Disabling ACLs for AWS S3 Buckets in asperatrapd

Introduction 

IBM Aspera High-Speed Transfer Server (HSTS) includes the ability to read and write objects directly to AWS S3 object storage buckets. For customers running HSTS on EC2 instances in the environment, the asperatrapd service is typically enabled to support object storage. 

Some customers may wish to disable Access Control Lists (ACLs) on their S3 buckets as part of their internal security practices or upon suggestion from Amazon. In some cases, writing objects to S3 via HSTS and asperatrapd may fail. 

Customers may see a message in

/opt/aspera/var/log/trapd/aspera-trapd.log 

such as: 

This bucket does not allow ACLs 

If transferring via ascp on the command line, customers may see an error such as: 

Session Stop  (Error: Server aborted session: Error 5 (The bucket does not allow ACLs (upload-put(2)) [Bad Request] (IO error)) creating destination path "examplefile.dat") 

Procedure 

To avoid these errors, a change can be made to the asperatrapd configuration. 

• Make a backup of the file

/opt/aspera/etc/trapd/s3.properties 

• Open that file in a text editor and look for a line that reads:

#aspera.s3session.x-amz-acl.enabled=true 

• Uncomment this line, then set to false:

aspera.s3session.x-amz-acl.enabled=false 

• Restart asperatrapd

systemctl restart asperatrapd 

This should resolve the error.  

If you have additional questions, PacGenesis Engineering is here to help! Please contact us for more information.