taylorsilva
commented
1 year ago @aijunpeng @WillAWS Sorry to ping folks. I see you two worked in this repo most recently so just want to get this on your radar. Not sure how often y'all check PR's. This will become a problem as the S3 changes roll out to more regions.
I realize it might even be worth looking into if setting ownership to ObjectWritier and writing up an ACL is even necessary. Maybe the BucketOwnerEnforced setting is fine and what should actually happen is the custom ACL rules are removed?
WillAWS
Closes #236
Starting in April 2023, S3 changed the default ownership settings for new S3 buckets:
https://aws.amazon.com/blogs/aws/heads-up-amazon-s3-security-changes-are-coming-in-april-of-2023/
By not specifying ObjectWriter as the desired ownership the bucket defaulted to the new BucketOwnerEnforced. This caused the CF template to fail creating the S3 bucket when it tries to apply ACL rules on the bucket. The template would fail with this error
By specifying that the bucket should be created with ObjectWriter (ACL enabled) the CF template is then able to apply it's ACL rules and successfully deploy.
As of this commit (April 18, 2023) this cf template fails to deploy in us-east-2. I'm guessing this is the first, or one of the first, regions where these new defaults are being rolled out to.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.