adding new ObjectOwnership rule needed for Amazon S3

aws-solutions · Apr 13, 2023 · c61714d · c61714d
1 parent e124946
commit c61714d
Showing 1 changed file with 9 additions and 6 deletions.
diff --git a/source/constructs/lib/live-streaming.ts b/source/constructs/lib/live-streaming.ts
@@ -690,9 +690,9 @@ export class LiveStreaming extends cdk.Stack {
           id: 'AwsSolutions-CFR2',
           reason: 'Use case does not warrant CloudFront integration with AWS WAF'
         }, {
-            id: 'AwsSolutions-CFR3', //same as cfn_nag rule W70
-            reason: 'S3 update causing deploy fail when bucket makes any sort of ACL. With this error cannot have ACLs set with ObjectOwnerships BucketOwnerEnforced setting'
-        },{
+            id: 'AwsSolutions-CFR3',
+            reason: 'S3 changing ownership have to remove since it is causing solution not to deploy'
+        }, {
           id: 'AwsSolutions-CFR4', //same as cfn_nag rule W70
           reason: 'CloudFront automatically sets the security policy to TLSv1 when the distribution uses the CloudFront domain name'
         }, {
@@ -737,13 +737,16 @@ export class LiveStreaming extends cdk.Stack {
         ]
       },
       bucketProps: {
-        versioned: false
+        versioned: false,
+        objectOwnership: s3.ObjectOwnership.OBJECT_WRITER
       },
       loggingBucketProps: {
-        versioned: false
+        versioned: false,
+        objectOwnership: s3.ObjectOwnership.OBJECT_WRITER
       },
       cloudFrontLoggingBucketProps: {
-        versioned: false
+        versioned: false,
+        objectOwnership: s3.ObjectOwnership.OBJECT_WRITER
       },
       insertHttpSecurityHeaders: false
     });