Is it possible to default all new uploaded keys to a specific bucket to have bucket-owner-full-control acl permissions?
Couldn't find this in the documentation.
You can use an S3 bucket policy.
For example, to allow a specific principal (e.g. an IAM user) to upload to the bucket but require that the principal supplies the bucket-owner-full-control ACL:
{
"Statement":[
{
"Effect":"Allow",
"Principal":{ <principal here> },
"Action":"s3:PutObject",
"Resource":["arn:aws:s3:::mybucket/*"]
},
{
"Effect":"Deny",
"Principal":{ <principal here> },
"Action":"s3:PutObject",
"Resource":"arn:aws:s3:::mybucket/*",
"Condition": {
"StringNotEquals": {"s3:x-amz-acl":"bucket-owner-full-control"}
}
}
]
}