xpk/terraform.aws-baseline-infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

UPD: added AllowSSLRequestsOnly bucket policy statement

Browse Source
This commit is contained in:
xpk 2023-03-25 12:36:54 +08:00
parent d2ddc8dcf1
commit 9ecb677dde
Signed by: xpk
GPG Key ID: CD4FF6793F09AB86
1 changed files with 25 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
modules/terraform-setup/main.tf
View File

@ -86,13 +86,25 @@ resource "aws_s3_bucket_policy" "bucket-policy" {
"Effect": "Allow", "Effect": "Allow",
"Resource": [ "Resource": [
"arn:aws:s3:::${var.bucket-name}/*", "arn:aws:s3:::${var.bucket-name}/*",
"arn:aws:s3:::${var.bucket-name}-tfstate" "arn:aws:s3:::${var.bucket-name}"
], ],
"Principal": { "Principal": {
"AWS": [ "AWS": [
"arn:aws:iam::${data.aws_caller_identity.this.account_id}:root" "arn:aws:iam::${data.aws_caller_identity.this.account_id}:root"
] ]
} }
},
{
"Sid": "AllowSSLRequestsOnly",
"Action": "s3:*",
"Effect": "Deny",
"Resource": "arn:aws:s3:::${var.bucket-name}/*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
},
"Principal": "*"
} }
] ]
} }
@ -116,4 +128,4 @@ resource "aws_dynamodb_table" "tfstate-lock-table" {
} }
} }
data aws_caller_identity this {} data "aws_caller_identity" "this" {}