AWS cli documentation change
Summary
Added BlockedEncryptionTypes parameter documentation and configuration syntax
Security assessment
Documents new security controls for blocking encryption types (SSE-C), enabling better encryption policy enforcement. This is a proactive security feature addition rather than a vulnerability fix.
Diff
diff --git a/cli/latest/reference/s3api/put-bucket-encryption.md b/cli/latest/reference/s3api/put-bucket-encryption.md index 3335d4fec..1b2760548 100644 --- a//cli/latest/reference/s3api/put-bucket-encryption.md +++ b//cli/latest/reference/s3api/put-bucket-encryption.md @@ -15 +15 @@ - * [AWS CLI 2.31.39 Command Reference](../../index.html) » + * [AWS CLI 2.32.3 Command Reference](../../index.html) » @@ -60 +60 @@ First time using the AWS CLI? See the [User Guide](https://docs.aws.amazon.com/c -This operation configures default encryption and Amazon S3 Bucket Keys for an existing bucket. +This operation configures default encryption and Amazon S3 Bucket Keys for an existing bucket. You can also [block encryption types](https://docs.aws.amazon.com/AmazonS3/latest/API/API_BlockedEncryptionTypes.html) using this operation. @@ -264,0 +265,25 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/s3-200 +>>> +>>> BlockedEncryptionTypes -> (structure) +>>> +>>>> A bucket-level setting for Amazon S3 general purpose buckets used to prevent the upload of new objects encrypted with the specified server-side encryption type. For example, blocking an encryption type will block `PutObject` , `CopyObject` , `PostObject` , multipart upload, and replication requests to the bucket for objects with the specified encryption type. However, you can continue to read and list any pre-existing objects already encrypted with the specified encryption type. For more information, see [Blocking an encryption type for a general purpose bucket](https://docs.aws.amazon.com/AmazonS3/userguide/block-encryption-type.html) . +>>>> +>>>> ### Note +>>>> +>>>> Currently, this parameter only supports blocking or unblocking Server Side Encryption with Customer Provided Keys (SSE-C). For more information about SSE-C, see [Using server-side encryption with customer-provided keys (SSE-C)](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html) . +>>>> +>>>> EncryptionType -> (list) +>>>> +>>>>> The object encryption type that you want to block or unblock for an Amazon S3 general purpose bucket. +>>>>> +>>>>> ### Note +>>>>> +>>>>> Currently, this parameter only supports blocking or unblocking server side encryption with customer-provided keys (SSE-C). For more information about SSE-C, see [Using server-side encryption with customer-provided keys (SSE-C)](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html) . +>>>>> +>>>>> (string) +>>>>> +>>>>>> Possible values: +>>>>>> +>>>>>> * `NONE` +>>>>>> * `SSE-C` +>>>>>> + @@ -276 +301,4 @@ JSON Syntax: - "BucketKeyEnabled": true|false + "BucketKeyEnabled": true|false, + "BlockedEncryptionTypes": { + "EncryptionType": ["NONE"|"SSE-C", ...] + } @@ -422 +450 @@ None - * [AWS CLI 2.31.39 Command Reference](../../index.html) » + * [AWS CLI 2.32.3 Command Reference](../../index.html) »