From 9255fc90b6b007bd2e3b281b16d241abe5faee86 Mon Sep 17 00:00:00 2001
From: biffgaut <biffgaut@amazon.com>
Date: Mon, 3 Feb 2025 15:14:21 -0500
Subject: [PATCH 1/2] Add warning

---
 .../core/lib/s3-bucket-helper.ts                         | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/source/patterns/@aws-solutions-constructs/core/lib/s3-bucket-helper.ts b/source/patterns/@aws-solutions-constructs/core/lib/s3-bucket-helper.ts
index b09701d8e..0ca896e27 100644
--- a/source/patterns/@aws-solutions-constructs/core/lib/s3-bucket-helper.ts
+++ b/source/patterns/@aws-solutions-constructs/core/lib/s3-bucket-helper.ts
@@ -21,7 +21,7 @@ import * as lambda from 'aws-cdk-lib/aws-lambda';
 import * as s3 from 'aws-cdk-lib/aws-s3';
 import * as cdk from 'aws-cdk-lib';
 import { DefaultS3Props } from './s3-bucket-defaults';
-import { overrideProps, addCfnSuppressRules, consolidateProps, CheckBooleanWithDefault } from './utils';
+import { overrideProps, addCfnSuppressRules, consolidateProps, CheckBooleanWithDefault, printWarning } from './utils';
 import { StorageClass } from 'aws-cdk-lib/aws-s3';
 import { Duration } from 'aws-cdk-lib';
 // Note: To ensure CDKv2 compatibility, keep the import statement for Construct separate
@@ -325,6 +325,13 @@ export function CheckS3Props(propsObject: S3Props | any) {
     errorFound = true;
   }
 
+  if (propsObject?.bucketProps?.encryption == s3.BucketEncryption.KMS_MANAGED) {
+    if (!propsObject.bucketProps.bucketKeyEnabled) {
+      printWarning("When using SSE-KMS Bucket Encryption, set bucketKeyEnabled to true to lower costs");
+      printWarning('https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html');
+    }
+  }
+
   if (errorFound) {
     throw new Error(errorMessages);
   }

From ab3865f41eb72bf972b05b8f282ec1221a500ad2 Mon Sep 17 00:00:00 2001
From: biffgaut <biffgaut@amazon.com>
Date: Mon, 3 Feb 2025 16:20:51 -0500
Subject: [PATCH 2/2] lint fix

---
 .../@aws-solutions-constructs/core/lib/s3-bucket-helper.ts      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/patterns/@aws-solutions-constructs/core/lib/s3-bucket-helper.ts b/source/patterns/@aws-solutions-constructs/core/lib/s3-bucket-helper.ts
index 0ca896e27..de23bcc3d 100644
--- a/source/patterns/@aws-solutions-constructs/core/lib/s3-bucket-helper.ts
+++ b/source/patterns/@aws-solutions-constructs/core/lib/s3-bucket-helper.ts
@@ -325,7 +325,7 @@ export function CheckS3Props(propsObject: S3Props | any) {
     errorFound = true;
   }
 
-  if (propsObject?.bucketProps?.encryption == s3.BucketEncryption.KMS_MANAGED) {
+  if (propsObject?.bucketProps?.encryption === s3.BucketEncryption.KMS_MANAGED) {
     if (!propsObject.bucketProps.bucketKeyEnabled) {
       printWarning("When using SSE-KMS Bucket Encryption, set bucketKeyEnabled to true to lower costs");
       printWarning('https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-key.html');