Default template creates recursive Server Access Logging policy #1607
Description
Summary
When deploying from code using the full solution-deploy.sh script, found that the generated cloudfront-s3-control-plane-stack-global.template.json template includes a Server Access Logging policy with no bucket referenced resulting in recursive log generation when either the cloudfrontcontrolplanepo or clickstreamsolutiondatab S3 buckets are accessed.
Steps to reproduce
Deploy the full from code following the steps outlined in the README. From Step 4, follow the deployment README. During the build step templates will be generated and placed in the global-s3-assets folder, and the cloudfront-s3-control-plane-stack-global.template.json that gets generated will include the recursive logging policy. I think the template and resulting logging policy gets copied from here.
What is the current bug behavior?
After the full deployment succeeds a Server Access Logging policy attached to the clickstreamsolutiondatab is set to generate a log whenever anything accesses that bucket (including itself), and then generates a log to dump into the same bucket. This log placement results in another access event trigger, which generates another log being placed in the bucket, restarting the cycle. This will continue infinitely filling the bucket with redundant logs and incurring unnecessary costs.
What is the expected correct behavior?
Log generation should not be triggering an infinite loop of log generation.
Relevant logs and/or screenshots
LoggingConfiguration in question.
Possible fixes
Either this LoggingConfiguration should be removed or updated to drop logs into a new and separate logging bucket. If a new logging bucket is added to the deployment then this LoggingConfiguration could also be updated to point to that bucket.
This is 🐛 Bug Report