From e9b8156e3c4170035c67992f6a36d8aafc5b557e Mon Sep 17 00:00:00 2001 From: Jason Miller Date: Mon, 22 Mar 2021 22:35:51 -0500 Subject: [PATCH] Added a public access block for the CloudFront logging bucket. --- README.md | 5 +++++ main.tf | 9 +++++++++ 2 files changed, 14 insertions(+) diff --git a/README.md b/README.md index e294c55..2c04cd1 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,10 @@ ## Changelog +### 03/22/21 + +* Added a public access block for the CloudFront logging bucket. + ### 03/20/21 * Did a pretty massive refactoring of this module. If you used this module in the past to deploy CodePipeline stuff, DO NOT USE THIS RELEASE. @@ -77,6 +81,7 @@ No Modules. | [aws_route53_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | | [aws_route53_zone](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_zone) | | [aws_s3_bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | +| [aws_s3_bucket_public_access_block](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | | [random_password](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | | [random_uuid](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | diff --git a/main.tf b/main.tf index 9681e32..55782fe 100644 --- a/main.tf +++ b/main.tf @@ -85,6 +85,15 @@ resource "aws_s3_bucket" "site_cloudfront_logs" { acl = "private" } +resource "aws_s3_bucket_public_access_block" "cloudfront_logs_block" { + bucket = aws_s3_bucket.site_cloudfront_logs.id + + block_public_acls = true + block_public_policy = true + ignore_public_acls = true + restrict_public_buckets = true +} + # CloudFront distribution resource "aws_cloudfront_distribution" "site_cloudfront_distribution" { origin {