User Story

As a LokiStack administrator, I want to configure Loki AWS S3 object storage with enabled server-side encryption, so that I can access encrypted log records stored on an AWS S3 bucket.

Acceptance criteria

1. The admistrator can optionally specify the S3 SSE encryption type in the LokiStack S3 object storage ConfigMap.
2. The administrator can choose between two types: SSE-S3 and SSE-KMS.
3. The administrator is required to provide the KMS Key ID if SSE-KMS selected.
4. The administrator can optionally provide a KMS Context if SSE-KMS selected.

Developer Notes

• Official documentation for Loki S3 storage config: https://grafana.com/docs/loki/v2.9.x/configure/#s3_storage_config
• Official vendor S3 client documentation on SSE encryption: https://github.com/thanos-io/objstore/#s3-server-side-encryption
• Official AWS documentation for creating buckets with SSE: https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html