apigw-lambda-dynamodb-terraform: Use aws_s3_bucket_public_access_block instead of aws_s3_bucket_acl

kakakakakku · kakakakakku · commit 3437871c13d6 · 2025-08-13T20:24:05.000+09:00
diff --git a/apigw-lambda-dynamodb-terraform/main.tf b/apigw-lambda-dynamodb-terraform/main.tf
@@ -56,9 +56,13 @@ resource "aws_s3_bucket" "lambda_bucket" {
   force_destroy = true
 }
 
-resource "aws_s3_bucket_acl" "private_bucket" {
+resource "aws_s3_bucket_public_access_block" "private_bucket" {
   bucket = aws_s3_bucket.lambda_bucket.id
-  acl    = "private"
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
 }
 
 data "archive_file" "lambda_zip" {

Original file line number	Diff line number	Diff line change
`@@ -56,9 +56,13 @@ resource "aws_s3_bucket" "lambda_bucket" {`
`56`	`56`	`force_destroy = true`
`57`	`57`	`}`
`58`	`58`
`59`		`-resource "aws_s3_bucket_acl" "private_bucket" {`
	`59`	`+resource "aws_s3_bucket_public_access_block" "private_bucket" {`
`60`	`60`	`bucket = aws_s3_bucket.lambda_bucket.id`
`61`		`- acl = "private"`
	`61`	`+`
	`62`	`+ block_public_acls = true`
	`63`	`+ block_public_policy = true`
	`64`	`+ ignore_public_acls = true`
	`65`	`+ restrict_public_buckets = true`
`62`	`66`	`}`
`63`	`67`
`64`	`68`	`data "archive_file" "lambda_zip" {`