Unable to upload an object to cross account S3 bucket through console - ACLs disabled

Question

Hi,

I have an S3 bucket in account A and it has ACLs disabled. Bucket policy allows account B user to upload objects. When I try to use CLI using account B access key, it works fine:

C:\Workspace>aws s3api put-object --bucket cross-account-bucket8211 --key maxi.jpg --body maxi.jpg
{
    "ETag": "\"e577962ae3715e26dc32a9c850be4bf9\"",
    "ServerSideEncryption": "AES256"
}

**However when I use AWS console, object fails to upload with error : **

Access control list (ACL) not supported
Objects can only be added to this bucket if they use no access control list (ACL) or the bucket-owner-full-control canned ACL. Review ACL permissions for the source object and remove ACLs that grant read or write permissions others.

Accepted Answer

When you use the AWS CLI with the `put-object` command, the CLI automatically sets the `x-amz-acl` header to `bucket-owner-full-control`, which is a compatible ACL setting for your bucket. This allows the upload to succeed.

> 💡 You can find more information about the `x-amz-acl` header and its usage in the Amazon S3 documentation [here](https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazon-s3-condition-keys.html).

However, in the AWS Console, the default behavior is to use the `private` ACL when uploading objects (*Blocking all public access*). Since your bucket has ACLs disabled, the Console upload fails with the error you've encountered.

![Blocked All public access](/media/postImages/original/IMpj4U9tA0ROyuR783j1OG1Q)

---

> 💡 You can learn more about the effects of these rules by visiting the [Block public access settings](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html?icmpid=docs_amazons3_console) page in the Amazon S3 documentation.

Unable to upload an object to cross account S3 bucket through console - ACLs disabled

Relevanter Inhalt