VED-1029: Set ACL when copying extended attributes files. (#1199)

* VED-1029: Set ACL when copying extended attributes files.

* VED-1029: Allow PutObjectAcl action.

* VED-1029: Change VPCE policy to allow PutObjectAcl action.

Author: mfjarvis

infrastructure/account/endpoints.tf

@@ -98,7 +98,8 @@ resource "aws_vpc_endpoint" "s3_endpoint" {
           "s3:PutObject",
           "s3:ListBucket",
           "s3:CopyObject",
-          "s3:DeleteObject"
+          "s3:DeleteObject",
+          "s3:PutObjectAcl"
         ]
         Resource = "*"
       }

infrastructure/instance/file_name_processor.tf

@@ -166,7 +166,8 @@ resource "aws_iam_policy" "filenameprocessor_lambda_exec_policy" {
       {
         "Effect" : "Allow",
         "Action" : [
-          "s3:PutObject"
+          "s3:PutObject",
+          "s3:PutObjectAcl"
         ],
         "Resource" : ["arn:aws:s3:::${var.dspp_submission_s3_bucket_name}/*"]
       }

lambdas/shared/src/common/aws_s3_utils.py

@@ -30,6 +30,7 @@ def copy_file_to_external_bucket(
         Key=destination_key,
         ExpectedBucketOwner=expected_bucket_owner,
         ExpectedSourceBucketOwner=expected_source_bucket_owner,
+        ACL="bucket-owner-full-control",
     )