Skip to content

Commit 6ece05c

Browse files
amontalbanamontalban
authored
feat: Add S3 bucket public access block (#5)
1 parent fb896ab commit 6ece05c

File tree

2 files changed

+26
-3
lines changed

2 files changed

+26
-3
lines changed

main.tf

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,20 @@ resource "aws_s3_bucket_policy" "lb_logs_access_policy" {
4242
policy = data.aws_iam_policy_document.lb_logs_access_policy_document.json
4343
}
4444

45+
#------------------------------------------------------------------------------
46+
# S3 bucket block public access
47+
#------------------------------------------------------------------------------
48+
resource "aws_s3_bucket_public_access_block" "lb_logs_block_public_access" {
49+
count = var.block_s3_bucket_public_access ? 1 : 0
50+
51+
bucket = aws_s3_bucket.logs.id
52+
53+
block_public_acls = true
54+
block_public_policy = true
55+
ignore_public_acls = true
56+
restrict_public_buckets = true
57+
}
58+
4559
#------------------------------------------------------------------------------
4660
# APPLICATION LOAD BALANCER
4761
#------------------------------------------------------------------------------

variables.tf

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,15 @@ variable "vpc_id" {
1212
description = "ID of the VPC"
1313
}
1414

15+
#------------------------------------------------------------------------------
16+
# S3 bucket
17+
#------------------------------------------------------------------------------
18+
variable "block_s3_bucket_public_access" {
19+
description = "(Optional) If true, public access to the S3 bucket will be blocked."
20+
type = bool
21+
default = false
22+
}
23+
1524
#------------------------------------------------------------------------------
1625
# APPLICATION LOAD BALANCER
1726
#------------------------------------------------------------------------------
@@ -78,7 +87,7 @@ variable "ip_address_type" {
7887
#------------------------------------------------------------------------------
7988
variable "http_ports" {
8089
description = "Map containing objects with two fields, listener_port and the target_group_port to redirect HTTP requests"
81-
type = map
90+
type = map(any)
8291
default = {
8392
default_http = {
8493
listener_port = 80
@@ -89,7 +98,7 @@ variable "http_ports" {
8998

9099
variable "https_ports" {
91100
description = "Map containing objects with two fields, listener_port and the target_group_port to redirect HTTPS requests"
92-
type = map
101+
type = map(any)
93102
default = {
94103
default_http = {
95104
listener_port = 443
@@ -213,6 +222,6 @@ variable "default_certificate_arn" {
213222

214223
variable "additional_certificates_arn_for_https_listeners" {
215224
description = "(Optional) List of SSL server certificate ARNs for HTTPS listener. Use it if you need to set additional certificates besides default_certificate_arn"
216-
type = list
225+
type = list(any)
217226
default = []
218227
}

0 commit comments

Comments
 (0)