Force HTTPS only for buckets

[rjlupinek]

I wanted to suggest adding forcing HTTPS only for the Access and CloudTrail buckets created by this repository.

Adding something like the below policy to the logging and access buckets should do the trick!

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Principal": "*",
            "Action": "*",
            "Resource": [
                "arn:aws:s3:::${aws_s3_bucket.logging.id}/*"
            ],
            "Condition": {
                "Bool": {
                    "aws:SecureTransport": "false"
                }
            }
        }
    ]
}

[briankfitzwater]

[GSA/grace-logging] Force HTTPS only for buckets (Issue #35)

[briankfitzwater]

Current team focus is on GRACE-PaaS, so this is currently in the "icebox" unless it is determined to be necessary/useful for GRACE-PaaS MVP1.