v0.26.0 Latest recommended v0 release
This is the latest recommended v0.x version to use.
If this version does not meet your needs, please switch to version 1.x, and review the release notes for v1.0.0 for guidance on the differences.
Changes in this release
Add S3 bucket ownership controls @max-lobur (#61)
what
- Set aws_s3_bucket_ownership_controls to BucketOwnerPreferred
why
- Per docs this setting will let object uploader decide ownership. If
bucket-owner-full-control
ACL is specified, the bucket account take ownership, otherwise the writer account keeps ownership. Bucket on its side may enforce presence of thebucket-owner-full-control
ACL which we already do when needed. So this setting was the only missing piece to make ownership work like we expected - I found no use cases for the other value of this resource:
ObjectWriter
. It corresponds to legacy S3 behavior which was broken for us. Decided to always set toBucketOwnerPreferred
and not allow to customize. If the owner must be preserved, we should not passbucket-owner-full-control
- this is a more clear way to control the behavior.
references
- https://aws.amazon.com/blogs/storage/enforcing-ownership-of-amazon-s3-objects-in-a-multi-account-environment/
- https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
- https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls#ObjectWriter