En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Disable bucket ACL(s) in a given AWS account

0

Hi AWS,

I have a requirement where I need to disable the Access Control List (ACLs) for the s3 buckets in a given AWS account. Doing this manually is a time consuming and not the appropriate method so I have written a basic boto3 script to accomplish the same. The code snippet is as follows:

import boto3

def main():
    bucket_acl()

def bucket_acl():
    client = boto3.client('s3')
    response = client.list_buckets()
    for bucket in response['Buckets']:
        name = bucket['Name']
        bucket_acl_status = client.get_bucket_acl(
            Bucket=name
        )
        print(bucket_acl_status['Grants'])

        disable_bucket_acl = client.put_bucket_ownership_controls(
            Bucket=name,
            OwnershipControls={
                'Rules': [
                    {
                        'ObjectOwnership': 'BucketOwnerEnforced'
                    },
                ]
            }
        )
        print(disable_bucket_acl)

main()

While I am running the python code, the following error is coming:

botocore.exceptions.ClientError: An error occurred (InvalidBucketAclWithObjectOwnership) when calling the PutBucketOwnershipControls operation: Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting

I was following the documentation to disable the bucket ACL: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/s3/client/put_bucket_ownership_controls.html#

but it didn't work out. Please help!

Sujets
Stockage
Balises
Simple service de stockage AmazonStockage
Langue
English
profile picture
Arjun Goel
demandé il y a un an900 vues
1 réponse
2

From the docs is looks like you have to reset the ACL and migrate the permissions to a bucket policy.

For example, if an existing bucket ACL grants public read access, you cannot apply the bucket 
owner enforced setting for Object Ownership until you migrate these ACL permissions to a 
bucket policy and reset your bucket ACL to the default private ACL.
profile pictureAWS
EXPERT
kentrad
répondu il y a un an
profile picture
EXPERT
Antonio_Lagrotteria
vérifié il y a un an
  • Arjun Goel
    il y a un an

    Is it possible that someone from the AWS community will update the boto3 script I provided above by taking an example of a dummy S3 bucket by applying different ACL types @kentrad and @alatech?

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents