S3

S3 allows you to associate ACLs (access control lists) at the bucket and object level to control access to objects. AWS provides a set of predefined ACLs called canned ACLs, for example private, public-read, public-read-write, etc.

However, use of S3 ACLs is not recommended, instead, use of policies to control S3 read/write access is recommended by AWS (though note policies only operate at the bucket level). Disabling ACLs can be done by applying the bucket owner enforced setting for object ownership and configuring the bucket's block public access configuration, for example:

AWSTemplateFormatVersion: 2010-09-09
Resources:
  S3Bucket:
    Type: 'AWS::S3::Bucket'
    Properties:
      OwnershipControls:
        Rules:
          - ObjectOwnership: BucketOwnerEnforced
      PublicAccessBlockConfiguration:
        BlockPublicAcls: true
        BlockPublicPolicy: true
        IgnorePublicAcls: true
        RestrictPublicBuckets: true

Though note as of April 2023, all new buckets will have S3 Block Public Access enabled and ACLs disabled.

• https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html