Adds template tags to S3 object and fixes issue of continual drift when using KMS default server-side encryption configuration on the S3 template_bucket. The etag of objects encrypted with SSE-C or SSE-KMS is not set to the MD5 hash of the object (https://docs.aws.amazon.com/AmazonS3/latest/API/API_Object.html). Terraform instead exposes a source_hash used to trigger re-uploads of the S3 objects to work around this issue with the etag.
I've also included tests that plan operations immediately after terraform apply do not result in changes when using default settings and when using KMS encryption.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
Issue #, if available: #650 #659
Description of changes:
Adds template tags to S3 object and fixes issue of continual drift when using KMS default server-side encryption configuration on the S3
template_bucket
. The etag of objects encrypted with SSE-C or SSE-KMS is not set to the MD5 hash of the object (https://docs.aws.amazon.com/AmazonS3/latest/API/API_Object.html). Terraform instead exposes asource_hash
used to trigger re-uploads of the S3 objects to work around this issue with the etag.I've also included tests that plan operations immediately after
terraform apply
do not result in changes when using default settings and when using KMS encryption.By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.