Fix: [AEA-0000] - enable audit logging of cpt ui content bucket (#1575)

anthony-nhs · web-flow · commit a771956b1126 · 2025-09-29T13:24:06.000Z
## Summary

- Routine Change

### Details

- enable audit logging of cpt ui content bucket
diff --git a/cloudformation/account_resources.yml b/cloudformation/account_resources.yml
@@ -472,19 +472,18 @@ Resources:
                 aws:SourceAccount: !Ref "AWS::AccountId"
               ArnLike:
                 aws:SourceArn: !GetAtt TrustStoreBucket.Arn
-          # add this in once cpt-ui gets released to all environments
-          # - Effect: Allow
-          #   Principal:
-          #     Service: logging.s3.amazonaws.com
-          #   Action:
-          #     - s3:PutObject*
-          #   Resource:
-          #     - !Join ["", [!GetAtt AuditLoggingBucket.Arn, "/static-content/*"]]
-          #   Condition:
-          #     StringEquals:
-          #       aws:SourceAccount: !Ref "AWS::AccountId"
-          #     ArnLike:
-          #       aws:SourceArn: !ImportValue "cpt-ui-shared-resources:StaticContentBucket:Arn"
+          - Effect: Allow
+            Principal:
+              Service: logging.s3.amazonaws.com
+            Action:
+              - s3:PutObject*
+            Resource:
+              - !Join ["", [!GetAtt AuditLoggingBucket.Arn, "/static-content/*"]]
+            Condition:
+              StringEquals:
+                aws:SourceAccount: !Ref "AWS::AccountId"
+              ArnLike:
+                aws:SourceArn: !ImportValue "cpt-ui-stateful-resources:StaticContentBucket:Arn"
   #endregion
 
   ALBLoggingBucket:
