42 lines
1009 B
HCL
Executable File
42 lines
1009 B
HCL
Executable File
# Criação da chave KMS para criptografia do bucket
|
|
resource "aws_kms_key" "dev_dejo_node" {
|
|
description = "KMS key to encrypt S3 bucket objects for ${local.base_name}"
|
|
deletion_window_in_days = 7
|
|
enable_key_rotation = true
|
|
|
|
tags = merge(
|
|
local.default_tags,
|
|
{
|
|
Name = "${local.base_name}-bucket-key"
|
|
}
|
|
)
|
|
}
|
|
|
|
# Alias para facilitar referência à chave KMS
|
|
resource "aws_kms_alias" "dev_dejo_node" {
|
|
name = local.kms_key_name
|
|
target_key_id = aws_kms_key.dev_dejo_node.key_id
|
|
}
|
|
|
|
# Bucket S3 criptografado com KMS
|
|
module "s3_bucket" {
|
|
source = "terraform-aws-modules/s3-bucket/aws"
|
|
version = "~> 4.0"
|
|
|
|
bucket = local.s3.bucket
|
|
# acl = local.s3.acl
|
|
versioning = local.s3.versioning
|
|
|
|
server_side_encryption_configuration = {
|
|
rule = {
|
|
apply_server_side_encryption_by_default = {
|
|
kms_master_key_id = aws_kms_key.dev_dejo_node.arn
|
|
sse_algorithm = "aws:kms"
|
|
}
|
|
}
|
|
}
|
|
|
|
tags = local.default_tags
|
|
}
|
|
|