Customer cannot read files exported to their S3 bucket

#1

We have a job that exports data to a customer bucket, but the permissions on the file belong to the user that C3 created the file with, not the bucket owner (which is the customer’s AWS account).

  1. Is there a command that shows us which role / user owns a particular file?
  2. Is there an export option that can do an automatic chmod on the file when exporting?
0 Likes

#2

I had a similar problem, AwsS3Client exception: Forbidden when reading S3 file

what we have end up doing is to:

  1. export data to a C3 owned bucket,
  2. download the files to local machine, then
  3. upload them to customer owned bucket with aws s3 cp and the flag bucket-owner-full-control.

Check this article for granting permissions https://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs-managing-access-example3.html

On 7.8, you can use S3File.grants() to check for the file-level permissions and S3File.upsertGrant() to change the file-level permission.

2 Likes