Starting in April 2023, Amazon S3 will introduce two new default bucket security settings by automatically enabling S3 Block Public Access and disabling S3 access control lists (ACLs) for all new S3 buckets. Once complete, these defaults will apply to all new buckets regardless of how they are created, including AWS CLI, APIs, SDKs, and AWS CloudFormation.
This AWS change results in the error AccessControlListNotSupported: The bucket does not allow ACLs when creating a new EKS environment.
Special notes for the reviewer(s)
This change replaces the use of _aws_s3_bucketacl resource with the _aws_s3_bucketownership resource. The rule for the ownership is BucketOwnerEnforced.
In the event ACL is still the preferred bucket permission type, you can set a new variable enable_acl=true.
The tests were limited and run using both the Vault and AWS Secret Manager cluster config. The cluster environments created the S3 buckets without issue. Only the Vault configuration created additional folders under the bucket.
Description
Starting in April 2023, Amazon S3 will introduce two new default bucket security settings by automatically enabling S3 Block Public Access and disabling S3 access control lists (ACLs) for all new S3 buckets. Once complete, these defaults will apply to all new buckets regardless of how they are created, including AWS CLI, APIs, SDKs, and AWS CloudFormation.
This AWS change results in the error AccessControlListNotSupported: The bucket does not allow ACLs when creating a new EKS environment.
Special notes for the reviewer(s)
This change replaces the use of _aws_s3_bucketacl resource with the _aws_s3_bucketownership resource. The rule for the ownership is BucketOwnerEnforced.
In the event ACL is still the preferred bucket permission type, you can set a new variable
enable_acl=true.The tests were limited and run using both the Vault and AWS Secret Manager cluster config. The cluster environments created the S3 buckets without issue. Only the Vault configuration created additional folders under the bucket.
Which issue this PR fixes
fixes #8572
Release notes