resource "aws_s3_bucket" "bucket" {
  bucket = "${var.bucketname}"
  acl    = "private"

  #  cors_rule {
  #    allowed_headers = ["Content-Type", "Authorization"]
  #    allowed_methods = ["PUT"]
  #    allowed_origins = var.allowed_origins
  #    expose_headers  = ["ETag"]
  #    max_age_seconds = 3000
  #  }

  server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        sse_algorithm = "AES256"
      }
    }
  }

  lifecycle {
    prevent_destroy = true
  }
}

resource "aws_s3_bucket_public_access_block" "block_public" {
  bucket                  = aws_s3_bucket.bucket.id
  block_public_acls       = true
  block_public_policy     = true
  ignore_public_acls      = true
  restrict_public_buckets = true
}