AWS has added a few new defaults for new S3 buckets to make it harder to create leaky buckets that put all of your company’s data out there for everyone to grab.

These defaults also disable object-based ACLs, which is frustrating if you want to make some objects publicly available.

It’s weirdly hard to find info on this online, so putting it here for future reference, the OwnershipControls property is what you need to update:

 WebBucket:
	Type: AWS::S3::Bucket
	Properties:
		BucketName: my-bucket
		OwnershipControls:
			Rules:
				- ObjectOwnership: BucketOwnerPreferred