20482: Fixes S3 bucket creation for Keep blocks due to changes in AWS defaults.

ACLs are now not accepted on newly created S3 buckets, and by default they're
set as private, so there's no need for us to explicitly asking for that.

See: https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-s3-automatically-enable-block-public-access-disable-access-control-lists-buckets-april-2023/

Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>

diff --git a/tools/salt-install/terraform/aws/data-storage/main.tf b/tools/salt-install/terraform/aws/data-storage/main.tf
index d4a3a7d21d6ab8971f5d41c871693b55a74b8d40..6f7e233fd8c9125adc96a2a3c794bb6c03112c3f 100644 (file)
--- a/tools/salt-install/terraform/aws/data-storage/main.tf
+++ b/tools/salt-install/terraform/aws/data-storage/main.tf
@@ -24,20 +24,6 @@ resource "aws_s3_bucket" "keep_volume" {
   bucket = "${local.cluster_name}-nyw5e-000000000000000-volume"
 }
 
-resource "aws_s3_bucket_acl" "keep_volume_acl" {
-  bucket = aws_s3_bucket.keep_volume.id
-  acl = "private"
-}
-
-# Avoid direct public access to Keep blocks
-resource "aws_s3_bucket_public_access_block" "keep_volume_public_access" {
-  bucket = aws_s3_bucket.keep_volume.id
-
-  block_public_acls   = true
-  block_public_policy = true
-  ignore_public_acls  = true
-}
-
 resource "aws_iam_role" "keepstore_iam_role" {
   name = "${local.cluster_name}-keepstore-00-iam-role"
   assume_role_policy = "${file("../assumerolepolicy.json")}"