search

drone-plugins / drone-s3

Drone plugin for publishing artifacts to Amazon S3
http://plugins.drone.io/drone-plugins/drone-s3
Apache License 2.0
37 stars 65 forks source link

Don't Specify an ACL by Default (Fixes #110) #124

Closed nhandler closed 1 year ago

nhandler commented 1 year ago

ACLs in S3 predate IAM. They are also no longer recommended. Instead, users are encouraged to rely on IAM and Bucket Policies to manage access. Amazon is even going to start disabling ACLs on new buckets (see https://docs.aws.amazon.com/AmazonS3/latest/userguide/ensure-object-ownership.html).Users are also generally encouraged to set BucketOwnerEnforced on existing buckets to disable ACLs.

When ACLs are disabled on a bucket, attempts to call s3:PutObject while specifying an acl parameter will cause an AccessControlListNotSupported error from AWS specifying that The bucket does not allow ACLs.

This change updates the plugin so that there is no longer a default value for the ACL. The plugin will now only pass an ACL to s3:PutObject if one is explicitly specified by the user.

nhandler commented 1 year ago

@bradrydzewski Any chance you might be able to help get some eyes on this change?

devkimittal commented 1 year ago

@nhandler approved. Can you please rebase your code changes?

nhandler commented 1 year ago

@nhandler approved. Can you please rebase your code changes?

@devkimittal The branch has been rebased.