Add SSE-S3 encryption support for S3 inventory

[danielwhite]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

The AWS Golang SDK is unable to construct a valid request for creating or updating an S3 inventory configuration with SSE-S3 encryption enabled.

When fixed, the following should no longer occur when trying to create or import S3 inventory resources:

$ terraform apply
* aws_s3_bucket_inventory.sse_s3: Error putting S3 bucket inventory configuration: MalformedXML: The XML you provided was not well-formed or did not validate against our published schema

$ terraform import aws_s3_bucket_inventory.encrypt_sse_s3
* import aws_s3_bucket_inventory.encrypt_sse_s3 result: my-test-bucket:SSE-S3: aws_s3_bucket_inventory.encrypt_sse_s3: sse_s3 encryption is unsupported

The test suite currently ignores the case of SSE-S3 until the underlying issue is resolved:

make testacc TEST=./aws TESTARGS='-run=TestAccAWSS3BucketInventory'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -run=TestAccAWSS3BucketInventory -timeout 120m
[ ... ]
=== RUN   TestAccAWSS3BucketInventory_encryptWithSSES3
--- SKIP: TestAccAWSS3BucketInventory_encryptWithSSES3 (0.00s)
	resource_aws_s3_bucket_inventory_test.go:63: SSE-S3 is not supported by the SDK.
[ ... ]

New or Affected Resource(s)

• aws_s3_bucket_inventory

Potential Terraform Configuration

resource "aws_s3_bucket" "bucket" {
  bucket = "my-test-bucket"
  acl    = "private"
}

resource "aws_s3_bucket_inventory" "sse_s3" {
  bucket = "${aws_s3_bucket.bucket.id}"
  name   = "SSE-S3"

  included_object_versions = "Current"

  schedule {
    frequency = "Daily"
  }

  destination {
    bucket {
      format = "CSV"
      bucket_arn = "${aws_s3_bucket.bucket.arn}"

      encryption {
        sse_s3 {}
      }
    }
  }
}

References

• Original limited feature: Add AWS S3 inventory configuration support #532 (comment)
• Underlying SDK issue: Cannot create S3 bucket inventory with SSE-S3 encryption aws/aws-sdk-go#2015

[bflad]

Looks like this was fixed in v1.15.2 of the AWS Go SDK -- I removed the error handling, which will be released in version 1.37.0 of the AWS provider, likely middle of next week.

[bflad]

This has been released in version 1.37.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!