hi guys i’m having issues around permissions. Trying to host webpage in s3 that serves data from dynamodDB. Getting following error, tried all sort of permissions.

aws:s3:BucketObject (index.html):

error: 1 error occurred:

* Error uploading object to S3 bucket (rb-pi-website-49dc3ab): AccessControlListNotSupported: The bucket does not allow ACLs

status code: 400, request id: 0Y891Q5X2W1XS3AV, host id: t1SlA0sMdxdVEa+knxjyJfNDC7w0xarJYtm1etI0sjmFKxtRaED6S9u9VWNTaPlMZkznriY+tKA=

Program code:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as apigateway from "@pulumi/aws-apigateway";

// Create a DynamoDB table
const table = new aws.dynamodb.Table("myTable", {
    attributes: [
        { name: "ID", type: "S" },
    ],
    hashKey: "ID",
    readCapacity: 5,
    writeCapacity: 5,
});

// Create an AWS Lambda function
const lambdaFunction = new aws.lambda.CallbackFunction("myLambdaFunction", {
    callback: async (event: AWSLambda.APIGatewayEvent) => {
        const AWS = require("aws-sdk");
        const docClient = new AWS.DynamoDB.DocumentClient();
        
        const params = {
            TableName: table.name.get(),
            Item: JSON.parse(event.body || "{}"),
        };
        
        await docClient.put(params).promise();
        
        return {
            statusCode: 200,
            body: JSON.stringify(params.Item),
        };
    }
});

// // Expose the lambda function with API Gateway
// const api = new awsx.apigateway.API("myAPI", {
//     routes: [{ path: "/submit", method: "POST", eventHandler: lambdaFunction }],
// });

// Expose the lambda function with API Gateway
const api = new apigateway.RestAPI("api", {
    routes: [{ path: "/submit", method: "POST", eventHandler: lambdaFunction }],
});

// Create an S3 bucket to host a static website
const currentUser = aws.s3.getCanonicalUserId({});

const bucketName = "rb-pi-website"; 

const websiteBucket = new aws.s3.Bucket(bucketName, {
    acl: "private",
    website: {
        indexDocument: "index.html",
    }
});

// Upload the static website to the S3 bucket
new aws.s3.BucketObject("index.html", {
    bucket: websiteBucket,
    acl: "public-read",
    content: `
    <html>
    <head>
        <script src="<https://sdk.amazonaws.com/js/aws-sdk-2.814.0.min.js>"></script>
        <script>
        document.addEventListener("DOMContentLoaded", function() {
            const dynamodb = new AWS.DynamoDB({ region: "${aws.config.region}" });
        
            dynamodb.scan({ TableName: "${table.id}" }, function(err, data) {
                if (err) {
                    console.error(err);
                } else {
                    // Render the DynamoDB record data into HTML
                    data.Items.forEach(item => {
                        // TODO: Replace with your logic for displaying DynamoDB records
                        console.log(AWS.DynamoDB.Converter.unmarshall(item));
                    });
                }
            });
        });
        </script>
    </head>
    <body>
    </body>
    </html>
    `,
    contentType: "text/html",
});

// Export bucket URL and API URL
export const websiteUrl = pulumi.interpolate `http://${websiteBucket.websiteEndpoint}`;
export const websiteURL = websiteBucket.websiteEndpoint;
export const apiURL = api.url;

By default, S3 buckets are now created with ACLs disabled. If I’m not mistaken, you’ll need to use

s3.BucketOwnershipControls

to restore ACL support. See https://www.pulumi.com/registry/packages/aws/api-docs/s3/bucketownershipcontrols/ for details.