From 96f3f76118e7f07c5b305bed86f17243f6bd36e8 Mon Sep 17 00:00:00 2001
From: Lee Provoost <lee.provoost@gmail.com>
Date: Tue, 19 Jan 2016 08:54:42 +0000
Subject: [PATCH] Principal * gets rejected by AWS, use
 cloudtrail.amazonaws.com instead.

---
 .../source/docs/providers/aws/r/cloudtrail.html.markdown  | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/website/source/docs/providers/aws/r/cloudtrail.html.markdown b/website/source/docs/providers/aws/r/cloudtrail.html.markdown
index 6bffee09e..aa7314ee1 100644
--- a/website/source/docs/providers/aws/r/cloudtrail.html.markdown
+++ b/website/source/docs/providers/aws/r/cloudtrail.html.markdown
@@ -29,14 +29,18 @@ resource "aws_s3_bucket" "foo" {
         {
             "Sid": "AWSCloudTrailAclCheck",
             "Effect": "Allow",
-            "Principal": "*",
+            "Principal": {
+              "Service": "cloudtrail.amazonaws.com"
+            },
             "Action": "s3:GetBucketAcl",
             "Resource": "arn:aws:s3:::tf-test-trail"
         },
         {
             "Sid": "AWSCloudTrailWrite",
             "Effect": "Allow",
-            "Principal": "*",
+            "Principal": {
+              "Service": "cloudtrail.amazonaws.com"
+            },
             "Action": "s3:PutObject",
             "Resource": "arn:aws:s3:::tf-test-trail/*",
             "Condition": {