How do you convert ACLs of any key on S3?

| By Webner

Introduction to ACLs of Key on S3

Many times when you need to change the access control list (ACL) of a key on the S3 to make it public to private or private to public. This is easy as we provide this control at the time when we are putting an object on S3. But if we already have a private folder on S3 and we need to convert it manually and each folder is above 10 GB or 20 GB or 50 GB then this is a time-consuming task that might take weeks or months.

Python3 script to reduce manual efforts

Below I have written this python3 script which will reduce your manual efforts and also save you a lot of time. This script is required to have a boto3 ( and logging library.

  • Use these two commands on your machine before running the script:
    pip install boto3
    pip install logging
  • Then you need to make log file and get its path e.g. script.log at /var/www/html/scriptFolder
  • Save below script in with .py extension e.g

    import boto3
    import logging
    from datetime import datetime, timedelta;
    ACCESS_KEY_ID = 'aws_access_key'
    ACCESS_SECRET_KEY = 'aws_secret_key'
    BUCKET_NAME = 'bucket-name'
    client = boto3.client(
    success = [] noUser = [] pvtObjects = [925,926,929,2080,1321,1078,1067] # array of folders names => if number then directly pass as above variable and if string then in this format ['test','test123'] for pvtObject in pvtObjects:
    response = client.list_objects(Bucket=BUCKET_NAME, Prefix =str(pvtObject)+'/')
    if('Contents' in response):
    for pvtObjectInner in response['Contents']:
    Key=pvtObjectInner['Key'] )
    noUser.append(pvtObject)"%d-%b-%Y %I:%M:%S %P :")+'File '+str(pvtObject)+'/'+' done')
    successStr = str(success).strip('[]') if len(success) > 0 else '0'
    errStr = str(noUser).strip('[]') if len(noUser) > 0 else '0'"%d-%b-%Y %I:%M:%S %P :")+'End of coversion completed: success '+successStr+' error '+errStr)

  • You can run this script using python3 if you want to run it in the background then use python3 & disown. This starts converting your file ACL to public

Leave a Reply

Your email address will not be published. Required fields are marked *