From cc3f381afeedcd115a7ea565480e01ffaac47b25 Mon Sep 17 00:00:00 2001
From: Troy Ameigh <55170274+troy-ameigh@users.noreply.github.com>
Date: Tue, 12 Sep 2023 12:39:54 -0500
Subject: [PATCH] Added Bucket Encryption

---
 templates/git2s3.template.yaml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/templates/git2s3.template.yaml b/templates/git2s3.template.yaml
index 35594de..bdb4b77 100644
--- a/templates/git2s3.template.yaml
+++ b/templates/git2s3.template.yaml
@@ -140,6 +140,15 @@ Resources:
     Type: AWS::S3::Bucket
     Properties:
       Tags: []
+      BucketEncryption:
+        ServerSideEncryptionConfiguration:
+          - ServerSideEncryptionByDefault:
+              SSEAlgorithm: AES256
+      PublicAccessBlockConfiguration:
+        BlockPublicAcls: true
+        BlockPublicPolicy: true
+        IgnorePublicAcls: true
+        RestrictPublicBuckets: true
       VersioningConfiguration:
         Status: Enabled
 
@@ -263,6 +272,15 @@ Resources:
     Type: AWS::S3::Bucket
     Properties:
       Tags: []
+      BucketEncryption:
+        ServerSideEncryptionConfiguration:
+          - ServerSideEncryptionByDefault:
+              SSEAlgorithm: AES256
+      PublicAccessBlockConfiguration:
+        BlockPublicAcls: true
+        BlockPublicPolicy: true
+        IgnorePublicAcls: true
+        RestrictPublicBuckets: true
       VersioningConfiguration:
         Status: Enabled
 
@@ -273,6 +291,15 @@ Resources:
         - AutoGenOutputBucketName
         - !Ref 'OutputBucketName'
         - !Ref 'AWS::NoValue'
+      BucketEncryption:
+        ServerSideEncryptionConfiguration:
+          - ServerSideEncryptionByDefault:
+              SSEAlgorithm: AES256
+      PublicAccessBlockConfiguration:
+        BlockPublicAcls: true
+        BlockPublicPolicy: true
+        IgnorePublicAcls: true
+        RestrictPublicBuckets: true
       VersioningConfiguration:
         Status: Enabled
       Tags: []