search

Guimove / terraform-aws-bastion

Terraform module which creates SSH bastion infrastructure on AWS
https://registry.terraform.io/modules/Guimove/bastion/aws
Apache License 2.0
205 stars 186 forks source link

Error: error creating S3 bucket ACL "AccessControlListNotSupported" -Recent AWS change causing issues- #157

Open MitchIonascu opened 1 year ago

MitchIonascu commented 1 year ago

Hi there!

Please be advised that a recent change from AWS has been pushed(April 2023) and it directly regards S3 buckets: https://aws.amazon.com/blogs/aws/heads-up-amazon-s3-security-changes-are-coming-in-april-of-2023/

Buckets no longer appear to come with ACLs enabled, causing some issues with the terraform-aws-s3-bucket module.

https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/issues/223

End result is that your module also fails with the following error:

│ Error: error creating S3 bucket ACL for test-bastion: AccessControlListNotSupported: The bucket does not allow ACLs │ status code: 400, request id: 207S1Q188N2QRD5H, host id: AIFiPzdeZeZjl5VPSACBq4Rg+dadasdssda2222+7v+szpwMJKXBw= │ │ with module.bastion.module.bastion.aws_s3_bucket_acl.bucket, │ on .terraform/modules/bastion.bastion/buckets.tf line 18, in resource "aws_s3_bucket_acl" "bucket": │ 18: resource "aws_s3_bucket_acl" "bucket" { │

Love the module, by the way, thanks for all of the hard work!

umbertix commented 1 year ago

EDIT: This seems to be already been fixed on a PR that has been merged. You can ignore my comment as this is no longer relevant. Same here, seems like there is a fix for it https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/issues/223#issuecomment-1545649581

I'll take a look to see if I can open a PR for it. But in any way thx for the module.

Guimove commented 1 year ago

Hi there,

Thank you for your comment. Since the issue you reported has already been fixed and merged, you can go ahead and close the issue. I appreciate your understanding and cooperation.

If you have any further questions or need any assistance in the future, please feel free to reach out. I'm always here to help.

Thank you for your support and for using the module.

ernosix commented 1 year ago

Still running into this error

Error: putting S3 object ACL: MissingSecurityHeader: Your request was missing a required header status code: 400, request id: NTR78A0, host id: 7SQR/Km6pWsm3OK5Avu3axD19XDdE5RNbEJ== with module.bastion.aws_s3_object.bucket_public_keys_readme on .terraform/modules/bastion/main.tf line 15, in resource "aws_s3_object" "bucket_public_keys_readme":

Solved by adding:

resource "aws_s3_bucket_ownership_controls" "application_logs" {
  bucket = module.bastion.bucket_name

  rule {
    object_ownership         = "ObjectWriter"
  }
}