/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include namespace Aws { namespace Utils { namespace Xml { class XmlNode; } // namespace Xml } // namespace Utils namespace S3 { namespace Model { /** *

Specifies the default server-side encryption configuration.

    *

  • General purpose buckets - If you're specifying a customer * managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a * KMS key alias instead, then KMS resolves the key within the requester’s account. * This behavior can result in data that's encrypted with a KMS key that belongs to * the requester, and not the bucket owner.

  • Directory * buckets - When you specify an KMS * customer managed key for encryption in your directory bucket, only use the * key ID or key ARN. The key alias format of the KMS key isn't supported.

    *

See Also:

AWS * API Reference

*/ class ServerSideEncryptionRule { public: AWS_S3_API ServerSideEncryptionRule() = default; AWS_S3_API ServerSideEncryptionRule(const Aws::Utils::Xml::XmlNode& xmlNode); AWS_S3_API ServerSideEncryptionRule& operator=(const Aws::Utils::Xml::XmlNode& xmlNode); AWS_S3_API void AddToNode(Aws::Utils::Xml::XmlNode& parentNode) const; ///@{ /** *

Specifies the default server-side encryption to apply to new objects in the * bucket. If a PUT Object request doesn't specify any server-side encryption, this * default encryption will be applied.

*/ inline const ServerSideEncryptionByDefault& GetApplyServerSideEncryptionByDefault() const { return m_applyServerSideEncryptionByDefault; } inline bool ApplyServerSideEncryptionByDefaultHasBeenSet() const { return m_applyServerSideEncryptionByDefaultHasBeenSet; } template void SetApplyServerSideEncryptionByDefault(ApplyServerSideEncryptionByDefaultT&& value) { m_applyServerSideEncryptionByDefaultHasBeenSet = true; m_applyServerSideEncryptionByDefault = std::forward(value); } template ServerSideEncryptionRule& WithApplyServerSideEncryptionByDefault(ApplyServerSideEncryptionByDefaultT&& value) { SetApplyServerSideEncryptionByDefault(std::forward(value)); return *this; } ///@} ///@{ /** *

Specifies whether Amazon S3 should use an S3 Bucket Key with server-side * encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects * are not affected. Setting the BucketKeyEnabled element to * true causes Amazon S3 to use an S3 Bucket Key.

    *

  • General purpose buckets - By default, S3 Bucket Key is not * enabled. For more information, see Amazon S3 * Bucket Keys in the Amazon S3 User Guide.

  • * Directory buckets - S3 Bucket Keys are always enabled for * GET and PUT operations in a directory bucket and can’t * be disabled. S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted * objects from general purpose buckets to directory buckets, from directory * buckets to general purpose buckets, or between directory buckets, through CopyObject, * UploadPartCopy, * the * Copy operation in Batch Operations, or the * import jobs. In this case, Amazon S3 makes a call to KMS every time a copy * request is made for a KMS-encrypted object.

*/ inline bool GetBucketKeyEnabled() const { return m_bucketKeyEnabled; } inline bool BucketKeyEnabledHasBeenSet() const { return m_bucketKeyEnabledHasBeenSet; } inline void SetBucketKeyEnabled(bool value) { m_bucketKeyEnabledHasBeenSet = true; m_bucketKeyEnabled = value; } inline ServerSideEncryptionRule& WithBucketKeyEnabled(bool value) { SetBucketKeyEnabled(value); return *this; } ///@} ///@{ /** *

A bucket-level setting for Amazon S3 general purpose buckets used to prevent * the upload of new objects encrypted with the specified server-side encryption * type. For example, blocking an encryption type will block * PutObject, CopyObject, PostObject, * multipart upload, and replication requests to the bucket for objects with the * specified encryption type. However, you can continue to read and list any * pre-existing objects already encrypted with the specified encryption type. For * more information, see Blocking * or unblocking SSE-C for a general purpose bucket.

Currently, * this parameter only supports blocking or unblocking server-side encryption with * customer-provided keys (SSE-C). For more information about SSE-C, see Using * server-side encryption with customer-provided keys (SSE-C).

*/ inline const BlockedEncryptionTypes& GetBlockedEncryptionTypes() const { return m_blockedEncryptionTypes; } inline bool BlockedEncryptionTypesHasBeenSet() const { return m_blockedEncryptionTypesHasBeenSet; } template void SetBlockedEncryptionTypes(BlockedEncryptionTypesT&& value) { m_blockedEncryptionTypesHasBeenSet = true; m_blockedEncryptionTypes = std::forward(value); } template ServerSideEncryptionRule& WithBlockedEncryptionTypes(BlockedEncryptionTypesT&& value) { SetBlockedEncryptionTypes(std::forward(value)); return *this; } ///@} private: ServerSideEncryptionByDefault m_applyServerSideEncryptionByDefault; bool m_bucketKeyEnabled{false}; BlockedEncryptionTypes m_blockedEncryptionTypes; bool m_applyServerSideEncryptionByDefaultHasBeenSet = false; bool m_bucketKeyEnabledHasBeenSet = false; bool m_blockedEncryptionTypesHasBeenSet = false; }; } // namespace Model } // namespace S3 } // namespace Aws