From 653ae96530b0483b11041c3384efb3e1ce93e31d Mon Sep 17 00:00:00 2001
From: Amogh Rathore <amoghr@amazon>
Date: Thu, 4 May 2023 18:50:48 +0000
Subject: [PATCH] Add default AES256 encryption and enable versioning to
 buckets

---
 build-infrastructure/audit-logs-stack.yml       | 6 ++++++
 build-infrastructure/release-pipeline-stack.yml | 6 ++++++
 build-infrastructure/staging-bucket-stack.yml   | 6 ++++++
 3 files changed, 18 insertions(+)

diff --git a/build-infrastructure/audit-logs-stack.yml b/build-infrastructure/audit-logs-stack.yml
index 5716c3eff38..18db2739186 100644
--- a/build-infrastructure/audit-logs-stack.yml
+++ b/build-infrastructure/audit-logs-stack.yml
@@ -51,6 +51,12 @@ Resources:
     Type: AWS::S3::BucketPolicy
     Properties:
       Bucket: !Sub 'audit-logs-bucket-${AWS::AccountId}'
+      BucketEncryption:
+        ServerSideEncryptionConfiguration:
+          - ServerSideEncryptionByDefault:
+              SSEAlgorithm: AES256
+      VersioningConfiguration:
+        Status: Enabled
       PolicyDocument:
         Version: 2012-10-17
         Statement:
diff --git a/build-infrastructure/release-pipeline-stack.yml b/build-infrastructure/release-pipeline-stack.yml
index fd7229abf5e..704852e8b9b 100644
--- a/build-infrastructure/release-pipeline-stack.yml
+++ b/build-infrastructure/release-pipeline-stack.yml
@@ -117,6 +117,12 @@ Resources:
     Type: AWS::S3::Bucket
     Properties:
       BucketName: !Sub 'codepipeline-${AWS::Region}-${AWS::AccountId}-artifacts'
+      BucketEncryption:
+        ServerSideEncryptionConfiguration:
+          - ServerSideEncryptionByDefault:
+              SSEAlgorithm: AES256
+      VersioningConfiguration:
+        Status: Enabled
       PublicAccessBlockConfiguration:
         BlockPublicAcls: true
         BlockPublicPolicy: true
diff --git a/build-infrastructure/staging-bucket-stack.yml b/build-infrastructure/staging-bucket-stack.yml
index 0cb9d051909..445665ff29d 100644
--- a/build-infrastructure/staging-bucket-stack.yml
+++ b/build-infrastructure/staging-bucket-stack.yml
@@ -16,6 +16,12 @@ Resources:
     Type: AWS::S3::Bucket
     Properties:
       BucketName: !Sub '${StagingBucketNamePrefix}-${AWS::Region}-${AWS::AccountId}'
+      BucketEncryption:
+        ServerSideEncryptionConfiguration:
+          - ServerSideEncryptionByDefault:
+              SSEAlgorithm: AES256
+      VersioningConfiguration:
+        Status: Enabled
 
   StagingArtifactsBucketPolicy:
     Type: AWS::S3::BucketPolicy