aws logo
AWS Classic v5.29.0, Feb 1 23

aws.redshift.getServiceAccount

Use this data source to get the Account ID of the AWS Redshift Service Account in a given region for the purpose of allowing Redshift to store audit data in S3.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var main = Aws.RedShift.GetServiceAccount.Invoke();

    var bucket = new Aws.S3.BucketV2("bucket", new()
    {
        ForceDestroy = true,
    });

    var allowAuditLogging = new Aws.S3.BucketPolicy("allowAuditLogging", new()
    {
        Bucket = bucket.Id,
        Policy = Output.Tuple(main.Apply(getServiceAccountResult => getServiceAccountResult), main.Apply(getServiceAccountResult => getServiceAccountResult)).Apply(values =>
        {
            var main = values.Item1;
            var main1 = values.Item2;
            return @$"{{
	""Version"": ""2008-10-17"",
	""Statement"": [
		{{
            ""Sid"": ""Put bucket policy needed for audit logging"",
            ""Effect"": ""Allow"",
            ""Principal"": {{
		        ""AWS"": ""{main.Apply(getServiceAccountResult => getServiceAccountResult.Arn)}""
            }},
            ""Action"": ""s3:PutObject"",
            ""Resource"": ""arn:aws:s3:::tf-redshift-logging-test-bucket/*""
        }},
        {{
            ""Sid"": ""Get bucket policy needed for audit logging "",
            ""Effect"": ""Allow"",
            ""Principal"": {{
		        ""AWS"": ""{main1.Arn}""
            }},
            ""Action"": ""s3:GetBucketAcl"",
            ""Resource"": ""arn:aws:s3:::tf-redshift-logging-test-bucket""
        }}
	]
}}
";
        }),
    });

});
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/redshift"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/s3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		main, err := redshift.GetServiceAccount(ctx, nil, nil)
		if err != nil {
			return err
		}
		bucket, err := s3.NewBucketV2(ctx, "bucket", &s3.BucketV2Args{
			ForceDestroy: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = s3.NewBucketPolicy(ctx, "allowAuditLogging", &s3.BucketPolicyArgs{
			Bucket: bucket.ID(),
			Policy: pulumi.Any(fmt.Sprintf(`{
	"Version": "2008-10-17",
	"Statement": [
		{
            "Sid": "Put bucket policy needed for audit logging",
            "Effect": "Allow",
            "Principal": {
		        "AWS": "%v"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket/*"
        },
        {
            "Sid": "Get bucket policy needed for audit logging ",
            "Effect": "Allow",
            "Principal": {
		        "AWS": "%v"
            },
            "Action": "s3:GetBucketAcl",
            "Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket"
        }
	]
}
`, main.Arn, main.Arn)),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.redshift.RedshiftFunctions;
import com.pulumi.aws.redshift.inputs.GetServiceAccountArgs;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketV2Args;
import com.pulumi.aws.s3.BucketPolicy;
import com.pulumi.aws.s3.BucketPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var main = RedshiftFunctions.getServiceAccount();

        var bucket = new BucketV2("bucket", BucketV2Args.builder()        
            .forceDestroy(true)
            .build());

        var allowAuditLogging = new BucketPolicy("allowAuditLogging", BucketPolicyArgs.builder()        
            .bucket(bucket.id())
            .policy("""
{
	"Version": "2008-10-17",
	"Statement": [
		{
            "Sid": "Put bucket policy needed for audit logging",
            "Effect": "Allow",
            "Principal": {
		        "AWS": "%s"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket/*"
        },
        {
            "Sid": "Get bucket policy needed for audit logging ",
            "Effect": "Allow",
            "Principal": {
		        "AWS": "%s"
            },
            "Action": "s3:GetBucketAcl",
            "Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket"
        }
	]
}
", main.applyValue(getServiceAccountResult -> getServiceAccountResult.arn()),main.applyValue(getServiceAccountResult -> getServiceAccountResult.arn())))
            .build());

    }
}
import pulumi
import pulumi_aws as aws

main = aws.redshift.get_service_account()
bucket = aws.s3.BucketV2("bucket", force_destroy=True)
allow_audit_logging = aws.s3.BucketPolicy("allowAuditLogging",
    bucket=bucket.id,
    policy=f"""{{
	"Version": "2008-10-17",
	"Statement": [
		{{
            "Sid": "Put bucket policy needed for audit logging",
            "Effect": "Allow",
            "Principal": {{
		        "AWS": "{main.arn}"
            }},
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket/*"
        }},
        {{
            "Sid": "Get bucket policy needed for audit logging ",
            "Effect": "Allow",
            "Principal": {{
		        "AWS": "{main.arn}"
            }},
            "Action": "s3:GetBucketAcl",
            "Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket"
        }}
	]
}}
""")
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const main = aws.redshift.getServiceAccount({});
const bucket = new aws.s3.BucketV2("bucket", {forceDestroy: true});
const allowAuditLogging = new aws.s3.BucketPolicy("allowAuditLogging", {
    bucket: bucket.id,
    policy: Promise.all([main, main]).then(([main, main1]) => `{
	"Version": "2008-10-17",
	"Statement": [
		{
            "Sid": "Put bucket policy needed for audit logging",
            "Effect": "Allow",
            "Principal": {
		        "AWS": "${main.arn}"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket/*"
        },
        {
            "Sid": "Get bucket policy needed for audit logging ",
            "Effect": "Allow",
            "Principal": {
		        "AWS": "${main1.arn}"
            },
            "Action": "s3:GetBucketAcl",
            "Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket"
        }
	]
}
`),
});
resources:
  bucket:
    type: aws:s3:BucketV2
    properties:
      forceDestroy: true
  allowAuditLogging:
    type: aws:s3:BucketPolicy
    properties:
      bucket: ${bucket.id}
      policy: |
        {
        	"Version": "2008-10-17",
        	"Statement": [
        		{
                    "Sid": "Put bucket policy needed for audit logging",
                    "Effect": "Allow",
                    "Principal": {
        		        "AWS": "${main.arn}"
                    },
                    "Action": "s3:PutObject",
                    "Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket/*"
                },
                {
                    "Sid": "Get bucket policy needed for audit logging ",
                    "Effect": "Allow",
                    "Principal": {
        		        "AWS": "${main.arn}"
                    },
                    "Action": "s3:GetBucketAcl",
                    "Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket"
                }
        	]
        }        
variables:
  main:
    fn::invoke:
      Function: aws:redshift:getServiceAccount
      Arguments: {}

Using getServiceAccount

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getServiceAccount(args: GetServiceAccountArgs, opts?: InvokeOptions): Promise<GetServiceAccountResult>
function getServiceAccountOutput(args: GetServiceAccountOutputArgs, opts?: InvokeOptions): Output<GetServiceAccountResult>
def get_service_account(region: Optional[str] = None,
                        opts: Optional[InvokeOptions] = None) -> GetServiceAccountResult
def get_service_account_output(region: Optional[pulumi.Input[str]] = None,
                        opts: Optional[InvokeOptions] = None) -> Output[GetServiceAccountResult]
func GetServiceAccount(ctx *Context, args *GetServiceAccountArgs, opts ...InvokeOption) (*GetServiceAccountResult, error)
func GetServiceAccountOutput(ctx *Context, args *GetServiceAccountOutputArgs, opts ...InvokeOption) GetServiceAccountResultOutput

> Note: This function is named GetServiceAccount in the Go SDK.

public static class GetServiceAccount 
{
    public static Task<GetServiceAccountResult> InvokeAsync(GetServiceAccountArgs args, InvokeOptions? opts = null)
    public static Output<GetServiceAccountResult> Invoke(GetServiceAccountInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetServiceAccountResult> getServiceAccount(GetServiceAccountArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
  function: aws:redshift/getServiceAccount:getServiceAccount
  arguments:
    # arguments dictionary

The following arguments are supported:

Region string

Name of the region whose AWS Redshift account ID is desired. Defaults to the region from the AWS provider configuration.

Region string

Name of the region whose AWS Redshift account ID is desired. Defaults to the region from the AWS provider configuration.

region String

Name of the region whose AWS Redshift account ID is desired. Defaults to the region from the AWS provider configuration.

region string

Name of the region whose AWS Redshift account ID is desired. Defaults to the region from the AWS provider configuration.

region str

Name of the region whose AWS Redshift account ID is desired. Defaults to the region from the AWS provider configuration.

region String

Name of the region whose AWS Redshift account ID is desired. Defaults to the region from the AWS provider configuration.

getServiceAccount Result

The following output properties are available:

Arn string

ARN of the AWS Redshift service account in the selected region.

Id string

The provider-assigned unique ID for this managed resource.

Region string
Arn string

ARN of the AWS Redshift service account in the selected region.

Id string

The provider-assigned unique ID for this managed resource.

Region string
arn String

ARN of the AWS Redshift service account in the selected region.

id String

The provider-assigned unique ID for this managed resource.

region String
arn string

ARN of the AWS Redshift service account in the selected region.

id string

The provider-assigned unique ID for this managed resource.

region string
arn str

ARN of the AWS Redshift service account in the selected region.

id str

The provider-assigned unique ID for this managed resource.

region str
arn String

ARN of the AWS Redshift service account in the selected region.

id String

The provider-assigned unique ID for this managed resource.

region String

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.