drop default value for acl s3 object

hashicorp · Oct 11, 2022 · fac7d6e · fac7d6e
1 parent ec68e36
commit fac7d6e
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 3 deletions.
diff --git a/.changelog/27197.txt b/.changelog/27197.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+resource/aws_s3_object: Remove default value for ACL in order to work with S3 buckets that have ACL disabled
+```
diff --git a/internal/service/s3/object.go b/internal/service/s3/object.go
@@ -51,7 +51,6 @@ func ResourceObject() *schema.Resource {
 		Schema: map[string]*schema.Schema{
 			"acl": {
 				Type:         schema.TypeString,
-				Default:      s3.ObjectCannedACLPrivate,
 				Optional:     true,
 				ValidateFunc: validation.StringInSlice(s3.ObjectCannedACL_Values(), false),
 			},
@@ -464,12 +463,15 @@ func resourceObjectUpload(d *schema.ResourceData, meta interface{}) error {
 	key := d.Get("key").(string)
 
 	input := &s3manager.UploadInput{
-		ACL:    aws.String(d.Get("acl").(string)),
 		Body:   body,
 		Bucket: aws.String(bucket),
 		Key:    aws.String(key),
 	}
 
+	if v, ok := d.GetOk("acl"); ok {
+		input.ACL = aws.String(v.(string))
+	}
+
 	if v, ok := d.GetOk("storage_class"); ok {
 		input.StorageClass = aws.String(v.(string))
 	}

diff --git a/website/docs/r/s3_object.html.markdown b/website/docs/r/s3_object.html.markdown
@@ -140,7 +140,7 @@ The following arguments are required:
 
 The following arguments are optional:
 
-* `acl` - (Optional) [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) to apply. Valid values are `private`, `public-read`, `public-read-write`, `aws-exec-read`, `authenticated-read`, `bucket-owner-read`, and `bucket-owner-full-control`. Defaults to `private`.
+* `acl` - (Optional) [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) to apply. Valid values are `private`, `public-read`, `public-read-write`, `aws-exec-read`, `authenticated-read`, `bucket-owner-read`, and `bucket-owner-full-control`.
 * `bucket_key_enabled` - (Optional) Whether or not to use [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) for SSE-KMS.
 * `cache_control` - (Optional) Caching behavior along the request/reply chain Read [w3c cache_control](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9) for further details.
 * `content_base64` - (Optional, conflicts with `source` and `content`) Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content such as the result of the `gzipbase64` function with small text strings. For larger objects, use `source` to stream the content from a disk file.