Block all public access to S3 backend

ahamez · web-flow · commit 07d96f9136b5 · 2021-02-27T16:44:16.000+01:00
As recommended by AWS (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html)
diff --git a/chapter6/part1_s3backend/main.tf b/chapter6/part1_s3backend/main.tf
@@ -64,6 +64,15 @@ resource "aws_s3_bucket" "s3_bucket" {
   }
 }
 
+resource "aws_s3_bucket_public_access_block" "s3_bucket" {
+  bucket = aws_s3_bucket.s3_bucket.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+
 resource "aws_dynamodb_table" "dynamodb_table" {
   name         = "${local.namespace}-state-lock"
   hash_key     = "LockID"
@@ -75,4 +84,4 @@ resource "aws_dynamodb_table" "dynamodb_table" {
   tags = {
     ResourceGroup = local.namespace
   }
-}
+}
