bucket_key_enabled = true should be a variable and set to true by default within aws_s3_bucket_server_side_encryption_configuration.state object

This is for lowering costs on KMS