From 3537d0a9d4af438425b95d92018b12ef62e1d78a Mon Sep 17 00:00:00 2001
From: Addie Rudy <awsrudy@amazon.com>
Date: Wed, 30 Oct 2024 16:41:06 -0400
Subject: [PATCH] fix: updated logging bucket ACL settings in CDK to handle log
 delivery from CloudFront

---
 lib/index.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/index.ts b/lib/index.ts
index 3924b05..eb13bfe 100644
--- a/lib/index.ts
+++ b/lib/index.ts
@@ -7,7 +7,7 @@
 import { type IIdentityPool } from '@aws-cdk/aws-cognito-identitypool-alpha';
 import { Stack } from 'aws-cdk-lib';
 import { type IUserPool, type IUserPoolClient } from 'aws-cdk-lib/aws-cognito';
-import { Bucket, BucketEncryption } from 'aws-cdk-lib/aws-s3';
+import { Bucket, BucketAccessControl, BucketEncryption } from 'aws-cdk-lib/aws-s3';
 import { type Construct } from 'constructs';
 import { API } from './api';
 import { Authentication } from './authentication';
@@ -40,6 +40,7 @@ export class GenAINewsletter extends Stack {
     const loggingBucket = new Bucket(this, 'GenAINewsletter-LoggingBucket', {
       encryption: BucketEncryption.S3_MANAGED,
       enforceSSL: true,
+      accessControl: BucketAccessControl.LOG_DELIVERY_WRITE,
     });
 
     const authentication = new Authentication(this, 'AuthenticationStack');