From b4263c041dba949783e79cdd1bd8255ff0297fe5 Mon Sep 17 00:00:00 2001
From: Jheison Rodriguez <jheison.rodriguez@stratusgrid.com>
Date: Thu, 22 Feb 2024 06:59:54 -0500
Subject: [PATCH] [feature] Allow conditionally disable the encryption
 configuration

---
 .config/.terraform-docs.yml | 2 +-
 README.md                   | 1 +
 inputs.tf                   | 6 ++++++
 main.tf                     | 2 ++
 4 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/.config/.terraform-docs.yml b/.config/.terraform-docs.yml
index 69f55fc..7696146 100644
--- a/.config/.terraform-docs.yml
+++ b/.config/.terraform-docs.yml
@@ -40,7 +40,7 @@ content: |-
   {{ include "examples/regional-deployment/example2.tfnot" }}
   ```
 
-   ---
+  ---
 
   {{ .Requirements }}
 
diff --git a/README.md b/README.md
index 6355ea9..8ad68e4 100644
--- a/README.md
+++ b/README.md
@@ -146,6 +146,7 @@ module "iam_role_s3" {
 |------|-------------|------|---------|:--------:|
 | <a name="input_days_to_object_expiration"></a> [days\_to\_object\_expiration](#input\_days\_to\_object\_expiration) | Number of days before expiring data completely | `string` | `"2557"` | no |
 | <a name="input_enable_centralized_logging"></a> [enable\_centralized\_logging](#input\_enable\_centralized\_logging) | Enable support for centralized logging to a centralized logging account | `bool` | `false` | no |
+| <a name="input_enable_encryption"></a> [enable\_encryption](#input\_enable\_encryption) | Allows disable the the bucket encryption configuration | `bool` | `true` | no |
 | <a name="input_enable_object_expiration"></a> [enable\_object\_expiration](#input\_enable\_object\_expiration) | Number of days before expiring data completely | `bool` | `false` | no |
 | <a name="input_iam_role_s3_replication_arn"></a> [iam\_role\_s3\_replication\_arn](#input\_iam\_role\_s3\_replication\_arn) | IAM Role that enable S3 Role Assumption for Centralized Logging | `string` | `""` | no |
 | <a name="input_input_tags"></a> [input\_tags](#input\_input\_tags) | Map of tags to apply to resources | `map(string)` | `{}` | no |
diff --git a/inputs.tf b/inputs.tf
index 6bf69f7..7d06de9 100644
--- a/inputs.tf
+++ b/inputs.tf
@@ -79,4 +79,10 @@ variable "replication_dest_storage_class" {
   description = "The storage class to send replicated objects (https://docs.aws.amazon.com/AmazonS3/latest/API/API_Transition.html#AmazonS3-Type-Transition-StorageClass)"
   type        = string
   default     = "STANDARD_IA"
+}
+
+variable "enable_encryption" {
+  description = "Allows disable the the bucket encryption configuration"
+  type        = bool
+  default     = true
 }
\ No newline at end of file
diff --git a/main.tf b/main.tf
index 261844e..69b2a39 100644
--- a/main.tf
+++ b/main.tf
@@ -208,6 +208,8 @@ resource "aws_s3_bucket_lifecycle_configuration" "bucket" {
 
 #tfsec:ignore:aws-s3-encryption-customer-key
 resource "aws_s3_bucket_server_side_encryption_configuration" "bucket" {
+  count = var.enable_encryption == true ? 1 : 0
+
   bucket = aws_s3_bucket.bucket.bucket
 
   rule {