GetServiceAccount
Use this data source to get the Account ID of the AWS CloudTrail Service Account in a given region for the purpose of allowing CloudTrail to store trail data in S3.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var main = Output.Create(Aws.CloudTrail.GetServiceAccount.InvokeAsync());
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
ForceDestroy = true,
Policy = Output.Tuple(main, main).Apply(values =>
{
var main = values.Item1;
var main1 = values.Item2;
return @$"{{
""Version"": ""2008-10-17"",
""Statement"": [
{{
""Sid"": ""Put bucket policy needed for trails"",
""Effect"": ""Allow"",
""Principal"": {{
""AWS"": ""{main.Arn}""
}},
""Action"": ""s3:PutObject"",
""Resource"": ""arn:aws:s3:::tf-cloudtrail-logging-test-bucket/*""
}},
{{
""Sid"": ""Get bucket policy needed for trails"",
""Effect"": ""Allow"",
""Principal"": {{
""AWS"": ""{main1.Arn}""
}},
""Action"": ""s3:GetBucketAcl"",
""Resource"": ""arn:aws:s3:::tf-cloudtrail-logging-test-bucket""
}}
]
}}
";
}),
});
}
}
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/cloudtrail"
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
main, err := cloudtrail.GetServiceAccount(ctx, nil, nil)
if err != nil {
return err
}
_, err = s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
ForceDestroy: pulumi.Bool(true),
Policy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", " \"Version\": \"2008-10-17\",\n", " \"Statement\": [\n", " {\n", " \"Sid\": \"Put bucket policy needed for trails\",\n", " \"Effect\": \"Allow\",\n", " \"Principal\": {\n", " \"AWS\": \"", main.Arn, "\"\n", " },\n", " \"Action\": \"s3:PutObject\",\n", " \"Resource\": \"arn:aws:s3:::tf-cloudtrail-logging-test-bucket/*\"\n", " },\n", " {\n", " \"Sid\": \"Get bucket policy needed for trails\",\n", " \"Effect\": \"Allow\",\n", " \"Principal\": {\n", " \"AWS\": \"", main.Arn, "\"\n", " },\n", " \"Action\": \"s3:GetBucketAcl\",\n", " \"Resource\": \"arn:aws:s3:::tf-cloudtrail-logging-test-bucket\"\n", " }\n", " ]\n", "}\n", "\n")),
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_aws as aws
main = aws.cloudtrail.get_service_account()
bucket = aws.s3.Bucket("bucket",
force_destroy=True,
policy=f"""{{
"Version": "2008-10-17",
"Statement": [
{{
"Sid": "Put bucket policy needed for trails",
"Effect": "Allow",
"Principal": {{
"AWS": "{main.arn}"
}},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::tf-cloudtrail-logging-test-bucket/*"
}},
{{
"Sid": "Get bucket policy needed for trails",
"Effect": "Allow",
"Principal": {{
"AWS": "{main.arn}"
}},
"Action": "s3:GetBucketAcl",
"Resource": "arn:aws:s3:::tf-cloudtrail-logging-test-bucket"
}}
]
}}
""")import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const main = pulumi.output(aws.cloudtrail.getServiceAccount({ async: true }));
const bucket = new aws.s3.Bucket("bucket", {
forceDestroy: true,
policy: pulumi.interpolate`{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "Put bucket policy needed for trails",
"Effect": "Allow",
"Principal": {
"AWS": "${main.arn}"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::tf-cloudtrail-logging-test-bucket/*"
},
{
"Sid": "Get bucket policy needed for trails",
"Effect": "Allow",
"Principal": {
"AWS": "${main.arn}"
},
"Action": "s3:GetBucketAcl",
"Resource": "arn:aws:s3:::tf-cloudtrail-logging-test-bucket"
}
]
}
`,
});Using GetServiceAccount
function getServiceAccount(args: GetServiceAccountArgs, opts?: InvokeOptions): Promise<GetServiceAccountResult>function get_service_account(region=None, opts=None)func GetServiceAccount(ctx *Context, args *GetServiceAccountArgs, opts ...InvokeOption) (*GetServiceAccountResult, error)public static class GetServiceAccount {
public static Task<GetServiceAccountResult> InvokeAsync(GetServiceAccountArgs args, InvokeOptions? opts = null)
}The following arguments are supported:
GetServiceAccount Result
The following output properties are available:
Package Details
- Repository
- https://github.com/pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.