Skip to content

Commit

Permalink
Split server_side_encryption for s3 bucket into its own resource (#125)
Browse files Browse the repository at this point in the history
  • Loading branch information
@gregeinfrank
gregeinfrank authored Nov 11, 2022
1 parent 97e6e7b commit 17feed6
Showing 1 changed file with 11 additions and 2 deletions.
13 changes: 11 additions & 2 deletions terraform/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -343,12 +343,21 @@ terraform {

resource "aws_s3_bucket" "api_key_bucket" {
bucket = var.api_key_s3_bucket_name
server_side_encryption_configuration {

# See: https://github.com/hashicorp/terraform-provider-aws/issues/23106#issuecomment-1099401600
lifecycle {
ignore_changes = [
server_side_encryption_configuration
]
}
}

resource "aws_s3_bucket_server_side_encryption_configuration" "api_key_bucket_server_side_encryption_configuration" {
bucket = aws_s3_bucket.api_key_bucket.bucket
rule {
apply_server_side_encryption_by_default {
kms_master_key_id = aws_kms_key.api_encryption_key.arn
sse_algorithm = "aws:kms"
}
}
}
}

0 comments on commit 17feed6

Please sign in to comment.