Resource: awsS3AccountPublicAccessBlock
Manages S3 account-level Public Access Block configuration. For more information about these settings, see the AWS S3 Block Public Access documentation.
\~> NOTE: Each AWS account may only have one S3 Public Access Block configuration. Multiple configurations of the resource against the same AWS account will cause a perpetual difference.
-> Advanced usage: To use a custom API endpoint for this Terraform resource, use the s3Control
endpoint provider configuration, not the s3
endpoint provider configuration.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.s3AccountPublicAccessBlock.S3AccountPublicAccessBlock(this, "example", {
blockPublicAcls: true,
blockPublicPolicy: true,
});
Argument Reference
The following arguments are supported:
accountId
- (Optional) AWS account ID to configure. Defaults to automatically determined account ID of the Terraform AWS provider.blockPublicAcls
- (Optional) Whether Amazon S3 should block public ACLs for buckets in this account. Defaults tofalse
. Enabling this setting does not affect existing policies or ACLs. When set totrue
causes the following behavior:- PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.
- PUT Object calls fail if the request includes a public ACL.
blockPublicPolicy
- (Optional) Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults tofalse
. Enabling this setting does not affect existing bucket policies. When set totrue
causes Amazon S3 to:- Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
ignorePublicAcls
- (Optional) Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults tofalse
. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set totrue
causes Amazon S3 to:- Ignore all public ACLs on buckets in this account and any objects that they contain.
restrictPublicBuckets
- (Optional) Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults tofalse
. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set totrue
:- Only the bucket owner and AWS Services can access buckets with public policies.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- AWS account ID
Import
awsS3AccountPublicAccessBlock
can be imported by using the AWS account ID, e.g.,