balltrev
commented
1 year ago Hey @somesh-1696, we're unable to reproduce this deployment failure in our test environment. I would recommend you work with AWS Premium Support to further deep dive the deployment failure in your environment.
Describe the bug Starting in April 2023, Amazon S3 will introduce two new default bucket security settings by automatically enabling S3 Block Public Access and disabling S3 access control lists (ACLs) for all new S3 buckets[1].
This change is making the S3 bucket provisioned by the CfCT template present in the github link[2] to be created with "Object Ownership" set to “Bucket owner enforced” instead of "ObjectWriter".
Due to this, the CfCT template is failing with the below error:
==========================
Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting (
==========================
Logical Id of the Resource - "CustomControlTowerS3AccessLogsBucket"
References: [1] https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-s3-automatically-enable-block-public-access-disable-access-control-lists-buckets-april-2023/
[2] https://github.com/aws-solutions/aws-control-tower-customizations/blob/main/customizations-for-aws-control-tower.template
To Reproduce Deploy the CfCT template[2] in the eu-north-1 region
Expected behavior
Expected behavior is that the Cloudformation stack should be created successfully.
Please complete the following information about the solution:
To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "(SO0089) - customizations-for-aws-control-tower Solution. Version: v1.0.0". You can also find the version from releases
Screenshots If applicable, add screenshots to help explain your problem (please DO NOT include sensitive information).
Additional context Add any other context about the problem here.