No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

missed this?
<https://www.pulumi.com/docs/reference/pkg/aws/s3/bucket/#enable-default-server-side-encryption>

Nope. That allows me to choose from KMS or AES256.

I went through input.ts, there is no overlap between the types in that area, and the types further down that allow S3.

And it all seems correct. There must be a completely different chunk of configuration for SSE-S3.

i believe it turns up as aes256, reading through some issues now:
<https://github.com/cloudposse/terraform-aws-lb-s3-bucket/issues/9#issuecomment-542656328>

<@U012UJTT55M> it looks like it you set server side by default and omit a key, it uses the S3 default keys

Oh. Ok. Docs, eh? Harder than picking paint colours for bathrooms..

```const myBucket = new aws.s3.Bucket(myBucketName, {
    serverSideEncryptionConfiguration: {
      rule: {
        applyServerSideEncryptionByDefault: {
          sseAlgorithm: "AES256",
        },
      },
    },
    lifecycleRules: [
      {
        enabled: true,
        expiration: {
          days: 3,
        },
      },
    ],
  });```
default encryption