Issue302-Encrypt Scrap Buckets (#314)

Author: biffgaut

source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.existing-bucket.expected.json

@@ -3,6 +3,15 @@
     "existingScriptLocation845F3C51": {
       "Type": "AWS::S3::Bucket",
       "Properties": {
+        "BucketEncryption": {
+          "ServerSideEncryptionConfiguration": [
+            {
+              "ServerSideEncryptionByDefault": {
+                "SSEAlgorithm": "AES256"
+              }
+            }
+          ]
+        },
         "VersioningConfiguration": {
           "Status": "Enabled"
         }

source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/integ.pre-existing-bucket.expected.json

@@ -4,6 +4,15 @@
     "existingScriptLocation845F3C51": {
       "Type": "AWS::S3::Bucket",
       "Properties": {
+        "BucketEncryption": {
+          "ServerSideEncryptionConfiguration": [
+            {
+              "ServerSideEncryptionByDefault": {
+                "SSEAlgorithm": "AES256"
+              }
+            }
+          ]
+        },
         "VersioningConfiguration": {
           "Status": "Enabled"
         }

source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/integ.pre-existing-logging-bucket.expected.json

@@ -5,6 +5,15 @@
       "Type": "AWS::S3::Bucket",
       "Properties": {
         "AccessControl": "LogDeliveryWrite",
+        "BucketEncryption": {
+          "ServerSideEncryptionConfiguration": [
+            {
+              "ServerSideEncryptionByDefault": {
+                "SSEAlgorithm": "AES256"
+              }
+            }
+          ]
+        },
         "VersioningConfiguration": {
           "Status": "Enabled"
         }

source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.existing-bucket.expected.json

@@ -4,6 +4,15 @@
     "existingScriptLocation845F3C51": {
       "Type": "AWS::S3::Bucket",
       "Properties": {
+        "BucketEncryption": {
+          "ServerSideEncryptionConfiguration": [
+            {
+              "ServerSideEncryptionByDefault": {
+                "SSEAlgorithm": "AES256"
+              }
+            }
+          ]
+        },
         "VersioningConfiguration": {
           "Status": "Enabled"
         }

source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.existing-logging-bucket.expected.json

@@ -5,6 +5,15 @@
       "Type": "AWS::S3::Bucket",
       "Properties": {
         "AccessControl": "LogDeliveryWrite",
+        "BucketEncryption": {
+          "ServerSideEncryptionConfiguration": [
+            {
+              "ServerSideEncryptionByDefault": {
+                "SSEAlgorithm": "AES256"
+              }
+            }
+          ]
+        },
         "VersioningConfiguration": {
           "Status": "Enabled"
         }

source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.pre-existing-bucket.expected.json

@@ -4,6 +4,15 @@
     "existingScriptLocation845F3C51": {
       "Type": "AWS::S3::Bucket",
       "Properties": {
+        "BucketEncryption": {
+          "ServerSideEncryptionConfiguration": [
+            {
+              "ServerSideEncryptionByDefault": {
+                "SSEAlgorithm": "AES256"
+              }
+            }
+          ]
+        },
         "VersioningConfiguration": {
           "Status": "Enabled"
         }

source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/integ.existing-s3-bucket.expected.json

@@ -36,6 +36,15 @@
     "existingScriptLocation845F3C51": {
       "Type": "AWS::S3::Bucket",
       "Properties": {
+        "BucketEncryption": {
+          "ServerSideEncryptionConfiguration": [
+            {
+              "ServerSideEncryptionByDefault": {
+                "SSEAlgorithm": "AES256"
+              }
+            }
+          ]
+        },
         "VersioningConfiguration": {
           "Status": "Enabled"
         }

source/patterns/@aws-solutions-constructs/aws-s3-step-function/test/integ.pre-existing-bucket.expected.json

@@ -3,6 +3,15 @@
     "existingScriptLocation845F3C51": {
       "Type": "AWS::S3::Bucket",
       "Properties": {
+        "BucketEncryption": {
+          "ServerSideEncryptionConfiguration": [
+            {
+              "ServerSideEncryptionByDefault": {
+                "SSEAlgorithm": "AES256"
+              }
+            }
+          ]
+        },
         "VersioningConfiguration": {
           "Status": "Enabled"
         }

source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.pre-existing-bucket.expected.json

@@ -3,6 +3,15 @@
     "existingScriptLocation845F3C51": {
       "Type": "AWS::S3::Bucket",
       "Properties": {
+        "BucketEncryption": {
+          "ServerSideEncryptionConfiguration": [
+            {
+              "ServerSideEncryptionByDefault": {
+                "SSEAlgorithm": "AES256"
+              }
+            }
+          ]
+        },
         "VersioningConfiguration": {
           "Status": "Enabled"
         }

source/patterns/@aws-solutions-constructs/core/test/test-helper.ts

@@ -12,7 +12,7 @@
  */
 
 // Imports
-import { Bucket, BucketProps } from "@aws-cdk/aws-s3";
+import { Bucket, BucketProps, BucketEncryption } from "@aws-cdk/aws-s3";
 import { Construct, RemovalPolicy } from "@aws-cdk/core";
 import { overrideProps, addCfnSuppressRules } from "../lib/utils";
 import * as path from 'path';
@@ -22,6 +22,7 @@ export function CreateScrapBucket(scope: Construct, props?: BucketProps | any) {
   const defaultProps = {
     versioned: true,
     removalPolicy: RemovalPolicy.DESTROY,
+    encryption: BucketEncryption.S3_MANAGED,
   };
 
   let synthesizedProps: BucketProps;

update-tests.sh

@@ -0,0 +1,30 @@
+export constructs="
+aws-eventbridge-stepfunctions
+aws-events-rule-step-function
+aws-kinesisfirehose-s3
+aws-kinesisfirehose-s3-and-kinesisanalytics
+aws-kinesisstreams-gluejob
+aws-kinesisstreams-kinesisfirehose-s3
+aws-kinesisstreams-lambda
+aws-lambda-dynamodb
+aws-lambda-elasticsearch-kibana
+aws-lambda-stepfunctions
+aws-lambda-step-function
+aws-s3-stepfunctions
+aws-s3-step-function
+aws-sqs-lambda
+"
+
+deployment_dir=$(cd $(dirname $0) && pwd)
+source_dir="$deployment_dir/source"
+
+./deployment/align-version.sh
+cd source
+export PATH=$(npm bin):$PATH
+
+for construct in $constructs; do
+  cd $deployment_dir/source/patterns/@aws-solutions-constructs/$construct
+  npm run jsii && npm run build
+  cdk-integ
+  npm run snapshot-update
+done