Presigned URL PUT fails with S3 bucket which enforces bucket-owner-full-control

[HaaLeo]

Confirm by changing [ ] to [x] below to ensure that it's a bug:

• [x] I've gone through Developer Guide and API reference
• [x] I've checked AWS Forums and StackOverflow for answers
• [x] I've searched for previous similar issues and didn't find any solution
• [x] This is an issue with version 2.x of the SDK

Describe the bug When uploading a file with a presigned URL to a S3 bucket which enforces bucket-owner-full-control as described here the upload fails.

Is the issue in the browser/Node.js? Node.js

If on Node.js, are you running this on AWS Lambda? yes

Details of the Node.js version v14

SDK version number 2.952.0

To Reproduce (observed behavior)

1. Create an s3Bucket called myBucket with the following bucket policy:

   {
       "Version": "2012-10-17",
       "Id": "SSEAndSSLPolicy",
       "Statement": [
   
           {
               "Sid": "BackendWriteAccess",
               "Effect": "Allow",
               "Principal": {
                   "AWS": "myAccountId"
               },
               "Action": "s3:PutObject",
               "Resource": [
                   "arn:aws:s3:::myBucket",
                   "arn:aws:s3:::myBucket/*"
               ],
               "Condition": {
                   "StringEquals": {
                       "s3:x-amz-acl": "bucket-owner-full-control"
                   }
               }
           }
       ]
   }
   

2. Create a Lambda function to retrieve a pre-signed URL in the same AWS account:

   const s3 = new S3({ region: process.env.REGION ?? 'eu-central-1' });
   const params = {
       Bucket: 'myBucket',
       Key: 'myKey.json',
       ACL: 'bucket-owner-full-control'
   };
   
   const signedUrl = await this.s3.getSignedUrlPromise(action, params);
   return signedUrl;
   

3. Try to upload some file with the retrieved Signed URL

Expected behavior The file is uploaded

Actual behavior A 403 forbidden response is returned.

[ajredniwja]

@HaaLeo thanks for reaching out, looking at the comment https://github.com/aws/aws-sdk-js/issues/1335#issuecomment-276425181, let me reach out to the S3 team and see what should be the right way to do this. V474504049

[github-actions[bot]]

Greetings! We’re closing this issue because it has been open a long time and hasn’t been updated in a while and may not be getting the attention it deserves. We encourage you to check if this is still an issue in the latest release and if you find that this is still a problem, please feel free to comment or open a new issue.

[HaaLeo]

@ajredniwja any update on this?

[AbraaoAlves]

I remove 'x-amz-acl' header from the upload request and it works. This looks like an AWS docs problem ...

[aBurmeseDev]

Hi all - checking in here. Sorry for the long wait. I wanted to confirm if the issue you previously reported is still persisting. Unfortunately, I was unable to reproduce the problem on my end using the recent version of the SDK. Could you please verify with recent version?

[github-actions[bot]]

This issue has not received a response in 1 week. If you still think there is a problem, please leave a comment to avoid the issue from automatically closing.