Merge pull request #16 from stakater/s3-private-access-control

Add aws_s3_bucket_public_access_block
stakater · Mar 19, 2019 · b7c2466 · b7c2466
2 parents 889252c + 91a614a
commit b7c2466
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 0 deletions.
diff --git a/modules/s3/private/main.tf b/modules/s3/private/main.tf
@@ -35,4 +35,13 @@ resource "aws_s3_bucket" "s3_bucket_private" {
     tags {
         Name = "${var.name}"
     }
+}
+
+resource "aws_s3_bucket_public_access_block" "s3_bucket_private_access_block" {
+  bucket = "${aws_s3_bucket.s3_bucket_private.id}"
+
+  block_public_acls   = "${var.block_public_acls}"
+  block_public_policy = "${var.block_public_policy}"
+  ignore_public_acls  = "${var.ignore_public_acls}"
+  restrict_public_buckets = "${var.restrict_public_buckets}"
 }
diff --git a/modules/s3/private/varaibles.tf b/modules/s3/private/varaibles.tf
@@ -34,4 +34,20 @@ variable "name" {
 
 variable "acl" {
   default = "private"
+}
+
+variable "block_public_acls" {
+  default = true
+}
+
+variable "block_public_policy" {
+  default = true
+}
+
+variable "ignore_public_acls" {
+  default = true
+}
+
+variable "restrict_public_buckets" {
+  default = true
 }