How will the new "default AWS S3 bucket policy" changes affect terraform-managed deployments?

vrinek · February 22, 2023, 12:12pm

AWS will change the default policies for new S3 buckets to be less permissive: Heads-Up: Amazon S3 Security Changes Are Coming in April of 2023 | AWS News Blog

Once the changes are in effect for a target Region, all newly created buckets in the Region will by default have S3 Block Public Access enabled and access control lists (ACLs) disabled. Both of these options are already console defaults and have long been recommended as best practices. The options will become the default for buckets that are created using the S3 API, S3 CLI, the AWS SDKs, or AWS CloudFormation templates.

Any hints how this might affect existing AWS deployments (managed by Terraform)?
- I assume it will not, unless creating a new bucket. Is this correct?
Is the provider’s defaults aligned with AWS’?
- I think that the defaults for the aws_s3_bucket_public_access_block resource are opposite to the defaults set by AWS, correct?

Topic		Replies	Views
Confused by the wording on aws_default_network_acl Terraform	0	571	March 26, 2021
How to work with block syntax Terraform	3	435	October 5, 2020
How to ingnore aws_iam_policy changing when upgrade version with Terraform? AWS	0	413	April 23, 2021
Handling aws_s3_bucket.acl deprecation AWS	2	7014	May 30, 2023
Deprecated option working, but non-deprecated variant is not working AWS	0	265	July 11, 2022

How will the new "default AWS S3 bucket policy" changes affect terraform-managed deployments?

Related topics