subcategory | layout | page_title | description |
---|---|---|---|
S3 (Simple Storage) |
aws |
AWS: aws_s3_bucket_public_access_block |
Manages S3 bucket-level Public Access Block Configuration |
Manages S3 bucket-level Public Access Block configuration. For more information about these settings, see the AWS S3 Block Public Access documentation.
-> This resource cannot be used with S3 directory buckets.
resource "aws_s3_bucket" "example" {
bucket = "example"
}
resource "aws_s3_bucket_public_access_block" "example" {
bucket = aws_s3_bucket.example.id
block_public_acls = true
block_public_policy = true
ignore_public_acls = true
restrict_public_buckets = true
}
This resource supports the following arguments:
bucket
- (Required) S3 Bucket to which this Public Access Block configuration should be applied.block_public_acls
- (Optional) Whether Amazon S3 should block public ACLs for this bucket. Defaults tofalse
. Enabling this setting does not affect existing policies or ACLs. When set totrue
causes the following behavior:- PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.
- PUT Object calls will fail if the request includes an object ACL.
block_public_policy
- (Optional) Whether Amazon S3 should block public bucket policies for this bucket. Defaults tofalse
. Enabling this setting does not affect the existing bucket policy. When set totrue
causes Amazon S3 to:- Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
ignore_public_acls
- (Optional) Whether Amazon S3 should ignore public ACLs for this bucket. Defaults tofalse
. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set totrue
causes Amazon S3 to:- Ignore public ACLs on this bucket and any objects that it contains.
restrict_public_buckets
- (Optional) Whether Amazon S3 should restrict public bucket policies for this bucket. Defaults tofalse
. Enabling this setting does not affect the previously stored bucket policy, except that public and cross-account access within the public bucket policy, including non-public delegation to specific accounts, is blocked. When set totrue
:- Only the bucket owner and AWS Services can access this buckets if it has a public policy.
This resource exports the following attributes in addition to the arguments above:
id
- Name of the S3 bucket the configuration is attached to
In Terraform v1.5.0 and later, use an import
block to import aws_s3_bucket_public_access_block
using the bucket name. For example:
import {
to = aws_s3_bucket_public_access_block.example
id = "my-bucket"
}
Using terraform import
, import aws_s3_bucket_public_access_block
using the bucket name. For example:
% terraform import aws_s3_bucket_public_access_block.example my-bucket