// Replace AWS_ACCOUNT_ID and ELB_ACCOUNT_ID with your real ones before running.
$ cat <<EOF > s3-bucket-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::ELB_ACCOUNT_ID:root"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::test-trace-logs/AWSLogs/AWS_ACCOUNT_ID/*"
},
{
"Effect": "Allow",
"Principal": {
"Service": "delivery.logs.amazonaws.com"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::test-trace-logs/AWSLogs/AWS_ACCOUNT_ID/*",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
},
{
"Effect": "Allow",
"Principal": {
"Service": "delivery.logs.amazonaws.com"
},
"Action": "s3:GetBucketAcl",
"Resource": "arn:aws:s3:::test-trace-logs"
}
]
}
EOF
$ aws s3api put-bucket-policy \
--bucket test-trace-logs \
--policy file://s3-bucket-policy.json
// You can check if the bucket policy is applied or not using the following command.
$ aws s3api get-bucket-policy \
--bucket test-trace-logs | jq -r .Policy | jq
Last active
April 8, 2021 13:37
-
-
Save bysnupy/6dbfea4b9851b1351f9d895d1e486a6a to your computer and use it in GitHub Desktop.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment