Manages S3 account-level Public Access Block configuration. For more information about these settings, see the AWS S3 Block Public Access documentation.
resource "aws_s3_account_public_access_block" "example" {
block_public_acls = true
block_public_policy = true
}
This resource supports the following arguments:
account_id
- (Optional) AWS account ID to configure. Defaults to automatically determined account ID of the Terraform AWS provider.block_public_acls
- (Optional) Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to false
. Enabling this setting does not affect existing policies or ACLs. When set to true
causes the following behavior:
block_public_policy
- (Optional) Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to false
. Enabling this setting does not affect existing bucket policies. When set to true
causes Amazon S3 to:
ignore_public_acls
- (Optional) Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to false
. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set to true
causes Amazon S3 to:
restrict_public_buckets
- (Optional) Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to false
. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to true
:
This resource exports the following attributes in addition to the arguments above:
id
- AWS account IDIn Terraform v1.5.0 and later, use an import
block to import aws_s3_account_public_access_block
using the AWS account ID. For example:
import {
to = aws_s3_account_public_access_block.example
id = "123456789012"
}
Using terraform import
, import aws_s3_account_public_access_block
using the AWS account ID. For example:
% terraform import aws_s3_account_public_access_block.example 123456789012