Informational: AWS S3 The bucket does not allow ACLs

[mattlorimor]

I figured I'd post this here for anybody else that runs into a similar issue to find.

If you are encountering an error when uploading objects to S3, and your destination bucket either has ACLs disabled (a current best practice) or a policy set that restricts which canned ACLs can be placed on a bucket or bucket object, you'll want to make sure that your fastfile configures the acl appropriately. The error message you'd most likely see if ACLs are disabled is:

The bucket does not allow ACLs

To fix it, you need to configure the relevant bucket(s) in the fastfile to either pass in the expected ACL string (bucket-owner-full-control) or an empty string. This plugin defaults to public-read when the acl argument is omitted entirely, and that causes calls to ACL-disabled buckets to fail.

As the code currently stands, for ACL-disabled buckets, the following should either work or not work:

Should work

aws_s3(
      ...
      acl: '',
      ...
    )

aws_s3(
      ...
      acl: 'bucket-owner-only',
      ...
    )

Should not work

aws_s3(
      ...
      acl: 'public-read',
      ...
    )

aws_s3(
      ...
      # acl argument omitted
      ...
    )

The whether the above will work also depends on the bucket policy on the bucket and any potential SCPs or IAM Role-based policies you may have.

Related:

• AWS S3 access denied error when trying to push a build to S3 #76 (comment)