Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add BucketOwnerPreferred ownership controls to buckets w/ aws_s3_bucket_acl resources #170

Merged
merged 3 commits into from
Apr 19, 2023
Merged

add BucketOwnerPreferred ownership controls to buckets w/ aws_s3_bucket_acl resources #170

merged 3 commits into from
Apr 19, 2023

Conversation

bleachbyte
Copy link
Member

As announced by AWS, Amazon S3 is disabling S3 access control lists (ACLs) for all new S3 buckets. As a result, using the aws_s3_bucket_acl resource to create an ACL for a bucket -- one which does not already have ownership controls in place -- will fail, unless bucket ownership has already been configured:

│ Error: error creating S3 bucket ACL for <BUCKET-NAME-HERE>: AccessControlListNotSupported: The bucket does not allow ACLs
│ 
│   with aws_s3_bucket_acl.example_bucket,
│   on s3.tf line 8, in resource "aws_s3_bucket_acl" "example_bucket":
│    8: resource "aws_s3_bucket_acl" "example_bucket" {

Per the recommendation in the Terraform AWS Provider, this PR adds an aws_s3_bucket_ownership_controls resource (set to BucketOwnerPreferred) for every bucket in this repo that also has an aws_s3_bucket_acl resource, and waits until the ownership controls have been set (via depends_on) before creating the ACL.

pauldoomgov
pauldoomgov approved these changes Apr 19, 2023
View reviewed changes
Copy link
Member

@pauldoomgov pauldoomgov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bleachbyte bleachbyte merged commit 53fd480 into main Apr 19, 2023
@bleachbyte bleachbyte deleted the jp/who-owns-the-acls branch April 19, 2023 14:24
@akrito akrito restored the jp/who-owns-the-acls branch September 13, 2023 18:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pauldoomgov pauldoomgov pauldoomgov approved these changes

@akrito akrito Awaiting requested review from akrito

@ConnorPMcCarthy ConnorPMcCarthy Awaiting requested review from ConnorPMcCarthy

@henrydrichardson henrydrichardson Awaiting requested review from henrydrichardson

@jgrevich jgrevich Awaiting requested review from jgrevich

@mww59 mww59 Awaiting requested review from mww59

@p3ch3n p3ch3n Awaiting requested review from p3ch3n

@ryan-brown-sb ryan-brown-sb Awaiting requested review from ryan-brown-sb

@stephencshelton stephencshelton Awaiting requested review from stephencshelton

@sujana09 sujana09 Awaiting requested review from sujana09

@timothy-spencer timothy-spencer Awaiting requested review from timothy-spencer

@vchugh vchugh Awaiting requested review from vchugh

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bleachbyte @pauldoomgov