From 44b0d2d9dea535d5580d78ae4a5082732639e2bf Mon Sep 17 00:00:00 2001
From: Saumit <justsaumit@protonmail.com>
Date: Sun, 28 Sep 2025 04:14:10 +0530
Subject: backend: Update S3 bucket configuration and add public access block

---
 astroshop-terraform/backend.tf | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

(limited to 'astroshop-terraform/backend.tf')

diff --git a/astroshop-terraform/backend.tf b/astroshop-terraform/backend.tf
index 88e6e36..d962b6b 100644
--- a/astroshop-terraform/backend.tf
+++ b/astroshop-terraform/backend.tf
@@ -19,9 +19,20 @@ resource "aws_s3_bucket_versioning" "terraform_state" {
 resource "aws_s3_bucket_server_side_encryption_configuration" "terraform_state" {
   bucket = aws_s3_bucket.terraform_state.id
 
-  rule {
-    apply_server_side_encryption_by_default {
-      sse_algorithm = "AES256"
+  server_side_encryption_configuration {
+    rule {
+      apply_server_side_encryption_by_default {
+        sse_algorithm = "AES256"
+      }
     }
   }
+}
+
+resource "aws_s3_bucket_public_access_block" "terraform_state" {
+  bucket = aws_s3_bucket.terraform_state.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
 }
\ No newline at end of file
-- 
cgit v1.2.3