From 66997ac64a8eda2da6254abdeff87765108919c7 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Tue, 18 Jan 2022 16:07:00 -0500
Subject: [PATCH] remove acl because of bucket owner enforced

---
 s3-access-logs/main.tf | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/s3-access-logs/main.tf b/s3-access-logs/main.tf
index 13d3e2a..5aa142d 100644
--- a/s3-access-logs/main.tf
+++ b/s3-access-logs/main.tf
@@ -64,7 +64,8 @@ locals {
 #---
 resource "aws_s3_bucket" "logs" {
   bucket = local.bucket_name
-  acl    = "log-delivery-write"
+  #  acl    = "log-delivery-write"
+  acl = "private"
 
   # uses aws/kms key so log delivery works properly
   server_side_encryption_configuration {
@@ -138,7 +139,7 @@ resource "null_resource" "policy_delay" {
 # set ownership controls
 # see documentation:
 #  https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls
-#  
+#  https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
 resource "aws_s3_bucket_ownership_controls" "this" {
   bucket = aws_s3_bucket.logs.id