refactor: use s3 sse config resource instead of block

Use the aws_s3_bucket_server_side_encryption_configuration resource
instead of the now deprecated server_side_encryption_configuration
block.

bucket_replication.tf

@@ -4,20 +4,23 @@ resource "aws_s3_bucket" "replication_bucket" {
   provider = aws.secondary
   bucket   = format("%s-%s-%s-%s", var.namespace, var.stage, var.name, var.bucket_replication_name)
 
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        sse_algorithm = "AES256"
-      }
-    }
-  }
-
   tags = {
     Terraform   = "true"
     Environment = var.stage
   }
 }
 
+resource "aws_s3_bucket_server_side_encryption_configuration" "replication_bucket" {
+  count = var.bucket_replication_enabled ? 1 : 0
+  bucket = aws_s3_bucket.replication_bucket[0].id
+
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
+    }
+  }
+}
+
 resource "aws_s3_bucket_versioning" "replication_bucket" {
   count  = var.bucket_replication_enabled ? 1 : 0
   bucket = aws_s3_bucket.replication_bucket[0].id

main.tf

@@ -5,14 +5,6 @@ resource "aws_s3_bucket" "default" {
   acl           = var.acl
   force_destroy = var.force_destroy
 
-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        sse_algorithm = "AES256"
-      }
-    }
-  }
-
   dynamic "replication_configuration" {
     for_each = var.bucket_replication_enabled ? ["true"] : []
     content {
@@ -47,6 +39,16 @@ resource "aws_s3_bucket" "default" {
   depends_on = [aws_s3_bucket.replication_bucket]
 }
 
+resource "aws_s3_bucket_server_side_encryption_configuration" "default" {
+  bucket = aws_s3_bucket.default.id
+
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
+    }
+  }
+}
+
 resource "aws_s3_bucket_versioning" "default" {
   bucket = aws_s3_bucket.default.id