Hi AWS,
I have a requirement where I need to disable the Access Control List (ACLs) for the s3 buckets in a given AWS account. Doing this manually is a time consuming and not the appropriate method so I have written a basic boto3 script to accomplish the same. The code snippet is as follows:
import boto3
def main():
bucket_acl()
def bucket_acl():
client = boto3.client('s3')
response = client.list_buckets()
for bucket in response['Buckets']:
name = bucket['Name']
bucket_acl_status = client.get_bucket_acl(
Bucket=name
)
print(bucket_acl_status['Grants'])
disable_bucket_acl = client.put_bucket_ownership_controls(
Bucket=name,
OwnershipControls={
'Rules': [
{
'ObjectOwnership': 'BucketOwnerEnforced'
},
]
}
)
print(disable_bucket_acl)
main()
While I am running the python code, the following error is coming:
botocore.exceptions.ClientError: An error occurred (InvalidBucketAclWithObjectOwnership) when calling the PutBucketOwnershipControls operation: Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting
I was following the documentation to disable the bucket ACL: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/s3/client/put_bucket_ownership_controls.html#
but it didn't work out. Please help!
Is it possible that someone from the AWS community will update the boto3 script I provided above by taking an example of a dummy S3 bucket by applying different ACL types @kentrad and @alatech?