search

fastlane-community / fastlane-plugin-s3

fastlane plugin to upload IPA or APK to AWS S3 by @joshdholtz
MIT License
146 stars 65 forks source link

Informational: AWS S3 The bucket does not allow ACLs #118

Open mattlorimor opened 3 months ago

mattlorimor commented 3 months ago

I figured I'd post this here for anybody else that runs into a similar issue to find.

If you are encountering an error when uploading objects to S3, and your destination bucket either has ACLs disabled (a current best practice) or a policy set that restricts which canned ACLs can be placed on a bucket or bucket object, you'll want to make sure that your fastfile configures the acl appropriately. The error message you'd most likely see if ACLs are disabled is:

The bucket does not allow ACLs

To fix it, you need to configure the relevant bucket(s) in the fastfile to either pass in the expected ACL string (bucket-owner-full-control) or an empty string. This plugin defaults to public-read when the acl argument is omitted entirely, and that causes calls to ACL-disabled buckets to fail.

As the code currently stands, for ACL-disabled buckets, the following should either work or not work:

Should work

aws_s3(
      ...
      acl: '',
      ...
    )
aws_s3(
      ...
      acl: 'bucket-owner-only',
      ...
    )

Should not work

aws_s3(
      ...
      acl: 'public-read',
      ...
    )
aws_s3(
      ...
      # acl argument omitted
      ...
    )

The whether the above will work also depends on the bucket policy on the bucket and any potential SCPs or IAM Role-based policies you may have.

Related: