diff --git a/terraform/aws/s3.tf b/terraform/aws/s3.tf index 0a0dbb1299..aa706c359b 100644 --- a/terraform/aws/s3.tf +++ b/terraform/aws/s3.tf @@ -20,6 +20,98 @@ resource "aws_s3_bucket" "data" { }) } + +resource "aws_s3_bucket_server_side_encryption_configuration" "data" { + bucket = aws_s3_bucket.data.bucket + + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "aws:kms" + } + } +} + + + +resource "aws_s3_bucket" "data_log_bucket" { + bucket = "data-log-bucket" +} + +resource "aws_s3_bucket_logging" "data" { + bucket = aws_s3_bucket.data.id + + target_bucket = aws_s3_bucket.data_log_bucket.id + target_prefix = "log/" +} + + +resource "aws_s3_bucket_versioning" "data" { + bucket = aws_s3_bucket.data.id + + versioning_configuration { + status = "Enabled" + } +} + + +resource "aws_s3_bucket_server_side_encryption_configuration" "data" { + bucket = aws_s3_bucket.data.bucket + + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "AES256" + } + } +} + + +resource "aws_s3_bucket_versioning" "data" { + bucket = aws_s3_bucket.data.id + versioning_configuration { + status = "Enabled" + } +} + +resource "aws_s3_bucket" "destination" { + bucket = aws_s3_bucket.data.id + versioning_configuration { + status = "Enabled" + } +} + +resource "aws_iam_role" "replication" { + name = "aws-iam-role" + assume_role_policy = <