Added s3 sse resource

Bit of a novel for you in case you were curious, but in TL;DR form, it's worked.

There was no error, it was just not generating the encrypted credentials. I should say there was a 404 error when running the AWS CLI commands, due to the bucket object not existing - though the bucket existed, so I assume the problem popped up somewhere between vault initializing, encrypting & then sending the keys to S3. 

I was unable to properly diagnose it without any explicit error output, but after poking around I noticed a lot of the resources such as the EC2 instances, load balancers, etc - were still in a "Terminating" state while I was rerunning the terraform destroy/apply commands. I decided to wait a bit and try again.. Also learned that a full destroy isn't necessary in this type of scenario which is nice to know :)

I cloned the repo again today and started from scratch, and it's worked now with the aws_s3_bucket_server_side_encryption_configuration resource! The S3 bucket properties now list default encryption as enabled and Server-side-encryption as Amazon S3-managed keys (SSE).

s3.tf

@@ -7,6 +7,17 @@ resource "aws_s3_bucket" "vault_data" {
   tags = merge({ "Project" = var.main_project_tag })
 }
 
+## S3 Server-side bucket encryption
+resource "aws_s3_bucket_server_side_encryption_configuration" "vault_data_sse" {
+  bucket = aws_s3_bucket.vault_data.bucket
+
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm     = "AES256"
+    }
+  }
+}
+
 ## S3 Bucket Public Access Block
 resource "aws_s3_bucket_public_access_block" "vault_data" {
   bucket = aws_s3_bucket.vault_data.id