Configuring Encryption for Specific Buckets
S3A's per-bucket configuration mechanism can be used to configure the encryption mechanism and credentials for specific buckets.
For example, to access the bucket called "production" using SSE-KMS with the key ID
arn:aws:kms:us-west-2:360379543683:key/071a86ff-8881-4ba0-9230-95af6d01ca01
,
the settings are as
follows:<property>
<name>fs.s3a.bucket.production.server-side-encryption-algorithm</name>
<value>SSE-KMS</value>
</property>
<property>
<name>fs.s3a.bucket.production.server-side-encryption.key</name>
<value>arn:aws:kms:us-west-2:360379543683:key/071a86ff-8881-4ba0-9230-95af6d01ca01</value>
</property>