Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to encrypt S3 bucket using Terraform

I am trying to create encrypted S3 bucket. After I execute terraform apply, it all looks good, but when I look at the bucket in the AWS Console, it's not encrypted. I am also aware of the previous question.

Here is my terraform version:

Terraform v0.11.13
+ provider.aws v2.2.0

Here is my tf file:

resource "aws_s3_bucket" "test-tf-enc" {
  bucket = "test-tf-enc"
  acl    = "private"

  tags {
    Name = "test-tf-enc"
  }

  server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        sse_algorithm = "AES256"
      }
    }
  }
}

This is the output after I execute the command:

aws_s3_bucket.test-tf-enc: Creating...
  acceleration_status:                                                                                   "" => "<computed>"
  acl:                                                                                                   "" => "private"
  arn:                                                                                                   "" => "<computed>"
  bucket:                                                                                                "" => "test-tf-enc"
  bucket_domain_name:                                                                                    "" => "<computed>"
  bucket_regional_domain_name:                                                                           "" => "<computed>"
  force_destroy:                                                                                         "" => "false"
  hosted_zone_id:                                                                                        "" => "<computed>"
  region:                                                                                                "" => "<computed>"
  request_payer:                                                                                         "" => "<computed>"
  server_side_encryption_configuration.#:                                                                "" => "1"
  server_side_encryption_configuration.0.rule.#:                                                         "" => "1"
  server_side_encryption_configuration.0.rule.0.apply_server_side_encryption_by_default.#:               "" => "1"
  server_side_encryption_configuration.0.rule.0.apply_server_side_encryption_by_default.0.sse_algorithm: "" => "AES256"
  tags.%:                                                                                                "" => "1"
  tags.Name:                                                                                             "" => "test-tf-enc"
  versioning.#:                                                                                          "" => "<computed>"
  website_domain:                                                                                        "" => "<computed>"
  website_endpoint:                                                                                      "" => "<computed>"
aws_s3_bucket.test-tf-enc: Still creating... (10s elapsed)
aws_s3_bucket.test-tf-enc: Creation complete after 10s (ID: test-tf-enc)

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
like image 466
Dan Avatar asked Mar 18 '19 23:03

Dan


1 Answers

Works as expected. Using different user without sufficient permissions to validate operation through UI in AWS Management Console resulted in the confusion. Insufficient permissions message in UI only visible after expanding the Encryption pane.
Use aws cli for troubleshooting to reduce the problem surface.

like image 111
Dan Avatar answered Nov 01 '22 03:11

Dan