Reputation: 227
terraform s3 remote state file auto encryption
I have a terraform backend remote state hosted on S3.
I didn't set the encryption on the object level manually and didn't set anything on the S3 bucket level. My S3 bucket Default encryption is set to None
Wonder why the terraform state file is encrypted with Server-side encryption AES-256 by default?
Please advise.
Upvotes: 4
Views: 6128
Answers (2)
Reputation: 5615
Default encryption for the bucket is not enabled, but it looks like you enabled encryption for your AWS backend.
terraform {
backend "s3" {
bucket = "THE_NAME_OF_THE_STATE_BUCKET"
key = "some_environment/terraform.tfstate"
region = "us-east-1"
encrypt = true
kms_key_id = "THE_ID_OF_THE_KMS_KEY"
}
If kms_key_id is not specified and encrypt = true, Terraform uses SSE-S3 (AES-256) by default. As a result, the state file is encrypted with AES-256.
Upvotes: 4
Reputation: 227
sogyals429 As mentioned, the default encryption is disabled. But the object itself is encrypted.
Upvotes: 1
Related Questions
- How to encrypt S3 bucket using Terraform
- terraform locked state file s3 solution
- Terraform "ping-pong" encryption config for S3 buckets
- How to setup terraform state on encrypted s3 bucket
- Store terraform remote state file dynamic location in S3
- Encryption in transit for Remote backend i.e. s3
- S3 Replication Terraform Apply Error For Encryption
- S3 state file does not get created when using Terraform workspaces
- SSE encryption of S3 using Terraform
- Terraform remote state s3 bucket creation included in the state file?