Copy/Sync Failing with default (no) ACL AWS Bucket

robinpc · August 25, 2022, 9:33pm

What is the problem you are having with rclone?

A basic copy or sync operation is failing on newly created S3 AWS buckets with default options. Current default options (and recommended best practice) are to have NO ACL on the bucket and we'd like to maintain that.

Run the command 'rclone version' and share the full output of the command.

rclone v1.59.1

os/version: centos 7.9.2009 (64 bit)
os/kernel: 3.10.0-1160.71.1.el7.x86_64 (x86_64)
os/type: linux
os/arch: amd64
go/version: go1.18.5
go/linking: static
go/tags: none

Which cloud storage system are you using? (eg Google Drive)

AWS s3

The command you were trying to run (eg `rclone copy /tmp remote:tmp`)

$ rclone copy bigmovie s3-standard:SOMEBUCKET/bigmovie -vv

The rclone config contents with secrets removed.

[s3-standard]
type = s3
provider = AWS
env_auth = true
region = us-east-1
endpoint = https://bucket.vpce-REDACTED.s3.us-east-1.vpce.amazonaws.com
#server_side_encryption = AES256
storage_class = STANDARD
#bucket_acl = private
#acl = private

Note that I've tested all permutations of the commented out lines with similar result

A log from the command with the `-vv` flag

2022/08/25 17:25:55 DEBUG : Using config file from "PERSONALSTUFF/rclone.conf"
2022/08/25 17:25:55 DEBUG : rclone: Version "v1.55.1" starting with parameters ["/usr/local/rclone/1.55/bin/rclone" "copy" "bigmovie" "s3-standard:SOMEBUCKET" "-vv"]
2022/08/25 17:25:55 DEBUG : Creating backend with remote "bigmovie"
2022/08/25 17:25:55 DEBUG : fs cache: adding new entry for parent of "bigmovie", "MYDIRECTORY/testbed"
2022/08/25 17:25:55 DEBUG : Creating backend with remote "s3-standard:SOMEBUCKET/bigmovie"
2022/08/25 17:25:55 DEBUG : bigmovie: Need to transfer - File not found at Destination
2022/08/25 17:25:55 ERROR : bigmovie: Failed to copy: s3 upload: 400 Bad Request: <?xml version="1.0" encoding="UTF-8"?>
AccessControlListNotSupportedThe bucket does not allow ACLs8DW1MQSHEN6A0CFAd3Rlnx/XezTB7OC79qr4QQuwjgR+h2VYj4LCZWLGTny9YAy985be5HsFgHcqX4azSDhDXefLE+U=
2022/08/25 17:25:55 ERROR : Attempt 1/3 failed with 1 errors and: s3 upload: 400 Bad Request: <?xml version="1.0" encoding="UTF-8"?>

Additional Info

If I create a similar bucket NONDEFAULT with ACL set to:

Bucket owner (your AWS account)

Canonical ID: 
SomeLongString

List, Write

Read, Write

then the rsync copy works. However we wish to respect the AWS no ACL default

robinpc · August 30, 2022, 2:33pm

Apparently the problem (per AWS) is that rclone is asserting an ACL in the call, which AWS of course rejects. But ... I can't find a switch to suppress sending ACL in rclone. Is there one?

The discussion at Change S3 default ACL back to no ACL by philip-harvey · Pull Request #5731 · rclone/rclone · GitHub suggests there was one in the works... and there's a patch to allow an "unset" value, but it does not look like the patch made it into a version or beta.

So ... how to suppress ACL in AWS S3?

system · September 29, 2022, 2:33pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.