From c6bd2a03d8952c6b49695e3924a5a85e2b479518 Mon Sep 17 00:00:00 2001 From: timburke-hackit Date: Mon, 16 Oct 2023 13:52:13 +0100 Subject: [PATCH] add sse for rds export bucket --- terraform/core/10-aws-s3-buckets.tf | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/terraform/core/10-aws-s3-buckets.tf b/terraform/core/10-aws-s3-buckets.tf index 09cf05b10..3f116508a 100644 --- a/terraform/core/10-aws-s3-buckets.tf +++ b/terraform/core/10-aws-s3-buckets.tf @@ -435,3 +435,14 @@ module "rds_export_storage" { bucket_name = "RDS Export Storage" bucket_identifier = "rds-export-storage" } + +resource "aws_s3_bucket_server_side_encryption_configuration" "rds_export_storage_encryption" { + bucket = module.rds_export_storage.bucket_id + + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "aws:kms" + } + bucket_key_enabled = true + } +}