testing updates to policy for opt-in

cyphronix · cyphronix · commit ee00c65b6a72 · 2024-06-17T14:55:15.000-06:00
diff --git a/aws_sra_examples/solutions/guardduty/guardduty_org/templates/sra-guardduty-org-delivery-kms-key.yaml b/aws_sra_examples/solutions/guardduty/guardduty_org/templates/sra-guardduty-org-delivery-kms-key.yaml
@@ -97,8 +97,7 @@ Resources:
             Effect: Allow
             Action: kms:GenerateDataKey
             Resource: '*'
-            Principal:
-              Service: '*'
+            Principal: '*'
             Condition:
               StringLike:
                 aws:PrincipalServiceName: guardduty.*.amazonaws.com
diff --git a/aws_sra_examples/solutions/guardduty/guardduty_org/templates/sra-guardduty-org-delivery-s3-bucket.yaml b/aws_sra_examples/solutions/guardduty/guardduty_org/templates/sra-guardduty-org-delivery-s3-bucket.yaml
@@ -136,8 +136,7 @@ Resources:
               - s3:GetBucketLocation
               - s3:ListBucket
             Resource: !Sub arn:aws:s3:::${rGuardDutyDeliveryS3Bucket}
-            Principal:
-              Service: '*'
+            Principal: '*'
             Condition:
               StringLike:
                 aws:PrincipalServiceName: guardduty.*.amazonaws.com
@@ -161,8 +160,7 @@ Resources:
             #   StringEquals:
             #     s3:x-amz-acl: bucket-owner-full-control
             Resource: !Sub arn:aws:s3:::${rGuardDutyDeliveryS3Bucket}/*
-            Principal:
-              Service: '*'
+            Principal: '*'
             Condition:
               StringLike:
                 aws:PrincipalServiceName: guardduty.*.amazonaws.com
@@ -186,8 +184,7 @@ Resources:
               StringNotEquals:
                 s3:x-amz-server-side-encryption: aws:kms
             Resource: !Sub arn:aws:s3:::${rGuardDutyDeliveryS3Bucket}/*
-            Principal:
-              Service: '*'
+            Principal: '*'
             Condition:
               StringLike:
                 aws:PrincipalServiceName: guardduty.*.amazonaws.com
@@ -211,8 +208,7 @@ Resources:
               StringNotEquals:
                 s3:x-amz-server-side-encryption-aws-kms-key-id: !Sub ${pGuardDutyOrgDeliveryKMSKeyArn}
             Resource: !Sub arn:aws:s3:::${rGuardDutyDeliveryS3Bucket}/*
-            Principal:
-              Service: '*'
+            Principal: '*'
             Condition:
               StringLike:
                 aws:PrincipalServiceName: guardduty.*.amazonaws.com
