Data Source: awsBillingServiceAccount
Use this data source to get the Account ID of the AWS Billing and Cost Management Service Account for the purpose of permitting in S3 bucket policy.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsS3BucketBillingLogs = new aws.s3Bucket.S3Bucket(this, "billing_logs", {
bucket: "my-billing-tf-test-bucket",
});
new aws.s3BucketAcl.S3BucketAcl(this, "billing_logs_acl", {
acl: "private",
bucket: awsS3BucketBillingLogs.id,
});
const dataAwsBillingServiceAccountMain =
new aws.dataAwsBillingServiceAccount.DataAwsBillingServiceAccount(
this,
"main",
{}
);
const dataAwsIamPolicyDocumentAllowBillingLogging =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
this,
"allow_billing_logging",
{
statement: [
{
actions: ["s3:GetBucketAcl", "s3:GetBucketPolicy"],
effect: "Allow",
principals: [
{
identifiers: [dataAwsBillingServiceAccountMain.arn],
type: "AWS",
},
],
resources: [awsS3BucketBillingLogs.arn],
},
{
actions: ["s3:PutObject"],
effect: "Allow",
principals: [
{
identifiers: [dataAwsBillingServiceAccountMain.arn],
type: "AWS",
},
],
resources: [`\${${awsS3BucketBillingLogs.arn}}/*`],
},
],
}
);
const awsS3BucketPolicyAllowBillingLogging =
new aws.s3BucketPolicy.S3BucketPolicy(this, "allow_billing_logging_4", {
bucket: awsS3BucketBillingLogs.id,
policy: dataAwsIamPolicyDocumentAllowBillingLogging.json,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsS3BucketPolicyAllowBillingLogging.overrideLogicalId("allow_billing_logging");
Attributes Reference
id
- ID of the AWS billing service account.arn
- ARN of the AWS billing service account.