» Resource: aws_s3_bucket_public_access_block
Manages S3 bucket-level Public Access Block configuration. For more information about these settings, see the AWS S3 Block Public Access documentation.
» Example Usage
resource "aws_s3_bucket" "example" {
bucket = "example"
}
resource "aws_s3_bucket_public_access_block" "example" {
bucket = "${aws_s3_bucket.bucket.id}"
block_public_acls = true
block_public_policy = true
}
» Argument Reference
The following arguments are supported:
-
bucket
- (Required) S3 Bucket to which this Public Access Block configuration should be applied. -
block_public_acls
- (Optional) Whether Amazon S3 should block public ACLs for this bucket. Defaults tofalse
. Enabling this setting does not affect existing policies or ACLs. When set totrue
causes the following behavior:- PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.
- PUT Object calls will fail if the request includes an object ACL.
-
block_public_policy
- (Optional) Whether Amazon S3 should block public bucket policies for this bucket. Defaults tofalse
. Enabling this setting does not affect the existing bucket policy. When set totrue
causes Amazon S3 to:- Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
-
ignore_public_acls
- (Optional) Whether Amazon S3 should ignore public ACLs for this bucket. Defaults tofalse
. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set totrue
causes Amazon S3 to:- Ignore public ACLs on this bucket and any objects that it contains.
-
restrict_public_buckets
- (Optional) Whether Amazon S3 should restrict public bucket policies for this bucket. Defaults tofalse
. Enabling this setting does not affect the previously stored bucket policy, except that public and cross-account access within the public bucket policy, including non-public delegation to specific accounts, is blocked. When set totrue
:- Only the bucket owner and AWS Services can access this buckets if it has a public policy.
» Attribute Reference
In addition to all arguments above, the following attributes are exported:
-
id
- Name of the S3 bucket the configuration is attached to
» Import
aws_s3_bucket_public_access_block
can be imported by using the bucket name, e.g.
$ terraform import aws_s3_bucket_public_access_block.example my-bucket