OCPBUGS-11636: AWS - Remove ACLs from s3 ign

patrickdillon · patrickdillon · commit 3b33851841cf · 2023-04-11T10:15:06.000-04:00
AWS has recently disabled ACL support by default. See https://aws.amazon.com/blogs/aws/heads-up-amazon-s3-security-changes-are-coming-in-april-of-2023/ for further information. This commit removes our usage of ACLs. By default, S3 buckets will have public access blocked.
diff --git a/data/data/aws/bootstrap/main.tf b/data/data/aws/bootstrap/main.tf
@@ -59,16 +59,10 @@ resource "aws_s3_bucket" "ignition" {
   }
 }
 
-resource "aws_s3_bucket_acl" ignition {
-  bucket = aws_s3_bucket.ignition.id
-  acl    = "private"
-}
-
 resource "aws_s3_object" "ignition" {
   bucket = aws_s3_bucket.ignition.id
   key    = "bootstrap.ign"
   source = var.ignition_bootstrap_file
-  acl    = "private"
 
   server_side_encryption = "AES256"
 

Original file line number	Diff line number	Diff line change
`@@ -59,16 +59,10 @@ resource "aws_s3_bucket" "ignition" {`
`59`	`59`	`}`
`60`	`60`	`}`
`61`	`61`
`62`		`-resource "aws_s3_bucket_acl" ignition {`
`63`		`- bucket = aws_s3_bucket.ignition.id`
`64`		`- acl = "private"`
`65`		`-}`
`66`		`-`
`67`	`62`	`resource "aws_s3_object" "ignition" {`
`68`	`63`	`bucket = aws_s3_bucket.ignition.id`
`69`	`64`	`key = "bootstrap.ign"`
`70`	`65`	`source = var.ignition_bootstrap_file`
`71`		`- acl = "private"`
`72`	`66`
`73`	`67`	`server_side_encryption = "AES256"`
`74`	`68`