Data Source: aws_redshift_service_account

Use this data source to get the Account ID of the AWS Redshift Service Account in a given region for the purpose of allowing Redshift to store audit data in S3.

Example Usage

data "aws_redshift_service_account" "main" {}

resource "aws_s3_bucket" "bucket" {
  bucket        = "tf-redshift-logging-test-bucket"
  force_destroy = true
}

data "aws_iam_policy_document" "allow_audit_logging" {
  statement {
    sid    = "Put bucket policy needed for audit logging"
    effect = "Allow"

    principals {
      type        = "AWS"
      identifiers = [data.aws_redshift_service_account.main.arn]
    }

    actions   = ["s3:PutObject"]
    resources = ["${aws_s3_bucket.bucket.arn}/*"]
  }

  statement {
    sid    = "Get bucket policy needed for audit logging"
    effect = "Allow"

    principals {
      type = "AWS"
      identifiers = [
        data.aws_redshift_service_account.main.arn,
      ]
    }

    actions   = ["s3:GetBucketAcl"]
    resources = data.aws_s3_bucket.bucket.arn
  }
}

resource "aws_s3_bucket_policy" "allow_audit_logging" {
  bucket = aws_s3_bucket.bucket.id
  policy = data.aws_iam_policy_document.allow_audit_logging.json
}

Argument Reference

Attribute Reference

This data source exports the following attributes in addition to the arguments above: