Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

terraform s3 remote state file auto encryption

Tags:

amazon-s3

encryption

terraform

I have a terraform backend remote state hosted on S3. I didn't set the encryption on the object level manually and didn't set anything on the S3 bucket level. My S3 bucket Default encryption is set to None

Wonder why the terraform state file is encrypted with Server-side encryption AES-256 by default?

Please advise.

like image 908
Qwerty Avatar asked Oct 20 '25 08:10

Qwerty

1 Answers

Default encryption for the bucket is not enabled, but it looks like you enabled encryption for your AWS backend.

terraform {
  backend "s3" {
    bucket  = "THE_NAME_OF_THE_STATE_BUCKET"
    key     = "some_environment/terraform.tfstate"
    region  = "us-east-1"
    encrypt = true
    kms_key_id = "THE_ID_OF_THE_KMS_KEY"
  }

If kms_key_id is not specified and encrypt = true, Terraform uses SSE-S3 (AES-256) by default. As a result, the state file is encrypted with AES-256.

like image 157
Vikyol Avatar answered Oct 23 '25 01:10

Vikyol
Sign in to Comment

Related questions

How to save images for React application
Name resolution failure attempting to reach service in region eu-west-1

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!