aws s3api put-bucket-acl --bucket <target_bucket_name> --grant-write URI=
http://acs.amazonaws.com/groups/s3/LogDelivery
--grant-read-acp URI=
http://acs.amazonaws.com/groups/s3/LogDelivery
​<path_to_policy>
with the path to the logging policy created in step 2:aws s3api put-bucket-logging --bucket <cloudtrail_bucket_name> --bucket-logging-status file://<path_to_policy>