[BUG] Error: updating S3 Bucket Ownership Controls, PutBucketOwnershipControls

[sblack4]

Upgrading from 3.3 to 4.0.1, got:

│ Error: updating S3 Bucket Ownership Controls (1234567890123-us-east-1-s3logging-account): operation error S3: PutBucketOwnershipControls, https response error StatusCode: 400, RequestID: DJQM9JMTK5EESYQ6, HostID: bLgjmqTYeXc2Ry4dmpy+/dXLxHtqzqsR/Ojz3tozAgEVEKHH5kpOpqM9yyVdUPk+FEQVXa4IHMk=, api error InvalidBucketAclWithObjectOwnership: Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting
│ 
│   with module.s3logging-bucket.aws_s3_bucket_ownership_controls.this,
│   on .terraform/modules/s3logging-bucket/main.tf line 82, in resource "aws_s3_bucket_ownership_controls" "this":
│   82: resource "aws_s3_bucket_ownership_controls" "this" {

My solution was to go in and disable the individual ACLs manually, then I was able to (also manually) disable ACLs and set

      ~ rule {
          ~ object_ownership = "BucketOwnerPreferred" -> "BucketOwnerEnforced"
        }

I think it's related to this note in https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl

terraform destroy does not delete the S3 Bucket ACL but does remove the resource from Terraform state.

[sblack4]

Not sure there is a good IAC solution to this. Seems to be a limit of the TF resource