Menu
I want to create a S3 and make it encryption at rest with AES256, but terraform complain that: * aws_s3_bucket.s3: : invalid or unknown key: server_side_encryption_configuration (see my code complained by terraform below)
What is wrong with server_side_encryption_configuration? isn't it supported? https://www.terraform.io/docs/providers/aws/r/s3_bucket.html
Anyway, how to have "encryption at rest with AES256" for S3 using terraform?
resource "aws_s3_bucket" "s3" {
bucket = "s3_bucket_name"
acl = "private"
force_destroy = true
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
}
761
Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3) As an additional safeguard, it encrypts the key itself with a root key that it regularly rotates. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256) GCM, to encrypt your data.
You can set the default encryption behavior on an Amazon S3 bucket so that all objects are encrypted when they are stored in the bucket. The objects are encrypted using server-side encryption with either Amazon S3-managed keys (SSE-S3) or AWS Key Management Service (AWS KMS) keys.
SSE-KMS is similar to SSE-S3 but comes with some additional benefits over SSE-S3. Unlike SSE-S3 you can create and manage encryption keys yourself or you can use a default CMK key that is unique to you for the service that is being used (S3 in this case) and the region you are working in.
You probably have an older version of the AWS provider plugin. To update it, run terraform init with the -upgrade flag set to true
terraform init -upgrade=true
90
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
