From b5beb9f11dec28054f7072d96d035e8cc1393730 Mon Sep 17 00:00:00 2001
From: Allison Doami <adoami@chanzuckerberg.com>
Date: Fri, 22 Mar 2024 15:56:22 -0700
Subject: [PATCH] feat: Add kms_encryption variable to cloudfront logs bucket

---
 aws-cloudfront-logs-bucket/main.tf      | 1 +
 aws-cloudfront-logs-bucket/variables.tf | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/aws-cloudfront-logs-bucket/main.tf b/aws-cloudfront-logs-bucket/main.tf
index 9ad3f2db..063822a9 100644
--- a/aws-cloudfront-logs-bucket/main.tf
+++ b/aws-cloudfront-logs-bucket/main.tf
@@ -12,6 +12,7 @@ module "aws-cloudfront-logs-bucket" {
   abort_incomplete_multipart_upload_days = var.abort_incomplete_multipart_upload_days
   public_access_block                    = var.public_access_block
   lifecycle_rules                        = var.lifecycle_rules
+  kms_encryption                         = var.kms_encryption
 }
 
 resource "aws_s3_bucket_ownership_controls" "cloudfront-owner-preferred" {
diff --git a/aws-cloudfront-logs-bucket/variables.tf b/aws-cloudfront-logs-bucket/variables.tf
index a4e282f8..0303bf01 100755
--- a/aws-cloudfront-logs-bucket/variables.tf
+++ b/aws-cloudfront-logs-bucket/variables.tf
@@ -62,3 +62,8 @@ variable "public_access_block" {
   type    = bool
   default = true
 }
+
+variable "kms_encryption" {
+  type = bool
+  default = false
+}