S3 bucket resource keeps causing AWS managed config rule for encryption to say the bucket resource is not in compliance

[JoshVCorp]

​

Community Note

​

• Please vote on this issue by adding a �� reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment ​

  ​

  Terraform CLI and Terraform AWS Provider Version

  
  tf --version
  Terraform v1.1.6
  on windows_amd64

• provider registry.terraform.io/hashicorp/aws v4.25.0
• provider registry.terraform.io/hashicorp/random v3.3.2 ​ Your version of Terraform is out of date! The latest version

  
  ​
  ### Affected Resource(s)
  ​

• aws_s3_bucket_server_side_encryption_configuration
• aws_s3_bucket ​ ​

  Terraform Configuration Files

  resource "aws_s3_bucket" "this" {
  force_destroy = var.is_local
  tags          = { Name = var.name }
  ​
  resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
  bucket = aws_s3_bucket.this.bucket
  ​
  rule {
  apply_server_side_encryption_by_default {
    kms_master_key_id = var.kms_key_id
    sse_algorithm     = "aws:kms"
  }
  bucket_key_enabled = true
  }
  }

  Relevant Variables: ​ variable "kms_key_id" { type = string description = "The ARN for the KMS encryption key." } ​

  Debug Output

  ​ ​

  Panic Output

  ​

  Expected Behavior

  ​ The aws_s3_bucket resource should be spun up without the AWS config rule (the managed rule here: https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-server-side-encryption-enabled.html) saying the S3 bucket is not in compliance.

  Actual Behavior

  ​ The config rule linked above is alerting that our aws_s3_bucket resource is out of compliance. I think this is the result of the aws_s3_bucket resource itself and the aws_s3_bucket_server_side_encryption_configuration resource being 2 separate resources. ​

  Steps to Reproduce

  1. Copy the above script to spin up an aws_s3_bucket resource and a aws_s3_bucket_server_side_encryption_configuration
  2. terraform apply ​

     Important Factoids

     ​

     ​

     References

     ​ Managed Config Rule: https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-server-side-encryption-enabled.html

[github-actions[bot]]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!