(s3): SSL should be enforced by default

[dontirun]

Description

SSL should be enforced by default if not using static web hosting

Use Case

As noted here, it's a best practice to use HTTPs communication for S3 buckets. I think it's a sensible default to have this feature be opt-out vs opt-in with logic to keep this disabled for static web hosting

Proposed Solution

1. Enable SSL by default for buckets without static web hosting enabled
2. Disable by default for buckets with static web hosting enabled

Other information

No response

Acknowledge

• I may be able to implement this feature request
• This feature might incur a breaking change

[flavioleggio]

I agree with @dontirun's vision, but I think this feature is actually a breaking change, as it implies a change in the property default behavior and a new policy is added to existing buckets where the first default scenario applies.

Moreover, this is not a small effort task, as one should update every test involving S3 buckets where enforceSSL is undefined by providing a value that respects the expected output or by updating the expected output itself. I gave it a try in the linked draft PR, but this really involves a lot of tests.

If someone has an idea that does not force us to update every bucket-involving test, I can help with this feature request, as logic impl is really straightforward.