Open wiegandf opened 2 years ago
I can try to take a look at this if that's alright.
@wiegandf does the following not work? If not, that's a bug
resource "aws_s3_bucket" "b" {
bucket = "my-tf-test-bucket"
}
resource "aws_s3_bucket_ownership_controls" "b" {
bucket = aws_s3_bucket.b.bucket
rule {
object_ownership = "BucketOwnerEnforced"
}
}
Creating them in separate resources doesn't work when you want to enforce BucketOwnerEnforced on all new s3 buckets.
Hey sorry haven't had time to work on this if someone else wants to.
@wiegandf One question for someone else that wants to pick this up, should there be a default value for this (or is one set by AWS?) if this is not set on bucket creation?
If you go to the AWS console, you can see that BucketOwnerEnforced is the default object ownership when creating s3 buckets (with ACLs disabled).
Community Note
Description
We would like to follow the best practices by AWS and disable ACL and enforce object ownership. See references below. I know that we could set it with aws_s3_bucket_ownership_controls, but this would not allow to enforce bucket creation with e.g. BucketOwnerEnforced (as described in the AWS example).
New or Affected Resource(s)
Potential Terraform Configuration
This could also be the default value when leaving acl undefined. Currently, acl is deprecated but is
private
by default.References