diff --git a/main.tf b/main.tf
index f9bd706..448e66e 100644
--- a/main.tf
+++ b/main.tf
@@ -91,7 +91,7 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "bucket" {
   rule {
     apply_server_side_encryption_by_default {
       kms_master_key_id = var.s3_bucket_kms_key_id
-      sse_algorithm     = "aws:kms"
+      sse_algorithm     = var.sse_algorithm
     }
   }
 }
diff --git a/variables.tf b/variables.tf
index bfc8924..fb42d38 100644
--- a/variables.tf
+++ b/variables.tf
@@ -17,3 +17,9 @@ variable "s3_bucket_kms_key_id" {
   default     = null
   description = "KMS Key used to encrypt s3 buckets.  Defaults to null, which uses default aws/s3 key"
 }
+
+variable "sse_algorithm" {
+  type        = string
+  default     = "aws:kms"
+  description = "The server-side encryption algorithm to use. Valid values are AES256 and aws:kms, defaults to aws:kms."
+}