Add s3 buckets to store the GC Organisations datafile (#1731)

* add s3 buckets

* Update aws/common/s3.tf

Co-authored-by: Ben Larabie <[email protected]>

---------

Co-authored-by: Ben Larabie <[email protected]>

aws/common/s3.tf

@@ -571,3 +571,29 @@ module "sns_sms_usage_report_sanitized_bucket_us_west_2" {
     CostCenter = "notification-canada-ca-${var.env}"
   }
 }
+
+resource "aws_s3_bucket" "gc_organisations_bucket" {
+  bucket        = "notification-canada-ca-${var.env}-gc-organisations"
+  force_destroy = var.force_destroy_s3
+
+  logging {
+    target_prefix = var.env
+    target_bucket = module.csv_bucket_logs.s3_bucket_id
+  }
+
+  tags = {
+    CostCenter = "notification-canada-ca-${var.env}"
+  }
+
+  #tfsec:ignore:AWS002 - No logging enabled
+  #tfsec:ignore:AWS077 - Versioning is not enabled
+}
+
+resource "aws_s3_bucket_public_access_block" "gc_organisations_bucket" {
+  bucket = aws_s3_bucket.gc_organisations_bucket.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}

aws/lambda-api/secrets_manager.tf

@@ -68,6 +68,7 @@ FRESH_DESK_ENABLED=False
 GC_ARTICLES_API_AUTH_USERNAME=${var.manifest_gc_articles_api_auth_username}
 GC_ARTICLES_API_AUTH_PASSWORD="${var.manifest_gc_articles_api_auth_password}"
 GC_ARTICLES_API=articles.alpha.canada.ca/notification-gc-notify
+GC_ORGANISATIONS_BUCKET_NAME=notification-canada-ca-${var.env}-gc-organisations
 
 HC_EN_SERVICE_ID=c2fe9fac-2f28-40ca-b152-08ee41cd6843
 HC_FR_SERVICE_ID=