always enforce object ownership in s3 buckets

jfharden · jfharden · commit 5cd0cf2ede5f · 2026-05-21T10:54:37.000+01:00
diff --git a/terraform/shared-modules/s3/main.tf b/terraform/shared-modules/s3/main.tf
@@ -178,7 +178,6 @@ resource "aws_s3_bucket_policy" "bucket_policy" {
 }
 
 resource "aws_s3_bucket_ownership_controls" "owner" {
-  count  = var.enforce_bucket_object_ownership ? 1 : 0
   bucket = aws_s3_bucket.this.id
   rule {
     object_ownership = "BucketOwnerEnforced"
diff --git a/terraform/shared-modules/s3/variables.tf b/terraform/shared-modules/s3/variables.tf
@@ -14,13 +14,6 @@ variable "name" {
   }
 }
 
-variable "enforce_bucket_object_ownership" {
-  type        = bool
-  description = "Whether S3 bucket object ownership should be enforced to the bucket owner"
-  default     = true
-  nullable    = false
-}
-
 variable "extra_bucket_policies" {
   type        = list(string)
   description = "Extra bucket policies to apply to this bucket. List of json policies"

Original file line number	Diff line number	Diff line change
`@@ -178,7 +178,6 @@ resource "aws_s3_bucket_policy" "bucket_policy" {`
`178`	`178`	`}`
`179`	`179`
`180`	`180`	`resource "aws_s3_bucket_ownership_controls" "owner" {`
`181`		`- count = var.enforce_bucket_object_ownership ? 1 : 0`
`182`	`181`	`bucket = aws_s3_bucket.this.id`
`183`	`182`	`rule {`
`184`	`183`	`object_ownership = "BucketOwnerEnforced"`
Original file line number	Diff line number	Diff line change
`@@ -14,13 +14,6 @@ variable "name" {`
`14`	`14`	`}`
`15`	`15`	`}`
`16`	`16`
`17`		`-variable "enforce_bucket_object_ownership" {`
`18`		`- type = bool`
`19`		`- description = "Whether S3 bucket object ownership should be enforced to the bucket owner"`
`20`		`- default = true`
`21`		`- nullable = false`
`22`		`-}`
`23`		`-`
`24`	`17`	`variable "extra_bucket_policies" {`
`25`	`18`	`type = list(string)`
`26`	`19`	`description = "Extra bucket policies to apply to this bucket. List of json policies"`