Merge pull request #3 from companieshouse/implementation

Initial implementation improvements

Author: marcransome

.gitignore

@@ -0,0 +1,10 @@
+# Mac files
+.DS_Store
+._*
+
+# Terraform local state
+.terraform
+
+# Local Terraform workspace data
+terraform.tfstate.backup
+terraform.tfstate.d

groups/storage/s3.tf

@@ -30,3 +30,20 @@ resource "aws_s3_bucket_policy" "data" {
   bucket = aws_s3_bucket.data.id
   policy = data.aws_iam_policy_document.bucket.json
 }
+
+resource "aws_s3_bucket_public_access_block" "data" {
+  bucket = aws_s3_bucket.data.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_ownership_controls" "data" {
+  bucket = aws_s3_bucket.data.id
+
+  rule {
+    object_ownership = "BucketOwnerEnforced"
+  }
+}