When we execute the S3 File Writer snap from a pipeline running on a groundplex that’s running on AWS (Account A) and the S3 File Writer snap is writing to an S3 bucket that’s in Account B (and we’re using an IAM role) the file that’s written to the bucket in Account B is owned by Account A. So, the bucket is owned by Account B and the file is owned by Account A. If we want the file to be accessible to Account B we must configure the S3 File Writer snap with an ACL setting where the grantee is the Canonical AWS ID of Account B. Even though the grantee setting can be an expression, it’s tedious to obtain the Canonical ID of the account and build the expression to populate the grantee (so that the pipeline can migrate from one Org/AWS account to another without modification).
I’d like to request the S3 File Writer snap support the usr of the ACL-Specific Request Header (-x-amz-acl) so that the bucket-owner-full-control canned ACL can be used. This would eliminate the need to specify the Canonical ID of the AWS account.