FEATURES OPEN SOURCE ABOUT DOCS LOGIN REGISTER

aws_redshift_service_account

Use this data source to get the Service Account ID of the AWS Redshift Account in a given region for the purpose of allowing Redshift to store audit data in S3.

Example Usage

data "aws_redshift_service_account" "main" { }

resource "aws_s3_bucket" "bucket" {
	bucket = "tf-redshift-logging-test-bucket"
	force_destroy = true
	policy = <<EOF
{
	"Version": "2008-10-17",
	"Statement": [
		{
        			"Sid": "Put bucket policy needed for audit logging",
        			"Effect": "Allow",
        			"Principal": {
        				"AWS": "arn:aws:iam:${data.aws_redshift_service_account.main.id}:user/logs"
        			},
        			"Action": "s3:PutObject",
        			"Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket/*"
        		},
        		{
        			"Sid": "Get bucket policy needed for audit logging ",
        			"Effect": "Allow",
        			"Principal": {
        				"AWS": "arn:aws:iam:${data.aws_redshift_service_account.main.id}:user/logs"
        			},
        			"Action": "s3:GetBucketAcl",
        			"Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket"
        		}
	]
}
EOF
}

Argument Reference

Attributes Reference


See the source of this document at Terraform.io