aws_s3_object does not restore ACL if manually changed outside Terraform

[pguinard-public-com]

Terraform and AWS Provider Version

terraform version
Terraform v1.11.0
on darwin_arm64
+ provider registry.terraform.io/hashicorp/archive v2.7.1
+ provider registry.terraform.io/hashicorp/aws v5.99.1
+ provider registry.terraform.io/hashicorp/null v3.2.4

Affected Resource(s) or Data Source(s)

• aws_s3_object.environments.acl

Expected Behavior

When an object is modified outside of terraform the ACL is put in place the next time the object is refreshed.

Actual Behavior

Terrform is unaware of the object acl once the object has been written. The acl block is more of an initial acl rather than a persistent acl.

Relevant Error/Panic Output

Sample Terraform Configuration

Click to expand configuration

resource "aws_s3_object" "environments" {
  bucket       = local.bucket_name
  key          = "file.json"
  content      = "testfile"
  content_type = "application/text"
  acl          = "public-read"
}

Steps to Reproduce

1. Apply the terraform above
2. Retrieve the object acl aws s3api get-object-acl --bucket your-bucket --key file.json
3. Write the object using either the aws cli or upload a new version in the AWS console (echo "a" | aws s3 cp - s3://your-bucket/file.json)
4. Rerun get-object-acl and notice the following block has been removed:

        {
            "Grantee": {
                "Type": "Group",
                "URI": "http://acs.amazonaws.com/groups/global/AllUsers"
            },
            "Permission": "READ"
        }

1. Apply terraform from above (with or without content changes) and observer that the ACL is not updated, only the content of the file meaning the object defined in terraform with public-acl does not include the public acl.

Debug Logging

Click to expand log output

GenAI / LLM Assisted Development

n/a

Important Facts and References

No response

Would you like to implement a fix?

No

[github-actions]

Community Guidelines

This comment is added to every new Issue to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

• Please vote on this Issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
• Please see our prioritization guide for additional information on how the maintainers handle prioritization.
• Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Issue and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.
• For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.