Describe the Feature

These are the problems I am encountering :

• Replication role name is hardcoded to format("%s-replication", local.bucket_name), which breaks org naming policies.
• With SSE-KMS buckets, replication needs KMS permissions that aren’t added by default in the replication IAM role.

Proposal to solve the issue:

• Add variable replication_iam_role_name to customize the role name
• When sse_kms_encrypted_objects is enabled in s3 replication rules attach KMS actions to the role (recursively if multiple buckets and kms keys are mentioned):
  • eg: kms:Encrypt, kms:ReEncrypt*, kms:GenerateDataKey*, kms:DescribeKey

Please let me know if there is any other ways to overcome the issue (other than a MR). Sorry I am new to the concept of components (root modules) ,and it seems like these following issues can’t be solved using components and I must go through a MR.

Expected Behavior

Option to Customise IAM role name for replication, add KMS actions to IAM role

Use Case

Replication in encrypted bucket

Describe Ideal Solution

• Add variable replication_iam_role_name to customize the role name
• When sse_kms_encrypted_objects is enabled in s3 replication rules attach KMS actions to the role (recursively if multiple buckets and kms keys are mentioned):
  • eg: kms:Encrypt, kms:ReEncrypt*, kms:GenerateDataKey*, kms:DescribeKey

Alternatives Considered

No response

Additional Context

No response