amazonka-maciev2-2.0: gen/Amazonka/MacieV2/Types/BucketServerSideEncryption.hs
{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-- Derived from AWS service descriptions, licensed under Apache 2.0.
-- |
-- Module : Amazonka.MacieV2.Types.BucketServerSideEncryption
-- Copyright : (c) 2013-2023 Brendan Hay
-- License : Mozilla Public License, v. 2.0.
-- Maintainer : Brendan Hay
-- Stability : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.MacieV2.Types.BucketServerSideEncryption where
import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import Amazonka.MacieV2.Types.Type
import qualified Amazonka.Prelude as Prelude
-- | Provides information about the default server-side encryption settings
-- for an S3 bucket. For detailed information about these settings, see
-- <https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html Setting default server-side encryption behavior for Amazon S3 buckets>
-- in the /Amazon Simple Storage Service User Guide/.
--
-- /See:/ 'newBucketServerSideEncryption' smart constructor.
data BucketServerSideEncryption = BucketServerSideEncryption'
{ -- | The Amazon Resource Name (ARN) or unique identifier (key ID) for the KMS
-- key that\'s used by default to encrypt objects that are added to the
-- bucket. This value is null if the bucket uses an Amazon S3 managed key
-- to encrypt new objects or the bucket doesn\'t encrypt new objects by
-- default.
kmsMasterKeyId :: Prelude.Maybe Prelude.Text,
-- | The type of server-side encryption that\'s used by default when storing
-- new objects in the bucket. Possible values are:
--
-- - AES256 - New objects are encrypted with an Amazon S3 managed key.
-- They use SSE-S3 encryption.
--
-- - aws:kms - New objects are encrypted with an KMS key
-- (kmsMasterKeyId), either an Amazon Web Services managed key or a
-- customer managed key. They use SSE-KMS encryption.
--
-- - NONE - New objects aren\'t encrypted by default. Default encryption
-- is disabled for the bucket.
type' :: Prelude.Maybe Type
}
deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
-- |
-- Create a value of 'BucketServerSideEncryption' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'kmsMasterKeyId', 'bucketServerSideEncryption_kmsMasterKeyId' - The Amazon Resource Name (ARN) or unique identifier (key ID) for the KMS
-- key that\'s used by default to encrypt objects that are added to the
-- bucket. This value is null if the bucket uses an Amazon S3 managed key
-- to encrypt new objects or the bucket doesn\'t encrypt new objects by
-- default.
--
-- 'type'', 'bucketServerSideEncryption_type' - The type of server-side encryption that\'s used by default when storing
-- new objects in the bucket. Possible values are:
--
-- - AES256 - New objects are encrypted with an Amazon S3 managed key.
-- They use SSE-S3 encryption.
--
-- - aws:kms - New objects are encrypted with an KMS key
-- (kmsMasterKeyId), either an Amazon Web Services managed key or a
-- customer managed key. They use SSE-KMS encryption.
--
-- - NONE - New objects aren\'t encrypted by default. Default encryption
-- is disabled for the bucket.
newBucketServerSideEncryption ::
BucketServerSideEncryption
newBucketServerSideEncryption =
BucketServerSideEncryption'
{ kmsMasterKeyId =
Prelude.Nothing,
type' = Prelude.Nothing
}
-- | The Amazon Resource Name (ARN) or unique identifier (key ID) for the KMS
-- key that\'s used by default to encrypt objects that are added to the
-- bucket. This value is null if the bucket uses an Amazon S3 managed key
-- to encrypt new objects or the bucket doesn\'t encrypt new objects by
-- default.
bucketServerSideEncryption_kmsMasterKeyId :: Lens.Lens' BucketServerSideEncryption (Prelude.Maybe Prelude.Text)
bucketServerSideEncryption_kmsMasterKeyId = Lens.lens (\BucketServerSideEncryption' {kmsMasterKeyId} -> kmsMasterKeyId) (\s@BucketServerSideEncryption' {} a -> s {kmsMasterKeyId = a} :: BucketServerSideEncryption)
-- | The type of server-side encryption that\'s used by default when storing
-- new objects in the bucket. Possible values are:
--
-- - AES256 - New objects are encrypted with an Amazon S3 managed key.
-- They use SSE-S3 encryption.
--
-- - aws:kms - New objects are encrypted with an KMS key
-- (kmsMasterKeyId), either an Amazon Web Services managed key or a
-- customer managed key. They use SSE-KMS encryption.
--
-- - NONE - New objects aren\'t encrypted by default. Default encryption
-- is disabled for the bucket.
bucketServerSideEncryption_type :: Lens.Lens' BucketServerSideEncryption (Prelude.Maybe Type)
bucketServerSideEncryption_type = Lens.lens (\BucketServerSideEncryption' {type'} -> type') (\s@BucketServerSideEncryption' {} a -> s {type' = a} :: BucketServerSideEncryption)
instance Data.FromJSON BucketServerSideEncryption where
parseJSON =
Data.withObject
"BucketServerSideEncryption"
( \x ->
BucketServerSideEncryption'
Prelude.<$> (x Data..:? "kmsMasterKeyId")
Prelude.<*> (x Data..:? "type")
)
instance Prelude.Hashable BucketServerSideEncryption where
hashWithSalt _salt BucketServerSideEncryption' {..} =
_salt
`Prelude.hashWithSalt` kmsMasterKeyId
`Prelude.hashWithSalt` type'
instance Prelude.NFData BucketServerSideEncryption where
rnf BucketServerSideEncryption' {..} =
Prelude.rnf kmsMasterKeyId
`Prelude.seq` Prelude.rnf type'