Merge pull request #53 from trussworks/public-access-block

Public access block
trussworks · Jul 1, 2021 · 94b41c8 · 94b41c8
2 parents ef3a0f6 + 0f656e1
commit 94b41c8
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -62,6 +62,7 @@ module "bootstrap" {
 | <a name="input_bucket_purpose"></a> [bucket\_purpose](#input\_bucket\_purpose) | Name to identify the bucket's purpose | `string` | `"tf-state"` | no |
 | <a name="input_dynamodb_table_name"></a> [dynamodb\_table\_name](#input\_dynamodb\_table\_name) | Name of the DynamoDB Table for locking Terraform state. | `string` | `"terraform-state-lock"` | no |
 | <a name="input_dynamodb_table_tags"></a> [dynamodb\_table\_tags](#input\_dynamodb\_table\_tags) | Tags of the DynamoDB Table for locking Terraform state. | `map(string)` | <pre>{<br>  "Automation": "Terraform",<br>  "Name": "terraform-state-lock"<br>}</pre> | no |
+| <a name="input_enable_s3_public_access_block"></a> [enable\_s3\_public\_access\_block](#input\_enable\_s3\_public\_access\_block) | Bool for toggling whether the s3 public access block resource should be enabled. | `bool` | `true` | no |
 | <a name="input_log_bucket_versioning"></a> [log\_bucket\_versioning](#input\_log\_bucket\_versioning) | Bool for toggling versioning for log bucket | `bool` | `false` | no |
 | <a name="input_log_name"></a> [log\_name](#input\_log\_name) | Log name (for backwards compatibility this can be modified to logs) | `string` | `"log"` | no |
 | <a name="input_log_retention"></a> [log\_retention](#input\_log\_retention) | Log retention of access logs of state bucket. | `number` | `90` | no |

diff --git a/main.tf b/main.tf
@@ -20,7 +20,8 @@ module "terraform_state_bucket" {
 
   use_account_alias_prefix = false
 
-  tags = var.state_bucket_tags
+  enable_s3_public_access_block = var.enable_s3_public_access_block
+  tags                          = var.state_bucket_tags
 }
 
 #

diff --git a/variables.tf b/variables.tf
@@ -52,3 +52,9 @@ variable "state_bucket_tags" {
   default     = { Automation : "Terraform" }
   description = "Tags to associate with the bucket storing the Terraform state files"
 }
+
+variable "enable_s3_public_access_block" {
+  description = "Bool for toggling whether the s3 public access block resource should be enabled."
+  type        = bool
+  default     = true
+}