My service uses AWS S3 go sdk to upload an object into aws account say ACT1, I want to grant read permission to a different subaccount ACT2 so that it can read the object upon successful upload. This is how the code looks like
var canonicalIDOfSubAccount = "abcd09kialjf1124"
// Upload attempts to upload a file at a particular key.
func (s *client) Upload(ctx context.Context, bucket, key string, body io.Reader) (err error) {
defer func() {
if r := recover(); r != nil {
logging.Error("s3", "panic recovered. err: %v", r)
}
}()
params := &s3manager.UploadInput{
Bucket: aws.String(bucket),
Key: aws.String(key),
Body: body,
GrantRead: aws.String(canonicalIDOfSubAccount),
}
// Perform an upload.
_, err = s.uploader.UploadWithContext(ctx, params)
if err != nil {
fmt.Println("Error is ", err.Error(), err)
}
return
}
On execution, aws is throwing the error
InvalidArgument: Argument format not recognized status 400
Without the GrantRead, the upload works well, but the object is not readable by the ACT2.
On checking with AWS support, they said that providing the canonical id is the right value for the header GrantRead.