How to solve error while creating s3 bucket AccessControlListNotSupported: The bucket does not allow ACLs

In this article, I'll show you how to troubleshoot errors in Terraform development and why they occurred.

 

Problem situation

When I applied the terraform code that was working fine to create a new one on a new AWS account, I got the following error

│ Error: error creating S3 bucket ACL for my-bucket-name: AccessControlListNotSupported: The bucket does not allow ACLs
│       status code: 400, request id: RBBQ62G6ETK0W26H, host id: EiX8mjNR6D~~~~~~~~~~oVUohQZpeLX8=
│ 
│   with aws_s3_bucket_acl.codepipeline_bucket_acl,
│   on s3.tf line 5, in resource "aws_s3_bucket_acl" "codepipeline_bucket_acl":
│    5: resource "aws_s3_bucket_acl" "codepipeline_bucket_acl" {

 

Why the problem occurred

Starting in April 2023, Amazon S3 will introduce two new default bucket security settings by automatically enabling S3 Block Public Access and disabling S3 access control lists (ACLs) for all new S3 buckets.

As a result,

• aws_s3_bucket
• aws_s3_bucket_acl
• aws_s3_bucket_ownership_controls
• aws_s3_bucket_public_access_block

has changed its specification.

 

 

Solution

 

Existing Configuration

resource "aws_s3_bucket" "example" {
  bucket = "my-tf-test-bucket"
}

resource "aws_s3_bucket_acl" "example" {
  bucket = aws_s3_bucket.example.id
  acl    = "private"
}

 

Alternative Configuration

resource "aws_s3_bucket" "example" {
  bucket = "my-tf-test-bucket"
}

resource "aws_s3_bucket_ownership_controls" "example" {
  bucket = aws_s3_bucket.example.id
  rule {
    object_ownership = "BucketOwnerPreferred"
  }
}

resource "aws_s3_bucket_acl" "example" {
  depends_on = [aws_s3_bucket_ownership_controls.example]

  bucket = aws_s3_bucket.example.id
  acl    = "private"
}

 

 

 

Sources

https://github.com/hashicorp/terraform-provider-aws/issues/28353

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket

 

Error: creating Amazon S3 (Simple Storage) Bucket (my-bucket): InvalidBucketAclWithObjectOwnership: Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting

This error also has a solution in the github issues link above.