get
Use this data source to get the Account ID of the AWS Elastic Load Balancing Service Account in a given region for the purpose of permitting in S3 bucket policy.
Note: For AWS Regions opened since Jakarta (
ap-southeast-3) in December 2021, AWS documents that a service principal name should be used instead of an AWS account ID in any relevant IAM policy.
Example Usage
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.elb.ElbFunctions;
import com.pulumi.aws.elb.inputs.GetServiceAccountArgs;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketAclV2;
import com.pulumi.aws.s3.BucketAclV2Args;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.s3.BucketPolicy;
import com.pulumi.aws.s3.BucketPolicyArgs;
import com.pulumi.aws.elb.LoadBalancer;
import com.pulumi.aws.elb.LoadBalancerArgs;
import com.pulumi.aws.elb.inputs.LoadBalancerAccessLogsArgs;
import com.pulumi.aws.elb.inputs.LoadBalancerListenerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var main = ElbFunctions.getServiceAccount();
var elbLogs = new BucketV2("elbLogs");
var elbLogsAcl = new BucketAclV2("elbLogsAcl", BucketAclV2Args.builder()
.bucket(elbLogs.id())
.acl("private")
.build());
final var allowElbLoggingPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("AWS")
.identifiers(main.applyValue(getServiceAccountResult -> getServiceAccountResult.arn()))
.build())
.actions("s3:PutObject")
.resources(elbLogs.arn().applyValue(arn -> String.format("%s/AWSLogs/*", arn)))
.build())
.build());
var allowElbLoggingBucketPolicy = new BucketPolicy("allowElbLoggingBucketPolicy", BucketPolicyArgs.builder()
.bucket(elbLogs.id())
.policy(allowElbLoggingPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(allowElbLoggingPolicyDocument -> allowElbLoggingPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
.build());
var bar = new LoadBalancer("bar", LoadBalancerArgs.builder()
.availabilityZones("us-west-2a")
.accessLogs(LoadBalancerAccessLogsArgs.builder()
.bucket(elbLogs.id())
.interval(5)
.build())
.listeners(LoadBalancerListenerArgs.builder()
.instancePort(8000)
.instanceProtocol("http")
.lbPort(80)
.lbProtocol("http")
.build())
.build());
}
}Return
A collection of values returned by getServiceAccount. */
Parameters
A collection of arguments for invoking getServiceAccount.
Return
A collection of values returned by getServiceAccount.
Parameters
Name of the region whose AWS ELB account ID is desired. Defaults to the region from the AWS provider configuration.
See also
Return
A collection of values returned by getServiceAccount.
Parameters
Builder for com.pulumi.aws.elb.kotlin.inputs.GetServiceAccountPlainArgs.