search

binbashar / le-tf-infra-aws

Terraform code for Leverage Reference Architecture for AWS, designed under optimal configs for the most popular modern web and mobile applications needs.
https://www.binbash.co/leverage
Apache License 2.0
26 stars 8 forks source link

Bug | restrict public access in several S3 Buckets cross-org #256

Closed exequielrafaela closed 2 years ago

exequielrafaela commented 3 years ago

What?

Why?

image

How?

Eg for shared/base-tf-backend

module "terraform_backend" {
  source = "github.com/binbashar/terraform-aws-tfstate-backend.git?ref=v1.0.15"

  #
  # Bucket Name
  #
  delimiter = "-"
  namespace = var.project
  stage     = var.environment
  name      = "terraform-backend"

  #
  # Security
  #
  acl                           = "private"
  block_public_acls             = true
  block_public_policy           = true
  restrict_public_buckets       = true
  enable_server_side_encryption = var.encrypt
  enforce_ssl_requests          = true
  ignore_public_acls            = true

  #
  # Replication
  #
  bucket_replication_enabled = true

  tags = local.tags

  providers = {
    aws.main_region      = aws.main_region
    aws.secondary_region = aws.secondary_region
  }
}

resource "aws_s3_bucket_public_access_block" "replica_s3" {
  provider                = aws.secondary_region
  bucket                  = "${var.project}-${var.environment}-terraform-backend-replica"
  block_public_acls       = true
  ignore_public_acls      = true
  block_public_policy     = true
  restrict_public_buckets = true
}
exequielrafaela commented 2 years ago

aws_s3_bucket_public_access_block already added https://github.com/binbashar/terraform-aws-tfstate-backend/blob/f8dcfaed7cd4707995c1ae5cde51dcc2ef5b7bfc/main.tf#L55

Only pending to pass the corresponding values to the module

marianod92 commented 2 years ago

Issue fixed on PR: Issue/256 s3 public access restriction #421