feat(ENG_1103): disable s3 public access (#586)

2026-03-10 08:11:21 +00:00 · 2022-02-07 15:01:40 +01:00
parent 65be37693f
commit 21bbdbbf14
2 changed files with 14 additions and 0 deletions
--- a/lib/aws/bootstrap/helm-loki.j2.tf
+++ b/lib/aws/bootstrap/helm-loki.j2.tf
@@ -64,4 +64,11 @@ resource "aws_s3_bucket" "loki_bucket" {
      "Name" = "Applications logs"
    }
  )
+}
+
+resource "aws_s3_bucket_public_access_block" "loki_access" {
+  bucket = aws_s3_bucket.loki_bucket.id
+
+  ignore_public_acls = true
+  restrict_public_buckets  = true
 }
--- a/lib/aws/bootstrap/s3-qovery-buckets.tf
+++ b/lib/aws/bootstrap/s3-qovery-buckets.tf
@@ -33,3 +33,10 @@ resource "aws_kms_key" "s3_kubeconfig_kms_encryption" {
    }
  )
 }
+
+resource "aws_s3_bucket_public_access_block" "kubeconfigs_access" {
+  bucket = aws_s3_bucket.kubeconfigs_bucket.id
+
+  ignore_public_acls = true
+  restrict_public_buckets  = true
+}