Add S3 bucket encryptation

deploy/aws/pre-build/bucket.tf

@@ -8,6 +8,10 @@ provider "aws" {
   profile = "${var.aws_profile}"
 }
 
+resource "aws_kms_key" "bucket-key" {
+  description             = "This key is used to encrypt bucket objects"
+  deletion_window_in_days = 10
+}
 resource "aws_s3_bucket" "terraform-qed-cluster" {
     bucket = "terraform-qed-cluster"
 
@@ -18,7 +22,15 @@ resource "aws_s3_bucket" "terraform-qed-cluster" {
     lifecycle {
       prevent_destroy = true
     }
-
+
+    server_side_encryption_configuration {
+    rule {
+      apply_server_side_encryption_by_default {
+        kms_master_key_id = "${aws_kms_key.bucket-key.arn}"
+        sse_algorithm     = "aws:kms"
+      }
+    }
+  }
     tags {
       Name = "S3 Remote Terraform State Store"
     }