From 3d77d158f7270472446b9e1fe461487c9763c91c Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@timeinc.com>
Date: Mon, 14 Sep 2015 10:38:29 +0100
Subject: [PATCH 1/2] remote/s3: Add support for ACL

---
 state/remote/s3.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/state/remote/s3.go b/state/remote/s3.go
index c2d897dd0..26330d112 100644
--- a/state/remote/s3.go
+++ b/state/remote/s3.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"fmt"
 	"io"
+	"log"
 	"os"
 	"strconv"
 
@@ -45,6 +46,11 @@ func s3Factory(conf map[string]string) (Client, error) {
 		serverSideEncryption = v
 	}
 
+	acl := ""
+	if raw, ok := conf["acl"]; ok {
+		acl = raw
+	}
+
 	accessKeyId := conf["access_key"]
 	secretAccessKey := conf["secret_key"]
 
@@ -77,6 +83,7 @@ func s3Factory(conf map[string]string) (Client, error) {
 		bucketName:           bucketName,
 		keyName:              keyName,
 		serverSideEncryption: serverSideEncryption,
+		acl:                  acl,
 	}, nil
 }
 
@@ -85,6 +92,7 @@ type S3Client struct {
 	bucketName           string
 	keyName              string
 	serverSideEncryption bool
+	acl                  string
 }
 
 func (c *S3Client) Get() (*Payload, error) {
@@ -140,6 +148,12 @@ func (c *S3Client) Put(data []byte) error {
 		i.ServerSideEncryption = aws.String("AES256")
 	}
 
+	if c.acl != "" {
+		i.ACL = aws.String(c.acl)
+	}
+
+	log.Printf("[DEBUG] Uploading remote state to S3: %#v", i)
+
 	if _, err := c.nativeClient.PutObject(i); err == nil {
 		return nil
 	} else {

From 4f7f20ba23b3b46680005a0efd4f06c80ad9a2b5 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@timeinc.com>
Date: Mon, 14 Sep 2015 10:36:55 +0100
Subject: [PATCH 2/2] remote/s3: Add some docs for supported parameters

---
 website/source/docs/commands/remote-config.html.markdown | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/website/source/docs/commands/remote-config.html.markdown b/website/source/docs/commands/remote-config.html.markdown
index c7586ac0e..73a06f821 100644
--- a/website/source/docs/commands/remote-config.html.markdown
+++ b/website/source/docs/commands/remote-config.html.markdown
@@ -57,6 +57,13 @@ The following backends are supported:
   in the `access_key`, `secret_key` and `region` variables
   respectively, but passing credentials this way is not recommended since they
   will be included in cleartext inside the persisted state.
+  Other supported parameters include:
+  * `bucket` - the name of the S3 bucket
+  * `key` - path where to place/look for state file inside the bucket
+  * `encrypt` - whether to enable [server side encryption](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)
+    of the state file
+  * `acl` - [Canned ACL](http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl)
+    to be applied to the state file.
 
 * HTTP - Stores the state using a simple REST client. State will be fetched
   via GET, updated via POST, and purged with DELETE. Requires the `address` variable.