get
suspend fun getBillingServiceAccount(argument: GetBillingServiceAccountPlainArgs): GetBillingServiceAccountResult
Use this data source to get the Account ID of the AWS Billing and Cost Management Service Account for the purpose of permitting in S3 bucket policy.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const main = aws.getBillingServiceAccount({});
const billingLogs = new aws.s3.BucketV2("billing_logs", {bucket: "my-billing-tf-test-bucket"});
const billingLogsAcl = new aws.s3.BucketAclV2("billing_logs_acl", {
bucket: billingLogs.id,
acl: "private",
});
const allowBillingLogging = pulumi.all([main, billingLogs.arn, main, billingLogs.arn]).apply(([main, billingLogsArn, main1, billingLogsArn1]) => aws.iam.getPolicyDocumentOutput({
statements: [
{
effect: "Allow",
principals: [{
type: "AWS",
identifiers: [main.arn],
}],
actions: [
"s3:GetBucketAcl",
"s3:GetBucketPolicy",
],
resources: [billingLogsArn],
},
{
effect: "Allow",
principals: [{
type: "AWS",
identifiers: [main1.arn],
}],
actions: ["s3:PutObject"],
resources: [`${billingLogsArn1}/*`],
},
],
}));
const allowBillingLoggingBucketPolicy = new aws.s3.BucketPolicy("allow_billing_logging", {
bucket: billingLogs.id,
policy: allowBillingLogging.apply(allowBillingLogging => allowBillingLogging.json),
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
main = aws.get_billing_service_account()
billing_logs = aws.s3.BucketV2("billing_logs", bucket="my-billing-tf-test-bucket")
billing_logs_acl = aws.s3.BucketAclV2("billing_logs_acl",
bucket=billing_logs.id,
acl="private")
allow_billing_logging = pulumi.Output.all(
billingLogsArn=billing_logs.arn,
billingLogsArn1=billing_logs.arn
).apply(lambda resolved_outputs: aws.iam.get_policy_document_output(statements=[
{
"effect": "Allow",
"principals": [{
"type": "AWS",
"identifiers": [main.arn],
}],
"actions": [
"s3:GetBucketAcl",
"s3:GetBucketPolicy",
],
"resources": [resolved_outputs['billingLogsArn']],
},
{
"effect": "Allow",
"principals": [{
"type": "AWS",
"identifiers": [main.arn],
}],
"actions": ["s3:PutObject"],
"resources": [f"{resolved_outputs['billingLogsArn1']}/*"],
},
]))
allow_billing_logging_bucket_policy = aws.s3.BucketPolicy("allow_billing_logging",
bucket=billing_logs.id,
policy=allow_billing_logging.json)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var main = Aws.GetBillingServiceAccount.Invoke();
var billingLogs = new Aws.S3.BucketV2("billing_logs", new()
{
Bucket = "my-billing-tf-test-bucket",
});
var billingLogsAcl = new Aws.S3.BucketAclV2("billing_logs_acl", new()
{
Bucket = billingLogs.Id,
Acl = "private",
});
var allowBillingLogging = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "AWS",
Identifiers = new[]
{
main.Apply(getBillingServiceAccountResult => getBillingServiceAccountResult.Arn),
},
},
},
Actions = new[]
{
"s3:GetBucketAcl",
"s3:GetBucketPolicy",
},
Resources = new[]
{
billingLogs.Arn,
},
},
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "AWS",
Identifiers = new[]
{
main.Apply(getBillingServiceAccountResult => getBillingServiceAccountResult.Arn),
},
},
},
Actions = new[]
{
"s3:PutObject",
},
Resources = new[]
{
$"{billingLogs.Arn}/*",
},
},
},
});
var allowBillingLoggingBucketPolicy = new Aws.S3.BucketPolicy("allow_billing_logging", new()
{
Bucket = billingLogs.Id,
Policy = allowBillingLogging.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
});Content copied to clipboard
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
main, err := aws.GetBillingServiceAccount(ctx, &aws.GetBillingServiceAccountArgs{
}, nil);
if err != nil {
return err
}
billingLogs, err := s3.NewBucketV2(ctx, "billing_logs", &s3.BucketV2Args{
Bucket: pulumi.String("my-billing-tf-test-bucket"),
})
if err != nil {
return err
}
_, err = s3.NewBucketAclV2(ctx, "billing_logs_acl", &s3.BucketAclV2Args{
Bucket: billingLogs.ID(),
Acl: pulumi.String("private"),
})
if err != nil {
return err
}
allowBillingLogging := pulumi.All(billingLogs.Arn,billingLogs.Arn).ApplyT(func(_args []interface{}) (iam.GetPolicyDocumentResult, error) {
billingLogsArn := _args[0].(string)
billingLogsArn1 := _args[1].(string)
return iam.GetPolicyDocumentResult(interface{}(iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: "Allow",
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "AWS",
Identifiers: interface{}{
main.Arn,
},
},
},
Actions: []string{
"s3:GetBucketAcl",
"s3:GetBucketPolicy",
},
Resources: []string{
billingLogsArn,
},
},
{
Effect: "Allow",
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "AWS",
Identifiers: interface{}{
main.Arn,
},
},
},
Actions: []string{
"s3:PutObject",
},
Resources: []string{
fmt.Sprintf("%v/*", billingLogsArn1),
},
},
},
}, nil))), nil
}).(iam.GetPolicyDocumentResultOutput)
_, err = s3.NewBucketPolicy(ctx, "allow_billing_logging", &s3.BucketPolicyArgs{
Bucket: billingLogs.ID(),
Policy: pulumi.String(allowBillingLogging.ApplyT(func(allowBillingLogging iam.GetPolicyDocumentResult) (*string, error) {
return &allowBillingLogging.Json, nil
}).(pulumi.StringPtrOutput)),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetBillingServiceAccountArgs;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketV2Args;
import com.pulumi.aws.s3.BucketAclV2;
import com.pulumi.aws.s3.BucketAclV2Args;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.s3.BucketPolicy;
import com.pulumi.aws.s3.BucketPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var main = AwsFunctions.getBillingServiceAccount();
var billingLogs = new BucketV2("billingLogs", BucketV2Args.builder()
.bucket("my-billing-tf-test-bucket")
.build());
var billingLogsAcl = new BucketAclV2("billingLogsAcl", BucketAclV2Args.builder()
.bucket(billingLogs.id())
.acl("private")
.build());
final var allowBillingLogging = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(
GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("AWS")
.identifiers(main.applyValue(getBillingServiceAccountResult -> getBillingServiceAccountResult.arn()))
.build())
.actions(
"s3:GetBucketAcl",
"s3:GetBucketPolicy")
.resources(billingLogs.arn())
.build(),
GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("AWS")
.identifiers(main.applyValue(getBillingServiceAccountResult -> getBillingServiceAccountResult.arn()))
.build())
.actions("s3:PutObject")
.resources(billingLogs.arn().applyValue(arn -> String.format("%s/*", arn)))
.build())
.build());
var allowBillingLoggingBucketPolicy = new BucketPolicy("allowBillingLoggingBucketPolicy", BucketPolicyArgs.builder()
.bucket(billingLogs.id())
.policy(allowBillingLogging.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(allowBillingLogging -> allowBillingLogging.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
.build());
}
}Content copied to clipboard
resources:
billingLogs:
type: aws:s3:BucketV2
name: billing_logs
properties:
bucket: my-billing-tf-test-bucket
billingLogsAcl:
type: aws:s3:BucketAclV2
name: billing_logs_acl
properties:
bucket: ${billingLogs.id}
acl: private
allowBillingLoggingBucketPolicy:
type: aws:s3:BucketPolicy
name: allow_billing_logging
properties:
bucket: ${billingLogs.id}
policy: ${allowBillingLogging.json}
variables:
main:
fn::invoke:
function: aws:getBillingServiceAccount
arguments: {}
allowBillingLogging:
fn::invoke:
function: aws:iam:getPolicyDocument
arguments:
statements:
- effect: Allow
principals:
- type: AWS
identifiers:
- ${main.arn}
actions:
- s3:GetBucketAcl
- s3:GetBucketPolicy
resources:
- ${billingLogs.arn}
- effect: Allow
principals:
- type: AWS
identifiers:
- ${main.arn}
actions:
- s3:PutObject
resources:
- ${billingLogs.arn}/*Content copied to clipboard
Return
A collection of values returned by getBillingServiceAccount. //////
Parameters
argument
A collection of arguments for invoking getBillingServiceAccount.
Return
A collection of values returned by getBillingServiceAccount.
Parameters
id
ID of the AWS billing service account.
See also
suspend fun getBillingServiceAccount(argument: suspend GetBillingServiceAccountPlainArgsBuilder.() -> Unit): GetBillingServiceAccountResult
Return
A collection of values returned by getBillingServiceAccount.
Parameters
argument
Builder for com.pulumi.aws.kotlin.inputs.GetBillingServiceAccountPlainArgs.