From dd128b6a28c2c720a5dc16bde3d82c6e16e143a6 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Fri, 25 Mar 2022 09:30:42 -0400
Subject: [PATCH] - ignore common/README.md - do not create aws_s3_bucket_acl
 if bucket_owner is enforced

---
 CHANGELOG.md        | 4 ++++
 common/.gitignore   | 1 +
 common/resources.tf | 2 ++
 common/version.tf   | 2 +-
 4 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 common/.gitignore

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7b27ef2..f16d0e9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -97,3 +97,7 @@ This works with the Terraform AWS provider 4.x, released 2022-02.
 * 3.0.1 -- 2022-03-24
   - kms_key
     - wrap aws_kms_key resouce in try()
+
+* 3.0.2 -- 2022-03-25
+  - common/resource.tf
+    - do not create aws_s3_bucket_acl if bucket_owner is set to enforced
diff --git a/common/.gitignore b/common/.gitignore
new file mode 100644
index 0000000..b43bf86
--- /dev/null
+++ b/common/.gitignore
@@ -0,0 +1 @@
+README.md
diff --git a/common/resources.tf b/common/resources.tf
index 61d2f15..0f75fdf 100644
--- a/common/resources.tf
+++ b/common/resources.tf
@@ -268,8 +268,10 @@ data "template_file" "policy" {
 
 #---
 # s3 bucket refactor: acl
+#  if bucket_owner == BucketOwnerEnforced, ACLs cannot be set to private, so do not use this
 #---
 resource "aws_s3_bucket_acl" "this" {
+  count  = var.bucket_owner == "BucketOwnerEnforced" ? 0 : 1
   bucket = aws_s3_bucket.this.id
   acl    = "private"
 }
diff --git a/common/version.tf b/common/version.tf
index d61af95..29bbea6 100644
--- a/common/version.tf
+++ b/common/version.tf
@@ -1,3 +1,3 @@
 locals {
-  _module_version = "3.0.1"
+  _module_version = "3.0.2"
 }