CI-CD dejo node

infrastructure/terraform/dev/s3.tf

@@ -0,0 +1,41 @@
+# Criação da chave KMS para criptografia do bucket
+resource "aws_kms_key" "dev_dejo_node" {
+  description             = "KMS key to encrypt S3 bucket objects for ${local.base_name}"
+  deletion_window_in_days = 7
+  enable_key_rotation     = true
+
+  tags = merge(
+    local.default_tags,
+    {
+      Name = "${local.base_name}-bucket-key"
+    }
+  )
+}
+
+# Alias para facilitar referência à chave KMS
+resource "aws_kms_alias" "dev_dejo_node" {
+  name          = local.kms_key_name
+  target_key_id = aws_kms_key.dev_dejo_node.key_id
+}
+
+# Bucket S3 criptografado com KMS
+module "s3_bucket" {
+  source  = "terraform-aws-modules/s3-bucket/aws"
+  version = "~> 4.0"
+
+  bucket     = local.s3.bucket
+#  acl        = local.s3.acl
+  versioning = local.s3.versioning
+
+  server_side_encryption_configuration = {
+    rule = {
+      apply_server_side_encryption_by_default = {
+        kms_master_key_id = aws_kms_key.dev_dejo_node.arn
+        sse_algorithm     = "aws:kms"
+      }
+    }
+  }
+
+  tags = local.default_tags
+}
+