1回答
- 新しい順
- 投票が多い順
- コメントが多い順
1
Hi,
Here is a sample policy for your reference. Follow the sample from below page, you can consider to use delivery.logs.amazonaws.com as the Principle.
https://docs.aws.amazon.com/network-firewall/latest/developerguide/logging-s3.html
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AWSLogDeliveryWrite",
"Effect": "Allow",
"Principal": {"Service": "delivery.logs.amazonaws.com"},
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::log-bucket/flow-logs/AWSLogs/111122223333/*",
"arn:aws:s3:::log-bucket/flow-logs/AWSLogs/444455556666/*"
],
"Condition": {"StringEquals": {"s3:x-amz-acl": "bucket-owner-full-control"}}
},
{
"Sid": "AWSLogDeliveryAclCheck",
"Effect": "Allow",
"Principal": {"Service": "delivery.logs.amazonaws.com"},
"Action": "s3:GetBucketAcl",
"Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET1"
}
]
}
回答済み 2年前
関連するコンテンツ
- AWS公式更新しました 1年前
- AWS公式更新しました 1年前