@@ -102,7 +102,9 @@ Using credentials with the awscli
102102---------------------------------
103103This example illustrates obtaining STS credentials and using them with the awscli command line tool.
104104The first command outputs the credentials as shell commands to execute which will then be picked up
105- by subsequent aws cli commands.
105+ by subsequent aws cli commands. Note that the bucket-owner-full-control ACL is required when putting
106+ an object via STS credentials. This ensures that the object ownership will be transferred to the
107+ owner of the AWS bucket.
106108
107109 .. code-block ::
108110
@@ -116,12 +118,14 @@ by subsequent aws cli commands.
116118 # if the above are executed in the shell, the awscli will automatically apply them
117119
118120 # e.g. copy a file directly to the bucket using the exported credentials
119- $ aws s3 cp /path/to/local/file $SYNAPSE_STS_S3_LOCATION
121+ $ aws s3 cp /path/to/local/file $SYNAPSE_STS_S3_LOCATION --acl bucket-owner-full-control
120122
121123
122124--------------------------------------
123125This example illustrates retrieving STS credentials and using them with boto3 within python code,
124- in this case to upload a file.
126+ in this case to upload a file. Note that the bucket-owner-full-control ACL is required when putting
127+ an object via STS credentials. This ensures that the object ownership will be transferred to the
128+ owner of the AWS bucket.
125129
126130 .. code-block ::
127131
@@ -133,6 +137,7 @@ in this case to upload a file.
133137 Filename='/path/to/local/file,
134138 Bucket='my-external-synapse-bucket',
135139 Key='path/within/bucket/file',
140+ ExtraArgs={'ACL': 'bucket-owner-full-control'},
136141 )
137142
138143
0 commit comments