ResiLien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support S3 server side encryption with KMS. 

* Example

```
terraform remote config \
  -backend=s3
  -backend-config="bucket=bucket-tfstate"
  -backend-config="key=terraform.tfstate"
  -backend-config="region=ap-northeast-1"
  -backend-config="encrypt=1"
  -backend-config="kmsKeyID=arn:aws:kms:ap-northeast-1:123456789:key/ac54dbd2-f301-42c1-bab9-88e6a84292a9"
```
This commit is contained in:
Kazunori Kojima 2015-07-31 16:09:28 +09:00
parent 8af27bfb95
commit ba8f1fa1f0
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
state/remote/s3.go
View File

@ -50,6 +50,7 @@ func s3Factory(conf map[string]string) (Client, error) {
if raw, ok := conf["acl"]; ok {
acl = raw
}
kmsKeyID := conf["kmsKeyID"]
accessKeyId := conf["access_key"]
secretAccessKey := conf["secret_key"]
@ -84,6 +85,7 @@ func s3Factory(conf map[string]string) (Client, error) {
keyName: keyName,
serverSideEncryption: serverSideEncryption,
acl: acl,
kmsKeyID: kmsKeyID,
}, nil
}
@ -93,6 +95,7 @@ type S3Client struct {
keyName string
serverSideEncryption bool
acl string
kmsKeyID string
}
func (c *S3Client) Get() (*Payload, error) {
@ -145,7 +148,12 @@ func (c *S3Client) Put(data []byte) error {
}
if c.serverSideEncryption {
i.ServerSideEncryption = aws.String("AES256")
if c.kmsKeyID != "" {
i.SSEKMSKeyID = &c.kmsKeyID
i.ServerSideEncryption = aws.String("aws:kms")
} else {
i.ServerSideEncryption = aws.String("AES256")
}
}
if c.acl != "" {