Copyright	(c) 2013-2023 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay
Stability	auto-generated
Portability	non-portable (GHC extensions)
Safe Haskell	Safe-Inferred
Language	Haskell2010

Amazonka.S3.PutBucketEncryption

Contents

Creating a Request
Request Lenses
Destructuring the Response

Description

This action uses the encryption subresource to configure default encryption and Amazon S3 Bucket Key for an existing bucket.

Default encryption for a bucket can use server-side encryption with Amazon S3-managed keys (SSE-S3) or customer managed keys (SSE-KMS). If you specify default encryption using SSE-KMS, you can also configure Amazon S3 Bucket Key. When the default encryption is SSE-KMS, if you upload an object to the bucket and do not specify the KMS key to use for encryption, Amazon S3 uses the default Amazon Web Services managed KMS key for your account. For information about default encryption, see Amazon S3 default bucket encryption in the Amazon S3 User Guide. For more information about S3 Bucket Keys, see Amazon S3 Bucket Keys in the Amazon S3 User Guide.

This action requires Amazon Web Services Signature Version 4. For more information, see Authenticating Requests (Amazon Web Services Signature Version 4).

To use this operation, you must have permissions to perform the s3:PutEncryptionConfiguration action. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.

Related Resources

Synopsis

Creating a Request

data PutBucketEncryption Source #

See: newPutBucketEncryption smart constructor.

Constructors

PutBucketEncryption'

Fields

checksumAlgorithm :: Maybe ChecksumAlgorithm
Indicates the algorithm used to create the checksum for the object when using the SDK. This header will not provide any additional functionality if not using the SDK. When sending this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.
If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.
contentMD5 :: Maybe Text
The base64-encoded 128-bit MD5 digest of the server-side encryption configuration.
For requests made using the Amazon Web Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated automatically.
expectedBucketOwner :: Maybe Text
The account ID of the expected bucket owner. If the bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied).
bucket :: BucketName
Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3) or customer managed keys (SSE-KMS). For information about the Amazon S3 default encryption feature, see Amazon S3 Default Bucket Encryption in the Amazon S3 User Guide.
serverSideEncryptionConfiguration :: ServerSideEncryptionConfiguration

Instances

Instances details

ToHeaders PutBucketEncryption Source #
Instance details Defined in Amazonka.S3.PutBucketEncryption Methods toHeaders :: PutBucketEncryption -> [Header] #
ToPath PutBucketEncryption Source #
Instance details Defined in Amazonka.S3.PutBucketEncryption Methods toPath :: PutBucketEncryption -> ByteString #
ToQuery PutBucketEncryption Source #
Instance details Defined in Amazonka.S3.PutBucketEncryption Methods toQuery :: PutBucketEncryption -> QueryString #
ToElement PutBucketEncryption Source #
Instance details Defined in Amazonka.S3.PutBucketEncryption Methods toElement :: PutBucketEncryption -> Element #
AWSRequest PutBucketEncryption Source #
Instance details Defined in Amazonka.S3.PutBucketEncryption Associated Types type AWSResponse PutBucketEncryption # Methods request :: (Service -> Service) -> PutBucketEncryption -> Request PutBucketEncryption # response :: MonadResource m => (ByteStringLazy -> IO ByteStringLazy) -> Service -> Proxy PutBucketEncryption -> ClientResponse ClientBody -> m (Either Error (ClientResponse (AWSResponse PutBucketEncryption))) #
Generic PutBucketEncryption Source #
Instance details Defined in Amazonka.S3.PutBucketEncryption Associated Types type Rep PutBucketEncryption :: Type -> Type # Methods from :: PutBucketEncryption -> Rep PutBucketEncryption x # to :: Rep PutBucketEncryption x -> PutBucketEncryption #
Show PutBucketEncryption Source #
Instance details Defined in Amazonka.S3.PutBucketEncryption Methods showsPrec :: Int -> PutBucketEncryption -> ShowS # show :: PutBucketEncryption -> String # showList :: [PutBucketEncryption] -> ShowS #
NFData PutBucketEncryption Source #
Instance details Defined in Amazonka.S3.PutBucketEncryption Methods rnf :: PutBucketEncryption -> () #
Eq PutBucketEncryption Source #
Instance details Defined in Amazonka.S3.PutBucketEncryption Methods (==) :: PutBucketEncryption -> PutBucketEncryption -> Bool # (/=) :: PutBucketEncryption -> PutBucketEncryption -> Bool #
Hashable PutBucketEncryption Source #
Instance details Defined in Amazonka.S3.PutBucketEncryption Methods hashWithSalt :: Int -> PutBucketEncryption -> Int # hash :: PutBucketEncryption -> Int #
type AWSResponse PutBucketEncryption Source #
Instance details Defined in Amazonka.S3.PutBucketEncryption type AWSResponse PutBucketEncryption = PutBucketEncryptionResponse
type Rep PutBucketEncryption Source #
Instance details Defined in Amazonka.S3.PutBucketEncryption type Rep PutBucketEncryption = D1 ('MetaData "PutBucketEncryption" "Amazonka.S3.PutBucketEncryption" "amazonka-s3-2.0-CNZtv1UmVzj28JXsFvwNoj" 'False) (C1 ('MetaCons "PutBucketEncryption'" 'PrefixI 'True) ((S1 ('MetaSel ('Just "checksumAlgorithm") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe ChecksumAlgorithm)) :: S1 ('MetaSel ('Just "contentMD5") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text))) :: (S1 ('MetaSel ('Just "expectedBucketOwner") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :: (S1 ('MetaSel ('Just "bucket") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 BucketName) :: S1 ('MetaSel ('Just "serverSideEncryptionConfiguration") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 ServerSideEncryptionConfiguration)))))

newPutBucketEncryption Source #

Arguments

:: BucketName	`PutBucketEncryption`
-> ServerSideEncryptionConfiguration	`$sel:serverSideEncryptionConfiguration:PutBucketEncryption'`
-> PutBucketEncryption

Create a value of PutBucketEncryption with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

PutBucketEncryption, putBucketEncryption_checksumAlgorithm - Indicates the algorithm used to create the checksum for the object when using the SDK. This header will not provide any additional functionality if not using the SDK. When sending this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

$sel:contentMD5:PutBucketEncryption', putBucketEncryption_contentMD5 - The base64-encoded 128-bit MD5 digest of the server-side encryption configuration.

For requests made using the Amazon Web Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated automatically.

$sel:expectedBucketOwner:PutBucketEncryption', putBucketEncryption_expectedBucketOwner - The account ID of the expected bucket owner. If the bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied).

PutBucketEncryption, putBucketEncryption_bucket - Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3) or customer managed keys (SSE-KMS). For information about the Amazon S3 default encryption feature, see Amazon S3 Default Bucket Encryption in the Amazon S3 User Guide.

$sel:serverSideEncryptionConfiguration:PutBucketEncryption', putBucketEncryption_serverSideEncryptionConfiguration - Undocumented member.

Request Lenses

putBucketEncryption_checksumAlgorithm :: Lens' PutBucketEncryption (Maybe ChecksumAlgorithm) Source #

Indicates the algorithm used to create the checksum for the object when using the SDK. This header will not provide any additional functionality if not using the SDK. When sending this header, there must be a corresponding x-amz-checksum or x-amz-trailer header sent. Otherwise, Amazon S3 fails the request with the HTTP status code 400 Bad Request. For more information, see Checking object integrity in the Amazon S3 User Guide.

If you provide an individual checksum, Amazon S3 ignores any provided ChecksumAlgorithm parameter.

putBucketEncryption_contentMD5 :: Lens' PutBucketEncryption (Maybe Text) Source #

The base64-encoded 128-bit MD5 digest of the server-side encryption configuration.

For requests made using the Amazon Web Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated automatically.

putBucketEncryption_expectedBucketOwner :: Lens' PutBucketEncryption (Maybe Text) Source #

The account ID of the expected bucket owner. If the bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied).

putBucketEncryption_bucket :: Lens' PutBucketEncryption BucketName Source #

Specifies default encryption for a bucket using server-side encryption with Amazon S3-managed keys (SSE-S3) or customer managed keys (SSE-KMS). For information about the Amazon S3 default encryption feature, see Amazon S3 Default Bucket Encryption in the Amazon S3 User Guide.

putBucketEncryption_serverSideEncryptionConfiguration :: Lens' PutBucketEncryption ServerSideEncryptionConfiguration Source #

Undocumented member.

Destructuring the Response

data PutBucketEncryptionResponse Source #

See: newPutBucketEncryptionResponse smart constructor.

Constructors

PutBucketEncryptionResponse'

Instances

Instances details

Generic PutBucketEncryptionResponse Source #
Instance details Defined in Amazonka.S3.PutBucketEncryption Associated Types type Rep PutBucketEncryptionResponse :: Type -> Type # Methods from :: PutBucketEncryptionResponse -> Rep PutBucketEncryptionResponse x # to :: Rep PutBucketEncryptionResponse x -> PutBucketEncryptionResponse #
Read PutBucketEncryptionResponse Source #
Instance details Defined in Amazonka.S3.PutBucketEncryption Methods readsPrec :: Int -> ReadS PutBucketEncryptionResponse # readList :: ReadS [PutBucketEncryptionResponse] # readPrec :: ReadPrec PutBucketEncryptionResponse # readListPrec :: ReadPrec [PutBucketEncryptionResponse] #
Show PutBucketEncryptionResponse Source #
Instance details Defined in Amazonka.S3.PutBucketEncryption Methods showsPrec :: Int -> PutBucketEncryptionResponse -> ShowS # show :: PutBucketEncryptionResponse -> String # showList :: [PutBucketEncryptionResponse] -> ShowS #
NFData PutBucketEncryptionResponse Source #
Instance details Defined in Amazonka.S3.PutBucketEncryption Methods rnf :: PutBucketEncryptionResponse -> () #
Eq PutBucketEncryptionResponse Source #
Instance details Defined in Amazonka.S3.PutBucketEncryption Methods (==) :: PutBucketEncryptionResponse -> PutBucketEncryptionResponse -> Bool # (/=) :: PutBucketEncryptionResponse -> PutBucketEncryptionResponse -> Bool #
type Rep PutBucketEncryptionResponse Source #
Instance details Defined in Amazonka.S3.PutBucketEncryption type Rep PutBucketEncryptionResponse = D1 ('MetaData "PutBucketEncryptionResponse" "Amazonka.S3.PutBucketEncryption" "amazonka-s3-2.0-CNZtv1UmVzj28JXsFvwNoj" 'False) (C1 ('MetaCons "PutBucketEncryptionResponse'" 'PrefixI 'False) (U1 :: Type -> Type))

newPutBucketEncryptionResponse :: PutBucketEncryptionResponse Source #

Create a value of PutBucketEncryptionResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.