fix(network): Address CodeRabbit feedback on NAT resilience and S3 bucket keys

nishkersh · nishkersh · commit 8acec84e67c8 · 2025-10-18T00:40:19.000+05:30
diff --git a/Terraform/modules/01-Network/main.tf b/Terraform/modules/01-Network/main.tf
@@ -59,8 +59,9 @@ resource "aws_subnet" "private" {
 
 #  Routing and NAT Gateway for Private Subnets 
 
-#  We create a SINGLE NAT Gateway and a SINGLE private route table. This is more
-# resilient, cost-effective, and simpler to manage than a per-AZ NAT Gateway.
+#  We create a SINGLE NAT Gateway and a SINGLE private route table. This is a cost
+# optimization but introduces a single-AZ egress SPOF compared to per-AZ NAT gateways.
+# Scale to one NAT per AZ if higher availability is required.
 
 resource "aws_eip" "nat" {
   tags = merge(
@@ -220,7 +221,7 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "alb_access_logs"
     apply_server_side_encryption_by_default {
       sse_algorithm = "AES256"
     }
-    bucket_key_enabled = true
+    
   }
 }
 
@@ -232,7 +233,7 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "s3_server_access_
     apply_server_side_encryption_by_default {
       sse_algorithm = "AES256"
     }
-    bucket_key_enabled = true
+    
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -59,8 +59,9 @@ resource "aws_subnet" "private" {`
`59`	`59`
`60`	`60`	`# Routing and NAT Gateway for Private Subnets`
`61`	`61`
`62`		`-# We create a SINGLE NAT Gateway and a SINGLE private route table. This is more`
`63`		`-# resilient, cost-effective, and simpler to manage than a per-AZ NAT Gateway.`
	`62`	`+# We create a SINGLE NAT Gateway and a SINGLE private route table. This is a cost`
	`63`	`+# optimization but introduces a single-AZ egress SPOF compared to per-AZ NAT gateways.`
	`64`	`+# Scale to one NAT per AZ if higher availability is required.`
`64`	`65`
`65`	`66`	`resource "aws_eip" "nat" {`
`66`	`67`	`tags = merge(`
`@@ -220,7 +221,7 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "alb_access_logs"`
`220`	`221`	`apply_server_side_encryption_by_default {`
`221`	`222`	`sse_algorithm = "AES256"`
`222`	`223`	`}`
`223`		`- bucket_key_enabled = true`
	`224`	`+`
`224`	`225`	`}`
`225`	`226`	`}`
`226`	`227`
`@@ -232,7 +233,7 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "s3_server_access_`
`232`	`233`	`apply_server_side_encryption_by_default {`
`233`	`234`	`sse_algorithm = "AES256"`
`234`	`235`	`}`
`235`		`- bucket_key_enabled = true`
	`236`	`+`
`236`	`237`	`}`
`237`	`238`	`}`
`238`	`239`