Today we are announcing two modifications which are designed to enhance the security of the HTTP Request Log Shipping and Database Backup Shipping configuration processes.
Instead of relying on the direct application of an AWS S3 bucket access policy, we now provide an AWS CloudFormation template that grants our tools the necessary access to your AWS S3 buckets for shipping HTTP logs and database backups. This improves the management of the access policies required to allow our systems to communicate securely with your S3 buckets.
Additionally, we’ve added a new input field called AWS Account ID. This is embedded in the CloudFormation template and helps validate that the specified bucket is owned by your AWS account, to avoid any misconfiguration issues.

You can follow this AWS guide to apply the AWS Cloud Formation template in your AWS Console.
If you have already enabled either HTTP Request Log Shipping or Database Backup Shipping, no changes are necessary and they will continue to work as configured.
If you would like to reconfigure any active HTTP Request Log Shipping or Database Backup Shipping configurations, you are welcome to do so by simply disabling and then re-enabling each shipping configuration. Once re-enabled, you may remove the Access Policy that you have previously applied to your bucket.
You can find more information on configuring both these features in our documentation:
If you have any questions about this change, please get in touch.