Skip to content
This repository has been archived by the owner on Sep 27, 2024. It is now read-only.

Commit

Permalink
BATIAI-1194 - Add variable for server-side encryption (#5)
Browse files Browse the repository at this point in the history 
Adds variable for server-side encryption so that AES256 can be specified when ADOs request it instead of aws:kms.
  • Loading branch information
@CollectiveUnicorn
CollectiveUnicorn authored Feb 1, 2023
1 parent e9cedf6 commit d13cb27
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 1 deletion.
2 changes: 1 addition & 1 deletion main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "bucket" {
rule {
apply_server_side_encryption_by_default {
kms_master_key_id = var.s3_bucket_kms_key_id
sse_algorithm = "aws:kms"
sse_algorithm = var.sse_algorithm
}
}
}
6 changes: 6 additions & 0 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,3 +17,9 @@ variable "s3_bucket_kms_key_id" {
default = null
description = "KMS Key used to encrypt s3 buckets. Defaults to null, which uses default aws/s3 key"
}

variable "sse_algorithm" {
type = string
default = "aws:kms"
description = "The server-side encryption algorithm to use. Valid values are AES256 and aws:kms, defaults to aws:kms."
}

0 comments on commit d13cb27

Please sign in to comment.