From 75a01ee46c1e32b394ab512942918b7250b07445 Mon Sep 17 00:00:00 2001 From: Abraham Chavez Date: Wed, 24 May 2023 13:51:32 -0700 Subject: [PATCH] Revert "[u] Fix: S3 server access logs are inherently incomplete (#5043, PR #5230)" This reverts commit befd49010ec0635de8898cb48a5e6a220240812c, reversing changes made to b954f7d48211f74cbe2a9a1a8f2d0606ed6c9c45. --- UPGRADING.rst | 10 ---------- terraform/shared/shared.tf.json.template.py | 10 +--------- 2 files changed, 1 insertion(+), 19 deletions(-) diff --git a/UPGRADING.rst b/UPGRADING.rst index 0c68dc8c35..e0ec5587e1 100644 --- a/UPGRADING.rst +++ b/UPGRADING.rst @@ -42,16 +42,6 @@ a deployment just before pushing the merge commit to the GitLab instance in that deployment. -#5043 S3 server access logs are inherently incomplete -===================================================== - -Operator -~~~~~~~~ - -Manually deploy the ``shared`` component of any main deployment just before -pushing the merge commit to the GitLab instance in that deployment. - - #5133 Trigger an alarm on absence of logs ========================================= diff --git a/terraform/shared/shared.tf.json.template.py b/terraform/shared/shared.tf.json.template.py index 4536d2f0a8..6ff7371ac0 100644 --- a/terraform/shared/shared.tf.json.template.py +++ b/terraform/shared/shared.tf.json.template.py @@ -350,15 +350,7 @@ def conformance_pack(name: str) -> str: 'enable_log_file_validation': True, 'is_multi_region_trail': True, 'cloud_watch_logs_group_arn': '${aws_cloudwatch_log_group.trail.arn}:*', - 'cloud_watch_logs_role_arn': '${aws_iam_role.trail.arn}', - 'event_selector': { - 'read_write_type': 'All', - 'include_management_events': True, - 'data_resource': { - 'type': 'AWS::S3::Object', - 'values': ['arn:aws:s3'] - } - } + 'cloud_watch_logs_role_arn': '${aws_iam_role.trail.arn}' } }, 'aws_cloudwatch_log_group': {