From 5ed2ea1b7fd4f20f54ef93fe11b9c97dad031cb6 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Fri, 23 Jun 2023 14:00:39 -0400
Subject: [PATCH] - terraform-tate   - add bucket_key_enabled (false) to enable
 bucket keys

---
 CHANGELOG.md                 | 4 ++++
 common/version.tf            | 2 +-
 terraform-state/README.md    | 1 +
 terraform-state/main.tf      | 1 +
 terraform-state/variables.tf | 6 ++++++
 5 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 43ec1ac..d45745a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -268,3 +268,7 @@
 * 2.4.2 -- 2023-05-22
   - iam-general-policies
     - update cloudforms_ami to empty in EW (as we have no keys defined)
+
+* 2.4.3 -- 2023-06-23
+  - terraform-tate
+    - add bucket_key_enabled (false) to enable bucket keys
diff --git a/common/version.tf b/common/version.tf
index 930d737..31e4b38 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "2.4.2"
+  _module_version = "2.4.3"
 }
diff --git a/terraform-state/README.md b/terraform-state/README.md
index b009967..1cdcd16 100644
--- a/terraform-state/README.md
+++ b/terraform-state/README.md
@@ -103,6 +103,7 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
 | <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
+| <a name="input_bucket_key_enabled"></a> [bucket\_key\_enabled](#input\_bucket\_key\_enabled) | Enable or disable the use of S3 Bucket Keys (see AWS documetnation at https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html). | `bool` | `false` | no |
 | <a name="input_component_tags"></a> [component\_tags](#input\_component\_tags) | Additional tags for Components (s3, kms, ddb) | `map(map(string))` | <pre>{<br>  "ddb": {},<br>  "kms": {},<br>  "s3": {}<br>}</pre> | no |
 | <a name="input_kms_tfstate_key"></a> [kms\_tfstate\_key](#input\_kms\_tfstate\_key) | Terraform remote state KMS key alias | `string` | `"k-kms-inf-tfstate"` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name suffix to use for policies, roles and groups (default: inf-terraform) | `string` | `"inf-terraform"` | no |
diff --git a/terraform-state/main.tf b/terraform-state/main.tf
index cc8c9ca..84558df 100644
--- a/terraform-state/main.tf
+++ b/terraform-state/main.tf
@@ -147,6 +147,7 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "tfstate" {
       sse_algorithm     = "aws:kms"
     }
   }
+  bucket_key_enabled = var.bucket_key_enabled
 }
 
 resource "aws_s3_bucket_ownership_controls" "tfstate" {
diff --git a/terraform-state/variables.tf b/terraform-state/variables.tf
index aaa5218..32de381 100644
--- a/terraform-state/variables.tf
+++ b/terraform-state/variables.tf
@@ -54,3 +54,9 @@ variable "name" {
   type        = string
   default     = "inf-terraform"
 }
+
+variable "bucket_key_enabled" {
+  description = "Enable or disable the use of S3 Bucket Keys (see AWS documetnation at https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html)."
+  type        = bool
+  default     = false
+}