1. Packages
  2. AWS Classic
  3. API Docs
  4. getBillingServiceAccount

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.41.0 published on Tuesday, Jun 18, 2024 by Pulumi

aws.getBillingServiceAccount

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.41.0 published on Tuesday, Jun 18, 2024 by Pulumi

    Use this data source to get the Account ID of the AWS Billing and Cost Management Service Account for the purpose of permitting in S3 bucket policy.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const main = aws.getBillingServiceAccount({});
    const billingLogs = new aws.s3.BucketV2("billing_logs", {bucket: "my-billing-tf-test-bucket"});
    const billingLogsAcl = new aws.s3.BucketAclV2("billing_logs_acl", {
        bucket: billingLogs.id,
        acl: "private",
    });
    const allowBillingLogging = pulumi.all([main, billingLogs.arn, main, billingLogs.arn]).apply(([main, billingLogsArn, main1, billingLogsArn1]) => aws.iam.getPolicyDocumentOutput({
        statements: [
            {
                effect: "Allow",
                principals: [{
                    type: "AWS",
                    identifiers: [main.arn],
                }],
                actions: [
                    "s3:GetBucketAcl",
                    "s3:GetBucketPolicy",
                ],
                resources: [billingLogsArn],
            },
            {
                effect: "Allow",
                principals: [{
                    type: "AWS",
                    identifiers: [main1.arn],
                }],
                actions: ["s3:PutObject"],
                resources: [`${billingLogsArn1}/*`],
            },
        ],
    }));
    const allowBillingLoggingBucketPolicy = new aws.s3.BucketPolicy("allow_billing_logging", {
        bucket: billingLogs.id,
        policy: allowBillingLogging.apply(allowBillingLogging => allowBillingLogging.json),
    });
    
    import pulumi
    import pulumi_aws as aws
    
    main = aws.get_billing_service_account()
    billing_logs = aws.s3.BucketV2("billing_logs", bucket="my-billing-tf-test-bucket")
    billing_logs_acl = aws.s3.BucketAclV2("billing_logs_acl",
        bucket=billing_logs.id,
        acl="private")
    allow_billing_logging = pulumi.Output.all(billing_logs.arn, billing_logs.arn).apply(lambda billingLogsArn, billingLogsArn1: aws.iam.get_policy_document_output(statements=[
        aws.iam.GetPolicyDocumentStatementArgs(
            effect="Allow",
            principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
                type="AWS",
                identifiers=[main.arn],
            )],
            actions=[
                "s3:GetBucketAcl",
                "s3:GetBucketPolicy",
            ],
            resources=[billing_logs_arn],
        ),
        aws.iam.GetPolicyDocumentStatementArgs(
            effect="Allow",
            principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
                type="AWS",
                identifiers=[main.arn],
            )],
            actions=["s3:PutObject"],
            resources=[f"{billing_logs_arn1}/*"],
        ),
    ]))
    allow_billing_logging_bucket_policy = aws.s3.BucketPolicy("allow_billing_logging",
        bucket=billing_logs.id,
        policy=allow_billing_logging.json)
    
    package main
    
    import (
    	"fmt"
    
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
    main, err := aws.GetBillingServiceAccount(ctx, nil, nil);
    if err != nil {
    return err
    }
    billingLogs, err := s3.NewBucketV2(ctx, "billing_logs", &s3.BucketV2Args{
    Bucket: pulumi.String("my-billing-tf-test-bucket"),
    })
    if err != nil {
    return err
    }
    _, err = s3.NewBucketAclV2(ctx, "billing_logs_acl", &s3.BucketAclV2Args{
    Bucket: billingLogs.ID(),
    Acl: pulumi.String("private"),
    })
    if err != nil {
    return err
    }
    allowBillingLogging := pulumi.All(billingLogs.Arn,billingLogs.Arn).ApplyT(func(_args []interface{}) (iam.GetPolicyDocumentResult, error) {
    billingLogsArn := _args[0].(string)
    billingLogsArn1 := _args[1].(string)
    return iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
    Statements: []iam.GetPolicyDocumentStatement{
    {
    Effect: "Allow",
    Principals: []iam.GetPolicyDocumentStatementPrincipal{
    {
    Type: "AWS",
    Identifiers: interface{}{
    main.Arn,
    },
    },
    },
    Actions: []string{
    "s3:GetBucketAcl",
    "s3:GetBucketPolicy",
    },
    Resources: []string{
    billingLogsArn,
    },
    },
    {
    Effect: "Allow",
    Principals: []iam.GetPolicyDocumentStatementPrincipal{
    {
    Type: "AWS",
    Identifiers: interface{}{
    main.Arn,
    },
    },
    },
    Actions: []string{
    "s3:PutObject",
    },
    Resources: []string{
    fmt.Sprintf("%v/*", billingLogsArn1),
    },
    },
    },
    }, nil), nil
    }).(iam.GetPolicyDocumentResultOutput)
    _, err = s3.NewBucketPolicy(ctx, "allow_billing_logging", &s3.BucketPolicyArgs{
    Bucket: billingLogs.ID(),
    Policy: allowBillingLogging.ApplyT(func(allowBillingLogging iam.GetPolicyDocumentResult) (*string, error) {
    return &allowBillingLogging.Json, nil
    }).(pulumi.StringPtrOutput),
    })
    if err != nil {
    return err
    }
    return nil
    })
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var main = Aws.GetBillingServiceAccount.Invoke();
    
        var billingLogs = new Aws.S3.BucketV2("billing_logs", new()
        {
            Bucket = "my-billing-tf-test-bucket",
        });
    
        var billingLogsAcl = new Aws.S3.BucketAclV2("billing_logs_acl", new()
        {
            Bucket = billingLogs.Id,
            Acl = "private",
        });
    
        var allowBillingLogging = Aws.Iam.GetPolicyDocument.Invoke(new()
        {
            Statements = new[]
            {
                new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
                {
                    Effect = "Allow",
                    Principals = new[]
                    {
                        new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                        {
                            Type = "AWS",
                            Identifiers = new[]
                            {
                                main.Apply(getBillingServiceAccountResult => getBillingServiceAccountResult.Arn),
                            },
                        },
                    },
                    Actions = new[]
                    {
                        "s3:GetBucketAcl",
                        "s3:GetBucketPolicy",
                    },
                    Resources = new[]
                    {
                        billingLogs.Arn,
                    },
                },
                new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
                {
                    Effect = "Allow",
                    Principals = new[]
                    {
                        new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                        {
                            Type = "AWS",
                            Identifiers = new[]
                            {
                                main.Apply(getBillingServiceAccountResult => getBillingServiceAccountResult.Arn),
                            },
                        },
                    },
                    Actions = new[]
                    {
                        "s3:PutObject",
                    },
                    Resources = new[]
                    {
                        $"{billingLogs.Arn}/*",
                    },
                },
            },
        });
    
        var allowBillingLoggingBucketPolicy = new Aws.S3.BucketPolicy("allow_billing_logging", new()
        {
            Bucket = billingLogs.Id,
            Policy = allowBillingLogging.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.AwsFunctions;
    import com.pulumi.aws.inputs.GetBillingServiceAccountArgs;
    import com.pulumi.aws.s3.BucketV2;
    import com.pulumi.aws.s3.BucketV2Args;
    import com.pulumi.aws.s3.BucketAclV2;
    import com.pulumi.aws.s3.BucketAclV2Args;
    import com.pulumi.aws.iam.IamFunctions;
    import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
    import com.pulumi.aws.s3.BucketPolicy;
    import com.pulumi.aws.s3.BucketPolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var main = AwsFunctions.getBillingServiceAccount();
    
            var billingLogs = new BucketV2("billingLogs", BucketV2Args.builder()
                .bucket("my-billing-tf-test-bucket")
                .build());
    
            var billingLogsAcl = new BucketAclV2("billingLogsAcl", BucketAclV2Args.builder()
                .bucket(billingLogs.id())
                .acl("private")
                .build());
    
            final var allowBillingLogging = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
                .statements(            
                    GetPolicyDocumentStatementArgs.builder()
                        .effect("Allow")
                        .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                            .type("AWS")
                            .identifiers(main.applyValue(getBillingServiceAccountResult -> getBillingServiceAccountResult.arn()))
                            .build())
                        .actions(                    
                            "s3:GetBucketAcl",
                            "s3:GetBucketPolicy")
                        .resources(billingLogs.arn())
                        .build(),
                    GetPolicyDocumentStatementArgs.builder()
                        .effect("Allow")
                        .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                            .type("AWS")
                            .identifiers(main.applyValue(getBillingServiceAccountResult -> getBillingServiceAccountResult.arn()))
                            .build())
                        .actions("s3:PutObject")
                        .resources(billingLogs.arn().applyValue(arn -> String.format("%s/*", arn)))
                        .build())
                .build());
    
            var allowBillingLoggingBucketPolicy = new BucketPolicy("allowBillingLoggingBucketPolicy", BucketPolicyArgs.builder()
                .bucket(billingLogs.id())
                .policy(allowBillingLogging.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(allowBillingLogging -> allowBillingLogging.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
                .build());
    
        }
    }
    
    resources:
      billingLogs:
        type: aws:s3:BucketV2
        name: billing_logs
        properties:
          bucket: my-billing-tf-test-bucket
      billingLogsAcl:
        type: aws:s3:BucketAclV2
        name: billing_logs_acl
        properties:
          bucket: ${billingLogs.id}
          acl: private
      allowBillingLoggingBucketPolicy:
        type: aws:s3:BucketPolicy
        name: allow_billing_logging
        properties:
          bucket: ${billingLogs.id}
          policy: ${allowBillingLogging.json}
    variables:
      main:
        fn::invoke:
          Function: aws:getBillingServiceAccount
          Arguments: {}
      allowBillingLogging:
        fn::invoke:
          Function: aws:iam:getPolicyDocument
          Arguments:
            statements:
              - effect: Allow
                principals:
                  - type: AWS
                    identifiers:
                      - ${main.arn}
                actions:
                  - s3:GetBucketAcl
                  - s3:GetBucketPolicy
                resources:
                  - ${billingLogs.arn}
              - effect: Allow
                principals:
                  - type: AWS
                    identifiers:
                      - ${main.arn}
                actions:
                  - s3:PutObject
                resources:
                  - ${billingLogs.arn}/*
    

    Using getBillingServiceAccount

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getBillingServiceAccount(args: GetBillingServiceAccountArgs, opts?: InvokeOptions): Promise<GetBillingServiceAccountResult>
    function getBillingServiceAccountOutput(args: GetBillingServiceAccountOutputArgs, opts?: InvokeOptions): Output<GetBillingServiceAccountResult>
    def get_billing_service_account(id: Optional[str] = None,
                                    opts: Optional[InvokeOptions] = None) -> GetBillingServiceAccountResult
    def get_billing_service_account_output(id: Optional[pulumi.Input[str]] = None,
                                    opts: Optional[InvokeOptions] = None) -> Output[GetBillingServiceAccountResult]
    func GetBillingServiceAccount(ctx *Context, args *GetBillingServiceAccountArgs, opts ...InvokeOption) (*GetBillingServiceAccountResult, error)
    func GetBillingServiceAccountOutput(ctx *Context, args *GetBillingServiceAccountOutputArgs, opts ...InvokeOption) GetBillingServiceAccountResultOutput

    > Note: This function is named GetBillingServiceAccount in the Go SDK.

    public static class GetBillingServiceAccount 
    {
        public static Task<GetBillingServiceAccountResult> InvokeAsync(GetBillingServiceAccountArgs args, InvokeOptions? opts = null)
        public static Output<GetBillingServiceAccountResult> Invoke(GetBillingServiceAccountInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetBillingServiceAccountResult> getBillingServiceAccount(GetBillingServiceAccountArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: aws:index/getBillingServiceAccount:getBillingServiceAccount
      arguments:
        # arguments dictionary

    The following arguments are supported:

    Id string
    ID of the AWS billing service account.
    Id string
    ID of the AWS billing service account.
    id String
    ID of the AWS billing service account.
    id string
    ID of the AWS billing service account.
    id str
    ID of the AWS billing service account.
    id String
    ID of the AWS billing service account.

    getBillingServiceAccount Result

    The following output properties are available:

    Arn string
    ARN of the AWS billing service account.
    Id string
    ID of the AWS billing service account.
    Arn string
    ARN of the AWS billing service account.
    Id string
    ID of the AWS billing service account.
    arn String
    ARN of the AWS billing service account.
    id String
    ID of the AWS billing service account.
    arn string
    ARN of the AWS billing service account.
    id string
    ID of the AWS billing service account.
    arn str
    ARN of the AWS billing service account.
    id str
    ID of the AWS billing service account.
    arn String
    ARN of the AWS billing service account.
    id String
    ID of the AWS billing service account.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.41.0 published on Tuesday, Jun 18, 2024 by Pulumi