Merge branch 'main' into bugfix/eja-eli-388-enable-audit-logging-by-adding-permissions

Author: eddalmond1

infrastructure/stacks/api-layer/s3_buckets.tf

@@ -16,3 +16,8 @@ module "s3_audit_bucket" {
   stack_name             = local.stack_name
   workspace              = terraform.workspace
 }
+
+resource "aws_s3_account_public_access_block" "block_public_access" {
+  block_public_acls   = true
+  block_public_policy = true
+}

infrastructure/stacks/iams-developer-roles/github_actions_policies.tf

@@ -164,6 +164,14 @@ resource "aws_iam_policy" "s3_management" {
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-truststore-access-logs",
           "arn:aws:s3:::*eligibility-signposting-api-${var.environment}-truststore-access-logs/*",
         ]
+      },
+      {
+        Effect = "Allow",
+        Action = [
+          "s3:GetAccountPublicAccessBlock",
+          "s3:PutAccountPublicAccessBlock"
+        ],
+        Resource = "*"
       }
     ]
   })