-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error creating S3 bucket ACL for $BUCKET: AccessControlListNotSupported: The bucket does not allow ACLs #223
Error creating S3 bucket ACL for $BUCKET: AccessControlListNotSupported: The bucket does not allow ACLs #223
Comments
I've run into this as well. It seems to be sourced by a change AWS announced in December for this month (April 2023) wherein S3 buckets would have ACls disabled by default (https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-s3-automatically-enable-block-public-access-disable-access-control-lists-buckets-april-2023/). If you're setting ACL to be 'private', you can probably workaround this issue by setting the ACL property to 'null' instead. If you're setting the ACL property in a useful manner (as the filer does) check the 'control_object_ownership' property, and then the affiliated 'object_ownership' setting. I think by setting 'control_object_ownership' to true (it defaults to false) you can restore expected behavior. |
In fact, we avoided this by simply removing the
Right now I changed it to this, and it's works for me:
|
Adding 'control_object_ownership' to true changed the object ownership but it did not attach the ACL to the s3 bucket. So the solution am adding to yours is just add the depends on attribute of resource "aws_s3_bucket_ownership_controls" inside the terraform aws s3 module in resource "aws_s3_bucket_acl".So now when u do a terraform apply it will give the ownership first and then attach the provided ACL also to the bucket. |
@antonbabenko Please review this error, as it is crashing major of our deployments. |
Please submit a PR with the required changes. I don't have time to come up with the fix myself. |
^^ migration guide from ACL to Policy |
We are still having issues with the module. We are on TF 1.4.5 and aws provider 4.64.0
|
u need to add control object ownership = true and object_ownership ="ObjectWriter" .Refer the examples |
You are right, thanks a lot. |
Came here for the same exact problem. For anyone else that lands here, here's the fix: control_object_ownership = true
object_ownership = "ObjectWriter" |
for buckets to store cdn/application logs use this
|
AWS disabled ACLs on buckets by default: https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-s3-automatically-enable-block-public-access-disable-access-control-lists-buckets-april-2023/ and applying results to: ``` Error creating S3 bucket ACL for $BUCKET: AccessControlListNotSupported: The bucket does not allow ACLs ``` We need to explicitly enable objects ownership to be able to set ACLs on buckets terraform-aws-modules/terraform-aws-s3-bucket#223 (comment)
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
…ws_s3_bucket_ownership_controls resource to fix terraform-aws-modules/terraform-aws-s3-bucket#223
Description
Get error
Error: error creating S3 bucket ACL for test-bucket20230419084229361100000001: AccessControlListNotSupported: The bucket does not allow ACLs
while trying creating a S3 bucket by using a bit modified code from example
Versions
Module version [Required]:
3.8.2
Terraform version:
Terraform v1.4.5
Provider version(s):
provider registry.terraform.io/hashicorp/aws v4.63.0
Reproduction Code [Required]
Steps to reproduce the behavior:
terraform init && terraform apply
Expected behavior
Bucket with attached ACL created
Actual behavior
Got error
Terminal Output Screenshot(s)
The text was updated successfully, but these errors were encountered: