And ACL for new files to have permissions for the bucket owner (Prod account) to own instead of the object writer (AWS Log delivery) by default. After verifying this works for newer files, we'll have to run an S3 batch operation to grant bucket-owner-full-access on existing files to make this work:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops.html
And ACL for new files to have permissions for the bucket owner (Prod account) to own instead of the object writer (AWS Log delivery) by default. After verifying this works for newer files, we'll have to run an S3 batch operation to grant bucket-owner-full-access on existing files to make this work: https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops.html