diff --git a/terraform-modules/aws/s3/bucket/main.tf b/terraform-modules/aws/s3/bucket/main.tf
index c0dc37211..1a526563b 100644
--- a/terraform-modules/aws/s3/bucket/main.tf
+++ b/terraform-modules/aws/s3/bucket/main.tf
@@ -14,6 +14,7 @@ resource "aws_s3_bucket" "bucket" {
 }
 
 resource "aws_s3_bucket_server_side_encryption_configuration" "encryption_config" {
+  count  = var.enable_kms_encryption ? 1 : 0
   bucket = aws_s3_bucket.bucket.bucket
 
   rule {
diff --git a/terraform-modules/aws/s3/bucket/variables.tf b/terraform-modules/aws/s3/bucket/variables.tf
index 82ea14f11..67a3b75d7 100644
--- a/terraform-modules/aws/s3/bucket/variables.tf
+++ b/terraform-modules/aws/s3/bucket/variables.tf
@@ -96,3 +96,9 @@ variable "bucket_ownership_controls_rule" {
   default     = "BucketOwnerEnforced"
   description = "It's compliance rule that helps ensure the ownership of Amazon S3 buckets is set to the correct AWS account or AWS account within the same organization. values (BucketOwnerPreferred, ObjectWriter or BucketOwnerEnforced)"
 }
+
+variable "enable_kms_encryption" {
+  description = "A boolean flag to enable server-side encryption on the S3 bucket"
+  type        = bool
+  default     = true
+}