Amorphic fresh installation impacted with AWS S3 logs bucket fails to install with Error: Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting.
AWS has changed the default behavior of newly created S3 buckets which is not compatible with Amorphic logs bucket.
Affected Versions: 2.1 2.0 1.14 1.13
Fix Version: 2.2 2.1* 2.0* 1.14* 1.13*
Customers installing 2.0, 1.14, 1.13 after April 24, 2023 does not require explicit patching as the fix will be part of the release artifacts.
Customers installing 2.1 after May 4, 2023 does not require explicit patching as the fix will be part of the release artifacts.
Root cause(s)
AWS has recently made a default change in their S3 bucket provisioning process, where all newly created S3 buckets are by default:
- S3 Block Public Access
- ACLs Disabled Amorphic Log bucket required to be having ACL enabled in order to enable LogDelivery. Hence it's failing with an error.
More Details: https://aws.amazon.com/blogs/aws/heads-up-amazon-s3-security-changes-are-coming-in-april-of-2023/
Impact
No impact on existing customers/users. Amorphic fresh installation for new customers will fail.
Timeline
- 2023-04-20: Bug reported/identified (CLOUD-3253)
- 2023-04-20: Bug triaged
- 2023-04-21: Fix pushed to QA environment and has been tested.
- 2023-04-24: Patch being pushed to release artifacts for version 2.0, 1.14 and 1.13
- 2023-05-04: Patch being pushed to release artifacts for version 2.1