fix: check s3 access log permissions configuration is correct (#625)

vgkowski · web-flow · commit dbd1c7d48a2c · 2023-04-19T17:49:09.000+02:00
diff --git a/core/src/ara-bucket.ts b/core/src/ara-bucket.ts
@@ -203,12 +203,16 @@ export class AraBucket extends Bucket {
 
   private constructor(scope: Construct, props: AraBucketProps) {
 
+    if(scope.node.tryGetContext('@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy') === true) {
+      throw new Error("Using @aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy is not supported please switch it to false in your cdk.json");
+    }
+
     var serverAccessLogsBucket = undefined;
     if (props.serverAccessLogsPrefix) {
       serverAccessLogsBucket = props.serverAccessLogsBucket || AraBucket.getOrCreate(scope, { 
         bucketName: 's3-access-logs', 
         encryption: BucketEncryption.S3_MANAGED,
-        objectOwnership: ObjectOwnership.OBJECT_WRITER,
+        objectOwnership: ObjectOwnership.BUCKET_OWNER_PREFERRED,
       });
     }
 
diff --git a/core/test/e2e/data-domain.test.ts b/core/test/e2e/data-domain.test.ts
@@ -19,7 +19,7 @@ const stack = new cdk.Stack(integTestApp, 'DataDomainE2eTest');
 
 const domain = new DataDomain(stack, 'DataDomain', {
   domainName: 'test',
-  centralAccountId: '123445678912',
+  centralAccountId: '1234567891011',
   crawlerWorkflow: true,
 });
 
