iac: fix s3 bucket kms key id
This commit is contained in:
parent
3311921b89
commit
4e0c04d8d3
|
@ -1,5 +1,9 @@
|
|||
data "aws_caller_identity" "current" {}
|
||||
|
||||
data "aws_kms_alias" "aws_s3" {
|
||||
name = "alias/aws/s3"
|
||||
}
|
||||
|
||||
data "aws_iam_policy_document" "s3_cloudfront_access" {
|
||||
statement {
|
||||
principals {
|
||||
|
|
|
@ -14,9 +14,10 @@ resource "aws_s3_bucket_public_access_block" "created" {
|
|||
resource "aws_s3_bucket_server_side_encryption_configuration" "created" {
|
||||
bucket = aws_s3_bucket.created.id
|
||||
rule {
|
||||
bucket_key_enabled = true
|
||||
apply_server_side_encryption_by_default {
|
||||
kms_master_key_id = "aws/s3"
|
||||
sse_algorithm = "aws:kms"
|
||||
sse_algorithm = "AES256"
|
||||
# kms_master_key_id = data.aws_kms_alias.aws_s3.arn
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user