Skip to content

cloudbot s3_enable_logging / create new s3 bucket: error with ACLs #161

@cdrag1

Description

@cdrag1

When the cloudbot ''s3_enable_logging'' is invoked and it does not find an s3 bucket to use as target bucket for server access logs, it tries to create a new s3 bucket with ACLs enabled.

This creates an error as AWS no longer allows the creation of an s3 bucket with ACLs enabled by default.
"(InvalidBucketAclWithObjectOwnership) when calling the CreateBucket operation: Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting"

"s3_enable_logging.py"
ACL='log-delivery-write'

AWS recommends creating the bucket with a bucket policy instead:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/enable-server-access-logging.html#grant-log-delivery-permissions-general.

code in question:
https://github.com/dome9/cloud-bots/blob/master/bots/s3_enable_logging.py

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions