An S3 Bucket policy grants access to AWS Config and AWS CloudTrail to deliver log files to the S3 bucket.

Missing Parameters
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Principal": {
                "Service": [
                    "cloudtrail.amazonaws.com",
                    "config.amazonaws.com"
                ]
            },
            "Action": [
                "s3:GetBucketAcl"
            ],
            "Resource": [
                "arn:aws:s3:::"
            ],
            "Effect": "Allow",
            "Condition": {}
        },
        {
            "Principal": {
                "Service": [
                    "cloudtrail.amazonaws.com",
                    "config.amazonaws.com"
                ]
            },
            "Action": [
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws:s3:::/*"
            ],
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "s3:x-amz-acl": "bucket-owner-full-control"
                }
            }
        }
    ]
}

Actions



Customize Template

Policy Parameters

* Required field