/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include namespace Aws { namespace Utils { namespace Xml { class XmlNode; } // namespace Xml } // namespace Utils namespace S3 { namespace Model { /** *

Describes the default server-side encryption to apply to new objects in the * bucket. If a PUT Object request doesn't specify any server-side encryption, this * default encryption will be applied. If you don't specify a customer managed key * at configuration, Amazon S3 automatically creates an Amazon Web Services KMS key * in your Amazon Web Services account the first time that you add an object * encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for * SSE-KMS. For more information, see PUT * Bucket encryption in the Amazon S3 API Reference.

See * Also:

AWS * API Reference

*/ class ServerSideEncryptionByDefault { public: AWS_S3_API ServerSideEncryptionByDefault(); AWS_S3_API ServerSideEncryptionByDefault(const Aws::Utils::Xml::XmlNode& xmlNode); AWS_S3_API ServerSideEncryptionByDefault& operator=(const Aws::Utils::Xml::XmlNode& xmlNode); AWS_S3_API void AddToNode(Aws::Utils::Xml::XmlNode& parentNode) const; /** *

Server-side encryption algorithm to use for the default encryption.

*/ inline const ServerSideEncryption& GetSSEAlgorithm() const{ return m_sSEAlgorithm; } /** *

Server-side encryption algorithm to use for the default encryption.

*/ inline bool SSEAlgorithmHasBeenSet() const { return m_sSEAlgorithmHasBeenSet; } /** *

Server-side encryption algorithm to use for the default encryption.

*/ inline void SetSSEAlgorithm(const ServerSideEncryption& value) { m_sSEAlgorithmHasBeenSet = true; m_sSEAlgorithm = value; } /** *

Server-side encryption algorithm to use for the default encryption.

*/ inline void SetSSEAlgorithm(ServerSideEncryption&& value) { m_sSEAlgorithmHasBeenSet = true; m_sSEAlgorithm = std::move(value); } /** *

Server-side encryption algorithm to use for the default encryption.

*/ inline ServerSideEncryptionByDefault& WithSSEAlgorithm(const ServerSideEncryption& value) { SetSSEAlgorithm(value); return *this;} /** *

Server-side encryption algorithm to use for the default encryption.

*/ inline ServerSideEncryptionByDefault& WithSSEAlgorithm(ServerSideEncryption&& value) { SetSSEAlgorithm(std::move(value)); return *this;} /** *

Amazon Web Services Key Management Service (KMS) customer Amazon Web Services * KMS key ID to use for the default encryption. This parameter is allowed if and * only if SSEAlgorithm is set to aws:kms.

You can * specify the key ID or the Amazon Resource Name (ARN) of the KMS key. If you use * a key ID, you can run into a LogDestination undeliverable error when creating a * VPC flow log.

If you are using encryption with cross-account or Amazon * Web Services service operations you must use a fully qualified KMS key ARN. For * more information, see Using * encryption for cross-account operations.

  • Key ID: * 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

Amazon S3 only supports symmetric encryption KMS * keys. For more information, see Asymmetric * keys in Amazon Web Services KMS in the Amazon Web Services Key Management * Service Developer Guide.

*/ inline const Aws::String& GetKMSMasterKeyID() const{ return m_kMSMasterKeyID; } /** *

Amazon Web Services Key Management Service (KMS) customer Amazon Web Services * KMS key ID to use for the default encryption. This parameter is allowed if and * only if SSEAlgorithm is set to aws:kms.

You can * specify the key ID or the Amazon Resource Name (ARN) of the KMS key. If you use * a key ID, you can run into a LogDestination undeliverable error when creating a * VPC flow log.

If you are using encryption with cross-account or Amazon * Web Services service operations you must use a fully qualified KMS key ARN. For * more information, see Using * encryption for cross-account operations.

  • Key ID: * 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

Amazon S3 only supports symmetric encryption KMS * keys. For more information, see Asymmetric * keys in Amazon Web Services KMS in the Amazon Web Services Key Management * Service Developer Guide.

*/ inline bool KMSMasterKeyIDHasBeenSet() const { return m_kMSMasterKeyIDHasBeenSet; } /** *

Amazon Web Services Key Management Service (KMS) customer Amazon Web Services * KMS key ID to use for the default encryption. This parameter is allowed if and * only if SSEAlgorithm is set to aws:kms.

You can * specify the key ID or the Amazon Resource Name (ARN) of the KMS key. If you use * a key ID, you can run into a LogDestination undeliverable error when creating a * VPC flow log.

If you are using encryption with cross-account or Amazon * Web Services service operations you must use a fully qualified KMS key ARN. For * more information, see Using * encryption for cross-account operations.

  • Key ID: * 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

Amazon S3 only supports symmetric encryption KMS * keys. For more information, see Asymmetric * keys in Amazon Web Services KMS in the Amazon Web Services Key Management * Service Developer Guide.

*/ inline void SetKMSMasterKeyID(const Aws::String& value) { m_kMSMasterKeyIDHasBeenSet = true; m_kMSMasterKeyID = value; } /** *

Amazon Web Services Key Management Service (KMS) customer Amazon Web Services * KMS key ID to use for the default encryption. This parameter is allowed if and * only if SSEAlgorithm is set to aws:kms.

You can * specify the key ID or the Amazon Resource Name (ARN) of the KMS key. If you use * a key ID, you can run into a LogDestination undeliverable error when creating a * VPC flow log.

If you are using encryption with cross-account or Amazon * Web Services service operations you must use a fully qualified KMS key ARN. For * more information, see Using * encryption for cross-account operations.

  • Key ID: * 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

Amazon S3 only supports symmetric encryption KMS * keys. For more information, see Asymmetric * keys in Amazon Web Services KMS in the Amazon Web Services Key Management * Service Developer Guide.

*/ inline void SetKMSMasterKeyID(Aws::String&& value) { m_kMSMasterKeyIDHasBeenSet = true; m_kMSMasterKeyID = std::move(value); } /** *

Amazon Web Services Key Management Service (KMS) customer Amazon Web Services * KMS key ID to use for the default encryption. This parameter is allowed if and * only if SSEAlgorithm is set to aws:kms.

You can * specify the key ID or the Amazon Resource Name (ARN) of the KMS key. If you use * a key ID, you can run into a LogDestination undeliverable error when creating a * VPC flow log.

If you are using encryption with cross-account or Amazon * Web Services service operations you must use a fully qualified KMS key ARN. For * more information, see Using * encryption for cross-account operations.

  • Key ID: * 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

Amazon S3 only supports symmetric encryption KMS * keys. For more information, see Asymmetric * keys in Amazon Web Services KMS in the Amazon Web Services Key Management * Service Developer Guide.

*/ inline void SetKMSMasterKeyID(const char* value) { m_kMSMasterKeyIDHasBeenSet = true; m_kMSMasterKeyID.assign(value); } /** *

Amazon Web Services Key Management Service (KMS) customer Amazon Web Services * KMS key ID to use for the default encryption. This parameter is allowed if and * only if SSEAlgorithm is set to aws:kms.

You can * specify the key ID or the Amazon Resource Name (ARN) of the KMS key. If you use * a key ID, you can run into a LogDestination undeliverable error when creating a * VPC flow log.

If you are using encryption with cross-account or Amazon * Web Services service operations you must use a fully qualified KMS key ARN. For * more information, see Using * encryption for cross-account operations.

  • Key ID: * 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

Amazon S3 only supports symmetric encryption KMS * keys. For more information, see Asymmetric * keys in Amazon Web Services KMS in the Amazon Web Services Key Management * Service Developer Guide.

*/ inline ServerSideEncryptionByDefault& WithKMSMasterKeyID(const Aws::String& value) { SetKMSMasterKeyID(value); return *this;} /** *

Amazon Web Services Key Management Service (KMS) customer Amazon Web Services * KMS key ID to use for the default encryption. This parameter is allowed if and * only if SSEAlgorithm is set to aws:kms.

You can * specify the key ID or the Amazon Resource Name (ARN) of the KMS key. If you use * a key ID, you can run into a LogDestination undeliverable error when creating a * VPC flow log.

If you are using encryption with cross-account or Amazon * Web Services service operations you must use a fully qualified KMS key ARN. For * more information, see Using * encryption for cross-account operations.

  • Key ID: * 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

Amazon S3 only supports symmetric encryption KMS * keys. For more information, see Asymmetric * keys in Amazon Web Services KMS in the Amazon Web Services Key Management * Service Developer Guide.

*/ inline ServerSideEncryptionByDefault& WithKMSMasterKeyID(Aws::String&& value) { SetKMSMasterKeyID(std::move(value)); return *this;} /** *

Amazon Web Services Key Management Service (KMS) customer Amazon Web Services * KMS key ID to use for the default encryption. This parameter is allowed if and * only if SSEAlgorithm is set to aws:kms.

You can * specify the key ID or the Amazon Resource Name (ARN) of the KMS key. If you use * a key ID, you can run into a LogDestination undeliverable error when creating a * VPC flow log.

If you are using encryption with cross-account or Amazon * Web Services service operations you must use a fully qualified KMS key ARN. For * more information, see Using * encryption for cross-account operations.

  • Key ID: * 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

Amazon S3 only supports symmetric encryption KMS * keys. For more information, see Asymmetric * keys in Amazon Web Services KMS in the Amazon Web Services Key Management * Service Developer Guide.

*/ inline ServerSideEncryptionByDefault& WithKMSMasterKeyID(const char* value) { SetKMSMasterKeyID(value); return *this;} private: ServerSideEncryption m_sSEAlgorithm; bool m_sSEAlgorithmHasBeenSet = false; Aws::String m_kMSMasterKeyID; bool m_kMSMasterKeyIDHasBeenSet = false; }; } // namespace Model } // namespace S3 } // namespace Aws