Informational: AWS S3 The bucket does not allow ACLs #118
Description
I figured I'd post this here for anybody else that runs into a similar issue to find.
If you are encountering an error when uploading objects to S3, and your destination bucket either has ACLs disabled (a current best practice) or a policy set that restricts which canned ACLs can be placed on a bucket or bucket object, you'll want to make sure that your fastfile configures the acl appropriately. The error message you'd most likely see if ACLs are disabled is:
The bucket does not allow ACLs
To fix it, you need to configure the relevant bucket(s) in the fastfile to either pass in the expected ACL string (bucket-owner-full-control) or an empty string. This plugin defaults to public-read when the acl argument is omitted entirely, and that causes calls to ACL-disabled buckets to fail.
As the code currently stands, for ACL-disabled buckets, the following should either work or not work:
Should work
aws_s3(
...
acl: '',
...
)aws_s3(
...
acl: 'bucket-owner-only',
...
)Should not work
aws_s3(
...
acl: 'public-read',
...
)aws_s3(
...
# acl argument omitted
...
)Whether the above will work also depends on the bucket policy on the bucket and any potential SCPs or IAM Role-based policies you may have.
Related: