block public access to cloudtrail bucket

zoitech · Jan 3, 2019 · 2b8f9a1 · 2b8f9a1
1 parent c8dcdff
commit 2b8f9a1
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 2 deletions.
diff --git a/changelog.md b/changelog.md
@@ -7,7 +7,7 @@ BACKWARDS INCOMPATIBILITIES / NOTES:
 * n.a.
 
 IMPROVEMENTS:
-* n.a.
+* Add Public Access Block for Cloudtrail S3 Bucket
 
 BUG FIXES:
 * n.a.

diff --git a/provider.tf b/provider.tf
@@ -1,4 +1,4 @@
 provider "aws" {
   region  = "${var.aws_region}"
-  version = "~> 1.6"
+  version = "~> 1.54"
 }
diff --git a/s3_cloudtrail.tf b/s3_cloudtrail.tf
@@ -37,3 +37,12 @@ resource "aws_s3_bucket" "cloudtrail_bucket" {
 }
 EOF
 }
+
+resource "aws_s3_bucket_public_access_block" "cloudtrail_bucket" {
+  bucket                  = "${aws_s3_bucket.cloudtrail_bucket.id}"
+  count                   = "${var.trail_bucketname_create}"
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -7,7 +7,7 @@ BACKWARDS INCOMPATIBILITIES / NOTES: @@
     * n.a.
     IMPROVEMENTS:
-    * n.a.
+    * Add Public Access Block for Cloudtrail S3 Bucket
     BUG FIXES:
     * n.a.
@@ Expand Down @@