You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I figured I'd post this here for anybody else that runs into a similar issue to find.
If you are encountering an error when uploading objects to S3, and your destination bucket either has ACLs disabled (a current best practice) or a policy set that restricts which canned ACLs can be placed on a bucket or bucket object, you'll want to make sure that your fastfile configures the acl appropriately. The error message you'd most likely see if ACLs are disabled is:
The bucket does not allow ACLs
To fix it, you need to configure the relevant bucket(s) in the fastfile to either pass in the expected ACL string (bucket-owner-full-control) or an empty string. This plugin defaults to public-read when the acl argument is omitted entirely, and that causes calls to ACL-disabled buckets to fail.
As the code currently stands, for ACL-disabled buckets, the following should either work or not work:
Should work
aws_s3(
...
acl: '',
...
)
aws_s3(
...
acl: 'bucket-owner-only',
...
)
Should not work
aws_s3(
...
acl: 'public-read',
...
)
aws_s3(
...
# acl argument omitted
...
)
Whether the above will work also depends on the bucket policy on the bucket and any potential SCPs or IAM Role-based policies you may have.
I figured I'd post this here for anybody else that runs into a similar issue to find.
If you are encountering an error when uploading objects to S3, and your destination bucket either has ACLs disabled (a current best practice) or a policy set that restricts which canned ACLs can be placed on a bucket or bucket object, you'll want to make sure that your
fastfile
configures theacl
appropriately. The error message you'd most likely see if ACLs are disabled is:To fix it, you need to configure the relevant bucket(s) in the
fastfile
to either pass in the expected ACL string (bucket-owner-full-control
) or an empty string. This plugin defaults topublic-read
when theacl
argument is omitted entirely, and that causes calls to ACL-disabled buckets to fail.As the code currently stands, for ACL-disabled buckets, the following should either work or not work:
Should work
Should not work
Whether the above will work also depends on the bucket policy on the bucket and any potential SCPs or IAM Role-based policies you may have.
Related:
The text was updated successfully, but these errors were encountered: