feat(core): update s3 bucket ownership (#522)

* feat(core): update s3 bucket ownership
* Adding override in custom construct

Author: naveenkoppula

src/deployments/cdk/src/deployments/defaults/step-1.ts

@@ -98,6 +98,15 @@ function createCentralBucketCopy(props: DefaultsStep1Props) {
     removalPolicy: cdk.RemovalPolicy.RETAIN,
   });
 
+  // TODO: Remove and use fields directly when CDK enhanced s3.Bucket.
+  (bucket.node.defaultChild as s3.CfnBucket).addPropertyOverride('OwnershipControls', {
+    Rules: [
+      {
+        ObjectOwnership: 'BucketOwnerPreferred',
+      },
+    ],
+  });
+
   // Let the bucket name be generated by CloudFormation
   // The generated bucket name is based on the stack name + logical ID + random suffix
   overrideLogicalId(bucket, `config${masterAccountStack.region}`);
@@ -308,6 +317,15 @@ function createAesLogBucket(props: DefaultsStep1Props) {
     removalPolicy: cdk.RemovalPolicy.RETAIN,
   });
 
+  // TODO: Remove and use fields directly when CDK enhanced s3.Bucket.
+  (logBucket.node.defaultChild as s3.CfnBucket).addPropertyOverride('OwnershipControls', {
+    Rules: [
+      {
+        ObjectOwnership: 'BucketOwnerPreferred',
+      },
+    ],
+  });
+
   // Let the bucket name be generated by CloudFormation
   // The generated bucket name is based on the stack name + logical ID + random suffix
   overrideLogicalId(logBucket, `aes${logAccountStack.region}`);

src/installer/cdk/src/index.ts

@@ -287,6 +287,15 @@ async function main() {
     removalPolicy: cdk.RemovalPolicy.DESTROY,
   });
 
+  // TODO: Remove and use fields directly when CDK enhanced s3.Bucket.
+  (installerArtifactsBucket.node.defaultChild as s3.CfnBucket).addPropertyOverride('OwnershipControls', {
+    Rules: [
+      {
+        ObjectOwnership: 'BucketOwnerPreferred',
+      },
+    ],
+  });
+
   new codepipeline.Pipeline(stack, 'Pipeline', {
     role: installerPipelineRole,
     pipelineName: `${acceleratorPrefix}InstallerPipeline`,

src/lib/cdk-constructs/src/s3/bucket.ts

@@ -47,6 +47,15 @@ export class Bucket extends s3.Bucket {
 
     // Get the underlying resource
     this.resource = this.node.findChild('Resource') as s3.CfnBucket;
+
+    // TODO: Remove and use fields directly when CDK enhanced s3.Bucket.
+    this.resource.addPropertyOverride('OwnershipControls', {
+      Rules: [
+        {
+          ObjectOwnership: 'BucketOwnerPreferred',
+        },
+      ],
+    });
   }
 
   replicateFrom(principals: iam.IPrincipal[], organizationId: string, prefix: string) {