Read-S3Object : Access Denied on AD module scripts

[fortran01]

I am still getting the an issue in the following line. It also occurs for Module-AD.psm1.

quickstart-microsoft-activedirectory/templates/ad-1.template.yaml

Line 637 in 550c741

$Null = Read-S3Object -BucketName $S3BucketName -Key "$($S3KeyPrefix)/scripts/Modules/Module-AD/$CustomModule" -File "C:\AWSQuickstart\Module-AD\$CustomModule" -Region $S3BucketRegion

This block from Module-AD.psm1 is also affected. The error looks like Failed to read and download GPO from S3 Access Denied.

        Write-Output 'Downloading GPO Zip File'
        Try {
            $Null = Read-S3Object -BucketName $S3BucketName -Key "$($S3KeyPrefix)scripts/GPOs.zip" -File 'C:\AWSQuickstart\GPOs.zip' -Region $S3BucketRegion
        } Catch [System.Exception] {
            Write-Output "Failed to read and download GPO from S3 $_"
            Exit 1
        }

It appears to be related or similar to the issue here #62.

PS C:\Windows\system32> Read-S3Object -BucketName "aws-quickstart" -Key "quickstart-microsoft-activedirectory/scripts/Modules/Module-AD/Module-AD.psd1" -File "C:\AWSQuickstart\Module-AD\Module-AD.psd1" -Region "us-east-1"
Read-S3Object : Access Denied

It works with my own custom bucket.

[fortran01]

My guess is the ACL for these objects is configured Read for "Authenticated users group (anyone with an AWS account)", instead of "Everyone (public access)".