Our upload pattern would prefer to not use ACLs at all for our S3 uploads, instead using relying on IAM policies at the bucket level. However, in the plugin the Access value which stores the ACL to use is a mandatory field (defaulting to private). Since the private ACL is a good "secure by default" setting, having a skip value or similar to not pass the Access value when performing the PutObject would be great.
code ref
Our upload pattern would prefer to not use ACLs at all for our S3 uploads, instead using relying on IAM policies at the bucket level. However, in the plugin the
Accessvalue which stores the ACL to use is a mandatory field (defaulting toprivate). Since theprivateACL is a good "secure by default" setting, having askipvalue or similar to not pass theAccessvalue when performing thePutObjectwould be great.This also lines up with AWS' advice on how to set permissions/ACLs https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#CannedACL and https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html