From c0da8f68ecc7897e123665dc2e3587db293b94a1 Mon Sep 17 00:00:00 2001
From: "James Armes (they/them)" <jarmes@codeforamerica.org>
Date: Thu, 17 Oct 2024 16:07:09 -0400
Subject: [PATCH] feat: Set object ownership to support CloudFront logs. (#4)

---
 main.tf | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/main.tf b/main.tf
index a2145a4..6bc7c1d 100644
--- a/main.tf
+++ b/main.tf
@@ -11,6 +11,16 @@ resource "aws_s3_bucket" "logs" {
   tags = var.tags
 }
 
+resource "aws_s3_bucket_ownership_controls" "example" {
+  bucket = aws_s3_bucket.logs.id
+
+  rule {
+    # This is necessary for certain AWS services to write to the bucket,
+    # including CloudFront
+    object_ownership = "ObjectWriter"
+  }
+}
+
 resource "aws_s3_bucket_public_access_block" "good_example" {
   bucket                  = aws_s3_bucket.logs.id
   block_public_acls       = true