hello all! I have a problem with a pulumi deploymet and hoping someone can help me understand what might be going on. So we have a deployment in AWS in testing and demo and are trying to setup the same configuration in pilot and running into a strange issue with s3 bucket (using aws.s3.Bucket) where the same config is creating different permissions than what was created in the demo and testing env. Can someone help me figure out why this might be happening? Not sure if this is the right place for questions like this so if there is somewhere better, please let me know. Thanks!

hey Harrison, We can definitely help. Can you provide more information about the changes you’re seeing ?

sure! to start the newer deployment has the s3 bucket ‘Block public access’ turned on where the old has it turned off

can you share code? screenshots? anything that could help us debug?

here is what we have for the bucket:

export const appAssetsBucket = new aws.s3.Bucket(`${config.commonName}-assets`, {
  acl: "private",
  tags: Object.assign({ Name: `${config.commonName}-assets` }, commonTags)
});

ah, this is an account level setting defined by AWS https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-s3-automatically-enable-block-public-access-disable-access-control-lists-buckets-april-2023/ This is being rolled out through AWS accounts and it looks like one of your accounts has it, one does not. That’s out of Pulumi’s control If you wish to have different settings, you need to define them with: https://www.pulumi.com/registry/packages/aws/api-docs/s3/bucketpublicaccessblock/ https://www.pulumi.com/registry/packages/aws/api-docs/s3/bucketownershipcontrols/

awesome! that’s a good place to start looking down