remote/s3: Support ACL attribute

[radeksimko]

When we set up an S3 bucket as a "global" storage for state from all other AWS accounts to which we delegated access via S3 bucket policy, we hit an issue.

By default any object uploaded by someone else to that bucket is owned and accessible only by the uploader, not by bucket owner.

This can be tuned via ACL which needs to be set per object, therefore terraform would need to be calling Put with specific ACL allowing full access or anything else to the bucket owner.

https://github.com/aws/aws-sdk-go/blob/master/service/s3/api.go#L5581

Otherwise sharing remote state across accounts via private S3 buckets won't work, unless you use different set of AWS credentials (which is effectively impossible for terraform_remote_state).

I believe acl should be just exposed as a remote config option.

[radeksimko]

Implemented via #3233

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.