How to fix S3 error “The bucket does not allow ACLs” in Laravel

Since April 5th, 2023, AWS announced that by default all new buckets will apply two new security best practices.

What changed

The two changes are:

  • S3 Block Public Access is now enabled by default. This means all public traffic is disabled by default.
  • S3 access control lists (ACLs) is disabled by default. This means the ACL is now on a per-bucket basis instead of a per-object.

Solution

  1. In you Laravel Project find config/filesystems.php
  2. On every S3 disk add an options key with ACL set to an empty string.
's3' => [
    'driver' => 's3',
    'key' => env('AWS_ACCESS_KEY_ID'),
    'secret' => env('AWS_SECRET_ACCESS_KEY'),
    'region' => env('AWS_DEFAULT_REGION'),
    'bucket' => 'yourdisk-1',
    'url' => env('AWS_URL'),
    'endpoint' => env('AWS_ENDPOINT'),
    'use_path_style_endpoint' => env('AWS_USE_PATH_STYLE_ENDPOINT', false),
    'throw' => false,
    'root' => env('APP_ENV'),
    'options' => [
        'ACL' => ''
    ]
],

The final result should be similar to this. Make sure you use this on all s3 disks if you have more than one.

2 thoughts on “How to fix S3 error “The bucket does not allow ACLs” in Laravel

  1. Emanuele

    THIS is the solution, all other articles around the web suggest to enable acl that is not the recommended practice anymore. Thank you

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *