aws_s3: Don't set ACL by default since ACLs are disabled by default for buckets created since 2023

Setting an ACL throws an error when uploading to a bucket with ACLs disabled when the bucket is in another account. The former default 'private' is accepted by buckets in the same account but is a no-op

Author: ttreptow

internal/impl/aws/s3/output.go

@@ -313,7 +313,7 @@ output:
 					}
 				})...).
 				Description("The object canned ACL value.").
-				Default(string(types.ObjectCannedACLPrivate)).
+				Default("").
 				Advanced(),
 			service.NewBatchPolicyField(s3oFieldBatching),
 		).
@@ -473,7 +473,6 @@ func (a *amazonS3Writer) WriteBatch(wctx context.Context, msg service.MessageBat
 			WebsiteRedirectLocation: websiteRedirectLocation,
 			StorageClass:            tmtypes.StorageClass(storageClass),
 			Metadata:                metadata,
-			ACL:                     tmtypes.ObjectCannedACL(a.conf.ObjectCannedACL),
 		}
 
 		// Prepare tags, escaping keys and values to ensure they're valid query string parameters.
@@ -498,6 +497,10 @@ func (a *amazonS3Writer) WriteBatch(wctx context.Context, msg service.MessageBat
 			uploadInput.ChecksumAlgorithm = tmtypes.ChecksumAlgorithm(a.conf.ChecksumAlgorithm)
 		}
 
+		if a.conf.ObjectCannedACL != "" {
+			uploadInput.ACL = tmtypes.ObjectCannedACL(a.conf.ObjectCannedACL)
+		}
+
 		// NOTE: This overrides the ServerSideEncryption set above. We need this to preserve
 		// backwards compatibility, where it is allowed to only set kms_key_id in the config and
 		// the ServerSideEncryption value of "aws:kms" is implied.