Changes To S3 Bucket Default Settings Breaks Access Logging

[daniel-nagy]

Describe the Bug

AWS made changes to the default settings for S3 buckets which is causing the creation of the S3 bucket for access logs to fail with the following error

Error creating S3 bucket: InvalidBucketAclWithObjectOwnership: Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting

See this issue for more information hashicorp/terraform-provider-aws#28353.

Expected Behavior

When access logging is enabled terraform plan succeeds.

Steps to Reproduce

Set cloudfront_access_logging_enabled to true.

Screenshots

No response

Environment

Github Actions Ubuntu latest

Terraform 1.1.9
Module version ~> 0.82.4

Additional Context

No response

[davidjeddy]

With the change to the default security settings of AWS S3 buckets it would seem this modules implementation for bucket access logging needs some work. As a work-around disable bucket access logging in this module. If needed, implement via a different solution.

cloudfront_access_logging_enabled = false # InvalidBucketAclWithObjectOwnership: Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting

Hope this is helpful.

[josep-pla-jt]

Same with the origin bucket, default "Bucket owner enforced" configuration makes all module policies to fail when trying to be applied

[soya-miyoshi]

Updating the s3-log-storage module should fix this issue!