revert: "chore(ec2): enforceSSL on flowLog s3 bucket (#18271)" (#18770)

Elad Ben-Israel · web-flow · commit a2eb092b2b46 · 2022-02-01T20:18:05.000Z
#18271 resulted in the definition of a new bucket policy, which broke existing users that already had an implicit bucket policy created by AWS (see [docs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3)). Reverts commit 0ed5e85 in the meantime until we figure out the longer term solution. Fixes #18676 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
diff --git a/packages/@aws-cdk/aws-ec2/lib/vpc-flow-logs.ts b/packages/@aws-cdk/aws-ec2/lib/vpc-flow-logs.ts
@@ -198,7 +198,6 @@ class S3Destination extends FlowLogDestination {
     if (this.props.s3Bucket === undefined) {
       s3Bucket = new s3.Bucket(scope, 'Bucket', {
         encryption: s3.BucketEncryption.UNENCRYPTED,
-        enforceSSL: true,
         removalPolicy: RemovalPolicy.RETAIN,
       });
     } else {
diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.expected.json b/packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.expected.json
@@ -527,53 +527,6 @@
       "UpdateReplacePolicy": "Retain",
       "DeletionPolicy": "Retain"
     },
-    "VPCFlowLogsS3BucketPolicyB2C2A045": {
-      "Type": "AWS::S3::BucketPolicy",
-      "Properties": {
-        "Bucket": {
-          "Ref": "VPCFlowLogsS3BucketFB7DC2BE"
-        },
-        "PolicyDocument": {
-          "Statement": [
-            {
-              "Action": "s3:*",
-              "Condition": {
-                "Bool": {
-                  "aws:SecureTransport": "false"
-                }
-              },
-              "Effect": "Deny",
-              "Principal": {
-                "AWS": "*"
-              },
-              "Resource": [
-                {
-                  "Fn::GetAtt": [
-                    "VPCFlowLogsS3BucketFB7DC2BE",
-                    "Arn"
-                  ]
-                },
-                {
-                  "Fn::Join": [
-                    "",
-                    [
-                      {
-                        "Fn::GetAtt": [
-                          "VPCFlowLogsS3BucketFB7DC2BE",
-                          "Arn"
-                        ]
-                      },
-                      "/*"
-                    ]
-                  ]
-                }
-              ]
-            }
-          ],
-          "Version": "2012-10-17"
-        }
-      }
-    },
     "VPCFlowLogsS3FlowLogB5256CFF": {
       "Type": "AWS::EC2::FlowLog",
       "Properties": {
