Deploy Fails - CreateTrail InsufficientS3BucketPolicyException: Incorrect S3 #70
Description
Describe the Bug
Deploying the component with the recommended example will fail with the following error;
Error: creating CloudTrail Trail (core-auto-gbl): operation error CloudTrail: CreateTrail, https response error StatusCode: 400, RequestID: fc6989f0-4f66-478d-9287-bee106ecc486, InsufficientS3BucketPolicyException: Incorrect S3 bucket policy is detected for bucket: core-auto-gbl-datadog-logs-archive-cloudtrail
│
│ with module.cloudtrail[0].aws_cloudtrail.default[0],
│ on .terraform/modules/cloudtrail/main.tf line 1, in resource "aws_cloudtrail" "default":
│ 1: resource "aws_cloudtrail" "default" {
│
╵
Error
exit status 1
Expected Behavior
Deploy should work without errors.
Steps to Reproduce
- Create the component with the config
components:
terraform:
datadog-logs-archive:
settings:
vars:
enabled: true- Deploy it;
- Observe the error
Screenshots
--
Environment (please complete the following information):
- OS: Linux
- Atmos: v1.180.0
- Terraform: v1.12.1
Additional Context
There is a workaround for this.
- Comment the condition code for the CloudTrail bucket policy, there will be 2 entries for it;
condition {
test = "StringLike"
variable = "aws:SourceArn"
values = [
"arn:${local.aws_partition}:cloudtrail:*:${local.aws_account_id}:trail/*datadog-logs-archive",
]
}
- Deploy the component without problems
- Uncomment the condition
- Deploy it again without problems.