From d90563d4c665db8c6d032b9b882912f7bde249a0 Mon Sep 17 00:00:00 2001
From: alemairebe <1832823+alemairebe@users.noreply.github.com>
Date: Fri, 31 May 2024 13:15:18 +0200
Subject: [PATCH] Change aws_s3_bucket_ownership_controls to allow ACLs to be
 applied

---
 modules/secure-bucket/main.tf | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/modules/secure-bucket/main.tf b/modules/secure-bucket/main.tf
index 44c9425..0625ee9 100644
--- a/modules/secure-bucket/main.tf
+++ b/modules/secure-bucket/main.tf
@@ -18,6 +18,14 @@ data "aws_iam_policy_document" "access_log_policy" {
   }
 }
 
+resource "aws_s3_bucket_ownership_controls" "access_log" {
+  bucket = aws_s3_bucket.access_log.id
+
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
 resource "aws_s3_bucket" "access_log" {
   bucket        = var.log_bucket_name
   force_destroy = var.force_destroy
@@ -28,6 +36,9 @@ resource "aws_s3_bucket" "access_log" {
 resource "aws_s3_bucket_acl" "access_log" {
   bucket = aws_s3_bucket.access_log.id
   acl    = "log-delivery-write"
+  depends_on = [
+    aws_s3_bucket_ownership_controls.access_log,
+  ]
 }
 
 resource "aws_s3_bucket_server_side_encryption_configuration" "access_log" {
@@ -86,9 +97,20 @@ resource "aws_s3_bucket" "content" {
   ]
 }
 
+resource "aws_s3_bucket_ownership_controls" "content" {
+  bucket = aws_s3_bucket.content.id
+
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
 resource "aws_s3_bucket_acl" "content" {
   bucket = aws_s3_bucket.content.id
   acl    = "private"
+  depends_on = [
+    aws_s3_bucket_ownership_controls.content,
+  ]
 }
 
 resource "aws_s3_bucket_server_side_encryption_configuration" "content" {