Merge pull request #339 from Hestia-Homes/retrofit-assessmet-api

blocking public access
2026-06-08 11:17:27 +00:00 · 2024-09-09 13:24:41 +01:00 · 2024-09-09 13:24:41 +01:00 · 3f195caa9a
commit 3f195caa9a
parent f6fb2edeab adc8f1a104
1 changed files with 9 additions and 1 deletions
--- a/infrastructure/terraform/modules/s3_presignable_bucket/main.tf
+++ b/infrastructure/terraform/modules/s3_presignable_bucket/main.tf
@ -6,7 +6,7 @@ resource "aws_s3_bucket" "bucket" {
    allowed_headers = ["Content-Type", "Authorization"]
    allowed_methods = ["PUT"]
    allowed_origins = var.allowed_origins
-    expose_headers  = ["ETag"]
+    expose_headers = ["ETag"]
    max_age_seconds = 3000
  }

@ -73,3 +73,11 @@ resource "aws_iam_user_policy" "presign_frontend_user_policy" {
 }
 EOF
 }
+
+resource "aws_s3_bucket_public_access_block" "block_public" {
+  bucket                  = aws_s3_bucket.bucket.id
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}