Update Terraform

rules/S6258/terraform/rule.adoc

@@ -118,25 +118,43 @@ resource "google_container_cluster" "example" {
 For Amazon https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket[S3 access requests]:
 [source,terraform]
 ----
-resource "aws_s3_bucket" "example-logs" {
-  bucket = "example_logstorage"
-  acl    = "log-delivery-write"
-}
-
 resource "aws_s3_bucket" "example" {
   bucket = "example"
-
-  logging { # AWS provider <= 3
-      target_bucket = aws_s3_bucket.example-logs.id
-      target_prefix = "log/example"
-  }
 }
 
-resource "aws_s3_bucket_logging" "example" { # AWS provider >= 4
+resource "aws_s3_bucket_logging" "example" {
   bucket = aws_s3_bucket.example.id
 
-  target_bucket = aws_s3_bucket.example-logs.id
-  target_prefix = "log/example"
+  target_bucket = aws_s3_bucket.logs.id
+  target_prefix = "testing-logs"
+}
+
+# Set up a logging bucket
+resource "aws_s3_bucket" "logs" {
+  bucket = "example_logstorage"
+}
+
+data "aws_iam_policy_document" "logs" {
+  statement {
+      sid    = "s3-log-delivery"
+      effect = "Allow"
+
+      principals {
+        type        = "Service"
+        identifiers = ["logging.s3.amazonaws.com"]
+      }
+
+      actions = ["s3:PutObject"]
+
+      resources = [
+        "${aws_s3_bucket.logs.arn}/*",
+      ]
+    }
+}
+
+resource "aws_s3_bucket_policy" "logs" {
+  bucket = aws_s3_bucket.example-logs.id
+  policy = data.aws_iam_policy_document.example.json
 }
 ----