Aws-cli: --acl option does not work with sync
I was trying to batch-upload the contents of a folder to a key, and was very surprised when my --acl options had no effect. I had to re-upload each file individually, using cp instead of sync. This is a surprising non-feature!
amiri
All 7 comments
Can you elaborate on your expectation? Were you expecting sync to make all of the objects copied over to have the same ACL as the value specified for --acl? Or were you expecting the acl to be preserved on sync?
Right now the CLI does not preserve ACL's on syncs. If --acl is specified, the ACL of the objects synced over should match the value that is passed using --acl. For example, the command aws s3 sync s3://mybucket s3://mybucket2 --acl public-read would make all the objects transferred during the sync have an ACL of public-read.
kyleknap
on 15 Dec 2014
I was expecting sync to set the acl for each object to the value specified for --acl. I was syncing from a local folder to an s3 bucket.
amiri
on 16 Dec 2014
Could you give me a minimal amount of steps to reproduce what you are seeing? I am unable to reproduce:
$ aws s3 sync temp s3://mybucketfoo --acl public-read
upload: temp/bar to s3://mybucketfoo/bar
upload: temp/foo to s3://mybucketfoo/foo
$ aws s3api get-object-acl --bucket mybucketfoo --key foo
{
"Owner": {
"DisplayName": "kylekaws",
"ID": "xxxxx"
},
"Grants": [
{
"Grantee": {
"DisplayName": "kylekaws",
"ID": "xxxxx"
},
"Permission": "FULL_CONTROL"
},
{
"Grantee": {
"URI": "http://acs.amazonaws.com/groups/global/AllUsers"
},
"Permission": "READ"
}
]
}
$ aws s3api get-object-acl --bucket mybucketfoo --key bar
{
"Owner": {
"DisplayName": "kylekaws",
"ID": "xxxxx"
},
"Grants": [
{
"Grantee": {
"DisplayName": "kylekaws",
"ID": "xxxx"
},
"Permission": "FULL_CONTROL"
},
{
"Grantee": {
"URI": "http://acs.amazonaws.com/groups/global/AllUsers"
},
"Permission": "READ"
}
]
}
I ran into this googling.
It appears that my problem occurred because I had already synced my files into place.
Applying the --acl flag to a subsequent run didn't apply the ACL, because the files themselves had not changed. My solution was to delete the keys on that path then sync again. (aws s3 rm s3://mybucket/myPath/ --recursive then rerun the sync.)
Hope that helps somebody.
mitchellst
on 8 Nov 2016
It would be great if the --acl flag could be used for already uploaded objects. It should be the equivalent of Make Public in the AWS console.
erikng
on 25 Jan 2017
Yeah, it would be good if there were an equivalent of a 'chmod' command...I'm getting nowhere with this s3 thing, though I am very new to it. For me, though, even 'make public' isn't working, with some get*acl permissions error dialog popping up.
davidmaxwaterman
on 14 Mar 2017
+1 to @erikng 's comment; especially when dealing with large amounts of files within a bucket.
sillmnvg
on 3 Nov 2017
Related issues
maanbsat
路
3Comments
DrStrangepork
路
3Comments
vadimkim
路
3Comments
schams-net
路
3Comments
KimberleySDU
路
3Comments
Most helpful comment
I ran into this googling.
It appears that my problem occurred because I had already synced my files into place.
Applying the
--aclflag to a subsequent run didn't apply the ACL, because the files themselves had not changed. My solution was to delete the keys on that path then sync again. (aws s3 rm s3://mybucket/myPath/ --recursivethen rerun the sync.)Hope that helps somebody.