Amorphic installation impacted with s3 bucket fails to install
Amorphic fresh installation impacted with AWS S3 logs bucket fails to install with Error: Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting.
AWS has changed the default behavior of newly created S3 buckets which is not compatible with Amorphic logs bucket.
Affected Versions: 2.1 2.0 1.14 1.13
Fix Version: 2.2 2.1* 2.0* 1.14* 1.13*
Customers installing 2.0, 1.14, 1.13 after April 24, 2023 does not require explicit patching as the fix will be part of the release artifacts.
Customers installing 2.1 after May 4, 2023 does not require explicit patching as the fix will be part of the release artifacts.
Root cause(s)
AWS has recently made a default change in their S3 bucket provisioning process, where all newly created S3 buckets are by default:
- S3 Block Public Access
- ACLs Disabled Amorphic Log bucket required to be having ACL enabled in order to enable LogDelivery. Hence it's failing with an error.
More Details: https://aws.amazon.com/blogs/aws/heads-up-amazon-s3-security-changes-are-coming-in-april-of-2023/
Impact
No impact on existing customers/users. Amorphic fresh installation for new customers will fail.
Timeline
gantt
title Timeline
dateFormat YYYY-MM-DD
tickInterval 1day
axisFormat %b-%d
todayMarker off
section Tracker
%% update the ticket number and date of bug report
CLOUD-3246 : done, 2023-04-18, 0d
section Identification
Reported : crit, des1, 2023-04-18, 1d
section Mitigation
%% Update number of days took for each step below
Bug fixed: milestone, 2023-04-19, 1d
section Delivery
%% update the date of each step below
testing complete: milestone, 2023-04-19, 1d
patch avaialble: milestone, 2023-04-19, 0d
- 2023-04-20: Bug reported/identified (CLOUD-3253)
- 2023-04-20: Bug triaged
- 2023-04-21: Fix pushed to QA environment and has been tested.
- 2023-04-24: Patch being pushed to release artifacts for version 2.0, 1.14 and 1.13
- 2023-05-04: Patch being pushed to release artifacts for version 2.1