Hello AWS community, from the page "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-set-bucket-policy-for-multiple-accounts.html", can you please clarify on how to modify the existing policy.
Just need someone to confirm if I have 4-5 accounts, I will add a line for each additional account whose log files you want delivered to this bucket. What about the SourceArn in the Condition? You are showing there primary and secondary trail, do I also have to add third, fourth and fifth trail - depending how many additional accounts I have?
Hoping someone can also add a condition key for PrincipalOrgId to restrict access to the S3 bucket in this example as well.
Please don't advise using Control Tower, as I am hoping to do this without.
Is there perhaps a video someone creating this step by step - it would help a lot.
Many thanks, Oisin