No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

what api are you using? There are `bucket` and `bucketv2` and they can treat policy as a separate object however API can accept it as an input parameter <https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html#API_CreateBucket_RequestParameters>

but `bucketV2` allows  policy as a separate object <https://www.pulumi.com/registry/packages/aws/api-docs/s3/bucketv2/>

however, it can also allow the value directly.

(Cliff — we have the same issue. I’m interested in knowing a good way around this also. We don’t have an automated intervention (yet?), but it does generate noise in our alert stream.)

<@U025964HAJH> We are using `bucketv2` . I believe you can supply the ACL, but not the public access block settings. The ACL policy does not solve the problem though.

You may need to tweak your alarm system because there is nothing you can do about it IMO because `PublicAccessPolicyBlock` is a separate object from the bucket <https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutPublicAccessBlock.html> and it always needs to wait for the creation of S3 bucket.

Btw. Finally, after years, S3 buckets are now private by default, not sure if it helps with though.

<@U025964HAJH> Yeah I agree with you about that. It likely won't be an issue come April as seen here: <https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-s3-automatically-enable-block-public-access-disable-access-control-lists-buckets-april-2023/|https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-s3-automatically-enable-bl[…]ublic-access-disable-access-control-lists-buckets-april-2023/>