Allow to enforce object ownership on S3 buckets

[wiegandf]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

We would like to follow the best practices by AWS and disable ACL and enforce object ownership. See references below. I know that we could set it with aws_s3_bucket_ownership_controls, but this would not allow to enforce bucket creation with e.g. BucketOwnerEnforced (as described in the AWS example).

New or Affected Resource(s)

• aws_s3_bucket

Potential Terraform Configuration

resource "aws_s3_bucket" "b" {
  bucket = "my-tf-test-bucket"
  object_ownership = "BucketOwnerEnforced"
}

This could also be the default value when leaving acl undefined. Currently, acl is deprecated but is private by default.

References

• https://docs.aws.amazon.com/AmazonS3/latest/userguide/ensure-object-ownership.html#object-ownership-requiring-bucket-owner-enforced