FEATURES PRICING ABOUT DOCS LOGIN

aws_billing_service_account

Use this data source to get the Account ID of the AWS Billing and Cost Management Service Account for the purpose of whitelisting in S3 bucket policy.

Example Usage

data "aws_billing_service_account" "main" { }

resource "aws_s3_bucket" "billing_logs" {
    bucket = "my-billing-tf-test-bucket"
    acl = "private"
    policy = <<POLICY
{
  "Id": "Policy",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:GetBucketAcl", "s3:GetBucketPolicy"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::my-billing-tf-test-bucket",
      "Principal": {
        "AWS": [
          "${data.aws_billing_service_account.main.id}"
        ]
      }
    },
    {
      "Action": [
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::my-billing-tf-test-bucket/AWSLogs/*",
      "Principal": {
        "AWS": [
          "${data.aws_billing_service_account.main.id}"
        ]
      }
    }
  ]
}
POLICY
}

Attributes Reference


See the source of this document at Terraform.io

REQUEST A DEMO