ansible-collections · ansible-zuul · May 7, 2021 · Apr 6, 2021 · Apr 7, 2021 · Apr 7, 2021
diff --git a/changelogs/fragments/318-s3-upload-acl.yml b/changelogs/fragments/318-s3-upload-acl.yml
@@ -0,0 +1,2 @@
+bugfixes:
+- aws_s3 - Fix upload permission when an S3 bucket ACL policy requires a particular canned ACL
diff --git a/plugins/modules/aws_s3.py b/plugins/modules/aws_s3.py
@@ -78,7 +78,8 @@
       - This option lets the user set the canned permissions on the object/bucket that are created.
         The permissions that can be set are C(private), C(public-read), C(public-read-write), C(authenticated-read) for a bucket or
         C(private), C(public-read), C(public-read-write), C(aws-exec-read), C(authenticated-read), C(bucket-owner-read),
-        C(bucket-owner-full-control) for an object. Multiple permissions can be specified as a list.
+        C(bucket-owner-full-control) for an object. Multiple permissions can be specified as a list; although only the first one
+        will be used during the initial upload of the file
     default: ['private']
     type: list
     elements: str
@@ -531,6 +532,13 @@ def upload_s3file(module, s3, bucket, obj, expiry, metadata, encrypt, headers, s
                 else:
                     extra['Metadata'][option] = metadata[option]
 
+        if module.params.get('permission'):
+            permissions = module.params['permission']
+            if isinstance(permissions, str):
+                extra['ACL'] = permissions
+            elif isinstance(permissions, list):
+                extra['ACL'] = permissions[0]
+
         if 'ContentType' not in extra:
             content_type = None
             if src is not None:
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		bugfixes:
		- aws_s3 - Fix upload permission when an S3 bucket ACL policy requires a particular canned ACL
tremble marked this conversation as resolved. Show resolved Hide resolved