4 Answers
- Newest
- Most votes
- Most comments
0
Your condition on the S3 bucket looks incorrect. Please try the following while replacing account-no with your Acct No
This section is incorrect
aws:SourceArn": "arn:aws:elasticloadbalancing:ap-south-1:account-no:*"
{
"Version": "2012-10-17",
"Id": "AWSLogDeliveryWrite",
"Statement": [
{
"Sid": "AWSLogDeliveryAclCheck",
"Effect": "Allow",
"Principal": {
"Service": "delivery.logs.amazonaws.com"
},
"Action": "s3:GetBucketAcl",
"Resource": "arn:aws:s3:::my-bucket",
"Condition": {
"StringEquals": {
"aws:SourceAccount": ["account-no"]
},
"ArnLike": {
"aws:SourceArn": ["arn:aws:logs:ap-south-1:account-no:*"]
}
}
},
{
"Sid": "AWSLogDeliveryWrite",
"Effect": "Allow",
"Principal": {
"Service": "delivery.logs.amazonaws.com"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::my-bucket/AWSLogs/account-no/*",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control",
"aws:SourceAccount": ["account-no"]
},
"ArnLike": {
"aws:SourceArn": ["arn:aws:logs:ap-south-1:account-no:*"]
}
}
}
]
}
0
Hello.
Is your S3 bucket encrypted using KMS?
For KMS encryption, try selecting a bucket with "SSE-S3" encryption.
Also, are NLB and S3 in the same region?
If the region is different, it will not be possible to output.
yes same region and s3 is encyrpted
0
can you share with us how you solved it , also what is the encryption type that you enabled ?
answered 2 months ago
Relevant content
- asked 4 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated a year ago
I have mentioned already account-no has been replaced by my actual aws account number
I understand that however your policy was wrong. It had wrong condition statement. My policy was the correct one. The arn not account number was wrong
Your policy condition was using arn:aws:elasticloadbalancing and not arn:aws:logs