From 4e0c04d8d3ef93792e4c54c218cb9cf548b385a9 Mon Sep 17 00:00:00 2001
From: bdeshi <bdeshi@bdeshi.space>
Date: Fri, 17 May 2024 08:13:04 +0600
Subject: [PATCH] iac: fix s3 bucket kms key id

---
 provider.aws.data.tf | 4 ++++
 provider.aws.s3.tf   | 5 +++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/provider.aws.data.tf b/provider.aws.data.tf
index f705fbe..9dc4517 100644
--- a/provider.aws.data.tf
+++ b/provider.aws.data.tf
@@ -1,5 +1,9 @@
 data "aws_caller_identity" "current" {}
 
+data "aws_kms_alias" "aws_s3" {
+  name = "alias/aws/s3"
+}
+
 data "aws_iam_policy_document" "s3_cloudfront_access" {
   statement {
     principals {
diff --git a/provider.aws.s3.tf b/provider.aws.s3.tf
index 86f41b4..b75dc7d 100644
--- a/provider.aws.s3.tf
+++ b/provider.aws.s3.tf
@@ -14,9 +14,10 @@ resource "aws_s3_bucket_public_access_block" "created" {
 resource "aws_s3_bucket_server_side_encryption_configuration" "created" {
   bucket = aws_s3_bucket.created.id
   rule {
+    bucket_key_enabled = true
     apply_server_side_encryption_by_default {
-      kms_master_key_id = "aws/s3"
-      sse_algorithm     = "aws:kms"
+      sse_algorithm = "AES256"
+      # kms_master_key_id = data.aws_kms_alias.aws_s3.arn
     }
   }
 }