From 9c35a986089ae5bc5818da72ea55cd4bf6b3453f Mon Sep 17 00:00:00 2001
From: Pierre Tachoire <pierre@lightpanda.io>
Date: Mon, 11 Dec 2023 09:29:52 +0100
Subject: [PATCH] s3: set ACL permission

---
 s3/io.go | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/s3/io.go b/s3/io.go
index 0e9eab1..2bab92d 100644
--- a/s3/io.go
+++ b/s3/io.go
@@ -59,6 +59,7 @@ type S3IO struct {
 	uploader *s3manager.Uploader
 	bucket   string
 	item     string
+	acl      string
 }
 
 func NewS3IO(bucket, item string) (*S3IO, error) {
@@ -70,9 +71,14 @@ func NewS3IO(bucket, item string) (*S3IO, error) {
 	svc := s3.New(session)
 
 	return &S3IO{
-		bucket:   bucket,
-		item:     item,
-		svc:      svc,
+		bucket: bucket,
+		item:   item,
+		svc:    svc,
+
+		// set ACL to public-read.
+		// https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl
+		acl: "public-read",
+
 		uploader: s3manager.NewUploaderWithClient(svc),
 	}, nil
 }
@@ -100,6 +106,7 @@ func (s3io *S3IO) Pull(ctx context.Context) (io.ReadCloser, error) {
 
 func (s3io *S3IO) Push(ctx context.Context, r io.Reader) error {
 	_, err := s3io.uploader.UploadWithContext(ctx, &s3manager.UploadInput{
+		ACL:    aws.String(s3io.acl),
 		Body:   r,
 		Bucket: aws.String(s3io.bucket),
 		Key:    aws.String(s3io.item),