws::String m_kMSMasterKeyID; bool m_kMSMasterKeyIDHasBeenSet = false; }; } // namespace Model } // namespace S3 } // namespace Aws