Block public S3 access

2021-06-13 13:13:29 -07:00 · 2021-06-13 13:13:29 -07:00 · 1cd1338eb5
parent 0600d3d687
commit 1cd1338eb5
1 changed files with 9 additions and 0 deletions
--- a/tf/infra.tf
+++ b/tf/infra.tf
@ -107,6 +107,15 @@ resource "aws_s3_bucket" "riju" {
  tags   = local.tags
 }

+resource "aws_s3_bucket_public_access_block" "riju" {
+  bucket = aws_s3_bucket.riju.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+
 resource "aws_s3_bucket_policy" "riju" {
  bucket = aws_s3_bucket.riju.id
  policy = data.aws_iam_policy_document.riju.json