Security/drop invalid headers

[pdnt]

Set up the Application load balancer to drop invalid headers. Also change deprecated arguments.

• Invalid headers being passed through to the target of the load balance may exploit vulnerabilities. By adding the argument drop_invalid_header_fields with a value of "true", anything that does not conform to well known, defined headers will be removed by the load balancer.
• Create a aws_s3_bucket_server_side_encryption_configuration resource to replace the deprecated argument server_side_encryption_configuration in the s3.tf module.
• Change the deprecated argument from 'vpc' to 'domain' in the nat.tf module.

Type of change

• Bug fix (fixes an issue)
• New feature (adds functionality)
• Infrastructure change

Related story in Pivotal

Story name

Checklists

Development

• Validated working in a test VPC.
• CHANGELOG.md has been updated.
• README.md has been updated with the new version; variables and outputs has been added/updated if needed.

Code review

• This pull request has a descriptive title and information useful to a reviewer. There may be a screenshot or screencast attached.
• Reviews have been requested.
• Changes have been reviewed and accepted by at least one other engineer.
• CHANGELOG.md as well as variables, alarms, and readmes have been reviewed by the PM.
• The Pivotal story has a link to this pull request.