Back in 2020 I had done some work here to add ACL configs for AWS - see PR, it's been a few years but I think originally the issue was the deployer assumed the bucket access was public-read only so we needed to add more ACL options - see issue.
Anyways, it seems like AWS is changing the default way bucket access/ACLs work come April 2023 and if I understand correctly any new buckets created will have issues using the import-map-deployer as-is unless they specifically set the ACL to the previous behavior, which many people would miss. It seems that existing buckets should be OK, but my guess is that these will eventually need to be migrated.
Any new buckets that need to use import-map-deployer could have issues either with the API calls (since we'd still be sending ACLs) and config or with the ownership changes (might need specific user rights and would be good to document).
This isn't necessarily an issue but more of a discussion (but it will be an issue/PR eventually is my guess), so my first question is:
Should we make changes to the way the ACL config works in the deployer?
Note also there could be a situation of mixed old/new bucket types so we might need a fallback or additional type of flag, etc.
Back in 2020 I had done some work here to add ACL configs for AWS - see PR, it's been a few years but I think originally the issue was the deployer assumed the bucket access was public-read only so we needed to add more ACL options - see issue.
Anyways, it seems like AWS is changing the default way bucket access/ACLs work come April 2023 and if I understand correctly any new buckets created will have issues using the import-map-deployer as-is unless they specifically set the ACL to the previous behavior, which many people would miss. It seems that existing buckets should be OK, but my guess is that these will eventually need to be migrated.
Any new buckets that need to use import-map-deployer could have issues either with the API calls (since we'd still be sending ACLs) and config or with the ownership changes (might need specific user rights and would be good to document).
The blog post can be found here
This isn't necessarily an issue but more of a discussion (but it will be an issue/PR eventually is my guess), so my first question is: