Skip to content

Instantly share code, notes, and snippets.

@ismailyenigul

ismailyenigul/aws-vpc-flow-s3-bucket-poilcy.json

Last active August 17, 2023 12:11
Show Gist options
  • Save ismailyenigul/f5e49822692ae321c1a941d96a115358 to your computer and use it in GitHub Desktop.
Save ismailyenigul/f5e49822692ae321c1a941d96a115358 to your computer and use it in GitHub Desktop.
Download ZIP
AWS S3 bucket policy for writing from AWS VPC Flows on multiple AWS accounts
Raw
aws-vpc-flow-s3-bucket-poilcy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AWSLogDeliveryWrite",
"Effect": "Allow",
"Principal": {
"Service": "delivery.logs.amazonaws.com"
},
"Action": [
"s3:PutObject",
"s3:ListBucket",
"s3:GetBucketAcl"
],
"Resource": [
"arn:aws:s3:::my-aws-vpcflow-logs/*",
"arn:aws:s3:::my-aws-vpcflow-logs"
],
"Condition": {
"StringEquals": {
"aws:SourceAccount": [
"111111111111",
"222222222222",
"333333333333"
]
},
"ArnLike": {
"aws:SourceArn": [
"arn:aws:logs:us-east-1:111111111111:*",
"arn:aws:logs:us-east-1:222222222222:*",
"arn:aws:logs:us-east-1:333333333333:*"
]
}
}
},
{
"Sid": "ForceSSLOnlyAccess",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::my-aws-vpcflow-logs/*",
"arn:aws:s3:::my-aws-vpcflow-logs"
],
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment