amazon-web-services amazon-s3 aws-access-policy

Set a non public S3 bucket to have new uploaded keys default to bucket-owner-full-control

Is it possible to default all new uploaded keys to a specific bucket to have bucket-owner-full-control acl permissions?

Couldn't find this in the documentation.

Solution

You can use an S3 bucket policy.

For example, to allow a specific principal (e.g. an IAM user) to upload to the bucket but require that the principal supplies the bucket-owner-full-control ACL:

{
  "Statement":[
    {
      "Effect":"Allow",
      "Principal":{ <principal here> },
      "Action":"s3:PutObject",
      "Resource":["arn:aws:s3:::mybucket/*"]
    },
    {
      "Effect":"Deny",
      "Principal":{ <principal here> },
      "Action":"s3:PutObject",
      "Resource":"arn:aws:s3:::mybucket/*",
      "Condition": {
        "StringNotEquals": {"s3:x-amz-acl":"bucket-owner-full-control"}
      }
    }
  ]
}

Wildcard filter in aws-nuke
Add advanced validation for AWS::Serverless::Api GET query params
Organizing AWS IAM permissions: limit of 10 policies?
AWS: S3 Bucket AWS You can't grant public access because Block public access settings are turned on for this account
failed calling webhook "vingress.elbv2.k8s.aws"
terraform tags for list variable not working
Amazon SES successfully forwarded emails but respond with 451 4.3.0 This message could not be delivered
Why should I use Amazon Kinesis and not SNS-SQS?
AWS Elastic Load Balancing: Seeing extremely long initial connection time
AWS: None of the Instances are sending data
How to assign a role to an iam user?
Can't connect to ECS service through ALB
How do I reference a resource created from different module in my current module?
Aws Workspace Client cannot be opened in Ubuntu - 20.04.6 LTS
AWS Lambda - How to stop retries when there is a failure
How to enable "Use for Hive table metadata" in "AWS Glue Data Catalog settings" using Terraform?
How Do I get Object URL for Amazon S3 object
not authorized to perform: ec2:DescribeInstances because no identity-based policy allows the ec2:DescribeInstances action
Handling an image/jpeg response from Lambda in API Gateway
Do different API keys associated on the same usage plan share the same quota limit too?
S3: Access Denied
AWS DynamoDB table.query() not working as expected
Can I programmatically find all untagged resources?
Terraform doesn't allow to use variable when creating resource. How to go around?
Multiple Tasks Definition on ECS Service using CloudFormation
How to calculate the CodeSha256 of aws lambda deployment package before uploading
Problems using MySQL with AWS Lambda in Python
EKS Fargate workloads unable to resolve DNS names
Certbot unable to locate environment variable credentials
using AWS lambda-docker Error "lambda-entrypoint.sh: exec format error"