Removing logging bucket that is causing solution to fail deployment i…

…n Ohio region. Seeing the error Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting
aws-solutions · Apr 13, 2023 · 6cff9e5 · 6cff9e5
1 parent 69ac08b
commit 6cff9e5
Showing 1 changed file with 0 additions and 51 deletions.
diff --git a/source/constructs/lib/live-streaming.ts b/source/constructs/lib/live-streaming.ts
@@ -576,50 +576,6 @@ export class LiveStreaming extends cdk.Stack {
     mediaPackageCmafEndpoint.node.addDependency(mediaPackagePolicy);
 
 
-    /**
-     * S3: Logs bucket for CloudFront
-     */
-    const logsBucket = new s3.Bucket(this, 'LogsBucket', {
-      enforceSSL: true,
-      versioned: true,
-      removalPolicy: cdk.RemovalPolicy.RETAIN,
-      accessControl: s3.BucketAccessControl.LOG_DELIVERY_WRITE,
-      encryption: s3.BucketEncryption.S3_MANAGED,
-      blockPublicAccess: {
-        blockPublicAcls: true,
-        blockPublicPolicy: true,
-        ignorePublicAcls: true,
-        restrictPublicBuckets: true
-      }
-    });
-    /** get the cfn resource and attach cfn_nag rule */
-    (logsBucket.node.defaultChild as cdk.CfnResource).cfnOptions.metadata = {
-      cfn_nag: {
-        rules_to_suppress: [
-          {
-            id: 'W35',
-            reason: 'Used to store access logs for other buckets'
-          }, {
-            id: 'W51',
-            reason: 'Bucket is private and does not need a bucket policy'
-          }
-        ]
-      }
-    };
-    //cdk_nag
-    NagSuppressions.addResourceSuppressions(
-      logsBucket,
-      [
-        {
-          id: 'AwsSolutions-S1', //same as cfn_nag rule W35
-          reason: 'Used to store access logs for other buckets'
-        }, {
-          id: 'AwsSolutions-S10',
-          reason: 'Bucket is private and is not using HTTP'
-        }
-      ]
-    );
-
     /**
      * CloudFront Distribution
      */
@@ -697,7 +653,6 @@ export class LiveStreaming extends cdk.Stack {
         cachedMethods: cloudfront.CachedMethods.CACHE_GET_HEAD_OPTIONS
       },
       enabled: true,
-      logBucket: logsBucket,
       logFilePrefix: 'cloudfront-logs/',
       errorResponses: [
         errorResponse400,
@@ -1011,12 +966,6 @@ export class LiveStreaming extends cdk.Stack {
       exportName: `${cdk.Aws.STACK_NAME}-DemoBucket`
     });
 
-    new cdk.CfnOutput(this, 'LogsBucketConsole', { // NOSONAR
-      description: 'Logs bucket',
-      value: `https://${cdk.Aws.REGION}.console.aws.amazon.com/s3/buckets/${logsBucket.bucketName}?region=${cdk.Aws.REGION}`,
-      exportName: `${cdk.Aws.STACK_NAME}-LogsBucket`
-    });
-
     new cdk.CfnOutput(this, 'AppRegistryConsole', { // NOSONAR
       description: 'AppRegistry',
       value: `https://${cdk.Aws.REGION}.console.aws.amazon.com/servicecatalog/home?#applications/${appRegistry.applicationId}`,