removed bucket policy auto-creation

packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.js.snapshot/aws-cdk-alb-log-imported-bucket-integ.template.json

@@ -396,7 +396,7 @@
    "UpdateReplacePolicy": "Retain",
    "DeletionPolicy": "Retain"
   },
-  "ImportedBucketPolicy71C80354": {
+  "ImportedBucketPolicyAE50CA2C": {
    "Type": "AWS::S3::BucketPolicy",
    "Properties": {
     "Bucket": {
@@ -521,7 +521,7 @@
     "Type": "application"
    },
    "DependsOn": [
-    "ImportedBucketPolicy71C80354",
+    "ImportedBucketPolicyAE50CA2C",
     "VPCPublicSubnet1DefaultRoute91CEF279",
     "VPCPublicSubnet1RouteTableAssociation0B0896DC",
     "VPCPublicSubnet2DefaultRouteB7481BBA",

packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.log.imported-bucket.ts

@@ -16,6 +16,10 @@ const vpc = new ec2.Vpc(stack, 'VPC', {
 
 const bucket = new s3.Bucket(stack, 'Bucket');
 const importedBucket = s3.Bucket.fromBucketName(stack, 'ImportedBucket', bucket.bucketName);
+// Imported buckets have `autoCreatePolicy` disabled by default
+importedBucket.policy = new s3.BucketPolicy(stack, 'ImportedBucketPolicy', {
+  bucket: importedBucket,
+});
 
 const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', {
   vpc,

packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts

@@ -252,21 +252,14 @@ export abstract class BaseLoadBalancer extends Resource {
     this.setAttribute('access_logs.s3.bucket', bucket.bucketName.toString());
     this.setAttribute('access_logs.s3.prefix', prefix);
 
-    const putObjectStatement = new PolicyStatement({
+    const logsDeliveryServicePrincipal = new ServicePrincipal('delivery.logs.amazonaws.com');
+    bucket.addToResourcePolicy(new PolicyStatement({
       actions: ['s3:PutObject'],
       principals: [this.resourcePolicyPrincipal()],
       resources: [
         bucket.arnForObjects(`${prefix ? prefix + '/' : ''}AWSLogs/${Stack.of(this).account}/*`),
       ],
-    });
-    bucket.addToResourcePolicy(putObjectStatement);
-    if (!bucket.policy) {
-      // Imported buckets have `autoCreatePolicy` disabled
-      bucket.policy = new s3.BucketPolicy(bucket, 'Policy', { bucket });
-      bucket.addToResourcePolicy(putObjectStatement);
-    }
-
-    const logsDeliveryServicePrincipal = new ServicePrincipal('delivery.logs.amazonaws.com');
+    }));
     bucket.addToResourcePolicy(
       new PolicyStatement({
         actions: ['s3:PutObject'],

packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts

@@ -408,6 +408,10 @@ describe('tests', () => {
       const { stack, lb } = loggingSetup();
 
       const bucket = s3.Bucket.fromBucketName(stack, 'ImportedAccessLoggingBucket', 'imported-bucket');
+      // Imported buckets have `autoCreatePolicy` disabled by default
+      bucket.policy = new s3.BucketPolicy(stack, 'ImportedAccessLoggingBucketPolicy', {
+        bucket,
+      });
 
       // WHEN
       lb.logAccessLogs(bucket);
@@ -492,7 +496,7 @@ describe('tests', () => {
 
       // verify the ALB depends on the bucket policy
       Template.fromStack(stack).hasResource('AWS::ElasticLoadBalancingV2::LoadBalancer', {
-        DependsOn: ['ImportedAccessLoggingBucketPolicy832A536F'],
+        DependsOn: ['ImportedAccessLoggingBucketPolicy97AE3371'],
       });
     });
 

packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/nlb/load-balancer.test.ts

@@ -239,6 +239,10 @@ describe('tests', () => {
     const stack = new cdk.Stack(app, undefined, { env: { region: 'us-east-1' } });
     const vpc = new ec2.Vpc(stack, 'Stack');
     const bucket = s3.Bucket.fromBucketName(stack, 'ImportedAccessLoggingBucket', 'imported-bucket');
+    // Imported buckets have `autoCreatePolicy` disabled by default
+    bucket.policy = new s3.BucketPolicy(stack, 'ImportedAccessLoggingBucketPolicy', {
+      bucket,
+    });
     const lb = new elbv2.NetworkLoadBalancer(stack, 'LB', { vpc });
 
     // WHEN
@@ -325,7 +329,7 @@ describe('tests', () => {
 
     // verify the NLB depends on the bucket policy
     Template.fromStack(stack).hasResource('AWS::ElasticLoadBalancingV2::LoadBalancer', {
-      DependsOn: ['ImportedAccessLoggingBucketPolicy832A536F'],
+      DependsOn: ['ImportedAccessLoggingBucketPolicy97AE3371'],
     });
   });