S3 Bucket creation failing after AWS disabled ACLs by default

[denis-caylent]

Describe the bug I'm trying to deploy a slightly modified version of the customizations-for-aws-control-tower.template template. There are no changes to the S3 Buckets that are failing.

I'm getting the following error when I try to deploy the template for the first time, on the resource CustomControlTowerS3AccessLogsBucket:

Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting (Service: Amazon S3; Status Code: 400; Error Code: InvalidBucketAclWithObjectOwnership

To Reproduce Deploy the CTCP template.

Expected behavior Expected the buckets to be deployed without errors.

Please complete the following information about the solution:

• [x] Version: v2.5.2
• [x] Region: ca-central-1
• [x] Was the solution modified from the version published on this repository?
• [ ] If the answer to the previous question was yes, are the changes available on GitHub?
• [ ] Have you checked your service quotas for the sevices this solution uses?
• [ ] Were there any errors in the CloudWatch Logs?

Screenshots If applicable, add screenshots to help explain your problem (please DO NOT include sensitive information).

Additional context Add any other context about the problem here.

[balltrev]

Hey @denis-caylent thanks for calling this out! We've released an update, v2.5.3, that remediates this issue.

Can you deploy this latest release and let us know if you're still experiencing this issue?

[denis-caylent]

@balltrev Thanks! Sure, I'll give it a try. Yesterday I was able to make the error go away by removing the AccessControl field from the logging bucket, but as I said, just made the error go away, I don't know if the full setup worked. I will upgrade the template today and get back here 🙌

[denis-caylent]

It's all working, thanks.