S3 module upgrade fails with AccessControlListNotSupported when bucket_ownership is set to BucketOwnerEnforced
Hello, I am currently upgrading my S3 modules to v.0.95.1. In this version, it is shown in the plan that it wishes to create an acl: ``` # module.s3_bucket_primary.aws_s3_bucket_acl.bucket[0] will be created + resource "aws_s3_bucket_acl" "bucket" { + acl = "private" + bucket = "xxx" + id = (known after apply) + access_control_policy { + grant { + permission = (known after apply) + grantee { + display_name = (known after apply) + email_address = (known after apply) + id = (known after apply) + type = (known after apply) + uri = (known after apply) } } + owner { + display_name = (known after apply) + id = (known after apply) } } } ``` However, upon apply I am recieving the error: `Error: error creating S3 bucket ACL for xxx: AccessControlListNotSupported: The bucket does not allow ACLs.` This is probably because we have set: `bucket_ownership = "BucketOwnerEnforced"` Is there a way for me to not create this acl by default when bucket ownership is set to BucketOwnerEnforced? --- <ins datetime="2023-03-01T16:00:08Z"> <p><a href="https://support.gruntwork.io/hc/requests/109942">Tracked in ticket #109942</a></p> </ins>
Hi [sewmiuraj](https://github.com/sewmiuraj), it seems that the child module [`private-s3-bucket`](https://github.com/gruntwork-io/terraform-aws-security/tree/main/modules/private-s3-bucket) has a [`var.acl`](https://github.com/gruntwork-io/terraform-aws-security/blob/fc70a8a7025e545f59b491515de5a963240efbea/modules/private-s3-bucket/variables.tf#L15) variable that can be set to `null`. This variable doesn't seem to be exposed in the service catalog yet. I'll see if I have the time to spin a PR to address this, but you could also try, in the meantime, modifying the module to pass acl as null.