diff --git a/packages/@aws-cdk/aws-cloudfront/lib/distribution.ts b/packages/@aws-cdk/aws-cloudfront/lib/distribution.ts index c13a791bfe9b1..c593edd9efec7 100644 --- a/packages/@aws-cdk/aws-cloudfront/lib/distribution.ts +++ b/packages/@aws-cdk/aws-cloudfront/lib/distribution.ts @@ -430,10 +430,7 @@ export class Distribution extends Resource implements IDistribution { throw new Error('Explicitly disabled logging but provided a logging bucket.'); } - const bucket = props.logBucket ?? new s3.Bucket(this, 'LoggingBucket', { - encryption: s3.BucketEncryption.S3_MANAGED, - enforceSSL: true, - }); + const bucket = props.logBucket ?? new s3.Bucket(this, 'LoggingBucket'); return { bucket: bucket.bucketRegionalDomainName, includeCookies: props.logIncludesCookies, diff --git a/packages/@aws-cdk/aws-cloudfront/lib/web-distribution.ts b/packages/@aws-cdk/aws-cloudfront/lib/web-distribution.ts index e590b5740c847..c0a332a2e1b89 100644 --- a/packages/@aws-cdk/aws-cloudfront/lib/web-distribution.ts +++ b/packages/@aws-cdk/aws-cloudfront/lib/web-distribution.ts @@ -954,10 +954,7 @@ export class CloudFrontWebDistribution extends cdk.Resource implements IDistribu } if (props.loggingConfig) { - this.loggingBucket = props.loggingConfig.bucket || new s3.Bucket(this, 'LoggingBucket', { - encryption: s3.BucketEncryption.S3_MANAGED, - enforceSSL: true, - }); + this.loggingBucket = props.loggingConfig.bucket || new s3.Bucket(this, 'LoggingBucket'); distributionConfig = { ...distributionConfig, logging: { diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-bucket-logging.expected.json b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-bucket-logging.expected.json index 2da6475aff16b..36a334898a57f 100644 --- a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-bucket-logging.expected.json +++ b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-bucket-logging.expected.json @@ -75,67 +75,9 @@ }, "AnAmazingWebsiteProbably2LoggingBucket222F7CE9": { "Type": "AWS::S3::Bucket", - "Properties": { - "BucketEncryption": { - "ServerSideEncryptionConfiguration": [ - { - "ServerSideEncryptionByDefault": { - "SSEAlgorithm": "AES256" - } - } - ] - } - }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain" }, - "AnAmazingWebsiteProbably2LoggingBucketPolicyE298B456": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "AnAmazingWebsiteProbably2LoggingBucket222F7CE9" - }, - "PolicyDocument": { - "Statement": [ - { - "Action": "s3:*", - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - }, - "Effect": "Deny", - "Principal": { - "AWS": "*" - }, - "Resource": [ - { - "Fn::GetAtt": [ - "AnAmazingWebsiteProbably2LoggingBucket222F7CE9", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "AnAmazingWebsiteProbably2LoggingBucket222F7CE9", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - } - } - }, "AnAmazingWebsiteProbably2CFDistribution7C1CCD12": { "Type": "AWS::CloudFront::Distribution", "Properties": { diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-extensive.expected.json b/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-extensive.expected.json index ca4afcdc81c17..4ddd5ddb8d373 100644 --- a/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-extensive.expected.json +++ b/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-extensive.expected.json @@ -2,67 +2,9 @@ "Resources": { "MyDistLoggingBucket9B8976BC": { "Type": "AWS::S3::Bucket", - "Properties": { - "BucketEncryption": { - "ServerSideEncryptionConfiguration": [ - { - "ServerSideEncryptionByDefault": { - "SSEAlgorithm": "AES256" - } - } - ] - } - }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain" }, - "MyDistLoggingBucketPolicy847D8D11": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "MyDistLoggingBucket9B8976BC" - }, - "PolicyDocument": { - "Statement": [ - { - "Action": "s3:*", - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - }, - "Effect": "Deny", - "Principal": { - "AWS": "*" - }, - "Resource": [ - { - "Fn::GetAtt": [ - "MyDistLoggingBucket9B8976BC", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "MyDistLoggingBucket9B8976BC", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - } - } - }, "MyDistDB88FD9A": { "Type": "AWS::CloudFront::Distribution", "Properties": {