GetServiceAccount

Use this data source to get the Account ID of the AWS Redshift Service Account in a given region for the purpose of allowing Redshift to store audit data in S3.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var main = Output.Create(Aws.RedShift.GetServiceAccount.InvokeAsync());
        var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
        {
            ForceDestroy = true,
            Policy = Output.Tuple(main, main).Apply(values =>
            {
                var main = values.Item1;
                var main1 = values.Item2;
                return @$"{{
 ""Version"": ""2008-10-17"",
 ""Statement"": [
     {{
                 ""Sid"": ""Put bucket policy needed for audit logging"",
                 ""Effect"": ""Allow"",
                 ""Principal"": {{
                     ""AWS"": ""{main.Arn}""
                 }},
                 ""Action"": ""s3:PutObject"",
                 ""Resource"": ""arn:aws:s3:::tf-redshift-logging-test-bucket/*""
             }},
             {{
                 ""Sid"": ""Get bucket policy needed for audit logging "",
                 ""Effect"": ""Allow"",
                 ""Principal"": {{
                     ""AWS"": ""{main1.Arn}""
                 }},
                 ""Action"": ""s3:GetBucketAcl"",
                 ""Resource"": ""arn:aws:s3:::tf-redshift-logging-test-bucket""
             }}
 ]
}}

";
            }),
        });
    }

}

package main

import (
    "fmt"

    "github.com/pulumi/pulumi-aws/sdk/v2/go/aws/redshift"
    "github.com/pulumi/pulumi-aws/sdk/v2/go/aws/s3"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        main, err := redshift.GetServiceAccount(ctx, nil, nil)
        if err != nil {
            return err
        }
        _, err = s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
            ForceDestroy: pulumi.Bool(true),
            Policy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "   \"Version\": \"2008-10-17\",\n", "    \"Statement\": [\n", "        {\n", "                   \"Sid\": \"Put bucket policy needed for audit logging\",\n", "                    \"Effect\": \"Allow\",\n", "                  \"Principal\": {\n", "                        \"AWS\": \"", main.Arn, "\"\n", "                 },\n", "                  \"Action\": \"s3:PutObject\",\n", "                   \"Resource\": \"arn:aws:s3:::tf-redshift-logging-test-bucket/*\"\n", "                },\n", "              {\n", "                   \"Sid\": \"Get bucket policy needed for audit logging \",\n", "                   \"Effect\": \"Allow\",\n", "                  \"Principal\": {\n", "                        \"AWS\": \"", main.Arn, "\"\n", "                 },\n", "                  \"Action\": \"s3:GetBucketAcl\",\n", "                    \"Resource\": \"arn:aws:s3:::tf-redshift-logging-test-bucket\"\n", "              }\n", "   ]\n", "}\n", "\n")),
        })
        if err != nil {
            return err
        }
        return nil
    })
}

import pulumi
import pulumi_aws as aws

main = aws.redshift.get_service_account()
bucket = aws.s3.Bucket("bucket",
    force_destroy=True,
    policy=f"""{{
    "Version": "2008-10-17",
    "Statement": [
        {{
                    "Sid": "Put bucket policy needed for audit logging",
                    "Effect": "Allow",
                    "Principal": {{
                        "AWS": "{main.arn}"
                    }},
                    "Action": "s3:PutObject",
                    "Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket/*"
                }},
                {{
                    "Sid": "Get bucket policy needed for audit logging ",
                    "Effect": "Allow",
                    "Principal": {{
                        "AWS": "{main.arn}"
                    }},
                    "Action": "s3:GetBucketAcl",
                    "Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket"
                }}
    ]
}}

""")

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const main = pulumi.output(aws.redshift.getServiceAccount({ async: true }));
const bucket = new aws.s3.Bucket("bucket", {
    forceDestroy: true,
    policy: pulumi.interpolate`{
    "Version": "2008-10-17",
    "Statement": [
        {
                    "Sid": "Put bucket policy needed for audit logging",
                    "Effect": "Allow",
                    "Principal": {
                        "AWS": "${main.arn}"
                    },
                    "Action": "s3:PutObject",
                    "Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket/*"
                },
                {
                    "Sid": "Get bucket policy needed for audit logging ",
                    "Effect": "Allow",
                    "Principal": {
                        "AWS": "${main.arn}"
                    },
                    "Action": "s3:GetBucketAcl",
                    "Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket"
                }
    ]
}
`,
});

Using GetServiceAccount

function getServiceAccount(args: GetServiceAccountArgs, opts?: InvokeOptions): Promise<GetServiceAccountResult>

function  get_service_account(region=None, opts=None)

func GetServiceAccount(ctx *Context, args *GetServiceAccountArgs, opts ...InvokeOption) (*GetServiceAccountResult, error)

public static class GetServiceAccount {
    public static Task<GetServiceAccountResult> InvokeAsync(GetServiceAccountArgs args, InvokeOptions? opts = null)
}

The following arguments are supported:

Region string: Name of the region whose AWS Redshift account ID is desired. Defaults to the region from the AWS provider configuration.

Region string: Name of the region whose AWS Redshift account ID is desired. Defaults to the region from the AWS provider configuration.

region string: Name of the region whose AWS Redshift account ID is desired. Defaults to the region from the AWS provider configuration.

region str: Name of the region whose AWS Redshift account ID is desired. Defaults to the region from the AWS provider configuration.

GetServiceAccount Result

The following output properties are available:

Arn string: The ARN of the AWS Redshift service account in the selected region.
Id string: The provider-assigned unique ID for this managed resource.
Region string

Arn string: The ARN of the AWS Redshift service account in the selected region.
Id string: The provider-assigned unique ID for this managed resource.
Region string

arn string: The ARN of the AWS Redshift service account in the selected region.
id string: The provider-assigned unique ID for this managed resource.
region string

arn str: The ARN of the AWS Redshift service account in the selected region.
id str: The provider-assigned unique ID for this managed resource.
region str

Package Details

Repository: https://github.com/pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

GetServiceAccount

Example Usage

Using GetServiceAccount

GetServiceAccount Result

Package Details

On This Page