Add support S3 server side encryption with KMS.
* Example ``` terraform remote config \ -backend=s3 -backend-config="bucket=bucket-tfstate" -backend-config="key=terraform.tfstate" -backend-config="region=ap-northeast-1" -backend-config="encrypt=1" -backend-config="kmsKeyID=arn:aws:kms:ap-northeast-1:123456789:key/ac54dbd2-f301-42c1-bab9-88e6a84292a9" ```
This commit is contained in:
parent
8af27bfb95
commit
ba8f1fa1f0
|
@ -50,6 +50,7 @@ func s3Factory(conf map[string]string) (Client, error) {
|
|||
if raw, ok := conf["acl"]; ok {
|
||||
acl = raw
|
||||
}
|
||||
kmsKeyID := conf["kmsKeyID"]
|
||||
|
||||
accessKeyId := conf["access_key"]
|
||||
secretAccessKey := conf["secret_key"]
|
||||
|
@ -84,6 +85,7 @@ func s3Factory(conf map[string]string) (Client, error) {
|
|||
keyName: keyName,
|
||||
serverSideEncryption: serverSideEncryption,
|
||||
acl: acl,
|
||||
kmsKeyID: kmsKeyID,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
@ -93,6 +95,7 @@ type S3Client struct {
|
|||
keyName string
|
||||
serverSideEncryption bool
|
||||
acl string
|
||||
kmsKeyID string
|
||||
}
|
||||
|
||||
func (c *S3Client) Get() (*Payload, error) {
|
||||
|
@ -145,8 +148,13 @@ func (c *S3Client) Put(data []byte) error {
|
|||
}
|
||||
|
||||
if c.serverSideEncryption {
|
||||
if c.kmsKeyID != "" {
|
||||
i.SSEKMSKeyID = &c.kmsKeyID
|
||||
i.ServerSideEncryption = aws.String("aws:kms")
|
||||
} else {
|
||||
i.ServerSideEncryption = aws.String("AES256")
|
||||
}
|
||||
}
|
||||
|
||||
if c.acl != "" {
|
||||
i.ACL = aws.String(c.acl)
|
||||
|
|
Loading…
Reference in New Issue