Untitled

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AWSCloudTrailGetACLOrgPermission",
            "Effect": "Allow",
            "Principal": {
                "Service": "cloudtrail.amazonaws.com"
            },
            "Action": "s3:GetBucketAcl",
            "Resource": "arn:aws:s3:::MY_CLOUDTRAIL_BUCKET"
        },
        {
            "Sid": "AWSCloudTrailWriteOrgPermission",
            "Effect": "Allow",
            "Principal": {
                "Service": "cloudtrail.amazonaws.com"
            },
            "Action": "s3:PutObject",
            "Resource": [
                "arn:aws:s3:::MY_CLOUDTRAIL_BUCKET/AWSLogs/YOUR_ORG_ID/*"
            ],
            "Condition": {
                "StringEquals": {
                    "s3:x-amz-acl": "bucket-owner-full-control"
                }
            }
        }
    ]
}