From b4dc70610b085a8a4a0f25faf9e9637a56887762 Mon Sep 17 00:00:00 2001 From: Julius Adamek <9818404+julada@users.noreply.github.com> Date: Tue, 14 Jun 2022 15:54:25 +0200 Subject: [PATCH] fix: set kms key on aws_s3_object when encryption is enabled (#2147) * fix: set kms key on aws_s3_object when encryption is enabled * Apply suggestions from code review use try instead lookup to check if sse is enabled Co-authored-by: Niek Palm <npalm@users.noreply.github.com> Co-authored-by: Niek Palm <npalm@users.noreply.github.com> --- modules/runner-binaries-syncer/runner-binaries-syncer.tf | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/modules/runner-binaries-syncer/runner-binaries-syncer.tf b/modules/runner-binaries-syncer/runner-binaries-syncer.tf index 956d5add73..b6d091de09 100644 --- a/modules/runner-binaries-syncer/runner-binaries-syncer.tf +++ b/modules/runner-binaries-syncer/runner-binaries-syncer.tf @@ -134,10 +134,11 @@ resource "aws_lambda_permission" "syncer" { ################################################################################### resource "aws_s3_object" "trigger" { - bucket = aws_s3_bucket.action_dist.id - key = "triggers/${aws_lambda_function.syncer.id}-trigger.json" - source = "${path.module}/trigger.json" - etag = filemd5("${path.module}/trigger.json") + bucket = aws_s3_bucket.action_dist.id + key = "triggers/${aws_lambda_function.syncer.id}-trigger.json" + source = "${path.module}/trigger.json" + etag = try(var.server_side_encryption_configuration.rule.apply_server_side_encryption_by_default.kms_master_key_id, null) == null ? filemd5("${path.module}/trigger.json") : null + kms_key_id = try(var.server_side_encryption_configuration.rule.apply_server_side_encryption_by_default.kms_master_key_id, null) depends_on = [aws_s3_bucket_notification.on_deploy] }