AWS Classic v5.41.0, May 15 23
AWS Classic v5.41.0, May 15 23
aws.getBillingServiceAccount
Explore with Pulumi AI
Use this data source to get the Account ID of the AWS Billing and Cost Management Service Account for the purpose of permitting in S3 bucket policy.
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var main = Aws.GetBillingServiceAccount.Invoke();
var billingLogs = new Aws.S3.BucketV2("billingLogs");
var billingLogsAcl = new Aws.S3.BucketAclV2("billingLogsAcl", new()
{
Bucket = billingLogs.Id,
Acl = "private",
});
var allowBillingLoggingPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "AWS",
Identifiers = new[]
{
main.Apply(getBillingServiceAccountResult => getBillingServiceAccountResult.Arn),
},
},
},
Actions = new[]
{
"s3:GetBucketAcl",
"s3:GetBucketPolicy",
},
Resources = new[]
{
billingLogs.Arn,
},
},
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "AWS",
Identifiers = new[]
{
main.Apply(getBillingServiceAccountResult => getBillingServiceAccountResult.Arn),
},
},
},
Actions = new[]
{
"s3:PutObject",
},
Resources = new[]
{
$"{billingLogs.Arn}/*",
},
},
},
});
var allowBillingLoggingBucketPolicy = new Aws.S3.BucketPolicy("allowBillingLoggingBucketPolicy", new()
{
Bucket = billingLogs.Id,
Policy = allowBillingLoggingPolicyDocument.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
});
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketAclV2;
import com.pulumi.aws.s3.BucketAclV2Args;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.s3.BucketPolicy;
import com.pulumi.aws.s3.BucketPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var main = AwsFunctions.getBillingServiceAccount();
var billingLogs = new BucketV2("billingLogs");
var billingLogsAcl = new BucketAclV2("billingLogsAcl", BucketAclV2Args.builder()
.bucket(billingLogs.id())
.acl("private")
.build());
final var allowBillingLoggingPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(
GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("AWS")
.identifiers(main.applyValue(getBillingServiceAccountResult -> getBillingServiceAccountResult.arn()))
.build())
.actions(
"s3:GetBucketAcl",
"s3:GetBucketPolicy")
.resources(billingLogs.arn())
.build(),
GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("AWS")
.identifiers(main.applyValue(getBillingServiceAccountResult -> getBillingServiceAccountResult.arn()))
.build())
.actions("s3:PutObject")
.resources(billingLogs.arn().applyValue(arn -> String.format("%s/*", arn)))
.build())
.build());
var allowBillingLoggingBucketPolicy = new BucketPolicy("allowBillingLoggingBucketPolicy", BucketPolicyArgs.builder()
.bucket(billingLogs.id())
.policy(allowBillingLoggingPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(allowBillingLoggingPolicyDocument -> allowBillingLoggingPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
.build());
}
}
import pulumi
import pulumi_aws as aws
main = aws.get_billing_service_account()
billing_logs = aws.s3.BucketV2("billingLogs")
billing_logs_acl = aws.s3.BucketAclV2("billingLogsAcl",
bucket=billing_logs.id,
acl="private")
allow_billing_logging_policy_document = pulumi.Output.all(billing_logs.arn, billing_logs.arn).apply(lambda billingLogsArn, billingLogsArn1: aws.iam.get_policy_document_output(statements=[
aws.iam.GetPolicyDocumentStatementArgs(
effect="Allow",
principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
type="AWS",
identifiers=[main.arn],
)],
actions=[
"s3:GetBucketAcl",
"s3:GetBucketPolicy",
],
resources=[billing_logs_arn],
),
aws.iam.GetPolicyDocumentStatementArgs(
effect="Allow",
principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
type="AWS",
identifiers=[main.arn],
)],
actions=["s3:PutObject"],
resources=[f"{billing_logs_arn1}/*"],
),
]))
allow_billing_logging_bucket_policy = aws.s3.BucketPolicy("allowBillingLoggingBucketPolicy",
bucket=billing_logs.id,
policy=allow_billing_logging_policy_document.json)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const main = aws.getBillingServiceAccount({});
const billingLogs = new aws.s3.BucketV2("billingLogs", {});
const billingLogsAcl = new aws.s3.BucketAclV2("billingLogsAcl", {
bucket: billingLogs.id,
acl: "private",
});
const allowBillingLoggingPolicyDocument = pulumi.all([main, billingLogs.arn, main, billingLogs.arn]).apply(([main, billingLogsArn, main1, billingLogsArn1]) => aws.iam.getPolicyDocumentOutput({
statements: [
{
effect: "Allow",
principals: [{
type: "AWS",
identifiers: [main.arn],
}],
actions: [
"s3:GetBucketAcl",
"s3:GetBucketPolicy",
],
resources: [billingLogsArn],
},
{
effect: "Allow",
principals: [{
type: "AWS",
identifiers: [main1.arn],
}],
actions: ["s3:PutObject"],
resources: [`${billingLogsArn1}/*`],
},
],
}));
const allowBillingLoggingBucketPolicy = new aws.s3.BucketPolicy("allowBillingLoggingBucketPolicy", {
bucket: billingLogs.id,
policy: allowBillingLoggingPolicyDocument.apply(allowBillingLoggingPolicyDocument => allowBillingLoggingPolicyDocument.json),
});
resources:
billingLogs:
type: aws:s3:BucketV2
billingLogsAcl:
type: aws:s3:BucketAclV2
properties:
bucket: ${billingLogs.id}
acl: private
allowBillingLoggingBucketPolicy:
type: aws:s3:BucketPolicy
properties:
bucket: ${billingLogs.id}
policy: ${allowBillingLoggingPolicyDocument.json}
variables:
main:
fn::invoke:
Function: aws:getBillingServiceAccount
Arguments: {}
allowBillingLoggingPolicyDocument:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- effect: Allow
principals:
- type: AWS
identifiers:
- ${main.arn}
actions:
- s3:GetBucketAcl
- s3:GetBucketPolicy
resources:
- ${billingLogs.arn}
- effect: Allow
principals:
- type: AWS
identifiers:
- ${main.arn}
actions:
- s3:PutObject
resources:
- ${billingLogs.arn}/*
Using getBillingServiceAccount
function getBillingServiceAccount(opts?: InvokeOptions): Promise<GetBillingServiceAccountResult>
def get_billing_service_account(opts: Optional[InvokeOptions] = None) -> GetBillingServiceAccountResult
func GetBillingServiceAccount(ctx *Context, opts ...InvokeOption) (*GetBillingServiceAccountResult, error)
> Note: This function is named GetBillingServiceAccount
in the Go SDK.
public static class GetBillingServiceAccount
{
public static Task<GetBillingServiceAccountResult> InvokeAsync(InvokeOptions? opts = null)
}
public static CompletableFuture<GetBillingServiceAccountResult> getBillingServiceAccount(InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: aws:index/getBillingServiceAccount:getBillingServiceAccount
arguments:
# arguments dictionary
getBillingServiceAccount Result
The following output properties are available:
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
aws
Terraform Provider.