1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
1
Hi,
Here is a sample policy for your reference. Follow the sample from below page, you can consider to use delivery.logs.amazonaws.com as the Principle.
https://docs.aws.amazon.com/network-firewall/latest/developerguide/logging-s3.html
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AWSLogDeliveryWrite",
"Effect": "Allow",
"Principal": {"Service": "delivery.logs.amazonaws.com"},
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::log-bucket/flow-logs/AWSLogs/111122223333/*",
"arn:aws:s3:::log-bucket/flow-logs/AWSLogs/444455556666/*"
],
"Condition": {"StringEquals": {"s3:x-amz-acl": "bucket-owner-full-control"}}
},
{
"Sid": "AWSLogDeliveryAclCheck",
"Effect": "Allow",
"Principal": {"Service": "delivery.logs.amazonaws.com"},
"Action": "s3:GetBucketAcl",
"Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET1"
}
]
}
답변함 일 년 전