configurable vault s3 bucket versioning

modules/core/variables.tf

@@ -400,6 +400,11 @@ variable "vault_s3_bucket_name" {
   default     = ""
 }
 
+variable "vault_enable_s3_bucket_versioning" {
+  description = "Whether to enable bucket versioning for the S3 bucket for Vault."
+  default     = false
+}
+
 variable "vault_enable_auto_unseal" {
   description = "Enable auto unseal of the Vault cluster"
   default     = false

modules/core/vault.tf

@@ -44,8 +44,9 @@ module "vault" {
   allowed_ssh_cidr_blocks              = concat([data.aws_vpc.this.cidr_block], var.allowed_ssh_cidr_blocks)
   associate_public_ip_address          = var.associate_public_ip_address
 
-  enable_s3_backend = var.vault_enable_s3_backend
-  s3_bucket_name    = var.vault_s3_bucket_name
+  enable_s3_backend           = var.vault_enable_s3_backend
+  s3_bucket_name              = var.vault_s3_bucket_name
+  enable_s3_bucket_versioning = var.vault_enable_s3_bucket_versioning
 
   enable_auto_unseal      = var.vault_enable_auto_unseal
   auto_unseal_kms_key_arn = var.vault_auto_unseal_kms_key_arn
@@ -91,8 +92,9 @@ data "template_file" "user_data_vault_cluster" {
     kms_aes_root       = "/opt/aes-kms"
 
     # S3 Variables
-    enable_s3_backend = var.vault_enable_s3_backend ? "true" : "false"
-    s3_bucket_name    = var.vault_s3_bucket_name
+    enable_s3_backend           = var.vault_enable_s3_backend ? "true" : "false"
+    s3_bucket_name              = var.vault_s3_bucket_name
+    enable_s3_bucket_versioning = var.vault_enable_s3_bucket_versioning
 
     consul_prefix = var.integration_consul_prefix