Added s3 sse resource
Bit of a novel for you in case you were curious, but in TL;DR form, it's worked. There was no error, it was just not generating the encrypted credentials. I should say there was a 404 error when running the AWS CLI commands, due to the bucket object not existing - though the bucket existed, so I assume the problem popped up somewhere between vault initializing, encrypting & then sending the keys to S3. I was unable to properly diagnose it without any explicit error output, but after poking around I noticed a lot of the resources such as the EC2 instances, load balancers, etc - were still in a "Terminating" state while I was rerunning the terraform destroy/apply commands. I decided to wait a bit and try again.. Also learned that a full destroy isn't necessary in this type of scenario which is nice to know :) I cloned the repo again today and started from scratch, and it's worked now with the aws_s3_bucket_server_side_encryption_configuration resource! The S3 bucket properties now list default encryption as enabled and Server-side-encryption as Amazon S3-managed keys (SSE).
This commit is contained in:
parent
def3d07aa8
commit
9fa9948998
11
s3.tf
11
s3.tf
|
@ -7,6 +7,17 @@ resource "aws_s3_bucket" "vault_data" {
|
||||||
tags = merge({ "Project" = var.main_project_tag })
|
tags = merge({ "Project" = var.main_project_tag })
|
||||||
}
|
}
|
||||||
|
|
||||||
|
## S3 Server-side bucket encryption
|
||||||
|
resource "aws_s3_bucket_server_side_encryption_configuration" "vault_data_sse" {
|
||||||
|
bucket = aws_s3_bucket.vault_data.bucket
|
||||||
|
|
||||||
|
rule {
|
||||||
|
apply_server_side_encryption_by_default {
|
||||||
|
sse_algorithm = "AES256"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
## S3 Bucket Public Access Block
|
## S3 Bucket Public Access Block
|
||||||
resource "aws_s3_bucket_public_access_block" "vault_data" {
|
resource "aws_s3_bucket_public_access_block" "vault_data" {
|
||||||
bucket = aws_s3_bucket.vault_data.id
|
bucket = aws_s3_bucket.vault_data.id
|
||||||
|
|
Loading…
Reference in New Issue