force all restrictions for public access

uolter · uolter · commit 33b1e2497781 · 2022-06-23T10:40:11.000+02:00
diff --git a/README.md b/README.md
@@ -1,16 +1,23 @@
-# Project Name
-Template useful to create a AWS terraform projects
+## Requirements
 
+No requirements.
 
-## Howo to use this template
+## Providers
 
-1. Create your git repository starting form this template.
-2. Configure your aws cli and set the [credentials settings](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html). Also refer the conflunece page to work with [AWS SSO](https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/466846955/AWS+-+Users+groups+and+roles#SSO-with-GSuite).
-3. The __src/init__ directory contains the terraform code to setup the S3 backend and Dynamodb lock table
-4. The __src/azuredevops__ direcory containes the terraform code to setup the azure devops project aming to run the IAC pipeline with the code defined in this repository.
-5. The __src/main__ directory cointains the terraform code aming to setup the infrastructure.
+No providers.
 
+## Modules
 
-## Referencees
+No modules.
 
-* [Confluence page](https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/467894592/AWS+Setup+new+project) 
+## Resources
+
+No resources.
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.
diff --git a/src/init/main.tf b/src/init/main.tf
@@ -40,6 +40,14 @@ resource "aws_s3_bucket_acl" "terraform_states" {
   acl    = "private"
 }
 
+resource "aws_s3_bucket_public_access_block" "terraform_states" {
+  bucket                  = aws_s3_bucket.terraform_states.id
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+
 resource "aws_s3_bucket_versioning" "terraform_states" {
   bucket = aws_s3_bucket.terraform_states.id
   versioning_configuration {
