ACLs are now not accepted on newly created S3 buckets, and by default they're
set as private, so there's no need for us to explicitly asking for that.
See: https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-s3-automatically-enable-block-public-access-disable-access-control-lists-buckets-april-2023/
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
bucket = "${local.cluster_name}-nyw5e-000000000000000-volume"
}
-resource "aws_s3_bucket_acl" "keep_volume_acl" {
- bucket = aws_s3_bucket.keep_volume.id
- acl = "private"
-}
-
-# Avoid direct public access to Keep blocks
-resource "aws_s3_bucket_public_access_block" "keep_volume_public_access" {
- bucket = aws_s3_bucket.keep_volume.id
-
- block_public_acls = true
- block_public_policy = true
- ignore_public_acls = true
-}
-
resource "aws_iam_role" "keepstore_iam_role" {
name = "${local.cluster_name}-keepstore-00-iam-role"
assume_role_policy = "${file("../assumerolepolicy.json")}"