IntenseWebs/opentofu
3
0
Fork 0
mirror of https://github.com/opentofu/opentofu.git synced 2025-02-25 18:45:20 -06:00
Code Issues Packages Projects Releases Wiki Activity
65aa02b6df
opentofu/website/source/docs/providers/aws/d/redshift_service_account.html.markdown
Paul Stack 65aa02b6df provider/aws: DataSource for RedShift Account ID (#8224) 
When you need to enable monitoring for Redshift, you need to create the
correct policy in the bucket for logging. This needs to have the
Redshift Account ID for a given region. This data source provides a
handy lookup for this

http://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html#db-auditing-enable-logging

% make testacc TEST=./builtin/providers/aws
% TESTARGS='-run=TestAccAWSRedshiftAccountId_basic'         2 ↵ ✹ ✭
==> Checking that code complies with gofmt requirements...
/Users/stacko/Code/go/bin/stringer
go generate $(go list ./... | grep -v /terraform/vendor/)
2016/08/16 14:39:35 Generated command/internal_plugin_list.go
TF_ACC=1 go test ./builtin/providers/aws -v
-run=TestAccAWSRedshiftAccountId_basic -timeout 120m
=== RUN   TestAccAWSRedshiftAccountId_basic
--- PASS: TestAccAWSRedshiftAccountId_basic (19.47s)
PASS
ok      github.com/hashicorp/terraform/builtin/providers/aws    19.483s
2016-08-16 17:58:46 +01:00

1.7 KiB
Raw Blame History

layout page_title sidebar_current description
aws AWS: aws_redshift_account_id docs-aws-datasource-redshift-account-id Get AWS Redshift Service Account ID for storing audit data in S3.

aws_redshift_service_account

Use this data source to get the Service Account ID of the AWS Redshift Account in a given region for the purpose of allowing Redshift to store audit data in S3.

Example Usage

data "aws_redshift_service_account" "main" { }

resource "aws_s3_bucket" "bucket" {
	bucket = "tf-redshift-logging-test-bucket"
	force_destroy = true
	policy = <<EOF
{
	"Version": "2008-10-17",
	"Statement": [
		{
        			"Sid": "Put bucket policy needed for audit logging",
        			"Effect": "Allow",
        			"Principal": {
        				"AWS": "arn:aws:iam:${data.aws_redshift_account_id.main.id}:user/logs"
        			},
        			"Action": "s3:PutObject",
        			"Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket/*"
        		},
        		{
        			"Sid": "Get bucket policy needed for audit logging ",
        			"Effect": "Allow",
        			"Principal": {
        				"AWS": "arn:aws:iam:${data.aws_redshift_account_id.main.id}:user/logs"
        			},
        			"Action": "s3:GetBucketAcl",
        			"Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket"
        		}
	]
}
EOF
}

Argument Reference

  • region - (Optional) Name of the Region whose Redshift account id is desired. If not specified, default's to the region from the AWS provider configuration.

Attributes Reference

  • id - The ID of the Redshift service Account in the selected region.