S3 Best Practices
Disable ACL
See Controlling Object Ownership on why bucket policy should be used instead of bucket ACL.
From How to disable S3 bucket ACLs:
resource "aws_s3_bucket" "test" {
bucket = "s3test.example.org"
}
resource "aws_s3_bucket_ownership_controls" "test" {
bucket = aws_s3_bucket.test.id
rule {
object_ownership = "BucketOwnerEnforced"
}
}