From 3df2a0591d4219033b6744f4959bdcb936d4301d Mon Sep 17 00:00:00 2001 From: Vahor Date: Mon, 25 Dec 2023 20:26:20 +0100 Subject: [PATCH] fix: add files.pedaki.fr to main policy --- aws/policies/pulumi.json | 1 + src/aws/resources/files-bucket.ts | 10 +++++++++- src/aws/resources/static-bucket.ts | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/aws/policies/pulumi.json b/aws/policies/pulumi.json index 32c0712..8c61e8a 100644 --- a/aws/policies/pulumi.json +++ b/aws/policies/pulumi.json @@ -13,6 +13,7 @@ "s3:DeleteBucketPolicy" ], "Resource": [ + "arn:aws:s3:::files.pedaki.fr", "arn:aws:s3:::static.pedaki.fr" ] }, diff --git a/src/aws/resources/files-bucket.ts b/src/aws/resources/files-bucket.ts index 3ed7f90..068411f 100644 --- a/src/aws/resources/files-bucket.ts +++ b/src/aws/resources/files-bucket.ts @@ -8,6 +8,14 @@ export const createFilesBucket = () => { acl: 'private', }); + const publicAccessBlock = new aws.s3.BucketPublicAccessBlock('publicAccessBlock', { + bucket: bucket.id, + blockPublicAcls: true, + blockPublicPolicy: true, + ignorePublicAcls: true, + restrictPublicBuckets: true, + }); + const record = new cloudflare.Record('files.pedaki.fr', { name: 'files', type: 'CNAME', @@ -15,6 +23,6 @@ export const createFilesBucket = () => { zoneId: env.CLOUDFLARE_ZONE_ID, proxied: true, ttl: 1, // TTL must be set to 1 when proxied is true - comment: `Automatically created by Pulumi`, + comment: `pulumi (infrastructure repo)`, }); }; diff --git a/src/aws/resources/static-bucket.ts b/src/aws/resources/static-bucket.ts index 87bb8d0..cd8c231 100644 --- a/src/aws/resources/static-bucket.ts +++ b/src/aws/resources/static-bucket.ts @@ -43,6 +43,6 @@ export const createStaticBucket = () => { zoneId: env.CLOUDFLARE_ZONE_ID, proxied: true, ttl: 1, // TTL must be set to 1 when proxied is true - comment: `Automatically created by Pulumi`, + comment: `pulumi (infrastructure repo)`, }); };