s3_bucket private acl not maintained

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.

https://registry.terraform.io/providers/hashicorp/aws

Mozilla Public License 2.0

9.85k stars 9.2k forks source link

s3_bucket private acl not maintained #11971

Open schammah opened 4 years ago

schammah commented 4 years ago

Terraform Version

Terraform v0.12.20
provider.aws v2.47.0

Affected Resource(s)

aws_s3_bucket

Terraform Configuration Files

acl    = "private"

Expected Behavior

persist the acl private of s3_bucket resource reverting any public acl's

Actual Behavior

even though the s3_bucket resource is set to private acl it persists on living with public acl's open

Steps to Reproduce

create an s3_bucket resource with acl = "private"
add pubic acl's through console
rerun terraform apply on the code with acl = "private"
the acl public changes done through console aren't reverted

toadjaune commented 4 years ago

A few extra precisions :

When changing the acl in terraform and re-applying, the configuration is changed as expected.

This leads me to think that the problem is only in reading state, where the module only reasons with the information contained in tfstate, without ever refreshing it.

porjo commented 4 years ago

I have the same issue where the bucket was manually created. Terraform plan shows all the changes I expect for the bucket except the acl (I want to apply 'log-delivery-write' however it stays as 'private').

justinretzolk commented 3 years ago

Hey y'all 👋 Thank you for taking the time to file this issue, and for the additional discussion around it. Given that there's been a number of AWS provider releases since this was initially filed, can anyone confirm whether you're still experiencing this behavior?

toadjaune commented 2 years ago

I can confirm the problem is still present with version v3.72.0 of the provider

github-actions[bot] commented 1 month ago

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

toadjaune commented 2 weeks ago

Hi,

I tried reproducing the issue, but in v5.74.0, this argument is deprecated in favor of the aws_s3_bucket_acl resource.

I suppose we should probably wait for the argument to be dropped, presumably at the next major version, then close this issue.

I haven't checked if the aws_s3_bucket_acl exhibits a similar behavior, but considering that this would be a failure to synchronize its entire state (instead of just a small field, rarely used, on a gargantuan resource), this seems unlikely.