New S3 default policy breaks creation of S3 bucket #53
Labels
bug
🐛 An issue with the system
Comments
|
Form what I have experimented so far...., changing a setting so that I can set s3_object_ownership to "BucketOwnerPreferred" has a okay workaround....
in that, in the 1st TF run, I still run into this, but if I ran TF apply again a 2nd time, then everything gets applied and set.
I think it might have something to deal with how the cloudposse/s3-log-storage/aws module sets up the ACL.... |
|
Isn't the default for the s3_object_ownership input variable already BucketOwnerPreferred? |
|
This has been fixed in the upstream terraform-aws-s3-bucket and will be fixed in the next release of this module. |
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It would seem that Amazon is pushing S3 bucket defaults that's breaking the module.
https://aws.amazon.com/about-aws/whats-new/2023/04/amazon-s3-two-security-best-practices-buckets-default/
Unfortunately, this means that, with the combination of default settings, the s3 bucket doesn't create as it appears that the default policy that it sets in is incompatible with the bucket policy that is trying to put in.
I'm going to try to workaround this buy actually getting the module and tweaking the settings of the downstream s3 module to allow ACLs to see if it works.
The text was updated successfully, but these errors were encountered: