From ce5d57f9f8e57cc6021faebbc146b0920e3513f4 Mon Sep 17 00:00:00 2001
From: 0AdityaD <d4aditya@gmail.com>
Date: Sun, 31 Jul 2022 19:14:31 -0700
Subject: [PATCH] Default to BucketOwnerEnforced s3 bucket ownership controls
 (#929)

---
 modules/aws_s3/tf_module/bucket.tf | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/modules/aws_s3/tf_module/bucket.tf b/modules/aws_s3/tf_module/bucket.tf
index bec1d00fa..1d7bf965d 100644
--- a/modules/aws_s3/tf_module/bucket.tf
+++ b/modules/aws_s3/tf_module/bucket.tf
@@ -123,6 +123,14 @@ resource "aws_s3_bucket_public_access_block" "block" {
   depends_on              = [aws_s3_bucket_policy.policy]
 }
 
+resource "aws_s3_bucket_ownership_controls" "ownership_controls" {
+  bucket = aws_s3_bucket.bucket.id
+
+  rule {
+    object_ownership = "BucketOwnerEnforced"
+  }
+}
+
 resource "aws_s3_bucket_policy" "policy" {
   bucket = aws_s3_bucket.bucket.id
   policy = data.aws_iam_policy_document.s3_policy.json