awslabs / landing-zone-accelerator-on-aws

Deploy a multi-account cloud foundation to support highly-regulated workloads and complex compliance requirements.
https://aws.amazon.com/solutions/implementations/landing-zone-accelerator-on-aws/
Apache License 2.0
557 stars 444 forks source link

Create S3 buckets with BucketKeyEnabled set to true #608

Open IskanderNovena opened 3 weeks ago

IskanderNovena commented 3 weeks ago

Is your feature request related to a problem? Please describe. Currently, the LZA creates bucket, without enabling the Bucket Key feature. Enabling the Bucket Key feature should lower overall costs.

Describe the feature you'd like Enable BucketKey on S3 buckets by default.

7adityaraj commented 3 weeks ago

I have been looking for the same and found the issue.

https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html?icmpid=docs_amazons3_console

IskanderNovena commented 1 week ago

LZA isn't using dual-layer server-side encryption, if that's what you're referring to @7adityaraj. Otherwise, can you elaborate what I'm missing?

7adityaraj commented 1 week ago

@IskanderNovena yes, that is correct.

like in doc > https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html?icmpid=docs_amazons3_console#configure-bucket-key

update: correct me if this is the one I am referring > https://github.com/awslabs/landing-zone-accelerator-on-aws/blob/main/source/packages/%40aws-accelerator/constructs/lib/aws-s3/put-bucket-encryption/index.ts#L47