search

cloudposse / terraform-aws-cloudfront-cdn

Terraform Module that implements a CloudFront Distribution (CDN) for a custom origin.
https://cloudposse.com/accelerate
Apache License 2.0
99 stars 121 forks source link

Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting #96

Open danfsd opened 1 year ago

danfsd commented 1 year ago

Found a bug? Maybe our Slack Community can help.

Slack Community

Describe the Bug

Cannot create a new Cloudfront CDN using this module, the apply command fails with the following error:

Error: creating Amazon S3 (Simple Storage) Bucket (***): InvalidBucketAclWithObjectOwnership: Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting

Expected Behavior

terragrunt apply command should not fail with that error.

Steps to Reproduce

Steps to reproduce the behavior:

  1. Run terragrunt apply with the bare minimum inputs
  2. Receive the error message

Screenshots

If applicable, add screenshots or logs to help explain your problem.

Environment (please complete the following information):

Anything that will help us triage the bug will help. Here are some ideas:

Additional Context

From my initial research, it looks like AWS changed the default value for new S3 Buckets' ownership controls to BucketOwnerEnforced. This creates a conflict that prevents the Bucket from being created, since BucketOwnerEnforced conflicts with having an ACL defined on the Bucket.

danfsd commented 1 year ago

I have opened a PR to fix the issue on the latest version of Cloudposse's S3 Bucket module. This implicates on this module having to use the Cloudposse's latest S3 Log Storage

danfsd commented 1 year ago

The fix for this issue was merged on the s3 bucket module, but we still need to make sure this gets to S3 Log Storage either as a fix for the old version OR as a new release for the latest one. If only the latter happens, then we need to give this PR an attention to actually get rid of the issue

nameishari commented 1 year ago

The same issue happens with https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn as well.

scott-doyland-burrows commented 1 year ago

Bumping this: https://github.com/cloudposse/terraform-aws-cloudfront-cdn/blob/e6a8c2a60e80b7a3ee41cf55420d24d4b7ad9949/main.tf#L18 to 1.4.0

will fix the issue for new infrastructure (I have tested this).

According to the documentation we should be able to bump up to this new module with the minimum of fuss for existing infrastructure as well, as from 1.0.0 onwards of the terraform-aws-s3-log module it says the following:

https://github.com/cloudposse/terraform-aws-s3-log-storage/releases/tag/1.0.0

danfsd commented 1 year ago

Hey @scott-doyland-burrows, thanks for sharing that! I'll test it when able.