add `BucketEncryption` (AES) to `WafLogBucket`

[aldegoeij]

Issue #, if available: The S3 Bucket created by the stack for WAF Logs for the HTTP Flood Parser and the Athena result sets is not encrypted by default.

See: https://github.com/awslabs/aws-waf-security-automations/issues/109

Description of changes: Added S3 Bucket BucketEncryption property to the WafLogBucket resource.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[knihit]

Issue #, if available: The S3 Bucket created by the stack for WAF Logs for the HTTP Flood Parser and the Athena result sets is not encrypted by default.

See: #109

Description of changes: Added S3 Bucket BucketEncryption property to the WafLogBucket resource.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Thank you for contributing to this solution. We will review the PR and plan to incorporate it as part of a future release.

[aldegoeij]

@knihit why was this not incorporated in v2.3.1 release?

[knihit]

Hi @aldegoeij - the new release has the following bucket configuration. It includes bucket encryption and PublicAccessBlockConfiguration.

  WafLogBucket:
    Type: 'AWS::S3::Bucket'
    Condition: HttpFloodProtectionLogParserActivated
    DependsOn: CheckRequirements
    DeletionPolicy: Retain
    Properties:
      AccessControl: Private
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: AES256
      PublicAccessBlockConfiguration:
        BlockPublicAcls: true
        BlockPublicPolicy: true
        IgnorePublicAcls: true
        RestrictPublicBuckets: true

[aijunpeng]

Close the old PR as it doesn't apply to the latest version.