Skip to content

Commit 8535b4d

Browse files
jacklearyjackleary
committed
NRL-1188 Public access block added
1 parent b90b97c commit 8535b4d

File tree

1 file changed

+27
-0
lines changed
  • terraform/account-wide-infrastructure/modules/glue

1 file changed

+27
-0
lines changed

terraform/account-wide-infrastructure/modules/glue/s3.tf

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,17 +3,44 @@ resource "aws_s3_bucket" "source-data-bucket" {
33
bucket = "source-data-bucket"
44
}
55

6+
resource "aws_s3_bucket_public_access_block" "source-data-bucket-public-access-block" {
7+
bucket = aws_s3_bucket.source-data-bucket.id
8+
9+
block_public_acls = true
10+
block_public_policy = true
11+
ignore_public_acls = true
12+
restrict_public_buckets = true
13+
}
14+
15+
616
# S3 Bucket for Processed Data
717
resource "aws_s3_bucket" "target-data-bucket" {
818
bucket = "target-data-bucket"
919
}
1020

21+
resource "aws_s3_bucket_public_access_block" "target-data-bucket-public-access-block" {
22+
bucket = aws_s3_bucket.target-data-bucket.id
23+
24+
block_public_acls = true
25+
block_public_policy = true
26+
ignore_public_acls = true
27+
restrict_public_buckets = true
28+
}
1129

1230
# S3 Bucket for Code
1331
resource "aws_s3_bucket" "code-bucket" {
1432
bucket = "code-bucket"
1533
}
1634

35+
resource "aws_s3_bucket_public_access_block" "code-bucket-public-access-block" {
36+
bucket = aws_s3_bucket.code-bucket.id
37+
38+
block_public_acls = true
39+
block_public_policy = true
40+
ignore_public_acls = true
41+
restrict_public_buckets = true
42+
}
43+
1744
resource "aws_s3_bucket_object" "code-data-object" {
1845
bucket = aws_s3_bucket.code-bucket.bucket
1946
key = "main.py"

0 commit comments

Comments
 (0)