ljquin
commented
1 year ago Thank you for taking the time to submit a pull request. The existing JSON policy example is correct as is.
The Organizations CloudTrail trail S3 path in the example policy is the default S3 path when you use CloudTrail to create the Organization trail. If Control Tower was used to setup the Organizations CloudTrail the S3 path would be different.
The following is a CloudTrail console screenshot showing the default S3 log path of where the logs will be stored:
For examples of CloudTrail trail S3 paths see the following link: Finding your CloudTrail log files - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html
Issue #, if available:
Description of changes:
This commit amends the existing incorrect AWS CloudTrail S3 bucket folder structure to match the correct folder structure
The folder structure cascades in the following manner;
<organisation-id>AWSLogs<account-id>The existing documentation has the
AWSLogsand<organization-id>in the incorrect orderChanges
GetObjectsfrom the CloudTrail bucketBy submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.