Skip to content

Commit

Permalink
Allow custom KMS key encryption for packages that are stored in s3
Browse files Browse the repository at this point in the history
The aws_s3_object resource currently does not allow to specify to kms_key_id parameter to provide a custom KMS key ARN to use for encryption. A new variable "s3_kms_key_id" has been introduced to allow to specify it.
  • Loading branch information
joschna committed Oct 20, 2023
1 parent e2500c0 commit e427799
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 0 deletions.
1 change: 1 addition & 0 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -175,6 +175,7 @@ resource "aws_s3_object" "lambda_package" {
storage_class = var.s3_object_storage_class

server_side_encryption = var.s3_server_side_encryption
kms_key_id = var.s3_kms_key_id

tags = var.s3_object_tags_only ? var.s3_object_tags : merge(var.tags, var.s3_object_tags)

Expand Down
6 changes: 6 additions & 0 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -678,6 +678,12 @@ variable "s3_server_side_encryption" {
default = null
}

variable "s3_kms_key_id" {
description = "Specifies a custom KMS key to use for S3 object encryption."
type = string
default = null
}

variable "source_path" {
description = "The absolute path to a local file or directory containing your Lambda source code"
type = any # string | list(string | map(any))
Expand Down

0 comments on commit e427799

Please sign in to comment.