teddylear
commented
2 years ago I can try to take a look at this if that's alright.
Open wiegandf opened 2 years ago
teddylear
commented
2 years ago I can try to take a look at this if that's alright.
gdavison
commented
2 years ago @wiegandf does the following not work? If not, that's a bug
resource "aws_s3_bucket" "b" {
bucket = "my-tf-test-bucket"
}
resource "aws_s3_bucket_ownership_controls" "b" {
bucket = aws_s3_bucket.b.bucket
rule {
object_ownership = "BucketOwnerEnforced"
}
}
wiegandf
commented
2 years ago Creating them in separate resources doesn't work when you want to enforce BucketOwnerEnforced on all new s3 buckets.
teddylear
commented
2 years ago Hey sorry haven't had time to work on this if someone else wants to.
@wiegandf One question for someone else that wants to pick this up, should there be a default value for this (or is one set by AWS?) if this is not set on bucket creation?
wiegandf
commented
2 years ago If you go to the AWS console, you can see that BucketOwnerEnforced is the default object ownership when creating s3 buckets (with ACLs disabled).
gflex
Community Note
Description
We would like to follow the best practices by AWS and disable ACL and enforce object ownership. See references below. I know that we could set it with aws_s3_bucket_ownership_controls, but this would not allow to enforce bucket creation with e.g. BucketOwnerEnforced (as described in the AWS example).
New or Affected Resource(s)
Potential Terraform Configuration
This could also be the default value when leaving acl undefined. Currently, acl is deprecated but is
privateby default.References