From 7e025dd4e222221eb5d143c8ce905b5c8e9de840 Mon Sep 17 00:00:00 2001
From: Lucas Di Pentima <lucas.dipentima@curii.com>
Date: Sat, 6 May 2023 15:14:43 -0300
Subject: [PATCH] 20482: Fixes S3 bucket creation for Keep blocks due to
 changes in AWS defaults.

ACLs are now not accepted on newly created S3 buckets, and by default they're
set as private, so there's no need for us to explicitly asking for that.

See: https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-s3-automatically-enable-block-public-access-disable-access-control-lists-buckets-april-2023/

Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima@curii.com>
---
 .../terraform/aws/data-storage/main.tf             | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/tools/salt-install/terraform/aws/data-storage/main.tf b/tools/salt-install/terraform/aws/data-storage/main.tf
index d4a3a7d21d..6f7e233fd8 100644
--- a/tools/salt-install/terraform/aws/data-storage/main.tf
+++ b/tools/salt-install/terraform/aws/data-storage/main.tf
@@ -24,20 +24,6 @@ resource "aws_s3_bucket" "keep_volume" {
   bucket = "${local.cluster_name}-nyw5e-000000000000000-volume"
 }
 
-resource "aws_s3_bucket_acl" "keep_volume_acl" {
-  bucket = aws_s3_bucket.keep_volume.id
-  acl = "private"
-}
-
-# Avoid direct public access to Keep blocks
-resource "aws_s3_bucket_public_access_block" "keep_volume_public_access" {
-  bucket = aws_s3_bucket.keep_volume.id
-
-  block_public_acls   = true
-  block_public_policy = true
-  ignore_public_acls  = true
-}
-
 resource "aws_iam_role" "keepstore_iam_role" {
   name = "${local.cluster_name}-keepstore-00-iam-role"
   assume_role_policy = "${file("../assumerolepolicy.json")}"
-- 
2.30.2