From f80ef6efaa6cf61e06edd87653efa65da4312b86 Mon Sep 17 00:00:00 2001
From: Tiago Posse <tiago.posse@avafin.com>
Date: Wed, 3 Jul 2024 09:12:55 +0200
Subject: [PATCH] support enabling bucket key encryption

---
 main.tf      | 2 ++
 variables.tf | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/main.tf b/main.tf
index 6ad19f0..ea7fcf3 100644
--- a/main.tf
+++ b/main.tf
@@ -205,6 +205,8 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "default" {
     apply_server_side_encryption_by_default {
       sse_algorithm = "AES256"
     }
+
+    bucket_key_enabled = var.bucket_key_enabled
   }
 }
 
diff --git a/variables.tf b/variables.tf
index 59925a9..8d23f00 100644
--- a/variables.tf
+++ b/variables.tf
@@ -206,3 +206,9 @@ variable "source_policy_documents" {
     Statement having SIDs that match policy SIDs generated by this module will override them.
     EOT
 }
+
+variable "bucket_key_enabled" {
+  type        = boolean
+  default     = false
+  description = "Eanble bucket key encryption, to reduce usage costs"
+}