`put-bucket-acl` : JSON file causing MalformedACLError for XML in AWS S3 Bucket ACL Operation

[maheshrijal]

Describe the bug

I'm calling aws s3api put-bucket-acl and passing a JSON file for the acl policy. However, error message indicates an issue with XML formatting.

Expected Behavior

An error pointing to the json schema or at the very least highlighting that the json policy is invalid would be helpful.

Current Behavior

An error occurred (MalformedACLError) when calling the PutBucketAcl operation: The XML you provided was not well-formed or did not validate against our published schema

Reproduction Steps

1. Create a json acl policy that is invalid
2. Run aws s3api put-bucket-acl --bucket bucketname --access-control-policy file://policy.json
3. Observe Error: An error occurred (MalformedACLError) when calling the PutBucketAcl operation: The XML you provided was not well-formed or did not validate against our published schema

Possible Solution

No response

Additional Information/Context

No response

CLI version used

2.15.36

Environment details (OS name and version, etc.)

Linux/5.15.146.1-microsoft-standard-WSL2

[tim-finnigan]

Thanks for reaching out. The put-bucket-acl command involves a call to the underlying S3 PutBucketAcl API. So the error you received (documented here) is coming from S3. Requests to update the error message would need to go to the S3 team.

We can forward the request if you'd like, but think we need more information first. Can you share the policy you used, or one that can reproduce the error? I tried to reproduce this but have only been able to get an Invalid JSON or Unknown parameter error. If you add --debug to your command then that will print the debug logs which could also give more insight into the underlying issue.

[maheshrijal]

Here is an example of my policy json. I've filled in all details except Permission which I've kept blank.

{
    "Grants": [
        {
            "Grantee": {
                "DisplayName": "<>",
                "ID": "<>",
                "Type": "CanonicalUser"
            },
            "Permission": ""
        }
    ],
    "Owner": {
        "DisplayName": "<>",
        "ID": "<>"
    }
}

Output:

An error occurred (MalformedACLError) when calling the PutBucketAcl operation: The XML you provided was not well-formed or did not validate against our published schema

I generated the debug logs, but it contains 'sensitive information'. Is there a way to redact this information ?

[tim-finnigan]

@maheshrijal have you tried with the permissions documented here: https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#permissions ? I could reproduce the MalformedACLError with your snippet, but seems to be working if I specify one of those values for Permission. So maybe we just need to forward this to the S3 team and request a better error message, like "Permission not found in policy, please specify one of...[possible values]".

[maheshrijal]

Yes. With the permission from the doc it does work. But a better error message would be helpful here. It took me quite some time to narrow down the issue because of the error message.

[tim-finnigan]

Thanks for following up, I'll transfer this to our cross-SDK repository and reach out to the S3 team regarding the feedback to improve the error message here. (ref: P136238996)

[tim-finnigan]

The request to improve the error message is now being tracked internally. I will close this as there is no further action on our side, please refer to the CHANGELOG or S3 blog for updates.

[github-actions[bot]]

This issue is now closed.

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.