Unrecognized property 'ownershipControls'

dta · March 21, 2023, 5:33pm

Hi,

I am trying to modify one of the buckets that is attached to the lambda function that my serverless.yml deploys. I am trying to configure the object ownership to be “BucketOwnerPreferred”. Referencing AWS documentation ( AWS::S3::Bucket OwnershipControls - AWS CloudFormation (amazon.com)) I would use the variable “ownershipControls” (lowercase o because I am modifying the property inline and not in the ‘resources’ section).

However, this variable is not recognized. Am I calling it wrong here? Code block is as follows:

provider:
  stage: dev
  name: aws
  profile: ${self:custom.useProfile}
  runtime: nodejs14.x
  s3:
    publicBucket:
      name: ${self:custom.publicBucket}
      publicAccessBlockConfiguration:
        BlockPublicAcls: false
        BlockPublicPolicy: false
        RestrictPublicBuckets: false
      ownershipControls:
          Rules:
            - ObjectOwnership: BucketOwnerEnforced

Any help is greatly appreciated!!

Thank you,
Donny

jim-barber-he · September 27, 2023, 12:01am

Did you manage to solve this?

I’m currently using the latest Serverless version and it dies like so:

Environment: linux, node 16.20.2, framework 3.35.2, plugin 7.0.4, SDK 4.4.0
Credentials: Local, environment variables
Docs:        docs.serverless.com
Support:     forum.serverless.com
Bugs:        github.com/serverless/serverless/issues

Error:
Configuration error at 'provider.s3.staging': unrecognized property 'ownershipControls'

Learn more about configuration validation here: http://slss.io/configuration-validation
ERROR: 1

The relevant part in the provider: section is:

  s3:
    staging:
      name: ${self:custom.stagingBucket}
      publicAccessBlockConfiguration:
        BlockPublicAcls: true
        IgnorePublicAcls: true
        BlockPublicPolicy: true
        RestrictPublicBuckets: true
      bucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: "AES256"
      ownershipControls:
        Rules:
          - ObjectOwnership: BucketOwnerPreferred

The documentation at https://www.serverless.com/framework/docs/providers/aws/guide/serverless.yml#s3-buckets shows an example like so:

	
provider:
  # If you need to configure the bucket itself, you'll need to add s3 resources to the provider configuration
  s3:
    # Eventual additional properties in camel case
    bucketOne:
      # Supported properties are the same ones as supported by CF resource for S3 bucket
      # See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html
      name: my-custom-bucket-name
      versioningConfiguration:
        Status: Enabled

And the documentation at the link in the example comment takes you to AWS::S3::Bucket OwnershipControls - AWS CloudFormation has the example of:

AWSTemplateFormatVersion: 2010-09-09
Resources:
  S3Bucket:
    Type: 'AWS::S3::Bucket'
    Properties:
      OwnershipControls:
        Rules:
          - ObjectOwnership: BucketOwnerPreferred

So it seems like this should work, but it doesn’t.

If I remove the ownershipControls: section then everything deploys but the Object Ownership on the created bucket is Object writer instead of Bucket owner preferred

Does anyone else know why or how to achieve it?