allow public access policy to be optional for security purposes.

kentik · Jun 6, 2024 · fba7f5d · fba7f5d
1 parent db1d2c4
commit fba7f5d
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/cloud_AWS/terraform/module/s3.tf b/cloud_AWS/terraform/module/s3.tf
@@ -30,7 +30,7 @@ resource "aws_s3_bucket_ownership_controls" "ownership" {
 }
 
 resource "aws_s3_bucket_public_access_block" "vpc_logs" {
-  count                   = (var.s3_use_one_bucket == false ? length(var.vpc_id_list) : 1)
+  count                   = (var.s3_use_one_bucket == false && var.s3.s3_apply_public_policy == true ? length(var.vpc_id_list) : (var.s3_use_one_bucket == true && var.s3.s3_apply_public_policy == true : 1 : 0))
   bucket                  = aws_s3_bucket.vpc_logs[count.index].id
   block_public_acls       = true
   block_public_policy     = true

diff --git a/cloud_AWS/terraform/module/variables.tf b/cloud_AWS/terraform/module/variables.tf
@@ -39,6 +39,12 @@ variable "s3_delete_nonempty_buckets" {
   default     = false
 }
 
+variable "s3_apply_public_policy" {
+  description = "Only apply if set to true"
+  type        = bool
+  default     = true
+}
+
 variable "iam_role_prefix" {
   description = "Prefix to use with IAM roles"
   type        = string