Skip to content

Instantly share code, notes, and snippets.

@alanwill

alanwill/aws-cloudtrail-bucket-policy.json

Created July 6, 2014 08:51
Show Gist options
  • Save alanwill/c6a2129557f510bc90cd to your computer and use it in GitHub Desktop.
Save alanwill/c6a2129557f510bc90cd to your computer and use it in GitHub Desktop.
Download ZIP
S3 bucket policy for Cloudtrail logs to receive from multiple accounts
Raw
aws-cloudtrail-bucket-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AWSCloudTrailAclCheck20131101",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::903692715234:root",
"arn:aws:iam::859597730677:root",
"arn:aws:iam::814480443879:root",
"arn:aws:iam::216624486486:root",
"arn:aws:iam::086441151436:root",
"arn:aws:iam::388731089494:root",
"arn:aws:iam::284668455005:root",
"arn:aws:iam::113285607260:root"
]
},
"Action": "s3:GetBucketAcl",
"Resource": "arn:aws:s3:::<cloudtrail-bucket-name>"
},
{
"Sid": "AWSCloudTrailWrite20131101",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::903692715234:root",
"arn:aws:iam::859597730677:root",
"arn:aws:iam::814480443879:root",
"arn:aws:iam::216624486486:root",
"arn:aws:iam::086441151436:root",
"arn:aws:iam::388731089494:root",
"arn:aws:iam::284668455005:root",
"arn:aws:iam::113285607260:root"
]
},
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::<cloudtrail-bucket-name>/<prefix>/AWSLogs/<account#1>/*",
"arn:aws:s3:::<cloudtrail-bucket-name>/<prefix>/AWSLogs/<account#2>/*",
"arn:aws:s3:::<cloudtrail-bucket-name>/<prefix>/AWSLogs/<account#3>/*"
],
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment