From d789b6509799d4b9327ab89bf3bc873690865400 Mon Sep 17 00:00:00 2001
From: David Chung <dchungs90@gmail.com>
Date: Thu, 13 Apr 2023 15:51:13 -0700
Subject: [PATCH] Updated bucket policy on DataplaneLogsBucket

Background
==========
An upcoming update on AWS S3 restricts that Bucket cannot have ACLs set with ObjectOwnership's BucketOwnerEnforced setting.
To remediate this issue, the bucket policy is being updated to grant PutObject access to the logging service principal

Changes
=======
* Updated the bucket policy on the DataplaneLogsBucket bucket(s) to grant access to the logging service principal (logging.s3.amazonaws.com) for access log delivery
* Updated outdated packages
---
 CHANGELOG.md                                     | 6 ++++++
 deployment/lambda_layer_factory/requirements.txt | 2 +-
 source/cdk/cdk.json                              | 1 +
 source/cdk/lib/media-insights-stack.ts           | 3 ---
 source/cdk/package.json                          | 4 ++--
 source/dataplanestream/requirements.txt          | 4 ++--
 source/workflowstream/requirements.txt           | 2 +-
 test/unit/requirements.txt                       | 6 +++---
 8 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 96c08a76..efdabd3b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [5.1.1] - 2023-04-13
+
+### Changed
+
+* Updated the bucket policy on the DataplaneLogsBucket bucket(s) to grant access to the logging service principal (logging.s3.amazonaws.com) for access log delivery
+
 ## [5.1.0] - 2023-02-06
 
 ### Added
diff --git a/deployment/lambda_layer_factory/requirements.txt b/deployment/lambda_layer_factory/requirements.txt
index c6c0a584..1a24de88 100644
--- a/deployment/lambda_layer_factory/requirements.txt
+++ b/deployment/lambda_layer_factory/requirements.txt
@@ -1,4 +1,4 @@
 pymediainfo==4.2.1
 jsonpickle==3.0.0
-aws-xray-sdk==2.11.0
+aws-xray-sdk==2.12.0
 /packages/Media_Insights_Engine_Lambda_Helper-1.0.0-py3-none-any.whl
diff --git a/source/cdk/cdk.json b/source/cdk/cdk.json
index 8c80149e..3e5d6c59 100644
--- a/source/cdk/cdk.json
+++ b/source/cdk/cdk.json
@@ -1,6 +1,7 @@
 {
   "app": "npx ts-node bin/media-insights.ts",
   "context": {
+    "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true,
     "solution_id": "SO0163",
     "solution_name": "media-insights-on-aws",
     "solution_version": "%%VERSION%%"
diff --git a/source/cdk/lib/media-insights-stack.ts b/source/cdk/lib/media-insights-stack.ts
index fa94adff..8b056911 100644
--- a/source/cdk/lib/media-insights-stack.ts
+++ b/source/cdk/lib/media-insights-stack.ts
@@ -334,7 +334,6 @@ export class MediaInsightsStack extends Stack {
         const dataplaneLogsBucket = new s3.Bucket(this, 'DataplaneLogsBucket', {
             enforceSSL: true,
             versioned: true,
-            accessControl: s3.BucketAccessControl.LOG_DELIVERY_WRITE,
             encryption: s3.BucketEncryption.S3_MANAGED,
             blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,
         });
@@ -390,8 +389,6 @@ export class MediaInsightsStack extends Stack {
             ],
         });
 
-        dataplaneBucket.node.addDependency(dataplaneLogsBucket);
-
 
         //
         // Service - SNS
diff --git a/source/cdk/package.json b/source/cdk/package.json
index 34722339..5717036e 100644
--- a/source/cdk/package.json
+++ b/source/cdk/package.json
@@ -35,8 +35,8 @@
         "@types/jest": "^27.0.0",
         "@types/node": "^16.4.0",
         "@types/sinon": "^10.0.2",
-        "aws-cdk": "^2.51.0",
-        "aws-cdk-lib": "^2.51.0",
+        "aws-cdk": "^2.73.0",
+        "aws-cdk-lib": "^2.73.0",
         "constructs": "^10.0.9",
         "jest": "^27.0.6",
         "sinon": "^11.1.1",
diff --git a/source/dataplanestream/requirements.txt b/source/dataplanestream/requirements.txt
index a024caa0..a7b81b24 100644
--- a/source/dataplanestream/requirements.txt
+++ b/source/dataplanestream/requirements.txt
@@ -1,3 +1,3 @@
-simplejson==3.18.0
+simplejson==3.19.1
 jsonpickle==3.0.0
-aws-xray-sdk==2.11.0
\ No newline at end of file
+aws-xray-sdk==2.12.0
\ No newline at end of file
diff --git a/source/workflowstream/requirements.txt b/source/workflowstream/requirements.txt
index f740793e..64ffe8c7 100644
--- a/source/workflowstream/requirements.txt
+++ b/source/workflowstream/requirements.txt
@@ -1 +1 @@
-simplejson==3.18.0
\ No newline at end of file
+simplejson==3.19.1
\ No newline at end of file
diff --git a/test/unit/requirements.txt b/test/unit/requirements.txt
index ccb122d2..8f919b28 100644
--- a/test/unit/requirements.txt
+++ b/test/unit/requirements.txt
@@ -4,10 +4,10 @@ pytest==7.2.0
 requests==2.28.1
 urllib3==1.26.13
 jsonschema==4.17.0
-chalice==1.27.3
-aws_xray_sdk==2.11.0
+chalice==1.28.0
+aws_xray_sdk==2.12.0
 pytest-cov==4.0.0
-simplejson==3.18.0
+simplejson==3.19.1
 pymediainfo==6.0.1
 nltk==3.8.0
 webvtt-py==0.4.6