Bring buckets and bucket access into alignment with CyberEO

[pburkholder]

User Story

• Public buckets may not be encrypted, and should be encrypted per CyberEO and GSA mandates

  • Assess and remediate (w/ cloud custodian?)
  • Ensure Federalist creates new buckets with AWS-AES or kms (TBD)

• Access from proxy to buckets is over HTTP, and all traffic should by "encrypted in transit" per GSA/CyberEO

  • e.g. : http://federalist-c275c827-2779-42ff-ac19-0331ebcacca9.s3-website-us-gov-west-1.amazonaws.com/site/gsa/made-in-america/
  • Ensure we can use https endpoints: this should work but is 403 access denied:
  • https://federalist-a44a7672-afb1-473e-acb2-067f644c0967.s3-fips.us-gov-west-1.amazonaws.com/
  • a) Determine in 10m if there's bucket access policy to update
  • b) Open a support ticket

• AWS account rationalization

  • Ensure account with Federalist S3 buckets is managed per same processes as cloud.gov
  • Update/create docs on that
  • Implement, add Peter as auditor

Background (Optional)

Acceptance Criteria

• [ ] <TODO>
• [ ] Change made live via <TODO>.

After evaluating, edit this part:

Level of effort - <low/medium/high>

Implementation outline (if higher than "low" effort):

• [ ] <TODO>

[pburkholder]

I've created a bucket issue for cloud.gov: https://github.com/cloud-gov/private/issues/440