Merge pull request #2 from QuiNovas/develop

Added server-side encryption

Author: joseph-wortmann

main.tf

@@ -1,21 +1,27 @@
 resource "aws_s3_bucket" "log" {
-  bucket  = "${var.name_prefix}-log"
   acl     = "log-delivery-write"
+  bucket  = "${var.name_prefix}-log"
   lifecycle {
     prevent_destroy = true
   }
   lifecycle_rule {
     id      = "log"
-    prefix  = "/"
     enabled = true
 
     transition {
-      days = 30
+      days          = "${var.transition_to_glacier}"
       storage_class = "GLACIER"
     }
 
     expiration {
-      days = 2555
+      days = "${var.expiration}"
+    }
+  }
+  server_side_encryption_configuration {
+    rule {
+      apply_server_side_encryption_by_default {
+        sse_algorithm = "AES256"
+      }
     }
   }
 }

variables.tf

@@ -1,4 +1,16 @@
+variable "expiration" {
+  default     = 2555
+  description = "The number of days to wait before expiring an object"
+  type        = "string"
+}
+
 variable "name_prefix" {
   description = "The name prefix to use when creating resource names"
   type        = "string"
+}
+
+variable "transition_to_glacier" {
+  default     = 30
+  description = "The number of days to wait before transitioning an object to Glacier"
+  type        = "string"
 }