Created S3 buckets should block public access - Githubissues

airbnb / binaryalert

BinaryAlert: Serverless, Real-time & Retroactive Malware Detection.

https://binaryalert.io

Apache License 2.0

1.41k stars 187 forks source link

Created S3 buckets should block public access #171

Open jdheyburn opened 4 years ago

jdheyburn commented 4 years ago

Background

It is a best practice to block public access to S3 buckets. The module currently creates a number of S3 buckets publicly.

Desired Change

Something akin to the below. Perhaps it should be enabled by default, where a variable is provided to disable it if need be.

resource "aws_s3_bucket_public_access_block" "block_binaryalert_bucket" {
  bucket                  = BUCKET_IDs
  restrict_public_buckets = true
  block_public_acls       = true
  block_public_policy     = true
  ignore_public_acls      = true
}