backend: Update S3 bucket configuration and add public access block

author: Saumit <justsaumit@protonmail.com> 2025-09-28 04:14:10 +0530
committer: Saumit <justsaumit@protonmail.com> 2025-09-28 04:14:10 +0530
commit: 44b0d2d9dea535d5580d78ae4a5082732639e2bf (patch)
tree: aa43fa10be6e3fa3348683cc0c866d8876af00d1 /astroshop-terraform/backend.tf
parent: 912405a8f3f6b831b9abcf6e16a9372160e7ce32 (diff)
1 files changed, 14 insertions, 3 deletions
diff --git a/astroshop-terraform/backend.tf b/astroshop-terraform/backend.tf
index 88e6e36..d962b6b 100644
--- a/astroshop-terraform/backend.tf
+++ b/astroshop-terraform/backend.tf
@@ -19,9 +19,20 @@ resource "aws_s3_bucket_versioning" "terraform_state" {
 resource "aws_s3_bucket_server_side_encryption_configuration" "terraform_state" {
   bucket = aws_s3_bucket.terraform_state.id
 
-  rule {
-    apply_server_side_encryption_by_default {
-      sse_algorithm = "AES256"
+  server_side_encryption_configuration {
+    rule {
+      apply_server_side_encryption_by_default {
+        sse_algorithm = "AES256"
+      }
     }
   }
+}
+
+resource "aws_s3_bucket_public_access_block" "terraform_state" {
+  bucket = aws_s3_bucket.terraform_state.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
 }
 \ No newline at end of file
author	Saumit <justsaumit@protonmail.com>	2025-09-28 04:14:10 +0530
committer	Saumit <justsaumit@protonmail.com>	2025-09-28 04:14:10 +0530
commit	44b0d2d9dea535d5580d78ae4a5082732639e2bf (patch)
tree	aa43fa10be6e3fa3348683cc0c866d8876af00d1 /astroshop-terraform/backend.tf
parent	912405a8f3f6b831b9abcf6e16a9372160e7ce32 (diff)