SSE algorythm as variable

binbashar · Jul 29, 2024 · 8d820b4 · 8d820b4
1 parent ba95ee9
commit 8d820b4
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/main.tf b/main.tf
@@ -37,7 +37,7 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "default" {
   bucket = aws_s3_bucket.this.id
   rule {
     apply_server_side_encryption_by_default {
-      sse_algorithm = "AES256"
+      sse_algorithm = var.sse_algorithm
     }
   }
 }

diff --git a/variables.tf b/variables.tf
@@ -61,3 +61,13 @@ variable "enable_versioning" {
     error_message = "Wrong state. Available only: Enabled, Disabled or Suspended"
   }
 }
+
+variable "sse_algorithm" {
+  description = "Server-side encryption algorythm"
+  type        = string
+  default     = "AES256"
+  validation {
+    condition     = can(regex("^(AES256|aws:kms)$", var.sse_algorithm))
+    error_message = "Wrong SSE algorythm. Available only: AES256 or aws:kms"
+  }
+}