From 957039358e833f42258bea1230813f15216dbcd8 Mon Sep 17 00:00:00 2001
From: Matthew <106278637+Matthew-Grayson@users.noreply.github.com>
Date: Thu, 7 Sep 2023 13:36:30 -0500
Subject: [PATCH] 2118 au 05 audit process migrate logs to s3 buckets (#2225)

* Remove ACL resource from cloudtrail bucket; remove sourceArn condtitions from cloudtrail bucket policy.

* Remove depends_on statement from cloudtrail resource.

* Remove unused variables from template_file.
---
 infrastructure/cloudtrail.tf                | 10 ++--------
 infrastructure/cloudtrail_bucket_policy.tpl | 10 ++--------
 2 files changed, 4 insertions(+), 16 deletions(-)

diff --git a/infrastructure/cloudtrail.tf b/infrastructure/cloudtrail.tf
index d62c6c04b..cafe65e88 100644
--- a/infrastructure/cloudtrail.tf
+++ b/infrastructure/cloudtrail.tf
@@ -25,7 +25,8 @@ resource "aws_cloudtrail" "all-events" {
 }
 
 resource "aws_s3_bucket" "cloudtrail_bucket" {
-  bucket = var.cloudtrail_bucket_name
+  bucket        = var.cloudtrail_bucket_name
+  force_destroy = true
   tags = {
     Project = var.project
     Stage   = var.stage
@@ -42,11 +43,6 @@ resource "aws_cloudwatch_log_group" "cloudtrail" {
   }
 }
 
-resource "aws_s3_bucket_acl" "cloudtrail_bucket" {
-  bucket = aws_s3_bucket.cloudtrail_bucket.id
-  acl    = "private"
-}
-
 resource "aws_s3_bucket_server_side_encryption_configuration" "cloudtrail_bucket" {
   bucket = aws_s3_bucket.cloudtrail_bucket.id
   rule {
@@ -87,8 +83,6 @@ data "template_file" "cloudtrail_bucket_policy" {
   template = file("cloudtrail_bucket_policy.tpl")
   vars = {
     bucketName = var.cloudtrail_bucket_name
-    region     = var.aws_region
-    trailName  = aws_cloudtrail.all-events.name
     accountId  = data.aws_caller_identity.current.account_id
   }
 }
\ No newline at end of file
diff --git a/infrastructure/cloudtrail_bucket_policy.tpl b/infrastructure/cloudtrail_bucket_policy.tpl
index 0bbeeb59c..5bbd3dc62 100644
--- a/infrastructure/cloudtrail_bucket_policy.tpl
+++ b/infrastructure/cloudtrail_bucket_policy.tpl
@@ -8,12 +8,7 @@
         "Service": "cloudtrail.amazonaws.com"
       },
       "Action": ["s3:GetBucketAcl"],
-      "Resource": ["arn:aws:s3:::${bucketName}"],
-      "Condition": {
-        "StringEquals": {
-          "aws:SourceArn": "arn:aws:cloudtrail:${region}:${accountId}:trail/${trailName}"
-        }
-      }
+      "Resource": ["arn:aws:s3:::${bucketName}"]
     },
     {
       "Sid": "AWSCloudTrailWrite20150319",
@@ -25,8 +20,7 @@
       "Resource": ["arn:aws:s3:::${bucketName}/AWSLogs/${accountId}/*"],
       "Condition": {
         "StringEquals": {
-          "s3:x-amz-acl": "bucket-owner-full-control",
-          "aws:SourceArn": "arn:aws:cloudtrail:${region}:${accountId}:trail/${trailName}"
+          "s3:x-amz-acl": "bucket-owner-full-control"
         }
       }
     }