Merge pull request #3 from quortex/FTR_S3.8

removing public acls on bucket following S3.8 security recommendation
quortex · Sep 13, 2022 · 0f58d8c · 0f58d8c
2 parents 408f59a + 270a1ea
commit 0f58d8c
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/main.tf b/main.tf
@@ -130,6 +130,15 @@ resource "aws_s3_bucket" "access_logs" {
  tags = var.tags
 }
 
+resource "aws_s3_bucket_public_access_block" "access_logs" {
+ bucket = aws_s3_bucket.access_logs.id
+
+ block_public_acls = true
+ block_public_policy = true
+ ignore_public_acls = true
+ restrict_public_buckets = true
+}
+
 resource "aws_s3_bucket_policy" "access_logs" {
  bucket = aws_s3_bucket.access_logs.id
  policy = jsonencode({