Fails to create AccessLoggingBucket in us-east-2

[taylorsilva]

Describe the bug Deploying the CF Stack in us-east-2 results in the following error from resources AccessLoggingBucket

Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting

To Reproduce Deploy CF template v3.2.4 in us-east-2: https://s3.amazonaws.com/solutions-reference/aws-waf-security-automations/v3.2.4/aws-waf-security-automations.template

All parameters are the default value besides these three:

ActivateAWSManagedRulesParam = yes
EndpointType = ALB
AppAccessLogBucket = (I created a bucet with default security settings, so ACL disabled) 

Expected behavior Deploys successfully; S3 bucket is created.

Please complete the following information about the solution:

• [x] Version: v3.2.4
• [x] Region: us-east-2
• [x] Was the solution modified from the version published on this repository?: no
• [x] ~If the answer to the previous question was yes, are the changes available on GitHub?~
• [x] Have you checked your service quotas for the services this solution uses?: yes, not hitting limits
• [x] Were there any errors in the CloudWatch Logs?: Same error found in the stack. No other errors.

Screenshots If applicable, add screenshots to help explain your problem (please DO NOT include sensitive information).

Additional context

In the same AWS account I was able to deploy v3.2.4 in the following regions SUCCESSFULLY:

• us-east-1
• us-west-1
• us-west-2

Other info:

• I had my AWS organization admins check for any SCP's that may affect this but they found nothing. Maybe they missed something though? Is there something they can double check?
• I'm able to create an S3 bucket in us-east-2 that has ACL's enabled manually through the web console
• I do have a ticket open with AWS but they've yet to figure anything out
• This change in the default S3 settings may be affecting this, waiting for AWS support to answer that: https://aws.amazon.com/about-aws/whats-new/2023/04/amazon-s3-two-security-best-practices-buckets-default/

[WillAWS]

Hi @taylorsilva, this issue should be fixed in the release/v3.2.5 (released yesterday)

[taylorsilva]

@WillAWS any idea when the template will be up at https://s3.amazonaws.com/solutions-reference/aws-waf-security-automations/<version>/aws-waf-security-automations.template?

Thanks again for the fast reply!

[WillAWS]

@taylorsilva The documentation is a bit behind, should release the updated docs soon. We released with an updated name here: https://solutions-reference.s3.amazonaws.com/security-automations-for-aws-waf/v3.2.5/aws-waf-security-automations.template