Amazon S3 Bucket Policy for CloudTrail
naseemkullah opened this issue · comments
Is your request related to a problem? Please describe.
I'd like to easily attach the policy described here.
Describe the solution you'd like.
An attach_cloudtrail_policy
bool var that adds the following policy and attaches it to the bucket.
data "aws_iam_policy_document" "cloudtrail_policy" {
statement {
sid = "AWSCloudTrailAclCheck20150319"
effect = "Allow"
actions = [
"s3:GetBucketAcl",
]
resources = [
aws_s3_bucket.this.arn,
]
principals {
type = "Service"
identifiers = ["cloudtrail.amazonaws.com"]
}
}
statement {
sid = "AWSCloudTrailWrite20150319"
effect = "Allow"
actions = [
"s3:PutObject",
]
resources = [
"${aws_s3_bucket.this.arn}/AWSLogs/${data.aws_caller_identity.current.account_id}/*",
]
principals {
type = "Service"
identifiers = ["cloudtrail.amazonaws.com"]
}
condition {
test = "StringEquals"
variable = "s3:x-amz-acl"
values = [
"bucket-owner-full-control"
]
}
}
}
This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days
This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days
This issue was automatically closed because of stale in 10 days
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.