Fix incorrect parameter in Log Archive Read Only custom resource (#596)

BrianFanning · web-flow · commit 23f30176e749 · 2021-02-04T09:24:23.000-05:00
Authored-by: Brian Fanning &lt;bfannin@amazon.com&gt;
diff --git a/src/lib/custom-resources/cdk-s3-update-logarchive-bucket-policy/runtime/src/index.ts b/src/lib/custom-resources/cdk-s3-update-logarchive-bucket-policy/runtime/src/index.ts
@@ -200,14 +200,12 @@ async function onDelete(event: CloudFormationCustomResourceDeleteEvent) {
   let keyPolicy = await getKmsKeyPolicy(props.logBucketKmsKeyArn);
 
   if (Object.keys(bucketPolicy).length > 0) {
-    const updatedStatements = removeExistingReadOnlyStatement(bucketPolicy.Statement);
-    bucketPolicy.Statement = updatedStatements;
+    bucketPolicy = removeExistingReadOnlyStatement(bucketPolicy);
     const response = await putBucketPolicy(props.logBucketName, JSON.stringify(bucketPolicy));
   }
 
   if (Object.keys(keyPolicy).length > 0) {
-    const updatedStatements = removeExistingReadOnlyStatement(keyPolicy.Statement);
-    keyPolicy.Statement = updatedStatements;
+    keyPolicy = removeExistingReadOnlyStatement(keyPolicy);
     const response = await putKmsKeyPolicy(props.logBucketKmsKeyArn, JSON.stringify(keyPolicy));
   }
   return {};
