We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 9f97bc7 commit cff34d3Copy full SHA for cff34d3
terraform/account-wide-infrastructure/mgmt/s3.tf
@@ -34,3 +34,29 @@ resource "aws_s3_bucket_versioning" "ci_data" {
34
aws_s3_bucket.ci_data
35
]
36
}
37
+
38
+resource "aws_s3_bucket_policy" "ci_data" {
39
+ bucket = aws_s3_bucket.ci_data.id
40
41
+ policy = jsonencode({
42
+ Version = "2012-10-17"
43
+ Id = "${local.prefix}--ci-data-bucket-policy"
44
+ Statement = [
45
+ {
46
+ Sid = "HTTPSOnly"
47
+ Effect = "Deny"
48
+ Principal = "*"
49
+ Action = "s3:*"
50
+ Resource = [
51
+ aws_s3_bucket.ci_data.arn,
52
+ "${aws_s3_bucket.ci_data.arn}/*",
53
+ ]
54
+ Condition = {
55
+ Bool = {
56
+ "aws:SecureTransport" = "false"
57
+ }
58
59
+ },
60
61
+ })
62
+}
0 commit comments