It would seem that Amazon is pushing S3 bucket defaults that's breaking the module.

https://aws.amazon.com/about-aws/whats-new/2023/04/amazon-s3-two-security-best-practices-buckets-default/

Unfortunately, this means that, with the combination of default settings, the s3 bucket doesn't create as it appears that the default policy that it sets in is incompatible with the bucket policy that is trying to put in.

I'm going to try to workaround this buy actually getting the module and tweaking the settings of the downstream s3 module to allow ACLs to see if it works.

Form what I have experimented so far...., changing a setting so that I can set s3_object_ownership to "BucketOwnerPreferred" has a okay workaround....

in that, in the 1st TF run, I still run into this, but if I ran TF apply again a 2nd time, then everything gets applied and set.

I think it might have something to deal with how the cloudposse/s3-log-storage/aws module sets up the ACL....

hashicorp/terraform-provider-aws#28353

Isn't the default for the s3_object_ownership input variable already BucketOwnerPreferred?

This has been fixed in the upstream terraform-aws-s3-bucket and will be fixed in the next release of this module.