search

aws-solutions / data-transfer-hub

Seamless User Interface for replicating data into AWS.
https://aws-solutions.github.io/data-transfer-hub/en/
Apache License 2.0
135 stars 22 forks source link

Lack of necessary permissions in worker instance to set Object ACL in Destination settings #151

Open hahahadebuger opened 5 months ago

hahahadebuger commented 5 months ago

Describe the bug Lack of necessary permissions in worker instance to set Object ACL in Destination settings, the policy which name like "EC2WorkerStackWorkerAsgRoleDefaultPolicy" of the role of the worker instance which name like "DTH-S3EC2-28ace-EC2WorkerStackWorkerAsgRole" lack of s3:PutObjectAcl.

        {
            "Action": [
                "s3:GetObject*",
                "s3:GetBucket*",
                "s3:List*",
                "s3:DeleteObject*",
                "s3:PutObject",
                "s3:PutObjectLegalHold",
                "s3:PutObjectRetention",
                "s3:PutObjectTagging",
                "s3:PutObjectVersionTagging",
                "s3:Abort*"
            ],
            "Resource": [
                "arn:aws:s3:::Destination_BUCKET",
                "arn:aws:s3:::Destination_BUCKET/*"
            ],
            "Effect": "Allow"
        },

To Reproduce set Object ACL in Destination settings, such as public read

Expected behavior there is no error and no need to modify the policy to transfer file to Destination with right acl

Please complete the following information about the solution:

To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "(SO8001) - Data Transfer Hub with aws-solutions-constructs: This template deploys an one-stop toolset for transferring data from different sources into AWS. Template version v2.6.0".

Additional context Add any other context about the problem here.

YikaiHu commented 4 months ago

Hi @hahahadebuger , thanks for calling out! We will fix this issue in next release.