https://pulumi.com logo
#aws
Title
# aws
c

chilly-tailor-78691

07/19/2023, 5:12 PM
const pulumiProgram = async (content) => { const siteBucket = new aws.s3.Bucket("s3-website-bucket", { acl:"public-read", website: { indexDocument: "index.html", }, }); const bucketOwnershipControls = new aws.s3.BucketOwnershipControls("bucketControls", { bucket: siteBucket.id, rule: { objectOwnership: "BucketOwnerPreferred" } }); new aws.s3.BucketObject("index", { bucket: siteBucket.id, content: content, key: "index.html", contentType: "text/html; charset=utf-8", }); new aws.s3.BucketPolicy("bucketPolicy", { bucket: siteBucket.id, policy: siteBucket.id.apply(id => JSON.stringify({ Version: "2012-10-17", Statement: [{ Effect: "Allow", Principal: "*", Action: ["s3:GetObject"], Resource: [
arn:aws:s3:::${id}/*
], }], })), }); I have this code for creating an s3 bucket but it keeps telling me that I don't have access to add a permission to the bucket. I tried adding an ACL "pubic-read" but it still gives me this error: * Error creating S3 bucket: InvalidBucketAclWithObjectOwnership: Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting
p

polite-napkin-90098

07/19/2023, 5:51 PM
Have you checked the account level Bucket Object Ownership settings. I note you set objectOwnership in the pulumi but it can also be set at account level
ah, wait maybe it's an ordering issue.
You try and create a bucket with an acl and then apply the Ownership controls allowing acl
you either need to create the bucket with both the ownership controls and the acl or add the acl after the ownership controls, I think.