diff --git a/.changelog/27197.txt b/.changelog/27197.txt new file mode 100644 index 000000000000..5e13bde5fb51 --- /dev/null +++ b/.changelog/27197.txt @@ -0,0 +1,7 @@ +```release-note:bug +resource/aws_s3_object: Remove `acl` default in order to work with S3 buckets that have ACL disabled +``` + +```release-note:bug +resource/aws_s3_object_copy: Remove `acl` default in order to work with S3 buckets that have ACL disabled +``` diff --git a/internal/service/s3/object.go b/internal/service/s3/object.go index 1ef5d0c511c9..5175bdbe649b 100644 --- a/internal/service/s3/object.go +++ b/internal/service/s3/object.go @@ -56,7 +56,6 @@ func ResourceObject() *schema.Resource { Schema: map[string]*schema.Schema{ "acl": { Type: schema.TypeString, - Default: s3.ObjectCannedACLPrivate, Optional: true, ValidateFunc: validation.StringInSlice(s3.ObjectCannedACL_Values(), false), }, @@ -440,12 +439,15 @@ func resourceObjectUpload(ctx context.Context, d *schema.ResourceData, meta inte key := d.Get("key").(string) input := &s3manager.UploadInput{ - ACL: aws.String(d.Get("acl").(string)), Body: body, Bucket: aws.String(bucket), Key: aws.String(key), } + if v, ok := d.GetOk("acl"); ok { + input.ACL = aws.String(v.(string)) + } + if v, ok := d.GetOk("storage_class"); ok { input.StorageClass = aws.String(v.(string)) } diff --git a/internal/service/s3/object_copy.go b/internal/service/s3/object_copy.go index 0b915f7437da..662ed030625b 100644 --- a/internal/service/s3/object_copy.go +++ b/internal/service/s3/object_copy.go @@ -37,7 +37,6 @@ func ResourceObjectCopy() *schema.Resource { Schema: map[string]*schema.Schema{ "acl": { Type: schema.TypeString, - Default: s3.ObjectCannedACLPrivate, Optional: true, ValidateFunc: validation.StringInSlice(s3.ObjectCannedACL_Values(), false), ConflictsWith: []string{"grant"}, diff --git a/internal/service/s3/object_test.go b/internal/service/s3/object_test.go index 06eae5b7f404..131cc33cc6c2 100644 --- a/internal/service/s3/object_test.go +++ b/internal/service/s3/object_test.go @@ -1847,7 +1847,8 @@ resource "aws_s3_object" "object" { func testAccObjectConfig_tags(rName, key, content string) string { return fmt.Sprintf(` resource "aws_s3_bucket" "test" { - bucket = %[1]q + bucket = %[1]q + force_destroy = true } resource "aws_s3_bucket_versioning" "test" { @@ -1875,7 +1876,8 @@ resource "aws_s3_object" "object" { func testAccObjectConfig_updatedTags(rName, key, content string) string { return fmt.Sprintf(` resource "aws_s3_bucket" "test" { - bucket = %[1]q + bucket = %[1]q + force_destroy = true } resource "aws_s3_bucket_versioning" "test" { @@ -1904,7 +1906,8 @@ resource "aws_s3_object" "object" { func testAccObjectConfig_noTags(rName, key, content string) string { return fmt.Sprintf(` resource "aws_s3_bucket" "test" { - bucket = %[1]q + bucket = %[1]q + force_destroy = true } resource "aws_s3_bucket_versioning" "test" { diff --git a/website/docs/guides/version-5-upgrade.html.md b/website/docs/guides/version-5-upgrade.html.md index 1afd1849f41c..0ec9d93a1801 100644 --- a/website/docs/guides/version-5-upgrade.html.md +++ b/website/docs/guides/version-5-upgrade.html.md @@ -67,6 +67,8 @@ Upgrade topics: - [resource/aws_redshift_security_group](#resourceaws_redshift_security_group) - [resource/aws_route](#resourceaws_route) - [resource/aws_route_table](#resourceaws_route_table) +- [resource/aws_s3_object](#resourceaws_s3_object) +- [resource/aws_s3_object_copy](#resourceaws_s3_object_copy) - [resource/aws_secretsmanager_secret](#resourceaws_secretsmanager_secret) - [resource/aws_security_group](#resourceaws_security_group) - [resource/aws_security_group_rule](#resourceaws_security_group_rule) @@ -523,6 +525,14 @@ resource "aws_route_table" "example" { } ``` +## resource/aws_s3_object + +The `acl` attribute no longer has a default value. Previously this was set to `private` when omitted. Objects requiring a private ACL should now explicitly set this attribute. + +## resource/aws_s3_object_copy + +The `acl` attribute no longer has a default value. Previously this was set to `private` when omitted. Object copies requiring a private ACL should now explicitly set this attribute. + ## resource/aws_secretsmanager_secret Remove `rotation_enabled`, `rotation_lambda_arn` and `rotation_rules` from configurations as they no longer exist. diff --git a/website/docs/r/s3_object.html.markdown b/website/docs/r/s3_object.html.markdown index 3caa9132332e..39fa32c68155 100644 --- a/website/docs/r/s3_object.html.markdown +++ b/website/docs/r/s3_object.html.markdown @@ -140,7 +140,7 @@ The following arguments are required: The following arguments are optional: -* `acl` - (Optional) [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) to apply. Valid values are `private`, `public-read`, `public-read-write`, `aws-exec-read`, `authenticated-read`, `bucket-owner-read`, and `bucket-owner-full-control`. Defaults to `private`. +* `acl` - (Optional) [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) to apply. Valid values are `private`, `public-read`, `public-read-write`, `aws-exec-read`, `authenticated-read`, `bucket-owner-read`, and `bucket-owner-full-control`. * `bucket_key_enabled` - (Optional) Whether or not to use [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) for SSE-KMS. * `cache_control` - (Optional) Caching behavior along the request/reply chain Read [w3c cache_control](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9) for further details. * `content_base64` - (Optional, conflicts with `source` and `content`) Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content such as the result of the `gzipbase64` function with small text strings. For larger objects, use `source` to stream the content from a disk file. diff --git a/website/docs/r/s3_object_copy.html.markdown b/website/docs/r/s3_object_copy.html.markdown index bb676fbafe7f..74f6ebe28671 100644 --- a/website/docs/r/s3_object_copy.html.markdown +++ b/website/docs/r/s3_object_copy.html.markdown @@ -36,7 +36,7 @@ The following arguments are required: The following arguments are optional: -* `acl` - (Optional) [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) to apply. Defaults to `private`. Valid values are `private`, `public-read`, `public-read-write`, `authenticated-read`, `aws-exec-read`, `bucket-owner-read`, and `bucket-owner-full-control`. Conflicts with `grant`. +* `acl` - (Optional) [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) to apply. Valid values are `private`, `public-read`, `public-read-write`, `authenticated-read`, `aws-exec-read`, `bucket-owner-read`, and `bucket-owner-full-control`. Conflicts with `grant`. * `cache_control` - (Optional) Specifies caching behavior along the request/reply chain Read [w3c cache_control](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9) for further details. * `content_disposition` - (Optional) Specifies presentational information for the object. Read [w3c content_disposition](http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1) for further information. * `content_encoding` - (Optional) Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read [w3c content encoding](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11) for further information.