- Newest
- Most votes
- Most comments
Hi,
Do you have a support plan with AWS? You would need to submit a support ticket and provide couple of keys that failed replication so that we could check and see exactly what happened.
Regards,
Yuriy
AWS S3
Thanks, we're not on a paid support plan at the moment, but fortunately, I don't think we'll need to create a ticket for this. I believe I have FINALLY figured this out.
This issue appears to have been caused by public access settings on the destination bucket. The objects in the problematic "subfolder" in the source bucket are public (which is intentional), but are not supposed to be public in the destination bucket. When I disabled the "Block public access to buckets and objects granted through new access control lists (ACLs)" setting, replication started working (screenshot: https://pasteboard.co/Ii4SQJD.png). Reference from AWS docs on what I'm talking about: https://docs.aws.amazon.com/AmazonS3/latest/user-guide/block-public-access-bucket.html. I believe these settings were somewhat recently introduced.
I've confirmed that the ACL on the replicated object does not, in fact, grant public read access to the object in the destination bucket once it has been replicated. There must be some process that takes place behind the scenes that copies over the original ACL for the object (which the public access policy must block, since it sees it as a "new" ACL that grants public read permission) and then changes the ownership of the object to the destination bucket, probably by changing the ACL.
Relevant content
- asked a year ago
- asked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago