Open mvandenburgh opened 8 months ago
As of April 2023, S3 disables ACLs on new buckets by default - https://aws.amazon.com/about-aws/whats-new/2023/04/amazon-s3-security-best-practices-buckets-default/. This means that a terraform apply on a new project will always fail when attempting to create the aws_s3_bucket_acl resource in the storage module.
terraform apply
aws_s3_bucket_acl
storage
Here's the error trace:
Error: creating S3 Bucket (test-app-storage) ACL: operation error S3: PutBucketAcl, https response error StatusCode: 400, RequestID: ..., HostID: ..., api error AccessControlListNotSupported: The bucket does not allow ACLs with module.django.module.storage.aws_s3_bucket_acl.storage on .terraform/modules/django/modules/storage/main.tf line 5, in resource "aws_s3_bucket_acl" "storage": resource "aws_s3_bucket_acl" "storage" {
I'm not sure what the best path forward would be for this Terraform module, but AWS does provide some guidance if one wants to keep ACLs enabled for new buckets - https://docs.aws.amazon.com/AmazonS3/latest/userguide/ensure-object-ownership.html. Terraform code for creating a BucketOwnerPreferred ownership policy can be found in the docs for the s3_bucket_ownership_controls resource - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls.
BucketOwnerPreferred
s3_bucket_ownership_controls
As of April 2023, S3 disables ACLs on new buckets by default - https://aws.amazon.com/about-aws/whats-new/2023/04/amazon-s3-security-best-practices-buckets-default/. This means that a
terraform apply
on a new project will always fail when attempting to create theaws_s3_bucket_acl
resource in thestorage
module.Here's the error trace:
I'm not sure what the best path forward would be for this Terraform module, but AWS does provide some guidance if one wants to keep ACLs enabled for new buckets - https://docs.aws.amazon.com/AmazonS3/latest/userguide/ensure-object-ownership.html. Terraform code for creating a
BucketOwnerPreferred
ownership policy can be found in the docs for thes3_bucket_ownership_controls
resource - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls.