Replace s3 acl creation with bucket policy for flink on eks

[hitsub2]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

What is the outcome that you are trying to reach?

Currently, the flink on eks module is still using s3 bucket ACL. It is not recommended to use s3 acl by AWS, and if the bucket blocks all the public access, then the deployment of flink on eks failed. Here are the logs:

╷
│ Error: error creating S3 bucket ACL for flink-operator-doeks-flink-logs-20230510141128566600000005: AccessControlListNotSupported: The bucket does not allow ACLs
│ 	status code: 400, request id: 9X4ZR5H18VX1ZQ83, host id: dwfHXqf2F1UjYcDnoUPlo9pSloivD9HSixRgn1V6IlwuopthKSglnK7J6CyCiTD9hSSC5FXYjQo=
│
│   with module.s3_bucket.aws_s3_bucket_acl.this[0],
│   on .terraform/modules/s3_bucket/main.tf line 41, in resource "aws_s3_bucket_acl" "this":
│   41: resource "aws_s3_bucket_acl" "this" {

Describe the solution you would like

Using Bucket policy instead of s3 acl.

Describe alternatives you have considered

Nope.

Additional context

[vara-bonthu]

@hitsub2 Thanks for reporting the issue. This is using a s3 upstream module and I hope this doesn't require any change to the upstream module.

Would you be able to raise a PR if this is a simple change of removing the line

data-on-eks/streaming/flink/addons.tf

Line 258 in b058d5e

acl = "private"

?