This product is not supported for your selected Datadog site. ().
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

aws_s3express_bucket

account_id

Type: STRING

bucket_region

Type: STRING
Provider name: BucketRegion
Description: BucketRegion indicates the Amazon Web Services region where the bucket is located. If the request contains at least one valid parameter, it is included in the response.

creation_date

Type: TIMESTAMP
Provider name: CreationDate
Description: Date the bucket was created. This date can change when making changes to your bucket, such as editing its bucket policy.

name

Type: STRING
Provider name: Name
Description: The name of the bucket.

policy

Type: STRING
Provider name: Policy
Description: The bucket policy as a JSON document.

server_side_encryption_configuration

Type: STRUCT
Provider name: ServerSideEncryptionConfiguration

  • rules
    Type: UNORDERED_LIST_STRUCT
    Provider name: Rules
    Description: Container for information about a particular server-side encryption configuration rule.
    • apply_server_side_encryption_by_default
      Type: STRUCT
      Provider name: ApplyServerSideEncryptionByDefault
      Description: Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn’t specify any server-side encryption, this default encryption will be applied.
      • kms_master_key_id
        Type: STRING
        Provider name: KMSMasterKeyID
        Description: Amazon Web Services Key Management Service (KMS) customer managed key ID to use for the default encryption.
        • General purpose buckets - This parameter is allowed if and only if SSEAlgorithm is set to aws:kms or aws:kms:dsse.
        • Directory buckets - This parameter is allowed if and only if SSEAlgorithm is set to aws:kms.
        You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key.
        • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
        • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
        • Key Alias: alias/alias-name
        If you are using encryption with cross-account or Amazon Web Services service operations, you must use a fully qualified KMS key ARN. For more information, see Using encryption for cross-account operations.
        • General purpose buckets - If you’re specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that’s encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log.
        • Directory buckets - When you specify an KMS customer managed key for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn’t supported.
        Amazon S3 only supports symmetric encryption KMS keys. For more information, see Asymmetric keys in Amazon Web Services KMS in the Amazon Web Services Key Management Service Developer Guide.
      • sse_algorithm
        Type: STRING
        Provider name: SSEAlgorithm
        Description: Server-side encryption algorithm to use for the default encryption. For directory buckets, there are only two supported values for server-side encryption: AES256 and aws:kms.
    • bucket_key_enabled
      Type: BOOLEAN
      Provider name: BucketKeyEnabled
      Description: Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects are not affected. Setting the BucketKeyEnabled element to true causes Amazon S3 to use an S3 Bucket Key.
      • General purpose buckets - By default, S3 Bucket Key is not enabled. For more information, see Amazon S3 Bucket Keys in the Amazon S3 User Guide.
      • Directory buckets - S3 Bucket Keys are always enabled for GET and PUT operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren’t supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through CopyObject, UploadPartCopy, the Copy operation in Batch Operations, or the import jobs. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.

tags

Type: UNORDERED_LIST_STRING