File tree Expand file tree Collapse file tree 1 file changed +12
-10
lines changed
Expand file tree Collapse file tree 1 file changed +12
-10
lines changed Original file line number Diff line number Diff line change @@ -215,16 +215,18 @@ Resources:
215215 Condition :
216216 Bool :
217217 ' aws:SecureTransport ' false
218- - Sid : EnforceSSERequests
219- Effect : Deny
220- Principal : ' *'
221- Action : ' s3:PutObject'
222- Resource : !If [HasLogFilePrefix, !Sub 'arn:aws:s3:::${TrailBucket}/${LogFilePrefix}/AWSLogs/${AWS::AccountId}/*', !Sub 'arn:aws:s3:::${TrailBucket}/AWSLogs/${AWS::AccountId}/*']
223- Condition :
224- StringNotEquals :
225- ' s3:x-amz-server-side-encryption '
226- - ' AES256'
227- - ' aws:kms'
218+ - !If
219+ - HasParentKmsKeyStack
220+ - Sid : EnforceSSERequests
221+ Principal : ' *'
222+ Action : ' s3:PutObject*'
223+ Effect : Deny
224+ Resource : !If [HasLogFilePrefix, !Sub 'arn:aws:s3:::${TrailBucket}/${LogFilePrefix}/AWSLogs/${AWS::AccountId}/*', !Sub 'arn:aws:s3:::${TrailBucket}/AWSLogs/${AWS::AccountId}/*']
225+ Condition :
226+ StringNotEquals :
227+ ' s3:x-amz-server-side-encryption ' ' '
228+ ' s3:x-amz-server-side-encryption-aws-kms-key-id ' {'Fn::ImportValue': !Sub '${ParentKmsKeyStack}-KeyArn'}
229+ - !Ref ' AWS::NoValue'
228230 TrailLogGroup :
229231 Type : ' AWS::Logs::LogGroup'
230232 Properties :
You can’t perform that action at this time.
0 commit comments