Merge pull request #340 from Hestia-Homes/main

Blocking public access to presign buckets

infrastructure/terraform/modules/s3_presignable_bucket/main.tf

@@ -6,7 +6,7 @@ resource "aws_s3_bucket" "bucket" {
     allowed_headers = ["Content-Type", "Authorization"]
     allowed_methods = ["PUT"]
     allowed_origins = var.allowed_origins
-    expose_headers  = ["ETag"]
+    expose_headers = ["ETag"]
     max_age_seconds = 3000
   }
 
@@ -73,3 +73,11 @@ resource "aws_iam_user_policy" "presign_frontend_user_policy" {
 }
 EOF
 }
+
+resource "aws_s3_bucket_public_access_block" "block_public" {
+  bucket                  = aws_s3_bucket.bucket.id
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}