pulumi-aws-kotlin/com.pulumi.aws.cloudtrail.kotlin/CloudtrailFunctions/getServiceAccount

getServiceAccount

suspend fun getServiceAccount(argument: GetServiceAccountPlainArgs): GetServiceAccountResult

Use this data source to get the Account ID of the AWS CloudTrail Service Account in a given region for the purpose of allowing CloudTrail to store trail data in S3.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudtrail.CloudtrailFunctions;
import com.pulumi.aws.cloudtrail.inputs.GetServiceAccountArgs;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketV2Args;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.s3.BucketPolicy;
import com.pulumi.aws.s3.BucketPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var main = CloudtrailFunctions.getServiceAccount();
        var bucket = new BucketV2("bucket", BucketV2Args.builder()
            .forceDestroy(true)
            .build());
        final var allowCloudtrailLoggingPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(
                GetPolicyDocumentStatementArgs.builder()
                    .sid("Put bucket policy needed for trails")
                    .effect("Allow")
                    .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                        .type("AWS")
                        .identifiers(main.applyValue(getServiceAccountResult -> getServiceAccountResult.arn()))
                        .build())
                    .actions("s3:PutObject")
                    .resources(bucket.arn().applyValue(arn -> String.format("%s/*", arn)))
                    .build(),
                GetPolicyDocumentStatementArgs.builder()
                    .sid("Get bucket policy needed for trails")
                    .effect("Allow")
                    .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                        .type("AWS")
                        .identifiers(main.applyValue(getServiceAccountResult -> getServiceAccountResult.arn()))
                        .build())
                    .actions("s3:GetBucketAcl")
                    .resources(bucket.arn())
                    .build())
            .build());
        var allowCloudtrailLoggingBucketPolicy = new BucketPolicy("allowCloudtrailLoggingBucketPolicy", BucketPolicyArgs.builder()
            .bucket(bucket.id())
            .policy(allowCloudtrailLoggingPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(allowCloudtrailLoggingPolicyDocument -> allowCloudtrailLoggingPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
            .build());
    }
}
Content copied to clipboard

Return

A collection of values returned by getServiceAccount. */

Parameters

argument

A collection of arguments for invoking getServiceAccount.

suspend fun getServiceAccount(region: String? = null): GetServiceAccountResult

Return

A collection of values returned by getServiceAccount.

Parameters

region

Name of the region whose AWS CloudTrail account ID is desired. Defaults to the region from the AWS provider configuration.

See also

.

suspend fun getServiceAccount(argument: suspend GetServiceAccountPlainArgsBuilder.() -> Unit): GetServiceAccountResult

Return

A collection of values returned by getServiceAccount.

Parameters

argument

Builder for com.pulumi.aws.cloudtrail.kotlin.inputs.GetServiceAccountPlainArgs.

See also

.