bucket_encryption#

State module for managing AWS S3 bucket encryption.

async idem_aws.states.aws.s3.bucket_encryption.present(hub, ctx, name: str, resource_id: str = None, *, bucket: str, server_side_encryption_configuration: ServerSideEncryptionConfiguration, timeout: Timeout = None) Dict[str, Any][source]#

Creates an encryption configuration for an S3 bucket resource.

Parameters:

  • name (str) – An Idem name of the resource.

  • resource_id (str, Optional) – The name of the S3 bucket in Amazon Web Services. It must be equal to the bucket parameter.

  • bucket (str) – The name of the S3 bucket in Amazon Web Services.

  • server_side_encryption_configuration (Dict[str, Any]) –

    Specifies the default server-side-encryption configuration.

    • Rules (list[Dict[str, Any]]):

      Container for information about a particular server-side encryption configuration rule.

      • ApplyServerSideEncryptionByDefault (Dict[str, Any], Optional):

        Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn’t specify any server-side encryption, this default encryption will be applied.

        • SSEAlgorithm (str):

          Server-side encryption algorithm to use for the default encryption.

        • KMSMasterKeyID (str, Optional):

          Amazon Web Services Key Management Service (KMS) customer Amazon Web Services KMS key ID to use for the default encryption. This parameter is allowed if and only if SSEAlgorithm is set to aws:kms. You can specify the key ID or the Amazon Resource Name (ARN) of the KMS key. If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. If you are using encryption with cross-account or Amazon Web Services service operations you must use a fully qualified KMS key ARN. For more information, see Using encryption for cross- account operations. Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab Key ARN: arn:aws:kms:us- east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab Amazon S3 only supports symmetric encryption KMS keys. For more information, see Asymmetric keys in Amazon Web Services KMS in the Amazon Web Services Key Management Service Developer Guide.

      • BucketKeyEnabled (bool, Optional):

        Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects are not affected. Setting the BucketKeyEnabled element to true causes Amazon S3 to use an S3 Bucket Key. By default, S3 Bucket Key is not enabled. For more information, see Amazon S3 Bucket Keys in the Amazon S3 User Guide.

        Defaults to False.

  • timeout (dict, Optional) –

    Timeout configuration for S3 bucket encryption configuration.

    • update (str):

      Timeout configuration for updating the S3 bucket encryption configuration.

      • delay (int, Optional):

        The amount of time in seconds to wait between attempts. Defaults to 4 seconds.

      • max_attempts (int, Optional):

        Maximum attempts of waiting for the update. Defaults to 30 attempts.

Request Syntax:
[idem_test_aws_s3_bucket_encryption]:
  aws.s3.bucket_encryption.present:
    - name: 'string'
    - bucket: 'string'
    - server_side_encryption_configuration:
        Rules:
        - ApplyServerSideEncryptionByDefault:
            SSEAlgorithm: 'string'
            KMSMasterKeyID: 'string'
          BucketKeyEnabled: True|False
Returns:

dict[str, Any]

Examples

idem_test_aws_s3_bucket_encryption:
  aws.s3.bucket_encryption.present:
    - name: value
    - bucket: value
    - server_side_encryption_configuration:
        Rules:
        - ApplyServerSideEncryptionByDefault:
            SSEAlgorithm: 'AES256'
            KMSMasterKeyID: 'string'
          BucketKeyEnabled: True
async idem_aws.states.aws.s3.bucket_encryption.absent(hub, ctx, name: str, resource_id: str = None, timeout: Dict = None) Dict[str, Any][source]#

Deletes an encryption configuration from an S3 bucket resource.

Parameters:

  • name (str) – An Idem name of the resource.

  • resource_id (str, Optional) – The name of the S3 bucket in Amazon Web Services. Idem automatically considers this resource being absent if this field is not specified.

  • timeout (dict, Optional) –

    Timeout configuration for S3 bucket encryption configuration.

    • delete (str):

      Timeout configuration for deleting the S3 bucket encryption configuration.

      • delay (int, Optional):

        The amount of time in seconds to wait between attempts. Defaults to 4 seconds.

      • max_attempts (int, Optional):

        Maximum attempts of waiting for the deletion. Defaults to 30 attempts.

Returns:

dict[str, Any]

Examples

idem_test_aws_s3_bucket_encryption:
  aws.s3.bucket_encryption.absent:
    - name: value
    - resource_id: value
async idem_aws.states.aws.s3.bucket_encryption.describe(hub, ctx) Dict[str, Dict[str, Any]][source]#

Describe the resource in a way that can be recreated/managed with the corresponding “present” function.

Gets the encryption configuration for each S3 bucket under the given AWS account.

Returns:

dict[str, dict[str, Any]]

Examples

$ idem describe aws.s3.bucket_encryption