Updated bucket access

terraform/development/spa/destroy/bucket.tf

@@ -6,8 +6,29 @@ resource "aws_s3_bucket" "bucketdev" {
   }
 }
 
+resource "aws_s3_bucket_ownership_controls" "bucketdev" {
+  bucket = aws_s3_bucket.bucketdev.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
+resource "aws_s3_bucket_public_access_block" "bucketdev" {
+  bucket = aws_s3_bucket.bucketdev.id
+
+  block_public_acls       = false
+  block_public_policy     = false
+  ignore_public_acls      = false
+  restrict_public_buckets = false
+}
+
 resource "aws_s3_bucket_acl" "bucketdev" {
-  bucket = var.aws_bucket_name
+  depends_on = [
+    aws_s3_bucket_ownership_controls.bucketdev,
+    aws_s3_bucket_public_access_block.bucketdev,
+  ]
+
+  bucket = aws_s3_bucket.bucketdev.id
   acl    = "public-read"
 }
 

terraform/development/spa/remote/bucket.tf

@@ -5,8 +5,29 @@ resource "aws_s3_bucket" "bucketdev" {
   }
 }
 
+resource "aws_s3_bucket_ownership_controls" "bucketdev" {
+  bucket = aws_s3_bucket.bucketdev.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
+resource "aws_s3_bucket_public_access_block" "bucketdev" {
+  bucket = aws_s3_bucket.bucketdev.id
+
+  block_public_acls       = false
+  block_public_policy     = false
+  ignore_public_acls      = false
+  restrict_public_buckets = false
+}
+
 resource "aws_s3_bucket_acl" "bucketdev" {
-  bucket = var.aws_bucket_name
+  depends_on = [
+    aws_s3_bucket_ownership_controls.bucketdev,
+    aws_s3_bucket_public_access_block.bucketdev,
+  ]
+
+  bucket = aws_s3_bucket.bucketdev.id
   acl    = "public-read"
 }
 

terraform/production/spa/create/bucket.tf

@@ -5,8 +5,29 @@ resource "aws_s3_bucket" "bucketprd" {
   }
 }
 
-resource "aws_s3_bucket_acl" "bucketdev" {
-  bucket = var.aws_bucket_name
+resource "aws_s3_bucket_ownership_controls" "bucketprd" {
+  bucket = aws_s3_bucket.bucketprd.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
+resource "aws_s3_bucket_public_access_block" "bucketprd" {
+  bucket = aws_s3_bucket.bucketprd.id
+
+  block_public_acls       = false
+  block_public_policy     = false
+  ignore_public_acls      = false
+  restrict_public_buckets = false
+}
+
+resource "aws_s3_bucket_acl" "bucketprd" {
+  depends_on = [
+    aws_s3_bucket_ownership_controls.bucketprd,
+    aws_s3_bucket_public_access_block.bucketprd,
+  ]
+
+  bucket = aws_s3_bucket.bucketprd.id
   acl    = "public-read"
 }
 

terraform/production/spa/destroy/bucket.tf

@@ -6,8 +6,29 @@ resource "aws_s3_bucket" "bucketprd" {
   }
 }
 
-resource "aws_s3_bucket_acl" "bucketdev" {
-  bucket = var.aws_bucket_name
+resource "aws_s3_bucket_ownership_controls" "bucketprd" {
+  bucket = aws_s3_bucket.bucketprd.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
+resource "aws_s3_bucket_public_access_block" "bucketprd" {
+  bucket = aws_s3_bucket.bucketprd.id
+
+  block_public_acls       = false
+  block_public_policy     = false
+  ignore_public_acls      = false
+  restrict_public_buckets = false
+}
+
+resource "aws_s3_bucket_acl" "bucketprd" {
+  depends_on = [
+    aws_s3_bucket_ownership_controls.bucketprd,
+    aws_s3_bucket_public_access_block.bucketprd,
+  ]
+
+  bucket = aws_s3_bucket.bucketprd.id
   acl    = "public-read"
 }
 

terraform/production/spa/remote/bucket.tf

@@ -5,8 +5,29 @@ resource "aws_s3_bucket" "bucketprd" {
   }
 }
 
-resource "aws_s3_bucket_acl" "bucketdev" {
-  bucket = var.aws_bucket_name
+resource "aws_s3_bucket_ownership_controls" "bucketprd" {
+  bucket = aws_s3_bucket.bucketprd.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
+resource "aws_s3_bucket_public_access_block" "bucketprd" {
+  bucket = aws_s3_bucket.bucketprd.id
+
+  block_public_acls       = false
+  block_public_policy     = false
+  ignore_public_acls      = false
+  restrict_public_buckets = false
+}
+
+resource "aws_s3_bucket_acl" "bucketprd" {
+  depends_on = [
+    aws_s3_bucket_ownership_controls.bucketprd,
+    aws_s3_bucket_public_access_block.bucketprd,
+  ]
+
+  bucket = aws_s3_bucket.bucketprd.id
   acl    = "public-read"
 }
 

terraform/staging/spa/create/bucket.tf

@@ -5,19 +5,32 @@ resource "aws_s3_bucket" "bucketstg" {
   }
 }
 
-resource "aws_s3_bucket_acl" "bucket_stg" {
-  bucket = var.aws_bucket_name
-  acl    = "private"
-  depends_on = [aws_s3_bucket_ownership_controls.bucket_stg]
-}
-
-resource "aws_s3_bucket_ownership_controls" "bucket_stg" {
-  bucket =  var.aws_bucket_name
+resource "aws_s3_bucket_ownership_controls" "bucketstg" {
+  bucket = aws_s3_bucket.bucketstg.id
   rule {
-    object_ownership = "ObjectWriter"
+    object_ownership = "BucketOwnerPreferred"
   }
 }
 
+resource "aws_s3_bucket_public_access_block" "bucketstg" {
+  bucket = aws_s3_bucket.bucketstg.id
+
+  block_public_acls       = false
+  block_public_policy     = false
+  ignore_public_acls      = false
+  restrict_public_buckets = false
+}
+
+resource "aws_s3_bucket_acl" "bucketstg" {
+  depends_on = [
+    aws_s3_bucket_ownership_controls.bucketstg,
+    aws_s3_bucket_public_access_block.bucketstg,
+  ]
+
+  bucket = aws_s3_bucket.bucketstg.id
+  acl    = "public-read"
+}
+
 # resource "aws_s3_bucket_lifecycle_configuration" "bucketstg" {
 #   bucket = var.aws_bucket_name
 #   rule {

terraform/staging/spa/destroy/bucket.tf

@@ -6,19 +6,32 @@ resource "aws_s3_bucket" "bucketstg" {
   }
 }
 
-resource "aws_s3_bucket_acl" "bucket_stg" {
-  bucket = var.aws_bucket_name
-  acl    = "private"
-  depends_on = [aws_s3_bucket_ownership_controls.bucket_stg]
-}
-
-resource "aws_s3_bucket_ownership_controls" "bucket_stg" {
-  bucket =  var.aws_bucket_name
+resource "aws_s3_bucket_ownership_controls" "bucketstg" {
+  bucket = aws_s3_bucket.bucketstg.id
   rule {
-    object_ownership = "ObjectWriter"
+    object_ownership = "BucketOwnerPreferred"
   }
 }
 
+resource "aws_s3_bucket_public_access_block" "bucketstg" {
+  bucket = aws_s3_bucket.bucketstg.id
+
+  block_public_acls       = false
+  block_public_policy     = false
+  ignore_public_acls      = false
+  restrict_public_buckets = false
+}
+
+resource "aws_s3_bucket_acl" "bucketstg" {
+  depends_on = [
+    aws_s3_bucket_ownership_controls.bucketstg,
+    aws_s3_bucket_public_access_block.bucketstg,
+  ]
+
+  bucket = aws_s3_bucket.bucketstg.id
+  acl    = "public-read"
+}
+
 # resource "aws_s3_bucket_lifecycle_configuration" "bucketstg" {
 #   bucket = aws_s3_bucket.bucketstg.id
 #   rule {

terraform/staging/spa/remote/bucket.tf

@@ -5,19 +5,32 @@ resource "aws_s3_bucket" "bucketstg" {
   }
 }
 
-resource "aws_s3_bucket_acl" "bucket_stg" {
-  bucket = var.aws_bucket_name
-  acl    = "private"
-  depends_on = [aws_s3_bucket_ownership_controls.bucket_stg]
-}
-
-resource "aws_s3_bucket_ownership_controls" "bucket_stg" {
-  bucket =  var.aws_bucket_name
+resource "aws_s3_bucket_ownership_controls" "bucketstg" {
+  bucket = aws_s3_bucket.bucketstg.id
   rule {
-    object_ownership = "ObjectWriter"
+    object_ownership = "BucketOwnerPreferred"
   }
 }
 
+resource "aws_s3_bucket_public_access_block" "bucketstg" {
+  bucket = aws_s3_bucket.bucketstg.id
+
+  block_public_acls       = false
+  block_public_policy     = false
+  ignore_public_acls      = false
+  restrict_public_buckets = false
+}
+
+resource "aws_s3_bucket_acl" "bucketstg" {
+  depends_on = [
+    aws_s3_bucket_ownership_controls.bucketstg,
+    aws_s3_bucket_public_access_block.bucketstg,
+  ]
+
+  bucket = aws_s3_bucket.bucketstg.id
+  acl    = "public-read"
+}
+
 # resource "aws_s3_bucket_lifecycle_configuration" "bucketstg" {
 #   bucket = aws_s3_bucket.bucketstg.id
 #   rule {