From 9227c065aafab39d606296aa69c1311edfcd3799 Mon Sep 17 00:00:00 2001
From: Meng Xin Zhu <843303+zxkane@users.noreply.github.com>
Date: Wed, 19 Apr 2023 16:37:26 +0800
Subject: [PATCH] fix: explicitly set log bucket object ownership (#1209)

---
 src/lib/stack.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/lib/stack.ts b/src/lib/stack.ts
index eaa2e303..66caed84 100644
--- a/src/lib/stack.ts
+++ b/src/lib/stack.ts
@@ -3,7 +3,7 @@ import { RemovalPolicy, Stack, StackProps, Duration, CfnParameter, CfnOutput, Cf
 import { GatewayVpcEndpointAwsService, Vpc, FlowLogDestination, SubnetType, IVpc, SecurityGroup } from 'aws-cdk-lib/aws-ec2';
 import { Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam';
 import { CfnDBInstance } from 'aws-cdk-lib/aws-neptune';
-import { Bucket, BucketEncryption, IBucket } from 'aws-cdk-lib/aws-s3';
+import { Bucket, BucketEncryption, IBucket, ObjectOwnership } from 'aws-cdk-lib/aws-s3';
 import { Queue, QueueEncryption } from 'aws-cdk-lib/aws-sqs';
 import { Construct } from 'constructs';
 import { TransactionDashboardStack } from './dashboard-stack';
@@ -19,6 +19,7 @@ export class FraudDetectionStack extends Stack {
       encryption: BucketEncryption.S3_MANAGED,
       removalPolicy: RemovalPolicy.RETAIN,
       serverAccessLogsPrefix: 'accessLogBucketAccessLog',
+      objectOwnership: ObjectOwnership.OBJECT_WRITER,
     });
 
     const vpcId = this.node.tryGetContext('vpcId');