Merge pull request #227 from tablexi/fix-s3-encryption

adding default encryption to s3 buckets for cloudtrail

aws/cloudtrail/main.tf

@@ -16,6 +16,15 @@ resource "aws_s3_bucket" "logs" {
   acl           = "log-delivery-write"
 
   tags = var.tags
+
+  server_side_encryption_configuration {
+    rule {
+      bucket_key_enabled = false
+      apply_server_side_encryption_by_default {
+        sse_algorithm = "AES256"
+      }
+    }
+  }
 }
 
 resource "aws_s3_bucket" "mod" {
@@ -29,6 +38,15 @@ resource "aws_s3_bucket" "mod" {
     target_bucket = aws_s3_bucket.logs.id
     target_prefix = var.name
   }
+
+  server_side_encryption_configuration {
+    rule {
+      bucket_key_enabled = false
+      apply_server_side_encryption_by_default {
+        sse_algorithm = "AES256"
+      }
+    }
+  }
 }
 
 data "aws_iam_policy_document" "s3" {