AWS Classic

v5.16.2 published on Tuesday, Oct 4, 2022 by Pulumi

getServiceAccount

Deprecated:

aws.elasticloadbalancing.getServiceAccount has been deprecated in favor of aws.elb.getServiceAccount

Use this data source to get the Account ID of the AWS Elastic Load Balancing Service Account in a given region for the purpose of permitting in S3 bucket policy.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var main = Aws.Elb.GetServiceAccount.Invoke();

    var elbLogs = new Aws.S3.BucketV2("elbLogs");

    var elbLogsAcl = new Aws.S3.BucketAclV2("elbLogsAcl", new()
    {
        Bucket = elbLogs.Id,
        Acl = "private",
    });

    var allowElbLogging = new Aws.S3.BucketPolicy("allowElbLogging", new()
    {
        Bucket = elbLogs.Id,
        Policy = @$"{{
  ""Id"": ""Policy"",
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {{
      ""Action"": [
        ""s3:PutObject""
      ],
      ""Effect"": ""Allow"",
      ""Resource"": ""arn:aws:s3:::my-elb-tf-test-bucket/AWSLogs/*"",
      ""Principal"": {{
        ""AWS"": [
          ""{main.Apply(getServiceAccountResult => getServiceAccountResult.Arn)}""
        ]
      }}
    }}
  ]
}}
",
    });

    var bar = new Aws.Elb.LoadBalancer("bar", new()
    {
        AvailabilityZones = new[]
        {
            "us-west-2a",
        },
        AccessLogs = new Aws.Elb.Inputs.LoadBalancerAccessLogsArgs
        {
            Bucket = elbLogs.Bucket,
            Interval = 5,
        },
        Listeners = new[]
        {
            new Aws.Elb.Inputs.LoadBalancerListenerArgs
            {
                InstancePort = 8000,
                InstanceProtocol = "http",
                LbPort = 80,
                LbProtocol = "http",
            },
        },
    });

});
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/elb"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/s3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		main, err := elb.GetServiceAccount(ctx, nil, nil)
		if err != nil {
			return err
		}
		elbLogs, err := s3.NewBucketV2(ctx, "elbLogs", nil)
		if err != nil {
			return err
		}
		_, err = s3.NewBucketAclV2(ctx, "elbLogsAcl", &s3.BucketAclV2Args{
			Bucket: elbLogs.ID(),
			Acl:    pulumi.String("private"),
		})
		if err != nil {
			return err
		}
		_, err = s3.NewBucketPolicy(ctx, "allowElbLogging", &s3.BucketPolicyArgs{
			Bucket: elbLogs.ID(),
			Policy: pulumi.Any(fmt.Sprintf(`{
  "Id": "Policy",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::my-elb-tf-test-bucket/AWSLogs/*",
      "Principal": {
        "AWS": [
          "%v"
        ]
      }
    }
  ]
}
`, main.Arn)),
		})
		if err != nil {
			return err
		}
		_, err = elb.NewLoadBalancer(ctx, "bar", &elb.LoadBalancerArgs{
			AvailabilityZones: pulumi.StringArray{
				pulumi.String("us-west-2a"),
			},
			AccessLogs: &elb.LoadBalancerAccessLogsArgs{
				Bucket:   elbLogs.Bucket,
				Interval: pulumi.Int(5),
			},
			Listeners: elb.LoadBalancerListenerArray{
				&elb.LoadBalancerListenerArgs{
					InstancePort:     pulumi.Int(8000),
					InstanceProtocol: pulumi.String("http"),
					LbPort:           pulumi.Int(80),
					LbProtocol:       pulumi.String("http"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.elb.ElbFunctions;
import com.pulumi.aws.cloudtrail.inputs.GetServiceAccountArgs;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketAclV2;
import com.pulumi.aws.s3.BucketAclV2Args;
import com.pulumi.aws.s3.BucketPolicy;
import com.pulumi.aws.s3.BucketPolicyArgs;
import com.pulumi.aws.elb.LoadBalancer;
import com.pulumi.aws.elb.LoadBalancerArgs;
import com.pulumi.aws.elb.inputs.LoadBalancerAccessLogsArgs;
import com.pulumi.aws.elb.inputs.LoadBalancerListenerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var main = ElbFunctions.getServiceAccount();

        var elbLogs = new BucketV2("elbLogs");

        var elbLogsAcl = new BucketAclV2("elbLogsAcl", BucketAclV2Args.builder()        
            .bucket(elbLogs.id())
            .acl("private")
            .build());

        var allowElbLogging = new BucketPolicy("allowElbLogging", BucketPolicyArgs.builder()        
            .bucket(elbLogs.id())
            .policy("""
{
  "Id": "Policy",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::my-elb-tf-test-bucket/AWSLogs/*",
      "Principal": {
        "AWS": [
          "%s"
        ]
      }
    }
  ]
}
", main.applyValue(getServiceAccountResult -> getServiceAccountResult.arn())))
            .build());

        var bar = new LoadBalancer("bar", LoadBalancerArgs.builder()        
            .availabilityZones("us-west-2a")
            .accessLogs(LoadBalancerAccessLogsArgs.builder()
                .bucket(elbLogs.bucket())
                .interval(5)
                .build())
            .listeners(LoadBalancerListenerArgs.builder()
                .instancePort(8000)
                .instanceProtocol("http")
                .lbPort(80)
                .lbProtocol("http")
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

main = aws.elb.get_service_account()
elb_logs = aws.s3.BucketV2("elbLogs")
elb_logs_acl = aws.s3.BucketAclV2("elbLogsAcl",
    bucket=elb_logs.id,
    acl="private")
allow_elb_logging = aws.s3.BucketPolicy("allowElbLogging",
    bucket=elb_logs.id,
    policy=f"""{{
  "Id": "Policy",
  "Version": "2012-10-17",
  "Statement": [
    {{
      "Action": [
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::my-elb-tf-test-bucket/AWSLogs/*",
      "Principal": {{
        "AWS": [
          "{main.arn}"
        ]
      }}
    }}
  ]
}}
""")
bar = aws.elb.LoadBalancer("bar",
    availability_zones=["us-west-2a"],
    access_logs=aws.elb.LoadBalancerAccessLogsArgs(
        bucket=elb_logs.bucket,
        interval=5,
    ),
    listeners=[aws.elb.LoadBalancerListenerArgs(
        instance_port=8000,
        instance_protocol="http",
        lb_port=80,
        lb_protocol="http",
    )])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const main = aws.elb.getServiceAccount({});
const elbLogs = new aws.s3.BucketV2("elbLogs", {});
const elbLogsAcl = new aws.s3.BucketAclV2("elbLogsAcl", {
    bucket: elbLogs.id,
    acl: "private",
});
const allowElbLogging = new aws.s3.BucketPolicy("allowElbLogging", {
    bucket: elbLogs.id,
    policy: main.then(main => `{
  "Id": "Policy",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::my-elb-tf-test-bucket/AWSLogs/*",
      "Principal": {
        "AWS": [
          "${main.arn}"
        ]
      }
    }
  ]
}
`),
});
const bar = new aws.elb.LoadBalancer("bar", {
    availabilityZones: ["us-west-2a"],
    accessLogs: {
        bucket: elbLogs.bucket,
        interval: 5,
    },
    listeners: [{
        instancePort: 8000,
        instanceProtocol: "http",
        lbPort: 80,
        lbProtocol: "http",
    }],
});
resources:
  elbLogs:
    type: aws:s3:BucketV2
  elbLogsAcl:
    type: aws:s3:BucketAclV2
    properties:
      bucket: ${elbLogs.id}
      acl: private
  allowElbLogging:
    type: aws:s3:BucketPolicy
    properties:
      bucket: ${elbLogs.id}
      policy: |
        {
          "Id": "Policy",
          "Version": "2012-10-17",
          "Statement": [
            {
              "Action": [
                "s3:PutObject"
              ],
              "Effect": "Allow",
              "Resource": "arn:aws:s3:::my-elb-tf-test-bucket/AWSLogs/*",
              "Principal": {
                "AWS": [
                  "${main.arn}"
                ]
              }
            }
          ]
        }        
  bar:
    type: aws:elb:LoadBalancer
    properties:
      availabilityZones:
        - us-west-2a
      accessLogs:
        bucket: ${elbLogs.bucket}
        interval: 5
      listeners:
        - instancePort: 8000
          instanceProtocol: http
          lbPort: 80
          lbProtocol: http
variables:
  main:
    Fn::Invoke:
      Function: aws:elb:getServiceAccount
      Arguments: {}

Using getServiceAccount

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getServiceAccount(args: GetServiceAccountArgs, opts?: InvokeOptions): Promise<GetServiceAccountResult>
function getServiceAccountOutput(args: GetServiceAccountOutputArgs, opts?: InvokeOptions): Output<GetServiceAccountResult>
def get_service_account(region: Optional[str] = None,
                        opts: Optional[InvokeOptions] = None) -> GetServiceAccountResult
def get_service_account_output(region: Optional[pulumi.Input[str]] = None,
                        opts: Optional[InvokeOptions] = None) -> Output[GetServiceAccountResult]
func GetServiceAccount(ctx *Context, args *GetServiceAccountArgs, opts ...InvokeOption) (*GetServiceAccountResult, error)
func GetServiceAccountOutput(ctx *Context, args *GetServiceAccountOutputArgs, opts ...InvokeOption) GetServiceAccountResultOutput

> Note: This function is named GetServiceAccount in the Go SDK.

public static class GetServiceAccount 
{
    public static Task<GetServiceAccountResult> InvokeAsync(GetServiceAccountArgs args, InvokeOptions? opts = null)
    public static Output<GetServiceAccountResult> Invoke(GetServiceAccountInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetServiceAccountResult> getServiceAccount(GetServiceAccountArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
Fn::Invoke:
  Function: aws:elasticloadbalancing/getServiceAccount:getServiceAccount
  Arguments:
    # Arguments dictionary

The following arguments are supported:

Region string

Name of the region whose AWS ELB account ID is desired. Defaults to the region from the AWS provider configuration.

Region string

Name of the region whose AWS ELB account ID is desired. Defaults to the region from the AWS provider configuration.

region String

Name of the region whose AWS ELB account ID is desired. Defaults to the region from the AWS provider configuration.

region string

Name of the region whose AWS ELB account ID is desired. Defaults to the region from the AWS provider configuration.

region str

Name of the region whose AWS ELB account ID is desired. Defaults to the region from the AWS provider configuration.

region String

Name of the region whose AWS ELB account ID is desired. Defaults to the region from the AWS provider configuration.

getServiceAccount Result

The following output properties are available:

Arn string

ARN of the AWS ELB service account in the selected region.

Id string

The provider-assigned unique ID for this managed resource.

Region string
Arn string

ARN of the AWS ELB service account in the selected region.

Id string

The provider-assigned unique ID for this managed resource.

Region string
arn String

ARN of the AWS ELB service account in the selected region.

id String

The provider-assigned unique ID for this managed resource.

region String
arn string

ARN of the AWS ELB service account in the selected region.

id string

The provider-assigned unique ID for this managed resource.

region string
arn str

ARN of the AWS ELB service account in the selected region.

id str

The provider-assigned unique ID for this managed resource.

region str
arn String

ARN of the AWS ELB service account in the selected region.

id String

The provider-assigned unique ID for this managed resource.

region String

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.