PSA: AWS is changing the way some IAM policy eventual is going to happen, it it might overly expose Terraform state buckets to an account:
https://github.com/gruntwork-io/terragrunt/issues/2577. A team member wrong some code to remote the root bucket access config, but Terragrunt keeps trying to put it back -
EnableRootAccesstoS3BucketMore details in the Github issue thread - we see this as kind of a bit deal, since overly expose TF state buckets might unexpectedly expose sensitive material.
There’s an option to avoid having Terragrunt modify the S3 state bucket (
https://terragrunt.gruntwork.io/docs/reference/config-blocks-and-attributes/#:~:text=skip_bucket_root_access), but really, Terragrunt should never try to do this modification.
