awslabs / landing-zone-accelerator-on-aws

Deploy a multi-account cloud foundation to support highly-regulated workloads and complex compliance requirements.
https://aws.amazon.com/solutions/implementations/landing-zone-accelerator-on-aws/
Apache License 2.0
564 stars 449 forks source link

Create S3 buckets with BucketKeyEnabled set to true #608

Open IskanderNovena opened 1 month ago

IskanderNovena commented 1 month ago

Is your feature request related to a problem? Please describe. Currently, the LZA creates bucket, without enabling the Bucket Key feature. Enabling the Bucket Key feature should lower overall costs.

Describe the feature you'd like Enable BucketKey on S3 buckets by default.

7adityaraj commented 1 month ago

I have been looking for the same and found the issue.

https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html?icmpid=docs_amazons3_console

IskanderNovena commented 2 weeks ago

LZA isn't using dual-layer server-side encryption, if that's what you're referring to @7adityaraj. Otherwise, can you elaborate what I'm missing?

7adityaraj commented 2 weeks ago

@IskanderNovena yes, that is correct.

like in doc > https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html?icmpid=docs_amazons3_console#configure-bucket-key

update: correct me if this is the one I am referring > https://github.com/awslabs/landing-zone-accelerator-on-aws/blob/main/source/packages/%40aws-accelerator/constructs/lib/aws-s3/put-bucket-encryption/index.ts#L47