- input:
    Resources:
      s3Valid:
        Type: "AWS::S3::Bucket"
        Properties:
            BucketEncryption:
              ServerSideEncryptionConfiguration:
                - ServerSideEncryptionByDefault:
                    SSEAlgorithm: 'aws:kms'
                    KMSMasterKeyID: 'arn:aws:kms:us-east-1:123456789:key/056ea50b-1013-3907-8617-c93e474e400'
  expectations:
    rules:
      s3_buckets_allowed_sse_algorithm: PASS
- input:
    Resources:
      s3Valid:
        Type: "AWS::S3::Bucket"
        Properties:
            BucketEncryption:
              ServerSideEncryptionConfiguration:
                - ServerSideEncryptionByDefault:
                    SSEAlgorithm: 'sse'
                - ServerSideEncryptionByDefault:
                    SSEAlgorithm: 'aws:kms'
                    KMSMasterKeyID: 'arn:aws:kms:us-east-1:123456789:key/056ea50b-1013-3907-8617-c93e474e400'
  expectations:
    rules:
      s3_buckets_allowed_sse_algorithm: FAIL
- input:
    Resources:
      s3Valid:
        Type: "AWS::S3::Bucket"
        Properties:
            BucketEncryption:
              ServerSideEncryptionConfiguration:
                - ServerSideEncryptionByDefault:
                    SSEAlgorithm: 'aws:kms'
                    KMSMasterKeyID: 'arn:aws:kms:us-east-1:123456789:key/056ea50b-1013-3907-8617-c93e474e400'
                - ServerSideEncryptionByDefault:
                    SSEAlgorithm: 'aws:kms'
                    KMSMasterKeyID: 'arn:aws:kms:us-east-1:123456789:key/056ea50b-1013-3907-8617-c93e474e400'
  expectations:
    rules:
      s3_buckets_allowed_sse_algorithm: PASS