Description of changes:
Update configuration for the logging bucket:
use a bucket policy instead of an ACL; see Grant permissions to the logging service principal using a bucket policy in Permissions for log delivery;
use AES256 instead of the current SSE-KMS setting for the log bucket; see considerations on the default bucket encryption on the target bucket with AES256 (SSE-S3) in Enabling Amazon S3 server access logging (where I note: You can use default bucket encryption on the target bucket only if you use AES256 (SSE-S3). Default encryption with AWS KMS keys (SSE-KMS) is not supported). I started to see logs in my logs bucket after I changed to AES256 the default bucket encryption for the log bucket itself.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Issue #, if available: Fixes #985
Description of changes: Update configuration for the logging bucket:
AES256
instead of the currentSSE-KMS
setting for the log bucket; see considerations on the default bucket encryption on the target bucket withAES256
(SSE-S3
) in Enabling Amazon S3 server access logging (where I note: You can use default bucket encryption on the target bucket only if you use AES256 (SSE-S3). Default encryption with AWS KMS keys (SSE-KMS) is not supported). I started to see logs in my logs bucket after I changed toAES256
the default bucket encryption for the log bucket itself.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.