File tree Expand file tree Collapse file tree 1 file changed +48
-0
lines changed Expand file tree Collapse file tree 1 file changed +48
-0
lines changed Original file line number Diff line number Diff line change @@ -7,6 +7,50 @@ resource "aws_s3_bucket" "secure_bucket" {
77 }
88}
99
10+ resource "aws_s3_bucket_public_access_block" "secure_access" {
11+ bucket = . secure_bucket . id
12+
13+ block_public_acls = true
14+ block_public_policy = true
15+ ignore_public_acls = true
16+ restrict_public_buckets = true
17+ }
18+
19+ resource "aws_s3_bucket_versioning" "versioning" {
20+ bucket = . secure_bucket . id
21+
22+ versioning_configuration {
23+ status = " Enabled"
24+ }
25+ }
26+
27+ resource "aws_s3_bucket_lifecycle_configuration" "lifecycle" {
28+ bucket = . secure_bucket . id
29+
30+ rule {
31+ id = " expire-objects"
32+ status = " Enabled"
33+
34+ expiration {
35+ days = 30
36+ }
37+
38+ noncurrent_version_expiration {
39+ days = 30
40+ }
41+ }
42+ }
43+
44+ resource "aws_s3_bucket_server_side_encryption_configuration" "encryption" {
45+ bucket = . secure_bucket . id
46+
47+ rule {
48+ apply_server_side_encryption_by_default {
49+ sse_algorithm = " AES256"
50+ }
51+ }
52+ }
53+
1054resource "aws_dynamodb_table" "secure_table" {
1155 name = . table_name
1256 billing_mode = " PAY_PER_REQUEST"
@@ -17,6 +61,10 @@ resource "aws_dynamodb_table" "secure_table" {
1761 type = " S"
1862 }
1963
64+ server_side_encryption {
65+ enabled = true
66+ }
67+
2068 tags =
2169 Name = " SecureTable"
2270 Environment = " DevSecOps"
You can’t perform that action at this time.
0 commit comments