Resource: aws_s3_bucket_server_side_encryption_configuration

Provides a S3 bucket server-side encryption configuration resource.

Example Usage

resource "aws_kms_key" "mykey" {
  description             = "This key is used to encrypt bucket objects"
  deletion_window_in_days = 10
}

resource "aws_s3_bucket" "mybucket" {
  bucket = "mybucket"
}

resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
  bucket = aws_s3_bucket.mybucket.id

  rule {
    apply_server_side_encryption_by_default {
      kms_master_key_id = aws_kms_key.mykey.arn
      sse_algorithm     = "aws:kms"
    }
  }
}

Argument Reference

This resource supports the following arguments:

rule

The rule configuration block supports the following arguments:

apply_server_side_encryption_by_default

The apply_server_side_encryption_by_default configuration block supports the following arguments:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Import

In Terraform v1.5.0 and later, use an import block to import S3 bucket server-side encryption configuration using the bucket or using the bucket and expected_bucket_owner separated by a comma (,). For example:

If the owner (account ID) of the source bucket is the same account used to configure the Terraform AWS Provider, import using the bucket:

import {
  to = aws_s3_bucket_server_side_encryption_configuration.example
  id = "bucket-name"
}

If the owner (account ID) of the source bucket differs from the account used to configure the Terraform AWS Provider, import using the bucket and expected_bucket_owner separated by a comma (,):

import {
  to = aws_s3_bucket_server_side_encryption_configuration.example
  id = "bucket-name,123456789012"
}

Using terraform import to import S3 bucket server-side encryption configuration using the bucket or using the bucket and expected_bucket_owner separated by a comma (,). For example:

If the owner (account ID) of the source bucket is the same account used to configure the Terraform AWS Provider, import using the bucket:

% terraform import aws_s3_bucket_server_side_encryption_configuration.example bucket-name

If the owner (account ID) of the source bucket differs from the account used to configure the Terraform AWS Provider, import using the bucket and expected_bucket_owner separated by a comma (,):

% terraform import aws_s3_bucket_server_side_encryption_configuration.example bucket-name,123456789012