From eec52e2c31141217dbd200b26d431d4e676ea255 Mon Sep 17 00:00:00 2001
From: Prasanth Kommini <prasanth.kommini@snowflake.com>
Date: Wed, 24 May 2023 16:20:14 -0700
Subject: [PATCH 1/3] Fix s3 bucket acl usage.

---
 s3.tf | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/s3.tf b/s3.tf
index ffbf1b4..ab73116 100644
--- a/s3.tf
+++ b/s3.tf
@@ -2,9 +2,19 @@ resource "aws_s3_bucket" "geff_bucket" {
   bucket = local.s3_bucket_name
 }
 
+resource "aws_s3_bucket_ownership_controls" "geff_bucket_ownership_controls" {
+  bucket = aws_s3_bucket.geff_bucket.id
+
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
 resource "aws_s3_bucket_acl" "geff_bucket_acl" {
   bucket = aws_s3_bucket.geff_bucket.id
   acl    = "private"
+
+  depends_on = [aws_s3_bucket_ownership_controls.geff_bucket_ownership_controls]
 }
 
 resource "aws_s3_object" "geff_meta_folder" {

From 7763e1138e4d727322dbb9b7fe34ad01f2d72822 Mon Sep 17 00:00:00 2001
From: Vijaya Sai Prasanth Kommini
 <72515998+sfc-gh-pkommini@users.noreply.github.com>
Date: Wed, 24 May 2023 16:56:11 -0700
Subject: [PATCH 2/3] Update s3.tf

---
 s3.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/s3.tf b/s3.tf
index ab73116..a6ea3c1 100644
--- a/s3.tf
+++ b/s3.tf
@@ -6,7 +6,7 @@ resource "aws_s3_bucket_ownership_controls" "geff_bucket_ownership_controls" {
   bucket = aws_s3_bucket.geff_bucket.id
 
   rule {
-    object_ownership = "BucketOwnerPreferred"
+    object_ownership = "BucketOwnerEnforced"
   }
 }
 

From 98ef00f0f1ffd65b608ae3710b6cb6346744f4d6 Mon Sep 17 00:00:00 2001
From: Prasanth Kommini <prasanth.kommini@snowflake.com>
Date: Wed, 24 May 2023 17:02:35 -0700
Subject: [PATCH 3/3] Fix versions.

---
 examples/complete/main.tf      | 1 +
 examples/complete/variables.tf | 6 ++++++
 s3.tf                          | 2 +-
 variables.tf                   | 6 ++++++
 4 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 5dffb59..73080fd 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -11,6 +11,7 @@ module "storage_integration" {
 
   # Snowflake
   snowflake_integration_user_roles = var.snowflake_integration_user_roles
+  bucket_object_ownership_settings = var.bucket_object_ownership_settings
 
   providers = {
     snowflake.storage_integration_role = snowflake.storage_integration_role
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index e883b53..88d44f5 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -44,6 +44,12 @@ variable "arn_format" {
   default     = "aws"
 }
 
+variable "bucket_object_ownership_settings" {
+  type        = string
+  description = "The settings that will impact ACLs and ownership of objects within the bucket."
+  default     = "BucketOwnerEnforced"
+}
+
 data "aws_caller_identity" "current" {}
 
 locals {
diff --git a/s3.tf b/s3.tf
index ab73116..5c5f965 100644
--- a/s3.tf
+++ b/s3.tf
@@ -6,7 +6,7 @@ resource "aws_s3_bucket_ownership_controls" "geff_bucket_ownership_controls" {
   bucket = aws_s3_bucket.geff_bucket.id
 
   rule {
-    object_ownership = "BucketOwnerPreferred"
+    object_ownership = var.bucket_object_ownership_settings
   }
 }
 
diff --git a/variables.tf b/variables.tf
index a09a239..a402116 100644
--- a/variables.tf
+++ b/variables.tf
@@ -40,6 +40,12 @@ variable "arn_format" {
   default     = "aws"
 }
 
+variable "bucket_object_ownership_settings" {
+  type        = string
+  description = "The settings that will impact ACLs and ownership of objects within the bucket."
+  default     = "BucketOwnerEnforced"
+}
+
 data "aws_caller_identity" "current" {}
 data "aws_region" "current" {}
 data "aws_partition" "current" {}