hashicorp · anGie44 · Mar 15, 2022 · Mar 15, 2022
diff --git a/.changelog/23679.txt b/.changelog/23679.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+resource/aws_s3_bucket_acl: Support resource import for S3 bucket names consisting of uppercase letters, underscores, and a maximum of 255 characters
+```
diff --git a/internal/service/s3/bucket_acl.go b/internal/service/s3/bucket_acl.go
@@ -458,17 +458,19 @@ func BucketACLCreateResourceID(bucket, expectedBucketOwner, acl string) string {
 // BucketACLParseResourceID is a method for parsing the ID string
 // for the bucket name, accountID, and ACL if provided.
 func BucketACLParseResourceID(id string) (string, string, string, error) {
-	// For only  bucket name in the ID  e.g. bucket
-	// ~> Bucket names can consist of only lowercase letters, numbers, dots, and hyphens; Max 63 characters
-	bucketRegex := regexp.MustCompile(`^[a-z0-9.-]{1,63}$`)
+	// For only bucket name in the ID  e.g. my-bucket or My_Bucket
+	// ~> On or after 3/1/2018: Bucket names can consist of only lowercase letters, numbers, dots, and hyphens; Max 63 characters
+	// ~> Before 3/1/2018: Bucket names could consist of uppercase letters and underscores if in us-east-1; Max 255 characters
+	// Reference: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
+	bucketRegex := regexp.MustCompile(`^([a-z0-9.-]{1,63}|[a-zA-Z0-9.\-_]{1,255})$`)
 	// For bucket and accountID in the ID e.g. bucket,123456789101
 	// ~> Account IDs must consist of 12 digits
-	bucketAndOwnerRegex := regexp.MustCompile(`^[a-z0-9.-]{1,63},\d{12}$`)
+	bucketAndOwnerRegex := regexp.MustCompile(`^([a-z0-9.-]{1,63}|[a-zA-Z0-9.\-_]{1,255}),\d{12}$`)
 	// For bucket and ACL in the ID e.g. bucket,public-read
 	// ~> (Canned) ACL values include: private, public-read, public-read-write, authenticated-read, aws-exec-read, and log-delivery-write
-	bucketAndAclRegex := regexp.MustCompile(`^[a-z0-9.-]{1,63},[a-z-]+$`)
+	bucketAndAclRegex := regexp.MustCompile(`^([a-z0-9.-]{1,63}|[a-zA-Z0-9.\-_]{1,255}),[a-z-]+$`)
 	// For bucket, accountID, and ACL in the ID e.g. bucket,123456789101,public-read
-	bucketOwnerAclRegex := regexp.MustCompile(`^[a-z0-9.-]{1,63},\d{12},[a-z-]+$`)
+	bucketOwnerAclRegex := regexp.MustCompile(`^([a-z0-9.-]{1,63}|[a-zA-Z0-9.\-_]{1,255}),\d{12},[a-z-]+$`)
 
 	// Bucket name ONLY
 	if bucketRegex.MatchString(id) {

diff --git a/internal/service/s3/bucket_acl_test.go b/internal/service/s3/bucket_acl_test.go
@@ -133,6 +133,90 @@ func TestBucketACLParseResourceID(t *testing.T) {
 			ExpectedBucket:      "my-example.bucket.4000",
 			ExpectedBucketOwner: "123456789012",
 		},
+		{
+			TestName:            "valid ID with bucket (pre-2018, us-east-1)", //lintignore:AWSAT003
+			InputID:             tfs3.BucketACLCreateResourceID("Example", "", ""),
+			ExpectedACL:         "",
+			ExpectedBucket:      "Example",
+			ExpectedBucketOwner: "",
+		},
+		{
+			TestName:            "valid ID with bucket (pre-2018, us-east-1) that has underscores", //lintignore:AWSAT003
+			InputID:             tfs3.BucketACLCreateResourceID("My_Example_Bucket", "", ""),
+			ExpectedACL:         "",
+			ExpectedBucket:      "My_Example_Bucket",
+			ExpectedBucketOwner: "",
+		},
+		{
+			TestName:            "valid ID with bucket (pre-2018, us-east-1) that has underscore, dot, and hyphens", //lintignore:AWSAT003
+			InputID:             tfs3.BucketACLCreateResourceID("My_Example-Bucket.local", "", ""),
+			ExpectedACL:         "",
+			ExpectedBucket:      "My_Example-Bucket.local",
+			ExpectedBucketOwner: "",
+		},
+		{
+			TestName:            "valid ID with bucket (pre-2018, us-east-1) that has underscore, dots, hyphen, and numbers", //lintignore:AWSAT003
+			InputID:             tfs3.BucketACLCreateResourceID("My_Example-Bucket.4000", "", ""),
+			ExpectedACL:         "",
+			ExpectedBucket:      "My_Example-Bucket.4000",
+			ExpectedBucketOwner: "",
+		},
+		{
+			TestName:            "valid ID with bucket (pre-2018, us-east-1) and acl", //lintignore:AWSAT003
+			InputID:             tfs3.BucketACLCreateResourceID("Example", "", s3.BucketCannedACLPrivate),
+			ExpectedACL:         s3.BucketCannedACLPrivate,
+			ExpectedBucket:      "Example",
+			ExpectedBucketOwner: "",
+		},
+		{
+			TestName:            "valid ID with bucket (pre-2018, us-east-1) and acl that has underscores", //lintignore:AWSAT003
+			InputID:             tfs3.BucketACLCreateResourceID("My_Example_Bucket", "", s3.BucketCannedACLPublicReadWrite),
+			ExpectedACL:         s3.BucketCannedACLPublicReadWrite,
+			ExpectedBucket:      "My_Example_Bucket",
+			ExpectedBucketOwner: "",
+		},
+		{
+			TestName:            "valid ID with bucket (pre-2018, us-east-1) that has underscore, dot, hyphen, and number and acl that has hyphens", //lintignore:AWSAT003
+			InputID:             tfs3.BucketACLCreateResourceID("My_Example-Bucket.4000", "", s3.BucketCannedACLPublicReadWrite),
+			ExpectedACL:         s3.BucketCannedACLPublicReadWrite,
+			ExpectedBucket:      "My_Example-Bucket.4000",
+			ExpectedBucketOwner: "",
+		},
+		{
+			TestName:            "valid ID with bucket (pre-2018, us-east-1) and bucket owner", //lintignore:AWSAT003
+			InputID:             tfs3.BucketACLCreateResourceID("Example", "123456789012", ""),
+			ExpectedACL:         "",
+			ExpectedBucket:      "Example",
+			ExpectedBucketOwner: "123456789012",
+		},
+		{
+			TestName:            "valid ID with bucket (pre-2018, us-east-1) that has underscore, dot, hyphen, and number and bucket owner", //lintignore:AWSAT003
+			InputID:             tfs3.BucketACLCreateResourceID("My_Example-Bucket.4000", "123456789012", ""),
+			ExpectedACL:         "",
+			ExpectedBucket:      "My_Example-Bucket.4000",
+			ExpectedBucketOwner: "123456789012",
+		},
+		{
+			TestName:            "valid ID with bucket (pre-2018, us-east-1), bucket owner, and acl", //lintignore:AWSAT003
+			InputID:             tfs3.BucketACLCreateResourceID("Example", "123456789012", s3.BucketCannedACLPrivate),
+			ExpectedACL:         s3.BucketCannedACLPrivate,
+			ExpectedBucket:      "Example",
+			ExpectedBucketOwner: "123456789012",
+		},
+		{
+			TestName:            "valid ID with bucket (pre-2018, us-east-1), bucket owner, and acl that has hyphens", //lintignore:AWSAT003
+			InputID:             tfs3.BucketACLCreateResourceID("Example", "123456789012", s3.BucketCannedACLPublicReadWrite),
+			ExpectedACL:         s3.BucketCannedACLPublicReadWrite,
+			ExpectedBucket:      "Example",
+			ExpectedBucketOwner: "123456789012",
+		},
+		{
+			TestName:            "valid ID with bucket (pre-2018, us-east-1) that has underscore, dot, hyphen, and numbers, bucket owner, and acl that has hyphens", //lintignore:AWSAT003
+			InputID:             tfs3.BucketACLCreateResourceID("My_Example-bucket.4000", "123456789012", s3.BucketCannedACLPublicReadWrite),
+			ExpectedACL:         s3.BucketCannedACLPublicReadWrite,
+			ExpectedBucket:      "My_Example-bucket.4000",
+			ExpectedBucketOwner: "123456789012",
+		},
 	}
 
 	for _, testCase := range testCases {