Fix S3 bucket ACL so masto can actually post media to it

terraform/outputs.tf

@@ -10,7 +10,7 @@ output "nameservers" {
   value = module.zone.route53_zone_name_servers
 }
 output "s3_bucket_name" {
-  value = module.s3_bucket.s3_bucket_id
+  value = aws_s3_bucket.s3_bucket.id
 }
 output "my_ip" {
   value = "${chomp(data.http.myip.response_body)}"

terraform/s3.tf

@@ -1,13 +1,32 @@
 
-module "s3_bucket" {
-  source = "terraform-aws-modules/s3-bucket/aws"
-
+resource "aws_s3_bucket" "s3_bucket" {
   bucket = "mastodon-${random_pet.name.id}"
+}
 
-  versioning = {
-    enabled = false
+resource "aws_s3_bucket_ownership_controls" "s3_bucket" {
+  bucket = aws_s3_bucket.s3_bucket.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
   }
+}
 
+resource "aws_s3_bucket_public_access_block" "s3_bucket" {
+  bucket = aws_s3_bucket.s3_bucket.id
+
+  block_public_acls       = false
+  block_public_policy     = false
+  ignore_public_acls      = false
+  restrict_public_buckets = false
+}
+
+resource "aws_s3_bucket_acl" "s3_bucket" {
+  depends_on = [
+    aws_s3_bucket_public_access_block.s3_bucket,
+    aws_s3_bucket_ownership_controls.s3_bucket,
+  ]
+
+  bucket = aws_s3_bucket.s3_bucket.id
+  acl    = "public-read"
 }
 
 resource "aws_iam_access_key" "s3" {
@@ -20,7 +39,7 @@ resource "aws_iam_user" "s3" {
 }
 
 resource "aws_iam_user_policy" "s3" {
-  name = "${module.s3_bucket.s3_bucket_id}-access"
+  name = "${aws_s3_bucket.s3_bucket.id}-access"
   user = aws_iam_user.s3.name
 
   policy      = data.aws_iam_policy_document.s3.json
@@ -32,8 +51,8 @@ data "aws_iam_policy_document" "s3" {
       "s3:*"
     ]
     resources = [
-      "${module.s3_bucket.s3_bucket_arn}",
-      "${module.s3_bucket.s3_bucket_arn}/*"
+      "${aws_s3_bucket.s3_bucket.arn}",
+      "${aws_s3_bucket.s3_bucket.arn}/*"
     ]
   }
 }