Data Source: awsElbServiceAccount
Use this data source to get the Account ID of the AWS Elastic Load Balancing Service Account in a given region for the purpose of permitting in S3 bucket policy.
\~> Note: For AWS Regions opened since Jakarta (apSoutheast3
) in December 2021, AWS documents that a service principal name should be used instead of an AWS account ID in any relevant IAM policy.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsS3BucketElbLogs = new aws.s3Bucket.S3Bucket(this, "elb_logs", {
bucket: "my-elb-tf-test-bucket",
});
new aws.s3BucketAcl.S3BucketAcl(this, "elb_logs_acl", {
acl: "private",
bucket: awsS3BucketElbLogs.id,
});
const dataAwsElbServiceAccountMain =
new aws.dataAwsElbServiceAccount.DataAwsElbServiceAccount(this, "main", {});
const dataAwsIamPolicyDocumentAllowElbLogging =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(
this,
"allow_elb_logging",
{
statement: [
{
actions: ["s3:PutObject"],
effect: "Allow",
principals: [
{
identifiers: [dataAwsElbServiceAccountMain.arn],
type: "AWS",
},
],
resources: [`\${${awsS3BucketElbLogs.arn}}/AWSLogs/*`],
},
],
}
);
new aws.elb.Elb(this, "bar", {
accessLogs: {
bucket: awsS3BucketElbLogs.id,
interval: 5,
},
availabilityZones: ["us-west-2a"],
listener: [
{
instancePort: 8000,
instanceProtocol: "http",
lbPort: 80,
lbProtocol: "http",
},
],
name: "my-foobar-terraform-elb",
});
const awsS3BucketPolicyAllowElbLogging = new aws.s3BucketPolicy.S3BucketPolicy(
this,
"allow_elb_logging_5",
{
bucket: awsS3BucketElbLogs.id,
policy: dataAwsIamPolicyDocumentAllowElbLogging.json,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsS3BucketPolicyAllowElbLogging.overrideLogicalId("allow_elb_logging");
Argument Reference
region
- (Optional) Name of the region whose AWS ELB account ID is desired. Defaults to the region from the AWS provider configuration.
Attributes Reference
id
- ID of the AWS ELB service account in the selected region.arn
- ARN of the AWS ELB service account in the selected region.