From 6d3366e4a64c14e171f9542cf90e1d77cac600c0 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Thu, 21 Apr 2022 14:15:58 -0400
Subject: [PATCH] fix

---
 common/kms.tf         | 4 ++--
 common/outputs.kms.tf | 6 +++---
 common/resources.tf   | 4 ++--
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/common/kms.tf b/common/kms.tf
index f92eded..6ad1df0 100644
--- a/common/kms.tf
+++ b/common/kms.tf
@@ -59,6 +59,6 @@ data "aws_iam_policy_document" "key_policy_combined" {
 data "aws_iam_policy_document" "empty" {}
 
 data "aws_kms_key" "incoming_key" {
-  count  = var.use_kms_encryption && var.kms_key_arn == null ? 0 : 1
-  key_id = var.kms_key_arn
+  count  = var.kms_key_arn == null ? 0 : (var.use_kms_encryption ? 1 : 0)
+  key_id = var.use_kms_encryption ? var.kms_key_arn : null
 }
diff --git a/common/outputs.kms.tf b/common/outputs.kms.tf
index b84af15..c79d59d 100644
--- a/common/outputs.kms.tf
+++ b/common/outputs.kms.tf
@@ -3,16 +3,16 @@
 #---
 output "kms_key_id" {
   description = "KMS Key ID. This is the created key id or the key id of kms_key_arn"
-  value       = var.kms_key_arn == null ? aws_kms_key.key[0].id : data.aws_kms_key.incoming_key[0].id
+  value       = var.use_kms_encryption ? (var.kms_key_arn == null ? aws_kms_key.key[0].id : data.aws_kms_key.incoming_key[0].id) : null
 }
 
 output "kms_key_arn" {
   description = "KMS Key ARN. This is the created key ARN or the key ARN of kms_key_arn"
-  value       = var.kms_key_arn == null ? aws_kms_key.key[0].arn : data.aws_kms_key.incoming_key[0].arn
+  value       = var.use_kms_encryption ? (var.kms_key_arn == null ? aws_kms_key.key[0].arn : data.aws_kms_key.incoming_key[0].arn) : null
 }
 
 output "kms_key_alias" {
   description = "KMS Key Alias name.  If a kms_key_arn passed in, this will be null."
-  value       = var.kms_key_arn == null ? aws_kms_alias.key[0].name : null
+  value       = var.use_kms_encryption ? (var.kms_key_arn == null ? aws_kms_alias.key[0].name : null) : null
 }
 
diff --git a/common/resources.tf b/common/resources.tf
index f93ca8f..d2341b5 100644
--- a/common/resources.tf
+++ b/common/resources.tf
@@ -299,8 +299,8 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
   rule {
     apply_server_side_encryption_by_default {
       #        kms_master_key_id = aws_kms_key.key.arn
-      kms_master_key_id = var.use_kms_key ? local.kms_key_arn : null
-      sse_algorithm     = var.use_kms_key ? "aws:kms" : "AES256"
+      kms_master_key_id = var.use_kms_encryption ? local.kms_key_arn : null
+      sse_algorithm     = var.use_kms_encryption ? "aws:kms" : "AES256"
     }
     bucket_key_enabled = var.bucket_key_enabled
   }