ACL requirement for AWS S3 Exporter was a breaking change listed as Enhancement #39346

Erog38 · 2025-04-11T18:04:03Z

Component(s)

exporter/awss3

What happened?

Description

Starting in v0.121.0 Users are required to provide a valid ACL for bucket access. Many existing buckets don't support ACLs as a default. This means that we see errors as listed in the logs provided.

This will require a bucket configuration change and a collector change and as such needs to be mentioned as a breaking change.

Steps to Reproduce

Have or create S3 bucket without ACL support
Use provided configuration in any vanilla collector
Then use a tool such as telemetrygen to send:

telemetrygen logs \
    --duration 10m \
    --otlp-endpoint localhost:4317 \
    --otlp-insecure \
    --rate 100

Expected Result

Logs to show up in AWS S3

Actual Result

Error logs as attached.

Collector version

v0.123.0

Environment information

OpenTelemetry Collector configuration

receivers:
    otlp:
        protocols:
            grpc:
                endpoint: 0.0.0.0:4317
processors:
    batch:
        timeout: 10s
      memory_limiter:
        limit_percentage: 80
exporters:
      awss3
        s3uploader:
          region: us-east-1
          compression: gzip
          s3_bucket: $BUCKET
          s3_prefix: "some-prefix"
          role_arn: valid-arn
service:
    telemetry:
        pipelines:
            logs:
                receivers: [otlp]
                processors: [memory_limiter, batch]
                exporters: [awss3]

Log output

Exporting failed. Rejecting data. Try enabling sending_queue to survive temporary failures.
operation error S3: PutObject, https response error StatusCode: 400, RequestID: XXX, HostID: XXX, api error AccessControlListNotSupported: The bucket does not allow ACLs
Sender failed
operation error S3: PutObject, https response error StatusCode: 400, RequestID: XXX, HostID: XXX, api error AccessControlListNotSupported: The bucket does not allow ACLs

Additional context

No response

The text was updated successfully, but these errors were encountered:

github-actions · 2025-04-11T18:04:18Z

Pinging code owners:

exporter/awss3: @atoulme @pdelewski

See Adding Labels via Comments if you do not have permissions to add labels yourself.

arianvp · 2025-04-11T18:50:13Z

Many existing buckets don't support ACLs as a default

AWS explicitly recommends to disable ACLs on buckets https://docs.aws.amazon.com/AmazonS3/latest/userguide/ensure-object-ownership.html

If ACLs are mandatory to enable that sounds like a bug in the collector.

basiljames · 2025-04-11T19:56:03Z

The error AccessControlListNotSupported matches the AWS SDK API doc for attempting to set ACL for buckets that have ACL's disabled. Seems the acl attribute should be optional and not defaulted to private.

#### Description Fixes a problem where ACLs have become required on configuration of the AWS S3 exporter. AWS explicitly recommends to disable ACLs on buckets https://docs.aws.amazon.com/AmazonS3/latest/userguide/ensure-object-ownership.html  #### Link to tracking issue Fixes open-telemetry#39346  #### Testing Added test to ensure configuration of the exporter worked as expected when ACL values were set. Updated existing config tests to ensure no ACL is set by default.  #### Documentation Updated README.md to show ACLs are optional and off by default. Additionally added myself as a codeowner as I'm willing to take on partial ownership here.

Erog38 added bug Something isn't working needs triage New item requiring triage labels Apr 11, 2025

github-actions bot added the exporter/awss3 label Apr 11, 2025

This was referenced Apr 11, 2025

fix: make ACLs optional for AWS S3 buckets #39354

Merged

[AWS S3 Exporter] support canned_acl #37935

Closed

atoulme closed this as completed in #39354 Apr 14, 2025

atoulme closed this as completed in ede3189 Apr 14, 2025

github-actions bot mentioned this issue Apr 15, 2025

Weekly Report: 2025-04-08 - 2025-04-15 #39396

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

ACL requirement for AWS S3 Exporter was a breaking change listed as Enhancement #39346

ACL requirement for AWS S3 Exporter was a breaking change listed as Enhancement #39346

Erog38 commented Apr 11, 2025 •

edited

Loading

github-actions bot commented Apr 11, 2025

Uh oh!

arianvp commented Apr 11, 2025

Uh oh!

basiljames commented Apr 11, 2025 •

edited

Loading

Uh oh!

ACL requirement for AWS S3 Exporter was a breaking change listed as Enhancement #39346

ACL requirement for AWS S3 Exporter was a breaking change listed as Enhancement #39346

Comments

Erog38 commented Apr 11, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Component(s)

What happened?

Description

Steps to Reproduce

Expected Result

Actual Result

Collector version

Environment information

OpenTelemetry Collector configuration

Log output

Additional context

github-actions bot commented Apr 11, 2025

Uh oh!

arianvp commented Apr 11, 2025

Uh oh!

basiljames commented Apr 11, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Erog38 commented Apr 11, 2025 •

edited

Loading

basiljames commented Apr 11, 2025 •

edited

Loading