https://pulumi.com logo
Title
l

little-cartoon-10569

05/11/2021, 2:13 AM
How do I set up an S3 bucket to use SSE-S3 encryption? Apparently it's a requirement for ALB access logs. I can see how to do it in the console, but neither TF nor Pulumi docs are enlightening me....
l

little-cartoon-10569

05/11/2021, 2:18 AM
Nope. That allows me to choose from KMS or AES256.
I want S3.
I went through input.ts, there is no overlap between the types in that area, and the types further down that allow S3.
And it all seems correct. There must be a completely different chunk of configuration for SSE-S3.
b

billowy-army-68599

05/11/2021, 2:20 AM
i believe it turns up as aes256, reading through some issues now: https://github.com/cloudposse/terraform-aws-lb-s3-bucket/issues/9#issuecomment-542656328
@little-cartoon-10569 it looks like it you set server side by default and omit a key, it uses the S3 default keys
I'll try turn this into a snippet
l

little-cartoon-10569

05/11/2021, 2:24 AM
Oh. Ok. Docs, eh? Harder than picking paint colours for bathrooms..
b

brief-ram-15160

05/11/2021, 7:05 AM
const myBucket = new aws.s3.Bucket(myBucketName, {
    serverSideEncryptionConfiguration: {
      rule: {
        applyServerSideEncryptionByDefault: {
          sseAlgorithm: "AES256",
        },
      },
    },
    lifecycleRules: [
      {
        enabled: true,
        expiration: {
          days: 3,
        },
      },
    ],
  });
default encryption