support enabling bucket key encryption

cloudposse · Jul 3, 2024 · f80ef6e · f80ef6e
1 parent 469f313
commit f80ef6e
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/main.tf b/main.tf
@@ -205,6 +205,8 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "default" {
     apply_server_side_encryption_by_default {
       sse_algorithm = "AES256"
     }
+
+    bucket_key_enabled = var.bucket_key_enabled
   }
 }
 

diff --git a/variables.tf b/variables.tf
@@ -206,3 +206,9 @@ variable "source_policy_documents" {
     Statement having SIDs that match policy SIDs generated by this module will override them.
     EOT
 }
+
+variable "bucket_key_enabled" {
+  type        = boolean
+  default     = false
+  description = "Eanble bucket key encryption, to reduce usage costs"
+}
-Original file line number
+Diff line change
@@ Expand Up @@
         apply_server_side_encryption_by_default {
           sse_algorithm = "AES256"
         }
+        bucket_key_enabled = var.bucket_key_enabled
       }
     }
@@ Expand Down @@