In the code example bucket objects could be read if compromised
resource "aws_s3_bucket" "insecure_example" {
bucket = "mybucket"
}
S3 Buckets should be encrypted to protect the data that is stored within them if access is compromised
Configure bucket encryption
resource "aws_s3_bucket" "secure_example" {
bucket = "mybucket"
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
kms_master_key_id = "arn"
sse_algorithm = "aws:kms"
}
}
}
}