Grant the Amazon S3 Log Delivery group write permission on the bucket where you want the access logs saved. We refer to this bucket as the target bucket.
Resolution · Open the Amazon S3 console. · From the list of buckets, choose the target bucket that server access logs are supposed to be sent to.
To enable logging, follow these steps. Topics. Step 1: Enable server access logging; Step 2: Grant the log delivery group WRITE and READ_ACP permissions ...
"If you use the Amazon S3 console to enable logging on a bucket, the
To do so, you both enable logging on the bucket and grant the Log Delivery group permission to write logs to the target bucket. Topics. Enabling logging; Granting ...
Here's how to achieve this via terraform using a null resource and the AWS CLI.
"my-tf-log-bucket" acl = "log-delivery-write" } resource "aws_s3_bucket" "b" { bucket = "my-tf-test-bucket" acl
According to the documentation for S3 logging, you must grant the Log Delivery group WRITE and READ_ACP permissions on the target ...
Amazon Simple Storage Service is popularly known as S3.
Amazon has pretty good instructions for granting access to the Log Delivery Group, but of course that doesn't really help when using Terraform.