I'm trying to work this in the given example to write logs from Account B's Cloudtrail to Account A's bucket. I can't see the bucket in Account A in Account B's cloudtrail configuration event after adding the additional line in bucket policy under Action - s3:PutObject. :
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AWSCloudTrailAclCheck20150319",
"Effect": "Allow",
"Principal": {
"Service": "cloudtrail.amazonaws.com"
},
"Action": "s3:GetBucketAcl",
"Resource": "arn:aws:s3:::aws-cloudtrail-logs-481557513980-612e9c3a",
"Condition": {
"StringEquals": {
"AWS:SourceArn": "arn:aws:cloudtrail:ap-southeast-1:481557513980:trail/management-events-joel.ckx_dev"
}
}
},
{
"Sid": "AWSCloudTrailWrite20150319",
"Effect": "Allow",
"Principal": {
"Service": "cloudtrail.amazonaws.com"
},
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::aws-cloudtrail-logs-481557513980-612e9c3a/AWSLogs/481557513980/",
"arn:aws:s3:::aws-cloudtrail-logs-481557513980-612e9c3a/AWSLogs/066239933787/"
],
"Condition": {
"StringEquals": {
"AWS:SourceArn": "arn:aws:cloudtrail:ap-southeast-1:481557513980:trail/management-events-joel.ckx_dev",
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
}
]
}
OFICIAL DE AWSActualizada hace 2 años
BTW formatting your code with markdown would make it much more readable.