resource "aws_s3_bucket" "my-bucket" {
  bucket = "my-bucket"
  
  lifecycle {
    ignore_changes = [
      acl,
      force_destroy,
    ]
  }

  grant {
    permissions = [
        "READ",
        "READ_ACP",
    ]
    type = "Group"
    uri = "http://acs.amazonaws.com/groups/global/AllUsers"
  }
  grant {
    id = "my-id"
    permissions = [
        "FULL_CONTROL",
    ]
    type = "CanonicalUser"
  }
}