How to encrypt S3 bucket using Terraform

Question

I am trying to create encrypted S3 bucket. After I execute terraform apply, it all looks good, but when I look at the bucket in the AWS Console, it's not encrypted. I am also aware of the previous question.

Here is my terraform version:

Terraform v0.11.13
+ provider.aws v2.2.0

Here is my tf file:

resource "aws_s3_bucket" "test-tf-enc" {
  bucket = "test-tf-enc"
  acl    = "private"

  tags {
    Name = "test-tf-enc"
  }

  server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        sse_algorithm = "AES256"
      }
    }
  }
}

This is the output after I execute the command:

aws_s3_bucket.test-tf-enc: Creating...
  acceleration_status:                                                                                   "" => "<computed>"
  acl:                                                                                                   "" => "private"
  arn:                                                                                                   "" => "<computed>"
  bucket:                                                                                                "" => "test-tf-enc"
  bucket_domain_name:                                                                                    "" => "<computed>"
  bucket_regional_domain_name:                                                                           "" => "<computed>"
  force_destroy:                                                                                         "" => "false"
  hosted_zone_id:                                                                                        "" => "<computed>"
  region:                                                                                                "" => "<computed>"
  request_payer:                                                                                         "" => "<computed>"
  server_side_encryption_configuration.#:                                                                "" => "1"
  server_side_encryption_configuration.0.rule.#:                                                         "" => "1"
  server_side_encryption_configuration.0.rule.0.apply_server_side_encryption_by_default.#:               "" => "1"
  server_side_encryption_configuration.0.rule.0.apply_server_side_encryption_by_default.0.sse_algorithm: "" => "AES256"
  tags.%:                                                                                                "" => "1"
  tags.Name:                                                                                             "" => "test-tf-enc"
  versioning.#:                                                                                          "" => "<computed>"
  website_domain:                                                                                        "" => "<computed>"
  website_endpoint:                                                                                      "" => "<computed>"
aws_s3_bucket.test-tf-enc: Still creating... (10s elapsed)
aws_s3_bucket.test-tf-enc: Creation complete after 10s (ID: test-tf-enc)

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Answer 1

Works as expected. Using different user without sufficient permissions to validate operation through UI in AWS Management Console resulted in the confusion. Insufficient permissions message in UI only visible after expanding the Encryption pane.
Use aws cli for troubleshooting to reduce the problem surface.