class Aws::MediaConvert::Types::S3EncryptionSettings

Settings for how your job outputs are encrypted as they are uploaded to Amazon S3.

@note When making an API call, you may pass S3EncryptionSettings

data as a hash:

    {
      encryption_type: "SERVER_SIDE_ENCRYPTION_S3", # accepts SERVER_SIDE_ENCRYPTION_S3, SERVER_SIDE_ENCRYPTION_KMS
      kms_encryption_context: "__stringPatternAZaZ0902",
      kms_key_arn: "__stringPatternArnAwsUsGovCnKmsAZ26EastWestCentralNorthSouthEastWest1912D12KeyAFAF098AFAF094AFAF094AFAF094AFAF0912",
    }

@!attribute [rw] encryption_type

Specify how you want your data keys managed. AWS uses data keys to
encrypt your content. AWS also encrypts the data keys themselves,
using a customer master key (CMK), and then stores the encrypted
data keys alongside your encrypted content. Use this setting to
specify which AWS service manages the CMK. For simplest set up,
choose Amazon S3 (SERVER\_SIDE\_ENCRYPTION\_S3). If you want your
master key to be managed by AWS Key Management Service (KMS), choose
AWS KMS (SERVER\_SIDE\_ENCRYPTION\_KMS). By default, when you choose
AWS KMS, KMS uses the AWS managed customer master key (CMK)
associated with Amazon S3 to encrypt your data keys. You can
optionally choose to specify a different, customer managed CMK. Do
so by specifying the Amazon Resource Name (ARN) of the key for the
setting KMS ARN (kmsKeyArn).
@return [String]

@!attribute [rw] kms_encryption_context

Optionally, specify the encryption context that you want to use
alongside your KMS key. AWS KMS uses this encryption context as
additional authenticated data (AAD) to support authenticated
encryption. This value must be a base64-encoded UTF-8 string holding
JSON which represents a string-string map. To use this setting, you
must also set Server-side encryption (S3ServerSideEncryptionType) to
AWS KMS (SERVER\_SIDE\_ENCRYPTION\_KMS). For more information about
encryption context, see:
https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt\_context.
@return [String]

@!attribute [rw] kms_key_arn

Optionally, specify the customer master key (CMK) that you want to
use to encrypt the data key that AWS uses to encrypt your output
content. Enter the Amazon Resource Name (ARN) of the CMK. To use
this setting, you must also set Server-side encryption
(S3ServerSideEncryptionType) to AWS KMS
(SERVER\_SIDE\_ENCRYPTION\_KMS). If you set Server-side encryption
to AWS KMS but don't specify a CMK here, AWS uses the AWS managed
CMK associated with Amazon S3.
@return [String]

@see docs.aws.amazon.com/goto/WebAPI/mediaconvert-2017-08-29/S3EncryptionSettings AWS API Documentation

Constants

SENSITIVE