Following the AWS getting started tutorial, I was playing with configuring the index.html file in the bucket. As a simple test, I tried updating the index.html object's acl to public-read without updating the BucketPublicAccessBlock or BucketOwnershipControls configuration on the bucket to see an error message. This did result in an error message on the first run of pulumi up, but subsequent runs succeeded and the state within Pulumi cloud of the index.html object was updated to have an acl value of public-read even though the object's ACL was not updated (as confirmed by running aws s3api get-object-acl, which shows that the object does not have public read access.
Example
First, run pulumi up using the following index.js file to create a bucket and object:
Even though the operation failed, the acl of the index.txt object in Pulumi cloud will be set to public-read. Moreover, subsequent runs of pulumi up will succeed without errors. A pulumi refresh also shows no changes.
Output of pulumi about
CLI
Version 3.106.0
Go Version go1.22.0
Go Compiler gc
Plugins
NAME VERSION
aws 6.22.2
awsx 2.5.0
docker 4.5.1
docker 3.6.1
nodejs 18.16.0
Host
OS darwin
Version 12.5
Arch arm64
Dependencies:
NAME VERSION
@pulumi/aws 6.22.2
@pulumi/awsx 2.5.0
@pulumi/pulumi 3.106.0
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
What happened?
Following the AWS getting started tutorial, I was playing with configuring the
index.html
file in the bucket. As a simple test, I tried updating theindex.html
object'sacl
topublic-read
without updating theBucketPublicAccessBlock
orBucketOwnershipControls
configuration on the bucket to see an error message. This did result in an error message on the first run ofpulumi up
, but subsequent runs succeeded and the state within Pulumi cloud of theindex.html
object was updated to have anacl
value ofpublic-read
even though the object's ACL was not updated (as confirmed by runningaws s3api get-object-acl
, which shows that the object does not have public read access.Example
First, run
pulumi up
using the followingindex.js
file to create a bucket and object:Note that within Pulumi cloud, the
acl
ofindex.txt
is set toprivate
at this point. Then addacl: "public-read"
to the object:Then run
pulumi up
again. This will throw an "update failed" error that looks something like this:Even though the operation failed, the
acl
of theindex.txt
object in Pulumi cloud will be set topublic-read
. Moreover, subsequent runs ofpulumi up
will succeed without errors. Apulumi refresh
also shows no changes.Output of
pulumi about
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).