No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

I am getting access denied error when trying to create public web hosting S3 by fellow this example: <https://www.pulumi.com/registry/packages/aws/api-docs/s3/bucketaclv2/#with-public-read-acl>
```* error creating S3 bucket ACL for &lt;bucket name&gt;: AccessDenied: Access Denied```

How are you configuring your AWS credentials?

With providers,
I think my cert config is working, because I am able to generate all other resources, expect this ACL one.
Unless there is special cred work needs to be done.

```  const webBucket = new aws.s3.BucketV2(
    webS3Name,
    {
      tags: {
        Environment: configEnvironment,
        Name: webS3Name,
      },
    },
    { provider: config.providers[configEnvironment] as aws.Provider },
  );  
const bucketOwnershipControls = new aws.s3.BucketOwnershipControls(
    `${webS3Name}-OwnershipControls`,
    {
      bucket: webBucket.id,
      rule: {
        objectOwnership: 'BucketOwnerPreferred',
      },
    },
    { provider: config.providers[configEnvironment] as aws.Provider },
  );

  new aws.s3.BucketPolicy(
    `${webS3Name}-BucketPolicy`,
    {
      bucket: webBucket.id,
      policy: allowPulicAccessPolicyDocument.apply((allowPulicAccessPolicyDocument) =&gt; {
        return allowPulicAccessPolicyDocument.json;
      }),
    },
    { provider: config.providers[configEnvironment] as aws.Provider },
  );

  new aws.s3.BucketAclV2(
    `${webS3Name}-AclV2`,
    {
      acl: 'public-read',
      bucket: webBucket.id,
    },
    {
      dependsOn: [bucketOwnershipControls, bucketPublicAccessBlock],
      provider: config.providers[configEnvironment] as aws.Provider,
    },
  );```

I see `bucketPublicAccessBlock` referenced in the `dependsOn`, but I don’t see it defined here…?

```  const bucketPublicAccessBlock = new aws.s3.BucketPublicAccessBlock(
    `${webS3Name}-accessBlock`,
    {
      blockPublicAcls: true,
      blockPublicPolicy: true,
      bucket: webBucket.id,
      ignorePublicAcls: true,
      restrictPublicBuckets: true,
    },
    { provider: config.providers[configEnvironment] as aws.Provider },
  );```

I think you need to change `blockPublicAcls: true` to `blockPublicAcls: false`

And I think that `ignorePublicAcls` should also be `false`