Open
Description
Terraform and AWS Provider Version
terraform version
Terraform v1.11.0
on darwin_arm64
+ provider registry.terraform.io/hashicorp/archive v2.7.1
+ provider registry.terraform.io/hashicorp/aws v5.99.1
+ provider registry.terraform.io/hashicorp/null v3.2.4
Affected Resource(s) or Data Source(s)
- aws_s3_object.environments.acl
Expected Behavior
When an object is modified outside of terraform the ACL is put in place the next time the object is refreshed.
Actual Behavior
Terrform is unaware of the object acl once the object has been written. The acl
block is more of an initial acl rather than a persistent acl.
Relevant Error/Panic Output
Sample Terraform Configuration
Click to expand configuration
resource "aws_s3_object" "environments" {
bucket = local.bucket_name
key = "file.json"
content = "testfile"
content_type = "application/text"
acl = "public-read"
}
Steps to Reproduce
- Apply the terraform above
- Retrieve the object acl
aws s3api get-object-acl --bucket your-bucket --key file.json
- Write the object using either the aws cli or upload a new version in the AWS console (echo "a" | aws s3 cp - s3://your-bucket/file.json)
- Rerun get-object-acl and notice the following block has been removed:
{
"Grantee": {
"Type": "Group",
"URI": "http://acs.amazonaws.com/groups/global/AllUsers"
},
"Permission": "READ"
}
- Apply terraform from above (with or without content changes) and observer that the ACL is not updated, only the content of the file meaning the object defined in terraform with public-acl does not include the public acl.
Debug Logging
Click to expand log output
GenAI / LLM Assisted Development
n/a
Important Facts and References
No response
Would you like to implement a fix?
No