From f3b5145e6acb28aa9d951f9e24db3110884755b1 Mon Sep 17 00:00:00 2001
From: Matthias Fuhrmeister <mfuhrmeister@3dfxatwork.de>
Date: Mon, 18 Mar 2024 19:45:21 +0100
Subject: [PATCH] BucketOwnerEnforced s3 buckets cant have an acl (#301)

Co-authored-by: Erik Osterman (CEO @ Cloud Posse) <erik@cloudposse.com>
---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index a658b492..301b0613 100644
--- a/main.tf
+++ b/main.tf
@@ -318,7 +318,7 @@ resource "aws_s3_bucket_cors_configuration" "origin" {
 
 resource "aws_s3_bucket_acl" "origin" {
   depends_on = [aws_s3_bucket_ownership_controls.origin]
-  count      = local.create_s3_origin_bucket ? 1 : 0
+  count      = local.create_s3_origin_bucket && var.s3_object_ownership != "BucketOwnerEnforced" ? 1 : 0
 
   bucket = one(aws_s3_bucket.origin).id
   acl    = "private"