Error: error creating S3 bucket ACL for bucket-name: AccessControlListNotSupported: The bucket does not allow ACLs

[mattiasnixell]

Bug report

New "terraform state" deployments fail on "aws_s3_bucket_acl". I am 95% sure this is related to the new S3 defaults in AWS this month. Here are suggested changes for Terraform: hashicorp/terraform-provider-aws#28353

They suggest removing "aws_s3_bucket_acl" as the new ACL default is private or adding "aws_s3_bucket_ownership_controls" that must be set to "BucketOwnerPreferred" before private ACL may be applied.

Steps to reproduce

Apply a fresh terraform init module:

module "terraform-init" {
  source  = "telia-oss/terraform-init/aws"
  version = "4.0.2"
  name_prefix = "<unique name here>"
}

Terraform version

$ terraform version

Terraform v1.4.5
on linux_amd64
+ provider registry.terraform.io/hashicorp/aws v4.64.0

[mattiasnixell]

I cloned the repo locally and added "aws_s3_bucket_ownership_controls" as suggested in the terraform issue. However, that does not work... I added a comment about this in the mentioned issue: hashicorp/terraform-provider-aws#28353 (comment)

Removing the "aws_s3_bucket_acl" seems to work better for new S3 buckets. However, that might break old terraform states (?). AWS mentions the old buckets are not affected by new defaults. So, I'm hopeful they can fix this issue in the terraform provider.

[mattiasnixell]

Ignore my previous comment! I made a copy-paste error and now it works. I'll open a pull request with the suggested change soon.

[rickardl]

This is resolved in 4.X.0