Describe the issue
When we created a S3 bucket via Bucket construct we used the BUCKET_OWNER_PREFERRED setting for objectOwnership but we found Objects uploaded to the bucket DIDN’T change ownership to the bucket owner and we had problems downloading the objects.
Then we found out if the objects are being uploaded to the bucket without bucket-owner-full-control canned ACL, the bucket owner won’t have permissions see S3 documentation but the CDK documentation doesn’t mention it explicitly, It currently has
BUCKET_OWNER_PREFERRED
Objects uploaded to the bucket change ownership to the bucket owner .
We had to explicitly change the enum to BUCKET_OWNER_ENFORCED or upload the objects with the canned acl see support article
So we propose the documentation be updated to be more explicit similar to S3 documentation.
The bucket owner owns and has full control over new objects that other accounts write to the bucket with the bucket-owner-full-control canned ACL.
We used CDK(Typescript) but other languages could be updated as well.
Discussed with Kaizen before entering this PR.
Thank you
Links
https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.ObjectOwnership.html#bucket_owner_preferred
https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_s3/ObjectOwnership.html
https://docs.aws.amazon.com/cdk/api/v2/java/software/amazon/awscdk/services/s3/ObjectOwnership.html
https://pkg.go.dev/github.com/aws/aws-cdk-go/awscdk/v2/awss3#ObjectOwnership
https://pkg.go.dev/github.com/aws/aws-cdk-go/awscdk/v2/awss3#ObjectOwnership
https://docs.aws.amazon.com/cdk/api/v2/dotnet/api/Amazon.CDK.AWS.S3.ObjectOwnership.html
Describe the issue
When we created a S3 bucket via Bucket construct we used the
BUCKET_OWNER_PREFERREDsetting for objectOwnership but we found Objects uploaded to the bucket DIDN’T change ownership to the bucket owner and we had problems downloading the objects.Then we found out if the objects are being uploaded to the bucket without
bucket-owner-full-controlcanned ACL, the bucket owner won’t have permissions see S3 documentation but the CDK documentation doesn’t mention it explicitly, It currently hasWe had to explicitly change the enum to
BUCKET_OWNER_ENFORCEDor upload the objects with the canned acl see support articleSo we propose the documentation be updated to be more explicit similar to S3 documentation.
We used CDK(Typescript) but other languages could be updated as well.
Discussed with Kaizen before entering this PR.
Thank you
Links
https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.ObjectOwnership.html#bucket_owner_preferred
https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_s3/ObjectOwnership.html
https://docs.aws.amazon.com/cdk/api/v2/java/software/amazon/awscdk/services/s3/ObjectOwnership.html
https://pkg.go.dev/github.com/aws/aws-cdk-go/awscdk/v2/awss3#ObjectOwnership
https://pkg.go.dev/github.com/aws/aws-cdk-go/awscdk/v2/awss3#ObjectOwnership
https://docs.aws.amazon.com/cdk/api/v2/dotnet/api/Amazon.CDK.AWS.S3.ObjectOwnership.html