diff --git a/packages/@aws-cdk/aws-codepipeline-actions/lib/bitbucket/source-action.ts b/packages/@aws-cdk/aws-codepipeline-actions/lib/bitbucket/source-action.ts
index 085ff15e9f162..bdaca541dbf05 100644
--- a/packages/@aws-cdk/aws-codepipeline-actions/lib/bitbucket/source-action.ts
+++ b/packages/@aws-cdk/aws-codepipeline-actions/lib/bitbucket/source-action.ts
@@ -117,6 +117,7 @@ export class BitBucketSourceAction extends Action {
 
     // the action needs to write the output to the pipeline bucket
     options.bucket.grantReadWrite(options.role);
+    options.bucket.grantPutAcl(options.role);
 
     // if codeBuildCloneOutput is true,
     // save the connectionArn in the Artifact instance
diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/bitbucket/bitbucket-source-action.test.ts b/packages/@aws-cdk/aws-codepipeline-actions/test/bitbucket/bitbucket-source-action.test.ts
index eccbb53970d33..ef5a06305bd56 100644
--- a/packages/@aws-cdk/aws-codepipeline-actions/test/bitbucket/bitbucket-source-action.test.ts
+++ b/packages/@aws-cdk/aws-codepipeline-actions/test/bitbucket/bitbucket-source-action.test.ts
@@ -1,4 +1,4 @@
-import { expect, haveResourceLike } from '@aws-cdk/assert';
+import { arrayWith, expect, haveResourceLike, objectLike } from '@aws-cdk/assert';
 import * as codebuild from '@aws-cdk/aws-codebuild';
 import * as codepipeline from '@aws-cdk/aws-codepipeline';
 import { Stack } from '@aws-cdk/core';
@@ -82,7 +82,37 @@ nodeunitShim({
 
     test.done();
   },
-
+  'grant s3 putObjectACL to the following CodeBuild Project'(test: Test) {
+    const stack = new Stack();
+    createBitBucketAndCodeBuildPipeline(stack, {
+      codeBuildCloneOutput: true,
+    });
+    expect(stack).to(haveResourceLike('AWS::IAM::Policy', {
+      'PolicyDocument': {
+        'Statement': arrayWith(
+          objectLike({
+            'Action': 's3:PutObjectAcl',
+            'Effect': 'Allow',
+            'Resource': {
+              'Fn::Join': [
+                '',
+                [
+                  {
+                    'Fn::GetAtt': [
+                      'PipelineArtifactsBucket22248F97',
+                      'Arn',
+                    ],
+                  },
+                  '/*',
+                ],
+              ],
+            },
+          }),
+        ),
+      },
+    }));
+    test.done();
+  },
   'setting triggerOnPush=false reflects in the configuration'(test: Test) {
     const stack = new Stack();