As per the Request Syntax in below link, we can pass ACL parameter to create_bucket method with ACL as ‘public-read’.
but when I pass it giving the error as
botocore.exceptions.ClientError: An error occurred (InvalidBucketAclWithBlockPublicAccessError) when calling the CreateBucket operation: Bucket cannot have public ACLs set with BlockPublicAccess enabled
If the "public-read" can raise that error, why it mentioned about that option in the documentation? We can simply call "put_public_access_block" and then "put_bucket_acl" methods right?
Below is code sample of what I tried
def create_bucket(bucket_name, acl):
bucket = boto3.client('s3')
response = bucket.create_bucket(
Bucket=bucket_name,
ObjectOwnership='BucketOwnerPreferred',
ACL=acl,
CreateBucketConfiguration={
'LocationConstraint':'us-west-1',
}
)
create_bucket('sample_bucket', 'public-read')
Account level setting for block public access
>Solution :
This behavior is in accordance with the design of Amazon S3 and its security best practices.
The documentation you referred to mentions the ‘public-read’ option for the ACL parameter because it represents one of the possible ACL configurations that can be used with S3 buckets. However, it’s important to note that the ‘public-read’ ACL is incompatible with Block Public Access settings.