Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
package-authoring
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
l
little-cartoon-10569
05/11/2021, 2:13 AMHow do I set up an S3 bucket to use SSE-S3 encryption? Apparently it's a requirement for ALB access logs. I can see how to do it in the console, but neither TF nor Pulumi docs are enlightening me....
b
billowy-army-68599
05/11/2021, 2:17 AMl
little-cartoon-10569
05/11/2021, 2:18 AMNope. That allows me to choose from KMS or AES256.
I want S3.
I went through input.ts, there is no overlap between the types in that area, and the types further down that allow S3.
And it all seems correct. There must be a completely different chunk of configuration for SSE-S3.
b
billowy-army-68599
05/11/2021, 2:20 AMi believe it turns up as aes256, reading through some issues now:
https://github.com/cloudposse/terraform-aws-lb-s3-bucket/issues/9#issuecomment-542656328
@little-cartoon-10569 it looks like it you set server side by default and omit a key, it uses the S3 default keys
I'll try turn this into a snippet
l
little-cartoon-10569
05/11/2021, 2:24 AMOh. Ok. Docs, eh? Harder than picking paint colours for bathrooms..
b
brief-ram-15160
05/11/2021, 7:05 AMconst myBucket = new aws.s3.Bucket(myBucketName, {
serverSideEncryptionConfiguration: {
rule: {
applyServerSideEncryptionByDefault: {
sseAlgorithm: "AES256",
},
},
},
lifecycleRules: [
{
enabled: true,
expiration: {
days: 3,
},
},
],
});