Configuring access policy on the log bucket
You must configure a policy on the log bucket to enable logging for all other buckets. Here is a sample policy document for the log bucket. The policy name is log-bucket, and source-bucket as the source bucket name.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowLoggingFromSourceBucket",
"Effect": "Allow",
"Principal": {
"Service": "logging.s3.amazonaws.com"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::log-bucket/prefix*",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:s3:::source-bucket"
}
}
}
]
}