get
Deprecated
aws.elasticloadbalancing.getServiceAccount has been deprecated in favor of aws.elb.getServiceAccount
Use this data source to get the Account ID of the AWS Elastic Load Balancing Service Account in a given region for the purpose of permitting in S3 bucket policy.
Note: For AWS Regions opened since Jakarta (
ap-southeast-3) in December 2021, AWS documents that a service principal name should be used instead of an AWS account ID in any relevant IAM policy.
Example Usage
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.elb.ElbFunctions;
import com.pulumi.aws.elb.inputs.GetServiceAccountArgs;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketAclV2;
import com.pulumi.aws.s3.BucketAclV2Args;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.s3.BucketPolicy;
import com.pulumi.aws.s3.BucketPolicyArgs;
import com.pulumi.aws.elb.LoadBalancer;
import com.pulumi.aws.elb.LoadBalancerArgs;
import com.pulumi.aws.elb.inputs.LoadBalancerAccessLogsArgs;
import com.pulumi.aws.elb.inputs.LoadBalancerListenerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var main = ElbFunctions.getServiceAccount();
var elbLogs = new BucketV2("elbLogs");
var elbLogsAcl = new BucketAclV2("elbLogsAcl", BucketAclV2Args.builder()
.bucket(elbLogs.id())
.acl("private")
.build());
final var allowElbLoggingPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("AWS")
.identifiers(main.applyValue(getServiceAccountResult -> getServiceAccountResult.arn()))
.build())
.actions("s3:PutObject")
.resources(elbLogs.arn().applyValue(arn -> String.format("%s/AWSLogs/*", arn)))
.build())
.build());
var allowElbLoggingBucketPolicy = new BucketPolicy("allowElbLoggingBucketPolicy", BucketPolicyArgs.builder()
.bucket(elbLogs.id())
.policy(allowElbLoggingPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(allowElbLoggingPolicyDocument -> allowElbLoggingPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
.build());
var bar = new LoadBalancer("bar", LoadBalancerArgs.builder()
.availabilityZones("us-west-2a")
.accessLogs(LoadBalancerAccessLogsArgs.builder()
.bucket(elbLogs.id())
.interval(5)
.build())
.listeners(LoadBalancerListenerArgs.builder()
.instancePort(8000)
.instanceProtocol("http")
.lbPort(80)
.lbProtocol("http")
.build())
.build());
}
}Return
A collection of values returned by getServiceAccount. */
Parameters
A collection of arguments for invoking getServiceAccount.
Deprecated
aws.elasticloadbalancing.getServiceAccount has been deprecated in favor of aws.elb.getServiceAccount
Return
A collection of values returned by getServiceAccount.
Parameters
Name of the region whose AWS ELB account ID is desired. Defaults to the region from the AWS provider configuration.
See also
Deprecated
aws.elasticloadbalancing.getServiceAccount has been deprecated in favor of aws.elb.getServiceAccount
Return
A collection of values returned by getServiceAccount.
Parameters
Builder for com.pulumi.aws.elasticloadbalancing.kotlin.inputs.GetServiceAccountPlainArgs.