[feature] Allow conditionally disable the encryption configuration

[jheison-rodriguez]

Change description

EPB client has set SCPs in some OUs that don't allow a change in the method encryption in the bucket not even define it in TF files; this change is to address that problem and allows disabling that configuration block in this module. It's not risky because each bucket has as a default method encryption SSE-S3.

Type of change

• Bug fix (fixes an issue)
• New feature (adds functionality)

Related issues

Fix #1

Checklists

Development

• Lint rules pass locally
• Application changes have been tested thoroughly
• Automated tests covering modified code pass

Security

• Security impact of change has been considered
• Code follows company security practices and guidelines

Code review

• Pull request has a descriptive title and context useful to a reviewer. Screenshots or screencasts are attached as necessary
• "Ready for review" label attached and reviewers assigned
• Changes have been reviewed by at least one other contributor
• Pull request linked to task tracker where applicable

[wesleykirkland]

LGTM

[fernandoPedraza-sg]

LGTM

[fernandoPedraza-sg]

@jheison-rodriguez , Below is the code to create an S3 bucket we are using:

module "s3_bucket_logging" {
source = "StratusGrid/s3-bucket-logging/aws"
version = "2.1.3"
name_prefix = var.name_prefix
name_suffix = "${local.name_suffix}-${var.region}"
input_tags = merge(local.common_tags, {})
}

Could you please point out what parameter would be used in the module definition to disable encryption?

[fernandoPedraza-sg]

I realize the use of the module with the new feature will be:

module "s3_bucket_logging" {
source = "StratusGrid/s3-bucket-logging/aws"
version = "2.1.3"
name_prefix = var.name_prefix
name_suffix = "${local.name_suffix}-${var.region}"
input_tags = merge(local.common_tags, {})
enable_encryption = false
}