diff --git a/docs/storage-drivers/s3.md b/docs/storage-drivers/s3.md
index 3122a8979..7129fd41f 100644
--- a/docs/storage-drivers/s3.md
+++ b/docs/storage-drivers/s3.md
@@ -26,6 +26,7 @@ Amazon S3 or S3 compatible services for object storage.
 | `rootdirectory`  | no | This is a prefix that is applied to all S3 keys to allow you to segment data in your bucket if necessary. |
 | `storageclass`  | no | The S3 storage class applied to each registry file. The default is `STANDARD`. |
 | `objectacl`  | no | The S3 Canned ACL for objects. The default value is "private". |
+| `objecownership`  | no | Indicates whether the S3 storage bucket to be used by the registry disabled access control lists (ACLs). The default value is `true`. |
 
 > **Note** You can provide empty strings for your access and secret keys to run the driver
 > on an ec2 instance and handles authentication with the instance's credentials. If you
@@ -56,6 +57,8 @@ Amazon S3 or S3 compatible services for object storage.
 
 `objectacl`: (optional) The canned object ACL to be applied to each registry object. Defaults to `private`. If you are using a bucket owned by another AWS account, it is recommended that you set this to `bucket-owner-full-control` so that the bucket owner can access your objects. Other valid options are available in the [AWS S3 documentation](http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl).
 
+`objectownership`: (optional) Whether your s3 bucket only supports object ownership as opposed to canned ACLs. This defaults to `false` if not specified. This parameter can not be `true` if the `objectacl` parameter is also set. S3 Object Ownership is an Amazon S3 bucket-level setting that you can use to disable access control lists (ACLs) and take ownership of every object in your bucket. More information is availaible in the [AWS S3 documentation](https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html).
+
 
 ## S3 permission scopes
 
diff --git a/registry/storage/driver/s3-aws/s3.go b/registry/storage/driver/s3-aws/s3.go
index 28af4dabf..ce3f97e5a 100644
--- a/registry/storage/driver/s3-aws/s3.go
+++ b/registry/storage/driver/s3-aws/s3.go
@@ -117,6 +117,7 @@ type DriverParameters struct {
 	SessionToken                string
 	UseDualStack                bool
 	Accelerate                  bool
+	ObjectOwnership             bool
 }
 
 func init() {
@@ -164,6 +165,7 @@ type driver struct {
 	RootDirectory               string
 	StorageClass                string
 	ObjectACL                   string
+	ObjectOwnership             bool
 }
 
 type baseEmbed struct {
@@ -368,9 +370,22 @@ func FromParameters(parameters map[string]interface{}) (*Driver, error) {
 		userAgent = ""
 	}
 
+	objectOwnership := false
+	objectOwnershipParam := parameters["objectownership"]
+	if objectOwnershipParam != nil {
+		objectOwnershipBool, ok := objectOwnershipParam.(bool)
+		if !ok {
+			return nil, fmt.Errorf("invalid value for objectownership parameter must be either %v or %v", true, false)
+		}
+		objectOwnership = objectOwnershipBool
+	}
+
 	objectACL := s3.ObjectCannedACLPrivate
 	objectACLParam := parameters["objectacl"]
 	if objectACLParam != nil {
+		if objectOwnership {
+			return nil, fmt.Errorf("objectacl parameter can not be set when objectownership parameter is set to %v", objectOwnership)
+		}
 		objectACLString, ok := objectACLParam.(string)
 		if !ok {
 			return nil, fmt.Errorf("invalid value for objectacl parameter: %v", objectACLParam)
@@ -459,6 +474,7 @@ func FromParameters(parameters map[string]interface{}) (*Driver, error) {
 		fmt.Sprint(sessionToken),
 		useDualStackBool,
 		accelerateBool,
+		objectOwnership,
 	}
 
 	return New(params)
@@ -578,6 +594,7 @@ func New(params DriverParameters) (*Driver, error) {
 		RootDirectory:               params.RootDirectory,
 		StorageClass:                params.StorageClass,
 		ObjectACL:                   params.ObjectACL,
+		ObjectOwnership:             params.ObjectOwnership,
 	}
 
 	return &Driver{
@@ -1239,6 +1256,10 @@ func (d *driver) getContentType() *string {
 }
 
 func (d *driver) getACL() *string {
+
+	if d.ObjectOwnership {
+		return nil
+	}
 	return aws.String(d.ObjectACL)
 }
 
diff --git a/registry/storage/driver/s3-aws/s3_test.go b/registry/storage/driver/s3-aws/s3_test.go
index 0c79a0091..35c0faadc 100644
--- a/registry/storage/driver/s3-aws/s3_test.go
+++ b/registry/storage/driver/s3-aws/s3_test.go
@@ -49,6 +49,7 @@ func init() {
 		useDualStack     = os.Getenv("S3_USE_DUALSTACK")
 		combineSmallPart = os.Getenv("MULTIPART_COMBINE_SMALL_PART")
 		accelerate       = os.Getenv("S3_ACCELERATE")
+		objectOwnership  = os.Getenv("S3_OBJECT_OWNERSHIP")
 	)
 
 	root, err := os.MkdirTemp("", "driver-")
@@ -118,6 +119,14 @@ func init() {
 			}
 		}
 
+		objectOwnershipBool := false
+		if objectOwnership != "" {
+			objectOwnershipBool, err = strconv.ParseBool(objectOwnership)
+			if err != nil {
+				return nil, err
+			}
+		}
+
 		parameters := DriverParameters{
 			accessKey,
 			secretKey,
@@ -142,6 +151,7 @@ func init() {
 			sessionToken,
 			useDualStackBool,
 			accelerateBool,
+			objectOwnershipBool,
 		}
 
 		return New(parameters)