From 1cd1338eb59390f79a853877948cd903fc70acd9 Mon Sep 17 00:00:00 2001
From: Radon Rosborough <radon.neon@gmail.com>
Date: Sun, 13 Jun 2021 13:13:29 -0700
Subject: [PATCH] Block public S3 access

---
 tf/infra.tf | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/tf/infra.tf b/tf/infra.tf
index 7513ed8..bf81128 100644
--- a/tf/infra.tf
+++ b/tf/infra.tf
@@ -107,6 +107,15 @@ resource "aws_s3_bucket" "riju" {
   tags   = local.tags
 }
 
+resource "aws_s3_bucket_public_access_block" "riju" {
+  bucket = aws_s3_bucket.riju.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+
 resource "aws_s3_bucket_policy" "riju" {
   bucket = aws_s3_bucket.riju.id
   policy = data.aws_iam_policy_document.riju.json