add bucket owner to s3-access-logs

CHANGELOG.md

@@ -136,3 +136,7 @@
 * v1.14.1 -- 20211126
   - cloudltrail
     - make multi-region default for org cloudtrail
+
+* v1.14.2 -- 20220118
+  - s3-access-logs
+    - set bucket owner to BucketOwnerEnforced

common/version.tf

@@ -1,3 +1,3 @@
 locals {
-  _module_version = "1.14.1"
+  _module_version = "1.14.2"
 }

s3-access-logs/README.md

@@ -59,6 +59,7 @@ No modules.
 |------|------|
 | [aws_s3_bucket.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource |
 | [aws_s3_bucket_object.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_object) | resource |
+| [aws_s3_bucket_ownership_controls.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource |
 | [aws_s3_bucket_policy.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource |
 | [aws_s3_bucket_public_access_block.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block) | resource |
 | [null_resource.policy_delay](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |

s3-access-logs/main.tf

@@ -133,3 +133,16 @@ resource "null_resource" "policy_delay" {
     command = "sleep 120"
   }
 }
+
+#---
+# set ownership controls
+# see documentation:
+#  https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls
+#  
+resource "aws_s3_bucket_ownership_controls" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  rule {
+    object_ownership = "BucketOwnerEnforced"
+  }
+}