From f9c8a030d53603826e5d28637f3b8868211caede Mon Sep 17 00:00:00 2001
From: Vijay Dhama <vjdhama26@gmail.com>
Date: Wed, 25 Jan 2023 14:58:38 +0530
Subject: [PATCH] feat(pencil): disable public_acl for Gitlab backup s3 bucket

---
 backup.tf | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/backup.tf b/backup.tf
index 83ce09e..efb8eed 100644
--- a/backup.tf
+++ b/backup.tf
@@ -3,12 +3,17 @@ locals {
   gitlab_backup_iam_policy_name = "${local.environment_prefix}-gitlab-backup"
   gitlab_backup_iam_role_name   = "${local.environment_prefix}-gitlab-backup"
 }
+
 resource "aws_s3_bucket" "gitlab_backup" {
   count  = var.enable_gitlab_backup_to_s3 ? 1 : 0
   bucket = var.gitlab_backup_bucket_name
 
   tags = merge(local.default_tags, var.additional_tags)
 
+  aws_s3_bucket_public_access_block = {
+    block_public_acls       = true
+  }
+
   lifecycle {
     precondition {
       condition = anytrue([