fix

common/kms.tf

@@ -59,6 +59,6 @@ data "aws_iam_policy_document" "key_policy_combined" {
 data "aws_iam_policy_document" "empty" {}
 
 data "aws_kms_key" "incoming_key" {
-  count  = var.use_kms_encryption && var.kms_key_arn == null ? 0 : 1
-  key_id = var.kms_key_arn
+  count  = var.kms_key_arn == null ? 0 : (var.use_kms_encryption ? 1 : 0)
+  key_id = var.use_kms_encryption ? var.kms_key_arn : null
 }

common/outputs.kms.tf

@@ -3,16 +3,16 @@
 #---
 output "kms_key_id" {
   description = "KMS Key ID. This is the created key id or the key id of kms_key_arn"
-  value       = var.kms_key_arn == null ? aws_kms_key.key[0].id : data.aws_kms_key.incoming_key[0].id
+  value       = var.use_kms_encryption ? (var.kms_key_arn == null ? aws_kms_key.key[0].id : data.aws_kms_key.incoming_key[0].id) : null
 }
 
 output "kms_key_arn" {
   description = "KMS Key ARN. This is the created key ARN or the key ARN of kms_key_arn"
-  value       = var.kms_key_arn == null ? aws_kms_key.key[0].arn : data.aws_kms_key.incoming_key[0].arn
+  value       = var.use_kms_encryption ? (var.kms_key_arn == null ? aws_kms_key.key[0].arn : data.aws_kms_key.incoming_key[0].arn) : null
 }
 
 output "kms_key_alias" {
   description = "KMS Key Alias name.  If a kms_key_arn passed in, this will be null."
-  value       = var.kms_key_arn == null ? aws_kms_alias.key[0].name : null
+  value       = var.use_kms_encryption ? (var.kms_key_arn == null ? aws_kms_alias.key[0].name : null) : null
 }
 

common/resources.tf

@@ -299,8 +299,8 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
   rule {
     apply_server_side_encryption_by_default {
       #        kms_master_key_id = aws_kms_key.key.arn
-      kms_master_key_id = var.use_kms_key ? local.kms_key_arn : null
-      sse_algorithm     = var.use_kms_key ? "aws:kms" : "AES256"
+      kms_master_key_id = var.use_kms_encryption ? local.kms_key_arn : null
+      sse_algorithm     = var.use_kms_encryption ? "aws:kms" : "AES256"
     }
     bucket_key_enabled = var.bucket_key_enabled
   }