| 1234567891011121314151617181920212223242526272829 |
- /*
- Configuration of S3 bucket for certs and replay
- storage. Uses server side encryption to secure
- session replays and SSL certificates.
- */
- // S3 bucket for cluster storage
- resource "aws_s3_bucket" "storage" {
- bucket = "${var.instance_name}-${var.environment}"
- acl = "private"
- force_destroy = var.instance_termination_protection ? false : true # reverse of termination protection, destroy if no termination protection
- server_side_encryption_configuration {
- rule {
- apply_server_side_encryption_by_default {
- kms_master_key_id = aws_kms_key.s3.arn
- sse_algorithm = "aws:kms"
- }
- }
- }
- }
- resource "aws_s3_bucket_public_access_block" "awsconfig_bucket_block_public_access" {
- block_public_acls = true
- block_public_policy = true
- bucket = aws_s3_bucket.storage.id
- ignore_public_acls = true
- restrict_public_buckets = true
- }
|
