Skip to content

Informational: AWS S3 The bucket does not allow ACLs #118

Description

@mattlorimor

I figured I'd post this here for anybody else that runs into a similar issue to find.

If you are encountering an error when uploading objects to S3, and your destination bucket either has ACLs disabled (a current best practice) or a policy set that restricts which canned ACLs can be placed on a bucket or bucket object, you'll want to make sure that your fastfile configures the acl appropriately. The error message you'd most likely see if ACLs are disabled is:

The bucket does not allow ACLs

To fix it, you need to configure the relevant bucket(s) in the fastfile to either pass in the expected ACL string (bucket-owner-full-control) or an empty string. This plugin defaults to public-read when the acl argument is omitted entirely, and that causes calls to ACL-disabled buckets to fail.

As the code currently stands, for ACL-disabled buckets, the following should either work or not work:

Should work

aws_s3(
      ...
      acl: '',
      ...
    )
aws_s3(
      ...
      acl: 'bucket-owner-only',
      ...
    )

Should not work

aws_s3(
      ...
      acl: 'public-read',
      ...
    )
aws_s3(
      ...
      # acl argument omitted
      ...
    )

Whether the above will work also depends on the bucket policy on the bucket and any potential SCPs or IAM Role-based policies you may have.

Related:

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions