github.com/pulumi/pulumi-aws/sdk/v6@v6.32.0/go/aws/cloudtrail/getServiceAccount.go (about) 1 // Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT. 2 // *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** 3 4 package cloudtrail 5 6 import ( 7 "context" 8 "reflect" 9 10 "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/internal" 11 "github.com/pulumi/pulumi/sdk/v3/go/pulumi" 12 ) 13 14 // Use this data source to get the Account ID of the [AWS CloudTrail Service Account](http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-supported-regions.html) 15 // in a given region for the purpose of allowing CloudTrail to store trail data in S3. 16 // 17 // > **Note:** AWS documentation [states that](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/create-s3-bucket-policy-for-cloudtrail.html#troubleshooting-s3-bucket-policy) a [service principal name](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services) should be used instead of an AWS account ID in any relevant IAM policy. 18 // 19 // ## Example Usage 20 // 21 // <!--Start PulumiCodeChooser --> 22 // ```go 23 // package main 24 // 25 // import ( 26 // 27 // "fmt" 28 // 29 // "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail" 30 // "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam" 31 // "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3" 32 // "github.com/pulumi/pulumi/sdk/v3/go/pulumi" 33 // 34 // ) 35 // func main() { 36 // pulumi.Run(func(ctx *pulumi.Context) error { 37 // main, err := cloudtrail.GetServiceAccount(ctx, nil, nil); 38 // if err != nil { 39 // return err 40 // } 41 // bucket, err := s3.NewBucketV2(ctx, "bucket", &s3.BucketV2Args{ 42 // Bucket: pulumi.String("tf-cloudtrail-logging-test-bucket"), 43 // ForceDestroy: pulumi.Bool(true), 44 // }) 45 // if err != nil { 46 // return err 47 // } 48 // allowCloudtrailLogging := pulumi.All(bucket.Arn,bucket.Arn).ApplyT(func(_args []interface{}) (iam.GetPolicyDocumentResult, error) { 49 // bucketArn := _args[0].(string) 50 // bucketArn1 := _args[1].(string) 51 // return iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{ 52 // Statements: []iam.GetPolicyDocumentStatement{ 53 // { 54 // Sid: "Put bucket policy needed for trails", 55 // Effect: "Allow", 56 // Principals: []iam.GetPolicyDocumentStatementPrincipal{ 57 // { 58 // Type: "AWS", 59 // Identifiers: interface{}{ 60 // main.Arn, 61 // }, 62 // }, 63 // }, 64 // Actions: []string{ 65 // "s3:PutObject", 66 // }, 67 // Resources: []string{ 68 // fmt.Sprintf("%v/*", bucketArn), 69 // }, 70 // }, 71 // { 72 // Sid: "Get bucket policy needed for trails", 73 // Effect: "Allow", 74 // Principals: []iam.GetPolicyDocumentStatementPrincipal{ 75 // { 76 // Type: "AWS", 77 // Identifiers: interface{}{ 78 // main.Arn, 79 // }, 80 // }, 81 // }, 82 // Actions: []string{ 83 // "s3:GetBucketAcl", 84 // }, 85 // Resources: []string{ 86 // bucketArn1, 87 // }, 88 // }, 89 // }, 90 // }, nil), nil 91 // }).(iam.GetPolicyDocumentResultOutput) 92 // _, err = s3.NewBucketPolicy(ctx, "allow_cloudtrail_logging", &s3.BucketPolicyArgs{ 93 // Bucket: bucket.ID(), 94 // Policy: allowCloudtrailLogging.ApplyT(func(allowCloudtrailLogging iam.GetPolicyDocumentResult) (*string, error) { 95 // return &allowCloudtrailLogging.Json, nil 96 // }).(pulumi.StringPtrOutput), 97 // }) 98 // if err != nil { 99 // return err 100 // } 101 // return nil 102 // }) 103 // } 104 // ``` 105 // <!--End PulumiCodeChooser --> 106 func GetServiceAccount(ctx *pulumi.Context, args *GetServiceAccountArgs, opts ...pulumi.InvokeOption) (*GetServiceAccountResult, error) { 107 opts = internal.PkgInvokeDefaultOpts(opts) 108 var rv GetServiceAccountResult 109 err := ctx.Invoke("aws:cloudtrail/getServiceAccount:getServiceAccount", args, &rv, opts...) 110 if err != nil { 111 return nil, err 112 } 113 return &rv, nil 114 } 115 116 // A collection of arguments for invoking getServiceAccount. 117 type GetServiceAccountArgs struct { 118 // Name of the region whose AWS CloudTrail account ID is desired. 119 // Defaults to the region from the AWS provider configuration. 120 Region *string `pulumi:"region"` 121 } 122 123 // A collection of values returned by getServiceAccount. 124 type GetServiceAccountResult struct { 125 // ARN of the AWS CloudTrail service account in the selected region. 126 Arn string `pulumi:"arn"` 127 // The provider-assigned unique ID for this managed resource. 128 Id string `pulumi:"id"` 129 Region *string `pulumi:"region"` 130 } 131 132 func GetServiceAccountOutput(ctx *pulumi.Context, args GetServiceAccountOutputArgs, opts ...pulumi.InvokeOption) GetServiceAccountResultOutput { 133 return pulumi.ToOutputWithContext(context.Background(), args). 134 ApplyT(func(v interface{}) (GetServiceAccountResult, error) { 135 args := v.(GetServiceAccountArgs) 136 r, err := GetServiceAccount(ctx, &args, opts...) 137 var s GetServiceAccountResult 138 if r != nil { 139 s = *r 140 } 141 return s, err 142 }).(GetServiceAccountResultOutput) 143 } 144 145 // A collection of arguments for invoking getServiceAccount. 146 type GetServiceAccountOutputArgs struct { 147 // Name of the region whose AWS CloudTrail account ID is desired. 148 // Defaults to the region from the AWS provider configuration. 149 Region pulumi.StringPtrInput `pulumi:"region"` 150 } 151 152 func (GetServiceAccountOutputArgs) ElementType() reflect.Type { 153 return reflect.TypeOf((*GetServiceAccountArgs)(nil)).Elem() 154 } 155 156 // A collection of values returned by getServiceAccount. 157 type GetServiceAccountResultOutput struct{ *pulumi.OutputState } 158 159 func (GetServiceAccountResultOutput) ElementType() reflect.Type { 160 return reflect.TypeOf((*GetServiceAccountResult)(nil)).Elem() 161 } 162 163 func (o GetServiceAccountResultOutput) ToGetServiceAccountResultOutput() GetServiceAccountResultOutput { 164 return o 165 } 166 167 func (o GetServiceAccountResultOutput) ToGetServiceAccountResultOutputWithContext(ctx context.Context) GetServiceAccountResultOutput { 168 return o 169 } 170 171 // ARN of the AWS CloudTrail service account in the selected region. 172 func (o GetServiceAccountResultOutput) Arn() pulumi.StringOutput { 173 return o.ApplyT(func(v GetServiceAccountResult) string { return v.Arn }).(pulumi.StringOutput) 174 } 175 176 // The provider-assigned unique ID for this managed resource. 177 func (o GetServiceAccountResultOutput) Id() pulumi.StringOutput { 178 return o.ApplyT(func(v GetServiceAccountResult) string { return v.Id }).(pulumi.StringOutput) 179 } 180 181 func (o GetServiceAccountResultOutput) Region() pulumi.StringPtrOutput { 182 return o.ApplyT(func(v GetServiceAccountResult) *string { return v.Region }).(pulumi.StringPtrOutput) 183 } 184 185 func init() { 186 pulumi.RegisterOutputType(GetServiceAccountResultOutput{}) 187 }