github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/website/source/docs/providers/aws/d/redshift_service_account.html.markdown (about) 1 --- 2 layout: "aws" 3 page_title: "AWS: aws_redshift_service_account" 4 sidebar_current: "docs-aws-datasource-redshift-service-account" 5 description: |- 6 Get AWS Redshift Service Account ID for storing audit data in S3. 7 --- 8 9 # aws\_redshift\_service\_account 10 11 Use this data source to get the Service Account ID of the [AWS Redshift Account](http://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html#db-auditing-enable-logging) 12 in a given region for the purpose of allowing Redshift to store audit data in S3. 13 14 ## Example Usage 15 16 ```hcl 17 data "aws_redshift_service_account" "main" {} 18 19 resource "aws_s3_bucket" "bucket" { 20 bucket = "tf-redshift-logging-test-bucket" 21 force_destroy = true 22 23 policy = <<EOF 24 { 25 "Version": "2008-10-17", 26 "Statement": [ 27 { 28 "Sid": "Put bucket policy needed for audit logging", 29 "Effect": "Allow", 30 "Principal": { 31 "AWS": "arn:aws:iam:${data.aws_redshift_service_account.main.id}:user/logs" 32 }, 33 "Action": "s3:PutObject", 34 "Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket/*" 35 }, 36 { 37 "Sid": "Get bucket policy needed for audit logging ", 38 "Effect": "Allow", 39 "Principal": { 40 "AWS": "arn:aws:iam:${data.aws_redshift_service_account.main.id}:user/logs" 41 }, 42 "Action": "s3:GetBucketAcl", 43 "Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket" 44 } 45 ] 46 } 47 EOF 48 } 49 ``` 50 51 ## Argument Reference 52 53 * `region` - (Optional) Name of the Region whose Redshift account id is desired. If not specified, default's to the region from the AWS provider configuration. 54 55 56 ## Attributes Reference 57 58 * `id` - The ID of the Redshift service Account in the selected region.