Update bucket conf to default AES256 encryption and enable versioning.

lib/plugins/aws/package/lib/core-cloudformation-template.json

@@ -3,7 +3,21 @@
   "Description": "The AWS CloudFormation template for this Serverless application",
   "Resources": {
     "ServerlessDeploymentBucket": {
-      "Type" : "AWS::S3::Bucket"
+      "Type" : "AWS::S3::Bucket",
+      "Properties" : {
+        "VersioningConfiguration": {
+          "Status": "Enabled"
+        },
+        "BucketEncryption": {
+          "ServerSideEncryptionConfiguration": [
+            {
+              "ServerSideEncryptionByDefault": {
+                "SSEAlgorithm": "AES256"
+              }
+            }
+          ]
+        }
+      }
     }
   },
   "Outputs": {

lib/plugins/aws/package/lib/generateCoreTemplate.js

@@ -15,13 +15,13 @@ module.exports = {
 
     this.serverless.service.provider
       .compiledCloudFormationTemplate = this.serverless.utils.readFileSync(
-      path.join(this.serverless.config.serverlessPath,
-        'plugins',
-        'aws',
-        'package',
-        'lib',
-        'core-cloudformation-template.json')
-    );
+        path.join(this.serverless.config.serverlessPath,
+          'plugins',
+          'aws',
+          'package',
+          'lib',
+          'core-cloudformation-template.json')
+      );
 
     const bucketName = this.serverless.service.provider.deploymentBucket;
     const isS3TransferAccelerationSupported = this.provider.isS3TransferAccelerationSupported();
@@ -54,27 +54,30 @@ module.exports = {
         });
     }
 
+    const mergeProperties = [];
+
     if (isS3TransferAccelerationEnabled && isS3TransferAccelerationSupported) {
       // enable acceleration via CloudFormation
-      this.serverless.service.provider.compiledCloudFormationTemplate
-        .Resources.ServerlessDeploymentBucket.Properties = {
-          AccelerateConfiguration: {
-            AccelerationStatus: 'Enabled',
-          },
-        };
+      mergeProperties.push({
+        AccelerateConfiguration: {
+          AccelerationStatus: 'Enabled',
+        },
+      });
       // keep track of acceleration status via CloudFormation Output
       this.serverless.service.provider.compiledCloudFormationTemplate
-      .Outputs.ServerlessDeploymentBucketAccelerated = { Value: true };
+        .Outputs.ServerlessDeploymentBucketAccelerated = { Value: true };
     } else if (isS3TransferAccelerationDisabled && isS3TransferAccelerationSupported) {
       // explicitly disable acceleration via CloudFormation
-      this.serverless.service.provider.compiledCloudFormationTemplate
-        .Resources.ServerlessDeploymentBucket.Properties = {
-          AccelerateConfiguration: {
-            AccelerationStatus: 'Suspended',
-          },
-        };
+      mergeProperties.push({
+        AccelerateConfiguration: {
+          AccelerationStatus: 'Suspended',
+        },
+      });
     }
 
+    Object.assign(this.serverless.service.provider.compiledCloudFormationTemplate
+      .Resources.ServerlessDeploymentBucket.Properties, ...mergeProperties);
+
     const coreTemplateFileName = this.provider.naming.getCoreTemplateFileName();
 
     const coreTemplateFilePath = path.join(this.serverless.config.servicePath,

lib/plugins/aws/package/lib/generateCoreTemplate.test.js

@@ -109,9 +109,23 @@ describe('#generateCoreTemplate()', () => {
       expect(
         awsPlugin.serverless.service.provider.compiledCloudFormationTemplate
           .Resources.ServerlessDeploymentBucket
-        ).to.be.deep.equal({
-          Type: 'AWS::S3::Bucket',
-        });
+      ).to.be.deep.equal({
+        Type: 'AWS::S3::Bucket',
+        Properties: {
+          VersioningConfiguration: {
+            Status: 'Enabled',
+          },
+          BucketEncryption: {
+            ServerSideEncryptionConfiguration: [
+              {
+                ServerSideEncryptionByDefault: {
+                  SSEAlgorithm: 'AES256',
+                },
+              },
+            ],
+          },
+        },
+      });
     })
   );
 
@@ -156,6 +170,18 @@ describe('#generateCoreTemplate()', () => {
             AccelerateConfiguration: {
               AccelerationStatus: 'Suspended',
             },
+            VersioningConfiguration: {
+              Status: 'Enabled',
+            },
+            BucketEncryption: {
+              ServerSideEncryptionConfiguration: [
+                {
+                  ServerSideEncryptionByDefault: {
+                    SSEAlgorithm: 'AES256',
+                  },
+                },
+              ],
+            },
           },
         });
       });
@@ -172,6 +198,20 @@ describe('#generateCoreTemplate()', () => {
         const template = serverless.service.provider.coreCloudFormationTemplate;
         expect(template.Resources.ServerlessDeploymentBucket).to.be.deep.equal({
           Type: 'AWS::S3::Bucket',
+          Properties: {
+            VersioningConfiguration: {
+              Status: 'Enabled',
+            },
+            BucketEncryption: {
+              ServerSideEncryptionConfiguration: [
+                {
+                  ServerSideEncryptionByDefault: {
+                    SSEAlgorithm: 'AES256',
+                  },
+                },
+              ],
+            },
+          },
         });
       });
   });

lib/plugins/aws/package/lib/mergeCustomProviderResources.test.js

@@ -73,6 +73,20 @@ describe('mergeCustomProviderResources', () => {
             FakeResource2: {
               FakePropKey: 'FakePropValue',
             },
+            Properties: {
+              VersioningConfiguration: {
+                Status: 'Enabled',
+              },
+              BucketEncryption: {
+                ServerSideEncryptionConfiguration: [
+                  {
+                    ServerSideEncryptionByDefault: {
+                      SSEAlgorithm: 'AES256',
+                    },
+                  },
+                ],
+              },
+            },
           },
         },
       };