blog post: Building a CI/CD pipeline for Hugo websites ..is failing because Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting
Closed this issue · 5 comments
The excellent blog post here:
..did not work for me this morning. When building the cloudformation stack today, the WebHostingBucket step fails with this Status Reason:
Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting (Service: Amazon S3; Status Code: 400; Error Code: InvalidBucketAclWithObjectOwnership; Request ID: QHZW5HM2KENR0Z6P; S3 Extended Request ID: Nk4f41M6G5zY2jLqOswB0UckFLIH2K39oo2YxURqblAClcrjjglbXvg7FQXKODATHklckqDAABcopNuQIWPFqQ==; Proxy: null)
I think it is failing now because of the April 2023 change which AWS described in this snippet I paste here:
We are reaching out to inform you that starting in April 2023 Amazon S3 will change the default security configuration for all new S3 buckets. For new buckets created after this date, S3 Block Public Access will be enabled, and S3 access control lists (ACLs) will be disabled.
I was fumbling around inside of the repo where a fix might happen:
https://github.com/aws-quickstart/quickstart-examples/tree/main/samples/hugo-pipeline
..but AWS perms are not my favorite kind of work ;-) But it would be nice if this super easy and clear blog worked again.
@botanyhelp That blog post's link works for me. Do you still have an issue?
I will try again and respond ASAP, hopefully by tomorrow, thanks! I did make a copy of the repo (not a fork) and tried to edit/fix/avoid the ACL things in the yaml templates. I will feel dumb when I can get it working like you report. In any case, thanks for responding and expect me to update this issue soon.
Just to be clear about my issue. The link to the blog post still works. Its the contents of the blog post that did not work for me, 2 week ago when I tried. I got the error described above, InvalidBucketAclWithObjectOwnership, when trying to execute the instructions in the blog post. @MarciaRieferJohnston response mentions the link working. The link works fine..its the blog post instructions that failed for me. Like I say, I will try again soon and report again here.
@botanyhelp I understand now. I'm checking with the author of that blog post. Stay tuned.
@botanyhelp The change in default bucket policy seems to be the issue you have encountered.
We will look into adding appropriate messaging to blog post to avoid such issues for future readers.