Merge pull request #79 from companieshouse/feature/DVOP-3043_s3_ssl_policy

add new s3 ssl policy

Author: marcransome

groups/storage/data.tf

@@ -56,4 +56,29 @@ data "aws_iam_policy_document" "bucket" {
       values   = ["aws:kms"]
     }
   }
+
+  statement {
+    sid = "allow_ssl_requests_only"
+    effect = "Deny"
+
+    principals {
+      type        = "*"
+      identifiers = ["*"]
+    }
+
+    actions = [
+      "s3:*"
+    ]
+
+    resources = [
+      "${aws_s3_bucket.data.arn}",
+      "${aws_s3_bucket.data.arn}/*"
+    ]
+
+    condition {
+      test     = "Bool"
+      variable = "aws:SecureTransport"
+      values   = ["false"]
+    }
+  }
 }