Updating AWS S3 Object ACL
Do you have multiple AWS Accounts and did you accidentally upload objects to a bucket of Account A while using Account B's credential? By default without "--acl" flag, the object are still owned by Account B and as Account A, you won't be able to modify them. You could re-upload these files using correct Account credential. Or you can use the below script to modify all object's ACLs in that bucket.$bucket = "my-bucket" $bucketname = "s3://" + $bucket
##These must be 64 digit CANONICAL ID###
$accountA = "XXXXXXXXXXXXXX" $accountB = "YYYYYYYYYYYYYY" $output = aws s3 ls $bucketname --recursive foreach($item in $output){ $arrayParts = $item.split(" ") #Get the last part of the object, which is the file name $object = $arrayParts[$arrayParts.count - 1] #If the file name then it does not end in "/", otherwise it is a prefix if($object[$object.length - 1] -ne "/"){ $output2 = $bucketname + "/" + $object ##OPTION A### ##Give full control to bucket owner aws s3api put-object-acl --bucket $bucket --key $object --acl bucket-owner-full-control ##OPTION B### ##Give full control to both accounts #aws s3api put-object-acl --bucket $bucket --key $object --grant-full-control "id=$accountA,id=$accountB" } }
No comments:
Post a Comment