From 7217dcf3bb953fc5e41b8a12615da1d61d926065 Mon Sep 17 00:00:00 2001
From: lauren_tb <lauren.taylor-brown@justice.gov.uk>
Date: Wed, 15 May 2024 15:40:56 +0100
Subject: [PATCH 1/2] Added resource to block public access to firehose bucket

---
 Makefile                             | 6 ++++++
 modules/kinesis_firehose_xsiam/s3.tf | 9 +++++++++
 2 files changed, 15 insertions(+)

diff --git a/Makefile b/Makefile
index 7181945..d9269b1 100644
--- a/Makefile
+++ b/Makefile
@@ -118,6 +118,12 @@ apply: ## terraform apply
 	$(DOCKER_RUN) /bin/bash -c "./scripts/publish_terraform_outputs.sh"
 	$(DOCKER_RUN) /bin/bash -c "./scripts/cloudwatch_log_retention_policies.sh"
 
+.PHONY: target-apply
+target-apply: ## terraform apply
+	$(DOCKER_RUN) /bin/bash -c "terraform apply -target=module.kinesis_firehose_xsiam.aws_s3_bucket_public_access_block.xsiam_firehose_bucket_block_public_access"
+	$(DOCKER_RUN) /bin/bash -c "./scripts/publish_terraform_outputs.sh"
+	$(DOCKER_RUN) /bin/bash -c "./scripts/cloudwatch_log_retention_policies.sh"
+
 .PHONY: state-list
 state-list: ## terraform state list
 	$(DOCKER_RUN) /bin/bash -c "terraform state list"
diff --git a/modules/kinesis_firehose_xsiam/s3.tf b/modules/kinesis_firehose_xsiam/s3.tf
index 86ab6ab..f30a502 100644
--- a/modules/kinesis_firehose_xsiam/s3.tf
+++ b/modules/kinesis_firehose_xsiam/s3.tf
@@ -2,3 +2,12 @@ resource "aws_s3_bucket" "xsiam_firehose_bucket" {
   bucket = "xsiam-firehose-${var.prefix}"
   tags   = var.tags
 }
+
+resource "aws_s3_bucket_public_access_block" "xsiam_firehose_bucket_block_public_access" {
+  bucket = aws_s3_bucket.xsiam_firehose_bucket.bucket
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}

From e9ea65c564d747b49d34c1b97e4425b21aa552dd Mon Sep 17 00:00:00 2001
From: lauren_tb <lauren.taylor-brown@justice.gov.uk>
Date: Wed, 15 May 2024 15:43:23 +0100
Subject: [PATCH 2/2] removed make option locally

---
 Makefile | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/Makefile b/Makefile
index d9269b1..7181945 100644
--- a/Makefile
+++ b/Makefile
@@ -118,12 +118,6 @@ apply: ## terraform apply
 	$(DOCKER_RUN) /bin/bash -c "./scripts/publish_terraform_outputs.sh"
 	$(DOCKER_RUN) /bin/bash -c "./scripts/cloudwatch_log_retention_policies.sh"
 
-.PHONY: target-apply
-target-apply: ## terraform apply
-	$(DOCKER_RUN) /bin/bash -c "terraform apply -target=module.kinesis_firehose_xsiam.aws_s3_bucket_public_access_block.xsiam_firehose_bucket_block_public_access"
-	$(DOCKER_RUN) /bin/bash -c "./scripts/publish_terraform_outputs.sh"
-	$(DOCKER_RUN) /bin/bash -c "./scripts/cloudwatch_log_retention_policies.sh"
-
 .PHONY: state-list
 state-list: ## terraform state list
 	$(DOCKER_RUN) /bin/bash -c "terraform state list"