diff --git a/CHANGELOG.md b/CHANGELOG.md
index 43ec1ac..d45745a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -268,3 +268,7 @@
* 2.4.2 -- 2023-05-22
- iam-general-policies
- update cloudforms_ami to empty in EW (as we have no keys defined)
+
+* 2.4.3 -- 2023-06-23
+ - terraform-tate
+ - add bucket_key_enabled (false) to enable bucket keys
diff --git a/common/version.tf b/common/version.tf
index 930d737..31e4b38 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,3 +1,3 @@
locals {
- _module_version = "2.4.2"
+ _module_version = "2.4.3"
}
diff --git a/terraform-state/README.md b/terraform-state/README.md
index b009967..1cdcd16 100644
--- a/terraform-state/README.md
+++ b/terraform-state/README.md
@@ -103,6 +103,7 @@ No modules.
|------|-------------|------|---------|:--------:|
| [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
| [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
+| [bucket\_key\_enabled](#input\_bucket\_key\_enabled) | Enable or disable the use of S3 Bucket Keys (see AWS documetnation at https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html). | `bool` | `false` | no |
| [component\_tags](#input\_component\_tags) | Additional tags for Components (s3, kms, ddb) | `map(map(string))` | {
"ddb": {},
"kms": {},
"s3": {}
} | no |
| [kms\_tfstate\_key](#input\_kms\_tfstate\_key) | Terraform remote state KMS key alias | `string` | `"k-kms-inf-tfstate"` | no |
| [name](#input\_name) | Name suffix to use for policies, roles and groups (default: inf-terraform) | `string` | `"inf-terraform"` | no |
diff --git a/terraform-state/main.tf b/terraform-state/main.tf
index cc8c9ca..84558df 100644
--- a/terraform-state/main.tf
+++ b/terraform-state/main.tf
@@ -147,6 +147,7 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "tfstate" {
sse_algorithm = "aws:kms"
}
}
+ bucket_key_enabled = var.bucket_key_enabled
}
resource "aws_s3_bucket_ownership_controls" "tfstate" {
diff --git a/terraform-state/variables.tf b/terraform-state/variables.tf
index aaa5218..32de381 100644
--- a/terraform-state/variables.tf
+++ b/terraform-state/variables.tf
@@ -54,3 +54,9 @@ variable "name" {
type = string
default = "inf-terraform"
}
+
+variable "bucket_key_enabled" {
+ description = "Enable or disable the use of S3 Bucket Keys (see AWS documetnation at https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html)."
+ type = bool
+ default = false
+}