Resource: awsS3BucketPublicAccessBlock
Manages S3 bucket-level Public Access Block configuration. For more information about these settings, see the AWS S3 Block Public Access documentation.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsS3BucketExample = new aws.s3Bucket.S3Bucket(this, "example", {
bucket: "example",
});
const awsS3BucketPublicAccessBlockExample =
new aws.s3BucketPublicAccessBlock.S3BucketPublicAccessBlock(
this,
"example_1",
{
blockPublicAcls: true,
blockPublicPolicy: true,
bucket: awsS3BucketExample.id,
ignorePublicAcls: true,
restrictPublicBuckets: true,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsS3BucketPublicAccessBlockExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
bucket
- (Required) S3 Bucket to which this Public Access Block configuration should be applied.blockPublicAcls
- (Optional) Whether Amazon S3 should block public ACLs for this bucket. Defaults tofalse
. Enabling this setting does not affect existing policies or ACLs. When set totrue
causes the following behavior:- PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.
- PUT Object calls will fail if the request includes an object ACL.
blockPublicPolicy
- (Optional) Whether Amazon S3 should block public bucket policies for this bucket. Defaults tofalse
. Enabling this setting does not affect the existing bucket policy. When set totrue
causes Amazon S3 to:- Reject calls to PUT Bucket policy if the specified bucket policy allows public access.
ignorePublicAcls
- (Optional) Whether Amazon S3 should ignore public ACLs for this bucket. Defaults tofalse
. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set totrue
causes Amazon S3 to:- Ignore public ACLs on this bucket and any objects that it contains.
restrictPublicBuckets
- (Optional) Whether Amazon S3 should restrict public bucket policies for this bucket. Defaults tofalse
. Enabling this setting does not affect the previously stored bucket policy, except that public and cross-account access within the public bucket policy, including non-public delegation to specific accounts, is blocked. When set totrue
:- Only the bucket owner and AWS Services can access this buckets if it has a public policy.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- Name of the S3 bucket the configuration is attached to
Import
awsS3BucketPublicAccessBlock
can be imported by using the bucket name, e.g.,