From f39dc050426e89bf2cf91d33c0e28da6788dd6e9 Mon Sep 17 00:00:00 2001
From: rrigato <ryanrigato@gmail.com>
Date: Wed, 15 May 2024 14:43:03 -0500
Subject: [PATCH 1/2] create s3 bucket

---
 ...od_resource_import.yml => prod_homepage.yml} | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)
 rename templates/{prod_resource_import.yml => prod_homepage.yml} (95%)

diff --git a/templates/prod_resource_import.yml b/templates/prod_homepage.yml
similarity index 95%
rename from templates/prod_resource_import.yml
rename to templates/prod_homepage.yml
index b3db190..a6dd07c 100644
--- a/templates/prod_resource_import.yml
+++ b/templates/prod_homepage.yml
@@ -20,6 +20,10 @@ Parameters:
     Default: Z2FDTNDATAQYW2
     Description: Route 53 Hosted Zone id
 
+  ProjectName:
+    Type: String
+    Default: homepage
+
 
 
 
@@ -28,6 +32,11 @@ Conditions:
       !Equals [ !Ref BucketName, ryanrigato.com ]
 
 Resources:
+  ApplicationLogBucket:
+    Type: AWS::S3::Bucket
+    Properties:
+      BucketName: !Sub '${ProjectName}-logging'
+
   WebsiteBucket:
     Condition: RetainResourcesCreated
     Properties:
@@ -43,7 +52,7 @@ Resources:
       Tags:
           -
               Key: accessType
-              Value: bucketPolicyWithOAI      
+              Value: bucketPolicyWithOAI
           -
               Key: use
               Value: website
@@ -69,7 +78,7 @@ Resources:
             Action: s3:GetObject
             # ensuring that the static s3 bucket can only be accessed
             # through cloudfront
-            Principal: 
+            Principal:
               CanonicalUser:
                 !GetAtt CloudFrontOai.S3CanonicalUserId
             Resource: !Sub "arn:aws:s3:::${BucketName}/*"
@@ -117,7 +126,7 @@ Resources:
 ###########################
 #Content delivery network
 #for the static (html/css/js) content
-#
+#TODO - add Logging property for s3 bucket
 ##########################
   StaticWebpageCdn:
     DependsOn: CloudFrontOai
@@ -185,7 +194,7 @@ Resources:
 Outputs:
   OaiS3CanonicalUserId:
     Description: |
-      Canonical ID which can be used to restrict s3 bucket access to go 
+      Canonical ID which can be used to restrict s3 bucket access to go
       through cloudfront
 
     Value: !GetAtt CloudFrontOai.S3CanonicalUserId
\ No newline at end of file

From 5f3a3151f9d02c54733c306700932483ab5e0b15 Mon Sep 17 00:00:00 2001
From: rrigato <ryanrigato@gmail.com>
Date: Wed, 15 May 2024 15:44:00 -0500
Subject: [PATCH 2/2] standard logging for s3 bucket

---
 templates/prod_homepage.yml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/templates/prod_homepage.yml b/templates/prod_homepage.yml
index a6dd07c..b60302e 100644
--- a/templates/prod_homepage.yml
+++ b/templates/prod_homepage.yml
@@ -36,6 +36,10 @@ Resources:
     Type: AWS::S3::Bucket
     Properties:
       BucketName: !Sub '${ProjectName}-logging'
+      OwnershipControls:
+        Rules:
+          - ObjectOwnership: BucketOwnerPreferred
+
 
   WebsiteBucket:
     Condition: RetainResourcesCreated
@@ -126,7 +130,6 @@ Resources:
 ###########################
 #Content delivery network
 #for the static (html/css/js) content
-#TODO - add Logging property for s3 bucket
 ##########################
   StaticWebpageCdn:
     DependsOn: CloudFrontOai
@@ -146,6 +149,10 @@ Resources:
               - - 'www'
                 - !Ref BucketName
         Enabled: true
+        Logging:
+          Bucket: !GetAtt ApplicationLogBucket.DomainName
+          IncludeCookies: false
+          Prefix: cdnlogs/
         DefaultCacheBehavior:
           ForwardedValues:
             QueryString: true