From de678d7a7fdcd7cd1e4153d0f97ac621b603b0f6 Mon Sep 17 00:00:00 2001
From: ashle001 <roy.d.ashley.jr@census.gov>
Date: Thu, 24 Sep 2020 08:48:27 -0400
Subject: [PATCH] add bucket policy

---
 main.tf | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/main.tf b/main.tf
index 1a1d833..485daaa 100644
--- a/main.tf
+++ b/main.tf
@@ -99,6 +99,23 @@ data "aws_iam_policy_document" "this" {
   }
 }
 
+#---
+# apply policy to bucket and public access block policy to bucket
+#---
+resource "aws_s3_bucket_policy" "policy" {
+  bucket     = aws_s3_bucket.this.bucket
+  policy     = data.aws_iam_policy_document.this.json
+  depends_on = [null_resource.policy_delay]
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket                  = aws_s3_bucket.this.id
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+
 resource "null_resource" "s3_create_wait" {
   triggers = {
     bucket = aws_s3_bucket.this.id