For an Amazon S3 bucket deployment from GitHub how do I fix the error AccessControlListNotSupported: The bucket does not allow ACLs?

Question

I have the following access policy set on an IAM user in my AWS account. The policy references the bucket name which is "xo-staging".

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AccessToGetBucketLocation",
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ]
        },
        {
            "Sid": "AccessToWebsiteBuckets",
            "Effect": "Allow",
            "Action": [
                "s3:PutBucketWebsite",
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:GetObject",
                "s3:ListBucket",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::xo-staging",
                "arn:aws:s3:::xo-staging/*"
            ]
        },
        {
            "Sid": "AccessToCloudfront",
            "Effect": "Allow",
            "Action": [
                "cloudfront:GetInvalidation",
                "cloudfront:CreateInvalidation"
            ],
            "Resource": "*"
        }
    ]
}

I'm deploying a Gatsby application from my local machine to Github where I am using Github Actions to run a build and deploy script.

In my package.json file I have set "deploy" to the value of gatsby-plugin-s3 deploy --yes; export AWS_PAGER=\"\"; aws cloudfront create-invalidation --distribution-id E5FDMTLPHUTLTL --paths '/*'; in my workflows.yml file I have set "deploy" to npm run deploy.

In Github my build succeeds but my deploy fails. The error I get tells me "AccessControlListNotSupported: The bucket does not allow ACLs".

I've checked the actual bucket permissions in AWS and tried selecting different options, but always the same error message returns. In other words, I have tried removing all blocks on public access and ACLs but still the problem persists.

Please can someone suggest what I might need to change to get this full deploy working?

Answer 1

If you arrived here because of this error in Terraform, you need to add this to the code:

resource "aws_s3_bucket_ownership_controls" "ownership_controls_config_bucket" {
  bucket = aws_s3_bucket.config_bucket.bucket

  rule {
    object_ownership = "ObjectWriter"
  }
}

Answer 2

If you are using AWS SAM:

Resources:
  MyS3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Sub fleteo-${Environment}-bucket
      PublicAccessBlockConfiguration:
        BlockPublicAcls: false
        IgnorePublicAcls: false
        BlockPublicPolicy: false
        RestrictPublicBuckets: false
      OwnershipControls:
        Rules:
          - ObjectOwnership: BucketOwnerPreferred

Answer 3

Adding Screenshots to the answer provided by @rudieros

1. Go to Bucket > Permissions Tab

2. Scroll to Object Ownership and click on Edit.

3. Change the settings as below.

Answer 4

Go to your bucket, into the Permissions tab, find Object Ownership and click Edit. Select ACLs enabled and read carefully AWS warnings about potential security risks