From 44b0d2d9dea535d5580d78ae4a5082732639e2bf Mon Sep 17 00:00:00 2001
From: Saumit <justsaumit@protonmail.com>
Date: Sun, 28 Sep 2025 04:14:10 +0530
Subject: backend: Update S3 bucket configuration and add public access block

---
 astroshop-terraform/backend.tf            | 17 ++++++++++++++---
 astroshop-terraform/modules/vpc/README.md |  4 ++--
 astroshop-terraform/modules/vpc/main.tf   |  3 ++-
 3 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/astroshop-terraform/backend.tf b/astroshop-terraform/backend.tf
index 88e6e36..d962b6b 100644
--- a/astroshop-terraform/backend.tf
+++ b/astroshop-terraform/backend.tf
@@ -19,9 +19,20 @@ resource "aws_s3_bucket_versioning" "terraform_state" {
 resource "aws_s3_bucket_server_side_encryption_configuration" "terraform_state" {
   bucket = aws_s3_bucket.terraform_state.id
 
-  rule {
-    apply_server_side_encryption_by_default {
-      sse_algorithm = "AES256"
+  server_side_encryption_configuration {
+    rule {
+      apply_server_side_encryption_by_default {
+        sse_algorithm = "AES256"
+      }
     }
   }
+}
+
+resource "aws_s3_bucket_public_access_block" "terraform_state" {
+  bucket = aws_s3_bucket.terraform_state.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
 }
\ No newline at end of file
diff --git a/astroshop-terraform/modules/vpc/README.md b/astroshop-terraform/modules/vpc/README.md
index bac9af0..7c30b17 100644
--- a/astroshop-terraform/modules/vpc/README.md
+++ b/astroshop-terraform/modules/vpc/README.md
@@ -207,8 +207,8 @@ Private Subnets (3):
 
 ```
 ┌────────────────────────────────────────────────────────────┐
-│                      INTERNET                               │
-└───────────────────────┬──────────────────────────────────────┘
+│                      INTERNET                              │
+└───────────────────────┬────────────────────────────────────┘
                         │
                    IGW (Internet Gateway)
                         │
diff --git a/astroshop-terraform/modules/vpc/main.tf b/astroshop-terraform/modules/vpc/main.tf
index 3694588..5e11a2c 100644
--- a/astroshop-terraform/modules/vpc/main.tf
+++ b/astroshop-terraform/modules/vpc/main.tf
@@ -4,7 +4,8 @@ resource "aws_vpc" "main" {
   enable_dns_hostnames = true
 
   tags = {
-    Name = "${var.cluster_name}-vpc"
+    Name                                        = "${var.cluster_name}-vpc"
+    "kubernetes.io/cluster/${var.cluster_name}" = "shared"
   }
 }
 
-- 
cgit v1.2.3