support enabling bucket key encryption

cloudposse · Jul 8, 2024 · fc16dce · fc16dce
1 parent 01232bd
commit fc16dce
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/main.tf b/main.tf
@@ -206,6 +206,8 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "default" {
       sse_algorithm     = var.sse_encryption
       kms_master_key_id = var.kms_master_key_id
     }
+
+    bucket_key_enabled = var.bucket_key_enabled
   }
 }
 

diff --git a/variables.tf b/variables.tf
@@ -224,3 +224,9 @@ variable "kms_master_key_id" {
     This can only be used when you set the value of sse_algorithm as aws:kms.
     EOT
 }
+
+variable "bucket_key_enabled" {
+  type        = boolean
+  default     = false
+  description = "Enable bucket key encryption, to reduce usage costs"
+}
-Original file line number
+Diff line change
@@ Expand Up @@
           sse_algorithm     = var.sse_encryption
           kms_master_key_id = var.kms_master_key_id
         }
+        bucket_key_enabled = var.bucket_key_enabled
       }
     }
@@ Expand Down @@