Update s3.tf

AlexanderWiechert · web-flow · commit 812670196416 · 2023-05-12T09:56:01.000+02:00
snyk security fixes
diff --git a/s3.tf b/s3.tf
@@ -1,7 +1,8 @@
 resource "aws_s3_bucket" "this" {
   bucket = "${var.project_name}-${var.aws_account_id}"
   
-  block_public_acls       = true
+  block_public_acls = true
+  aws_s3_bucket_public_access_block = true
 
   website {
     redirect_all_requests_to = "https://${var.target_domain}"
@@ -17,6 +18,7 @@ resource "aws_s3_bucket" "this" {
 
 resource "aws_kms_key" "this" {
   deletion_window_in_days = 10
+  enable_key_rotation = true
 }
 
 resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
@@ -36,18 +38,22 @@ resource "aws_s3_bucket_versioning" "this" {
   versioning_configuration {
     status = "Enabled"
   }
+  versioning.mfa_delete = true
 }
 
 resource "aws_s3_bucket_versioning" "log_bucket" {
   bucket = aws_s3_bucket.log_bucket.id
   versioning_configuration {
     status = "Enabled"
   }
+  versioning.mfa_delete = true
 }
 
 resource "aws_s3_bucket" "log_bucket" {
   bucket = "log_bucket"
-  block_public_acls       = true
+  block_public_acls = true
+  aws_s3_bucket_public_access_block = true
+
 }
 
 resource "aws_s3_bucket_acl" "log_bucket_acl" {

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,8 @@`
`1`	`1`	`resource "aws_s3_bucket" "this" {`
`2`	`2`	`bucket = "${var.project_name}-${var.aws_account_id}"`
`3`	`3`
`4`		`- block_public_acls = true`
	`4`	`+ block_public_acls = true`
	`5`	`+ aws_s3_bucket_public_access_block = true`
`5`	`6`
`6`	`7`	`website {`
`7`	`8`	`redirect_all_requests_to = "https://${var.target_domain}"`
`@@ -17,6 +18,7 @@ resource "aws_s3_bucket" "this" {`
`17`	`18`
`18`	`19`	`resource "aws_kms_key" "this" {`
`19`	`20`	`deletion_window_in_days = 10`
	`21`	`+ enable_key_rotation = true`
`20`	`22`	`}`
`21`	`23`
`22`	`24`	`resource "aws_s3_bucket_server_side_encryption_configuration" "this" {`
`@@ -36,18 +38,22 @@ resource "aws_s3_bucket_versioning" "this" {`
`36`	`38`	`versioning_configuration {`
`37`	`39`	`status = "Enabled"`
`38`	`40`	`}`
	`41`	`+ versioning.mfa_delete = true`
`39`	`42`	`}`
`40`	`43`
`41`	`44`	`resource "aws_s3_bucket_versioning" "log_bucket" {`
`42`	`45`	`bucket = aws_s3_bucket.log_bucket.id`
`43`	`46`	`versioning_configuration {`
`44`	`47`	`status = "Enabled"`
`45`	`48`	`}`
	`49`	`+ versioning.mfa_delete = true`
`46`	`50`	`}`
`47`	`51`
`48`	`52`	`resource "aws_s3_bucket" "log_bucket" {`
`49`	`53`	`bucket = "log_bucket"`
`50`		`- block_public_acls = true`
	`54`	`+ block_public_acls = true`
	`55`	`+ aws_s3_bucket_public_access_block = true`
	`56`	`+`
`51`	`57`	`}`
`52`	`58`
`53`	`59`	`resource "aws_s3_bucket_acl" "log_bucket_acl" {`