How can i enable AWS managed key (aws/s3) as a AWS KMS key in S3 encryption using cloud formation? I have the following code but i'm not sure if i should pass the key as an arn
MyBucket:
Type: AWS::S3::Bucket
Properties:
BucketName:
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: aws:kms
KMSMasterKeyID: !GetAtt ARN?
VersioningConfiguration:
Status: Enabled
CodePudding user response:
You can use server-side encryption with S3-managed keys (SSE-S3) by modifying the Amazon S3 Bucket ServerSideEncryptionByDefault property to specify AES256 for SSEAlgorithm
MyBucket:
Type: AWS::S3::Bucket
Properties:
BucketName:
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
VersioningConfiguration:
Status: Enabled