Merge pull request #6 from Real-Life-IaC/enable-bucket-encryption

Merge enable-bucket-encryption
Real-Life-IaC · Feb 1, 2024 · d024c4a · d024c4a
2 parents f183226 + de5af9b
commit d024c4a
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 3 deletions.
diff --git a/.github/actions/deploy/action.yaml b/.github/actions/deploy/action.yaml
@@ -32,6 +32,6 @@ runs:
         role-session-name: GitHubActions-${{ github.event.repository.name }}
         aws-region: ${{ inputs.aws-region }}
 
-    - name: Deploy Stack
+    - name: CDK Deploy
       shell: bash
       run: poetry run cdk deploy ${{ inputs.stack-name }} --force
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
@@ -7,12 +7,10 @@ on:
       - main
   pull_request:
     types:
-      - opened
       - labeled
       - synchronize
 
 permissions:
-  contents: read
   id-token: write
 
 jobs:

diff --git a/infra/stack.py b/infra/stack.py
@@ -15,4 +15,5 @@ def __init__(self, scope: Construct, id: str, **kwargs) -> None:
             id="Bucket",
             block_public_access=s3.BlockPublicAccess.BLOCK_ALL,
             versioned=True,
+            encryption=s3.BucketEncryption.S3_MANAGED,
         )
diff --git a/tests/infra/test_stack.py b/tests/infra/test_stack.py
@@ -24,5 +24,14 @@ def test_bucket(template: Template):
                 "RestrictPublicBuckets": True,
             },
             "VersioningConfiguration": {"Status": "Enabled"},
+            "BucketEncryption": {
+                "ServerSideEncryptionConfiguration": [
+                    {
+                        "ServerSideEncryptionByDefault": {
+                            "SSEAlgorithm": "AES256"
+                        }
+                    }
+                ]
+            },
         },
     )