https://pulumi.com logo
a

acoustic-lawyer-27551

06/08/2023, 5:46 PM
hello all! I have a problem with a pulumi deploymet and hoping someone can help me understand what might be going on. So we have a deployment in AWS in testing and demo and are trying to setup the same configuration in pilot and running into a strange issue with s3 bucket (using aws.s3.Bucket) where the same config is creating different permissions than what was created in the demo and testing env. Can someone help me figure out why this might be happening? Not sure if this is the right place for questions like this so if there is somewhere better, please let me know. Thanks!
b

billowy-army-68599

06/08/2023, 5:48 PM
hey Harrison, We can definitely help. Can you provide more information about the changes you’re seeing ?
a

acoustic-lawyer-27551

06/08/2023, 5:49 PM
sure! to start the newer deployment has the s3 bucket ‘Block public access’ turned on where the old has it turned off
and there is also ‘Object Ownership’ which is set to bucket owner enforced instead of ‘Object writer’
there may be others that I haven’t discovered
b

billowy-army-68599

06/08/2023, 5:53 PM
can you share code? screenshots? anything that could help us debug?
a

acoustic-lawyer-27551

06/08/2023, 5:53 PM
here is what we have for the bucket:
Copy code
export const appAssetsBucket = new aws.s3.Bucket(`${config.commonName}-assets`, {
  acl: "private",
  tags: Object.assign({ Name: `${config.commonName}-assets` }, commonTags)
});
trying to remove and readd now
b

billowy-army-68599

06/08/2023, 5:56 PM
ah, this is an account level setting defined by AWS https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-s3-automatically-enable-block-public-access-disable-access-control-lists-buckets-april-2023/ This is being rolled out through AWS accounts and it looks like one of your accounts has it, one does not. That’s out of Pulumi’s control If you wish to have different settings, you need to define them with: https://www.pulumi.com/registry/packages/aws/api-docs/s3/bucketpublicaccessblock/ https://www.pulumi.com/registry/packages/aws/api-docs/s3/bucketownershipcontrols/
a

acoustic-lawyer-27551

06/08/2023, 5:57 PM
awesome! that’s a good place to start looking down
appreciate the point in the right direction @billowy-army-68599. Will try that out and see how it goes