From e4277991146de9a240e85566a65d1d576393f795 Mon Sep 17 00:00:00 2001 From: Joscha Nassenstein Date: Tue, 2 May 2023 11:42:55 +0200 Subject: [PATCH] Allow custom KMS key encryption for packages that are stored in s3 The aws_s3_object resource currently does not allow to specify to kms_key_id parameter to provide a custom KMS key ARN to use for encryption. A new variable "s3_kms_key_id" has been introduced to allow to specify it. --- main.tf | 1 + variables.tf | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/main.tf b/main.tf index 78ec8df3..cd0e295b 100644 --- a/main.tf +++ b/main.tf @@ -175,6 +175,7 @@ resource "aws_s3_object" "lambda_package" { storage_class = var.s3_object_storage_class server_side_encryption = var.s3_server_side_encryption + kms_key_id = var.s3_kms_key_id tags = var.s3_object_tags_only ? var.s3_object_tags : merge(var.tags, var.s3_object_tags) diff --git a/variables.tf b/variables.tf index a3215394..ad0541d7 100644 --- a/variables.tf +++ b/variables.tf @@ -678,6 +678,12 @@ variable "s3_server_side_encryption" { default = null } +variable "s3_kms_key_id" { + description = "Specifies a custom KMS key to use for S3 object encryption." + type = string + default = null +} + variable "source_path" { description = "The absolute path to a local file or directory containing your Lambda source code" type = any # string | list(string | map(any))