Because of how this Bucket's canned ACL is implemented, only the owner account and cloudfront's account can access this bucket, even when adding a bucket policy for the data account to access. To enable the data account to access this bucket, this PR creates an equivalent non-canned ACL policy, but adding access to the data account.
ACL screen capture from the AWS Console (FULL_CONTROL is Read/Write over the 2 columns):
Because of how this Bucket's canned ACL is implemented, only the owner account and cloudfront's account can access this bucket, even when adding a bucket policy for the data account to access. To enable the data account to access this bucket, this PR creates an equivalent non-canned ACL policy, but adding access to the data account.
ACL screen capture from the AWS Console (FULL_CONTROL is Read/Write over the 2 columns):