How to Import an AWS S3 Bucket ACL into Terraform
terraback aws import --method bulk. Terraback writes the matching aws_s3_bucket_acl resource block and the Terraform 1.5+ import block for you, so you do not have to run terraform import by hand. The import ID is the bucket name and canned ACL joined by a comma, bucket,acl (for example, my-app-assets,private), or bucket,expected_bucket_owner,acl when an account is specified.Import AWS S3 Bucket ACL with Terraback (recommended)
Terraback reverse-engineers your live infrastructure: it reads the Amazon S3 resource with read-only credentials, generates the HCL, and produces the exact import block. Two commands take you from a live AWS S3 Bucket ACL to managed Terraform.
Scan your AWS account
terraback scan all aws --region us-east-1Generate import blocks and import into state
terraback aws import --method bulkThe Terraform import block
Terraback emits a Terraform 1.5+ import block like the one below. Because the block lives in your configuration, the import is reviewable in a pull request and repeatable across environments.
import {
to = aws_s3_bucket_acl.assets
id = "my-app-assets,private"
}Example aws_s3_bucket_acl configuration
Here is a realistic AWS S3 Bucket ACL block. Terraback generates a fuller version from your actual resource attributes; this is a minimal, valid starting point.
resource "aws_s3_bucket_acl" "assets" {
bucket = "my-app-assets"
acl = "private"
}Gotchas when importing a AWS S3 Bucket ACL
- The import ID is comma-separated bucket,acl (for example my-app-assets,private), not just the bucket name.
- ACLs only work when object ownership allows them; with BucketOwnerEnforced (the default for new buckets) ACLs are disabled and this resource is rejected, so set aws_s3_bucket_ownership_controls first.
- Most modern buckets should use bucket policies instead of ACLs; only import this if the bucket genuinely relies on a canned or grant-based ACL.
- When expected_bucket_owner is set the ID has three comma-separated parts: bucket,account-id,acl.
Doing it manually with terraform import
The native approach is to write the aws_s3_bucket_acl block by hand, then run terraform import aws_s3_bucket_acl.example <import-id> for every resource, one at a time. That works for a handful of resources, but it does not scale: you author all the HCL yourself and repeat the command for each item. Terraback generates the HCL and the import blocks for your whole account in one pass.
Import other AWS resources
Import your whole AWS account in minutes
Terraback scans 80+ AWS resource types and emits clean Terraform plus import blocks, running locally with read-only credentials. $499 once, no SaaS.