feat(aws): enhanced s3 bucket configuration

aws/s3-bucket/README.md

@@ -48,7 +48,9 @@ No modules.
 | <a name="input_object_lock_enabled"></a> [object\_lock\_enabled](#input\_object\_lock\_enabled) | A boolean that indicates whether this bucket has an Object Lock configuration enabled. Enable Object Lock to prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. | `bool` | `false` | no |
 | <a name="input_object_ownership"></a> [object\_ownership](#input\_object\_ownership) | The container element for object ownership for a bucket's ownership controls. | `string` | `"BucketOwnerPreferred"` | no |
 | <a name="input_restrict_public_buckets"></a> [restrict\_public\_buckets](#input\_restrict\_public\_buckets) | Whether Amazon S3 should restrict public bucket policies for this bucket. Defaults to true. | `bool` | `true` | no |
+| <a name="input_sse_enabled"></a> [sse\_enabled](#input\_sse\_enabled) | A boolean that indicates whether this bucket has SSE enabled. | `bool` | `true` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Default tags to add to resources | `map(any)` | `{}` | no |
+| <a name="input_versioning_enabled"></a> [versioning\_enabled](#input\_versioning\_enabled) | A boolean that indicates whether this bucket has versioning enabled. | `bool` | `true` | no |
 
 ## Outputs
 

aws/s3-bucket/bucket.tf

@@ -29,6 +29,7 @@ resource "aws_s3_bucket_public_access_block" "bucket_public_access" {
 }
 
 resource "aws_s3_bucket_server_side_encryption_configuration" "encryption" {
+  count  = var.sse_enabled == true ? 1 : 0
   bucket = aws_s3_bucket.bucket.id
 
   rule {
@@ -40,6 +41,7 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "encryption" {
 }
 
 resource "aws_s3_bucket_versioning" "versioning" {
+  count  = var.versioning_enabled == true ? 1 : 0
   bucket = aws_s3_bucket.bucket.id
   versioning_configuration {
     status = "Enabled"
@@ -48,6 +50,7 @@ resource "aws_s3_bucket_versioning" "versioning" {
 
 resource "aws_s3_bucket_ownership_controls" "default" {
   #checkov:skip=CKV2_AWS_65:this is up to the user
+  count  = var.object_ownership != null ? 1 : 0
   bucket = aws_s3_bucket.bucket.id
   rule {
     object_ownership = var.object_ownership

aws/s3-bucket/variables.tf

@@ -28,6 +28,18 @@ variable "object_lock_enabled" {
   default     = false
 }
 
+variable "sse_enabled" {
+  description = "A boolean that indicates whether this bucket has SSE enabled."
+  type        = bool
+  default     = true
+}
+
+variable "versioning_enabled" {
+  description = "A boolean that indicates whether this bucket has versioning enabled."
+  type        = bool
+  default     = true
+}
+
 # -------------------------------------------------------------------
 # public access config
 # -------------------------------------------------------------------