From 24d2d46d9cc8201aa4cb7817d51b8758976dd13c Mon Sep 17 00:00:00 2001
From: Mark Solters <solters@arcesium.com>
Date: Wed, 27 Mar 2024 23:59:44 -0400
Subject: [PATCH] Document S3 server_side_encryption

Document a new parameter for the S3 output, server_side_encryption.

Signed-off-by: Mark Solters <solters@arcesium.com>
---
 pipeline/outputs/s3.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pipeline/outputs/s3.md b/pipeline/outputs/s3.md
index 469123d87..90fb6218c 100644
--- a/pipeline/outputs/s3.md
+++ b/pipeline/outputs/s3.md
@@ -41,6 +41,7 @@ See [here](https://github.com/fluent/fluent-bit-docs/tree/43c4fe134611da471e706b
 | profile                          | Option to specify an AWS Profile for credentials.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | default                                 |
 | canned\_acl                      | [Predefined Canned ACL policy](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) for S3 objects.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | None                                    |
 | compression                      | Compression type for S3 objects. 'gzip' is currently the only supported value by default. If Apache Arrow support was enabled at compile time, you can also use 'arrow'. For gzip compression, the Content-Encoding HTTP Header will be set to 'gzip'. Gzip compression can be enabled when `use_put_object` is 'on' or 'off' (PutObject and Multipart). Arrow compression can only be enabled with `use_put_object On`.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | None                                    |
+| server\_side\_encryption         | Server-side encryption scheme to use.  'AES256' or 'aws:kms' [are the only supported values](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html#API_PutObject_ResponseSyntax).  No server-side encryption is the default.
 | content\_type                    | A standard MIME type for the S3 object; this will be set as the Content-Type HTTP header.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | None                                    |
 | send\_content\_md5               | Send the Content-MD5 header with PutObject and UploadPart requests, as is required when Object Lock is enabled.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | false                                   |
 | auto\_retry\_requests            | Immediately retry failed requests to AWS services once. This option does not affect the normal Fluent Bit retry mechanism with backoff. Instead, it enables an immediate retry with no delay for networking errors, which may help improve throughput when there are transient/random networking issues.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | true                                    |