Open
Description
Describe the bug
When attempting to apply the secure-baseline to a newly-created account, I'm getting the following errors:
Error: error creating S3 bucket ACL for <prefix>-audit-logs-access-logs: AccessControlListNotSupported: The bucket does not allow ACLs
│ status code: 400, request id: <redacted>, host id: <redacted>
│
│ with module.secure_baseline.module.audit_log_bucket[0].aws_s3_bucket_acl.access_log,
│ on .terraform/modules/secure_baseline/modules/secure-bucket/main.tf line 28, in resource "aws_s3_bucket_acl" "access_log":
│ 28: resource "aws_s3_bucket_acl" "access_log" {
│
╵
╷
│ Error: error creating S3 bucket ACL for <prefix>-audit-logs: AccessControlListNotSupported: The bucket does not allow ACLs
│ status code: 400, request id: <redacted>, host id: <redacted>
│
│ with module.secure_baseline.module.audit_log_bucket[0].aws_s3_bucket_acl.content,
│ on .terraform/modules/secure_baseline/modules/secure-bucket/main.tf line 89, in resource "aws_s3_bucket_acl" "content":
│ 89: resource "aws_s3_bucket_acl" "content" {
Versions
- Terraform: v1.4.5
- Provider: v4.64.0
- Module: 2.1.0
Reproduction
Apply secure-baseline to a new account, or at least in an account where it needs to create a new S3 bucket. It may currently be region-specific (I ran it in ap-southeast-2), but eventually it'll soon be happening with any new S3 bucket, due to the changes to new bucket defaults.
Expected behavior
No terraform errors.
Actual behavior
Error as described above.
Additional context
Manually jiggering the bucket settings to enable ACLs allows a re-run of the terraform config to succeed.