feature: added ability to set the attributes block_public_acls and ig…

main.tf

@@ -334,9 +334,9 @@ resource "aws_s3_bucket_public_access_block" "origin" {
   block_public_policy     = var.block_origin_public_access_enabled
   restrict_public_buckets = var.block_origin_public_access_enabled
 
-  # Always block ACL access. We're using policies instead
-  block_public_acls  = true
-  ignore_public_acls = true
+  # We block ACL access by default and use policies instead
+  block_public_acls  = var.block_public_acls
+  ignore_public_acls = var.ignore_public_acls
 }
 
 resource "aws_s3_bucket_ownership_controls" "origin" {

variables.tf

@@ -526,6 +526,18 @@ variable "block_origin_public_access_enabled" {
   description = "When set to 'true' the s3 origin bucket will have public access block enabled"
 }
 
+variable "block_public_acls" {
+  type = bool
+  default = true
+  description = "When set to 'false' s3 origin bucket allows public_acls"
+}
+
+variable "ignore_public_acls" {
+  type = bool
+  default = true
+  description = "When set to 'false' s3 origin bucket considers public_acls"
+}
+
 variable "s3_access_logging_enabled" {
   type        = bool
   default     = null