Allowing ACLs for S3 Objects in CloudFormation
AWS has added a few new defaults for new S3 buckets to make it harder to create leaky buckets that put all of your company's data out there for everyone to grab.
These defaults also disable object-based ACLs, which is frustrating if you want to make some objects publicly available.
It's weirdly hard to find info on this online, so putting it here for future reference, the OwnershipControls
property is what you need to update:
WebBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: my-bucket
OwnershipControls:
Rules:
- ObjectOwnership: BucketOwnerPreferred
PublicAccessBlockConfiguration:
BlockPublicAcls: false
IgnorePublicAcls: false