From adc8f1a104855b497349f7989f98631a422b5da6 Mon Sep 17 00:00:00 2001
From: Khalim Conn-Kowlessar <kconnkowlessar@gmail.com>
Date: Mon, 9 Sep 2024 13:23:25 +0100
Subject: [PATCH] blocking public access

---
 .../terraform/modules/s3_presignable_bucket/main.tf    | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/infrastructure/terraform/modules/s3_presignable_bucket/main.tf b/infrastructure/terraform/modules/s3_presignable_bucket/main.tf
index e12a58bf..7f0364cf 100644
--- a/infrastructure/terraform/modules/s3_presignable_bucket/main.tf
+++ b/infrastructure/terraform/modules/s3_presignable_bucket/main.tf
@@ -6,7 +6,7 @@ resource "aws_s3_bucket" "bucket" {
     allowed_headers = ["Content-Type", "Authorization"]
     allowed_methods = ["PUT"]
     allowed_origins = var.allowed_origins
-    expose_headers  = ["ETag"]
+    expose_headers = ["ETag"]
     max_age_seconds = 3000
   }
 
@@ -73,3 +73,11 @@ resource "aws_iam_user_policy" "presign_frontend_user_policy" {
 }
 EOF
 }
+
+resource "aws_s3_bucket_public_access_block" "block_public" {
+  bucket                  = aws_s3_bucket.bucket.id
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
\ No newline at end of file