fix: Enable S3 public access blocks in CFn

The SemiStructuredDocumentsS3Bucket created in the CFn/SAM template
does not need to be accessed from outside AWS, so should enable S3
public access blocks as a best practice.

Author: athewsey

comprehend-semi-structured-documents-annotation-template.yml

@@ -53,6 +53,11 @@ Resources:
           - AllowedHeaders: []
             AllowedMethods: [GET]
             AllowedOrigins: ['*']
+      PublicAccessBlockConfiguration:
+        BlockPublicAcls: true
+        BlockPublicPolicy: true
+        IgnorePublicAcls: true
+        RestrictPublicBuckets: true
 
   SemiStructuredDocumentsS3BucketPolicy:
     Type: AWS::S3::BucketPolicy