Adding Logs to S3 from the Load Balancer

terraform/iam.tf

@@ -1,37 +1,33 @@
 # POLICY TO LET BUCKET PERMISSIONS:
 
 resource "aws_s3_bucket_policy" "alb_log_bucket_policy" {
-  bucket = aws_s3_bucket.nlb_logs.id
+ bucket = aws_s3_bucket.nlb_logs.id
 
-  policy = jsonencode({
+ policy = jsonencode({
     Version = "2012-10-17",
     Statement = [
       {
         Effect = "Allow",
         Principal = {
           Service = "elasticloadbalancing.amazonaws.com"
         },
-        Action = "s3:*",
+        Action = [
+          "s3:PutObject",
+          "s3:GetBucketAcl"
+        ],
         Resource = "${aws_s3_bucket.nlb_logs.arn}/*",
         Condition = {
           StringEquals = {
             "s3:x-amz-acl" = "bucket-owner-full-control"
           }
         }
-      },
-      {
-        Effect = "Allow",
-        Principal = {
-          Service = "elasticloadbalancing.amazonaws.com"
-        },
-        Action = "s3:*",
-        Resource = "arn:aws:s3:::milvus-api-alb-logs"
       }
     ]
-  })
+ })
 }
 
 
+
 # create SSMRoleForEC2 that the EC2 instance needs to assume to connect via System Manager , instead of via SSH
 
 resource "aws_iam_role" "ssm_role" {