Bucket does not allow ACLs

[sarink]

What happened?

AWS no longer allows ACLs for new buckets. However, the acl key is required on synced.S3BucketFolder, making it unusable

Expected Behavior

Expected creating an s3 bucket folder to work

Steps to reproduce

    new synced.S3BucketFolder(`${NAME}-synced-folder`, {
      path: '../../web/dist',
      bucketName: 'website',
      acl: aws.s3.PublicReadAcl,
    });

Output of pulumi about

CLI          
Version      3.74.0
Go Version   go1.20.5
Go Compiler  gc

Plugins
NAME    VERSION
nodejs  unknown

Host     
OS       darwin
Version  13.4
Arch     arm64

This project is written in nodejs: executable='/Users/kabirsarin/.nvm/versions/node/v18.16.0/bin/node' version='v18.16.0'

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

[sarink]

How can you enable ACLs for an S3 bucket with pulumi? Looking for this option

[gbegher]

@sarink

Here's what worked for me:

new s3.BucketOwnershipControls("bucket-ownership-controls", {
    bucket: THE_BUCKET,
    // For options check https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
    rule: { objectOwnership: "ObjectWriter" },
})

new s3.BucketPublicAccessBlock("bucket-public-access-block", {
    bucket: THE_BUCKET,
    // allows the object writer to set public ACLs
    blockPublicAcls: false,
})

(found on https://blog.rishabkumar.com/deploying-a-static-website-to-aws-with-pulumi)

[jonasgroendahl]

same issue here

[thoward]

Need to figure out ownership of synced folders longterm.