Skip to content

Commit f2b5284

Browse files
nitrocodenitrocode
authored
feat: add var.source_ip_allow_list_s3_objects
1 parent 7abc181 commit f2b5284

File tree

1 file changed

+8
-1
lines changed

1 file changed

+8
-1
lines changed

variables.tf

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -420,7 +420,14 @@ variable "privileged_principal_actions" {
420420
variable "source_ip_allow_list" {
421421
type = list(string)
422422
default = []
423-
description = "List of IP addresses to allow to perform all actions to the bucket"
423+
description = "List of IP addresses to allow to perform all actions to the bucket. Add a CICD IP or VPN IP here or the bucket is a risk of getting locked out. To only deny s3 object access by IP, see `var.source_ip_allow_list_s3_objects`."
424+
nullable = false
425+
}
426+
427+
variable "source_ip_allow_list_s3_objects" {
428+
type = list(string)
429+
default = []
430+
description = "List of IP addresses to allow to perform all s3 object actions to the bucket"
424431
nullable = false
425432
}
426433

0 commit comments

Comments
 (0)