Why wouldn't an S3 ACL "stick"?
We would like to set an ACL to allow access to one of our buckets with a partner account. We've tested the process on a test account and everything works fine. On our production account/buckets, however, we can set the ACL and see the update but as soon as we attempt to access the bucket from the 开发者_如何转开发other account we get a forbidden response. Afterwards, when we look at the ACL list for the bucket, the permission is gone.
We've tried using both Amazon's new S3 tool in the AWS Management Console and CloudBerry Explorer and both tools exhibit exactly the same behavior. Using the same process to update an ACL from our test account works as expected ( the ACL update "sticks" ).
What would cause the ACL to not "stick"? Does anyone have any ideas on how to fix/workaround the problem?
It's been quite a while since I asked this question, and I've since worked around the issue.
As I remember it, it appeared to be that the format for some policies had changed, but the validator still accepted the old format. However, the old-format policy wouldn't be accepted, so the policy wouldn't "stick" properly.
精彩评论