github.com/pulumi/pulumi-aws/sdk/v6@v6.32.0/go/aws/redshift/getServiceAccount.go (about)

     1  // Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT.
     2  // *** WARNING: Do not edit by hand unless you're certain you know what you are doing! ***
     3  
     4  package redshift
     5  
     6  import (
     7  	"context"
     8  	"reflect"
     9  
    10  	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/internal"
    11  	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    12  )
    13  
    14  // Use this data source to get the Account ID of the [AWS Redshift Service Account](http://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html#db-auditing-enable-logging)
    15  // in a given region for the purpose of allowing Redshift to store audit data in S3.
    16  //
    17  // > **Note:** AWS documentation [states that](https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html#db-auditing-bucket-permissions) a [service principal name](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services) should be used instead of an AWS account ID in any relevant IAM policy.
    18  // The `redshift.getServiceAccount` data source has been deprecated and will be removed in a future version.
    19  //
    20  // ## Example Usage
    21  //
    22  // <!--Start PulumiCodeChooser -->
    23  // ```go
    24  // package main
    25  //
    26  // import (
    27  //
    28  //	"fmt"
    29  //
    30  //	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
    31  //	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/redshift"
    32  //	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
    33  //	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    34  //
    35  // )
    36  // func main() {
    37  // pulumi.Run(func(ctx *pulumi.Context) error {
    38  // main, err := redshift.GetServiceAccount(ctx, nil, nil);
    39  // if err != nil {
    40  // return err
    41  // }
    42  // bucket, err := s3.NewBucketV2(ctx, "bucket", &s3.BucketV2Args{
    43  // Bucket: pulumi.String("tf-redshift-logging-test-bucket"),
    44  // ForceDestroy: pulumi.Bool(true),
    45  // })
    46  // if err != nil {
    47  // return err
    48  // }
    49  // allowAuditLogging := bucket.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {
    50  // return iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
    51  // Statements: []iam.GetPolicyDocumentStatement{
    52  // {
    53  // Sid: "Put bucket policy needed for audit logging",
    54  // Effect: "Allow",
    55  // Principals: []iam.GetPolicyDocumentStatementPrincipal{
    56  // {
    57  // Type: "AWS",
    58  // Identifiers: interface{}{
    59  // main.Arn,
    60  // },
    61  // },
    62  // },
    63  // Actions: []string{
    64  // "s3:PutObject",
    65  // },
    66  // Resources: []string{
    67  // fmt.Sprintf("%v/*", arn),
    68  // },
    69  // },
    70  // {
    71  // Sid: "Get bucket policy needed for audit logging",
    72  // Effect: "Allow",
    73  // Principals: []iam.GetPolicyDocumentStatementPrincipal{
    74  // {
    75  // Type: "AWS",
    76  // Identifiers: interface{}{
    77  // main.Arn,
    78  // },
    79  // },
    80  // },
    81  // Actions: []string{
    82  // "s3:GetBucketAcl",
    83  // },
    84  // Resources: bucketAwsS3Bucket.Arn,
    85  // },
    86  // },
    87  // }, nil), nil
    88  // }).(iam.GetPolicyDocumentResultOutput)
    89  // _, err = s3.NewBucketPolicy(ctx, "allow_audit_logging", &s3.BucketPolicyArgs{
    90  // Bucket: bucket.ID(),
    91  // Policy: allowAuditLogging.ApplyT(func(allowAuditLogging iam.GetPolicyDocumentResult) (*string, error) {
    92  // return &allowAuditLogging.Json, nil
    93  // }).(pulumi.StringPtrOutput),
    94  // })
    95  // if err != nil {
    96  // return err
    97  // }
    98  // return nil
    99  // })
   100  // }
   101  // ```
   102  // <!--End PulumiCodeChooser -->
   103  func GetServiceAccount(ctx *pulumi.Context, args *GetServiceAccountArgs, opts ...pulumi.InvokeOption) (*GetServiceAccountResult, error) {
   104  	opts = internal.PkgInvokeDefaultOpts(opts)
   105  	var rv GetServiceAccountResult
   106  	err := ctx.Invoke("aws:redshift/getServiceAccount:getServiceAccount", args, &rv, opts...)
   107  	if err != nil {
   108  		return nil, err
   109  	}
   110  	return &rv, nil
   111  }
   112  
   113  // A collection of arguments for invoking getServiceAccount.
   114  type GetServiceAccountArgs struct {
   115  	// Name of the region whose AWS Redshift account ID is desired.
   116  	// Defaults to the region from the AWS provider configuration.
   117  	Region *string `pulumi:"region"`
   118  }
   119  
   120  // A collection of values returned by getServiceAccount.
   121  type GetServiceAccountResult struct {
   122  	// ARN of the AWS Redshift service account in the selected region.
   123  	Arn string `pulumi:"arn"`
   124  	// The provider-assigned unique ID for this managed resource.
   125  	Id     string  `pulumi:"id"`
   126  	Region *string `pulumi:"region"`
   127  }
   128  
   129  func GetServiceAccountOutput(ctx *pulumi.Context, args GetServiceAccountOutputArgs, opts ...pulumi.InvokeOption) GetServiceAccountResultOutput {
   130  	return pulumi.ToOutputWithContext(context.Background(), args).
   131  		ApplyT(func(v interface{}) (GetServiceAccountResult, error) {
   132  			args := v.(GetServiceAccountArgs)
   133  			r, err := GetServiceAccount(ctx, &args, opts...)
   134  			var s GetServiceAccountResult
   135  			if r != nil {
   136  				s = *r
   137  			}
   138  			return s, err
   139  		}).(GetServiceAccountResultOutput)
   140  }
   141  
   142  // A collection of arguments for invoking getServiceAccount.
   143  type GetServiceAccountOutputArgs struct {
   144  	// Name of the region whose AWS Redshift account ID is desired.
   145  	// Defaults to the region from the AWS provider configuration.
   146  	Region pulumi.StringPtrInput `pulumi:"region"`
   147  }
   148  
   149  func (GetServiceAccountOutputArgs) ElementType() reflect.Type {
   150  	return reflect.TypeOf((*GetServiceAccountArgs)(nil)).Elem()
   151  }
   152  
   153  // A collection of values returned by getServiceAccount.
   154  type GetServiceAccountResultOutput struct{ *pulumi.OutputState }
   155  
   156  func (GetServiceAccountResultOutput) ElementType() reflect.Type {
   157  	return reflect.TypeOf((*GetServiceAccountResult)(nil)).Elem()
   158  }
   159  
   160  func (o GetServiceAccountResultOutput) ToGetServiceAccountResultOutput() GetServiceAccountResultOutput {
   161  	return o
   162  }
   163  
   164  func (o GetServiceAccountResultOutput) ToGetServiceAccountResultOutputWithContext(ctx context.Context) GetServiceAccountResultOutput {
   165  	return o
   166  }
   167  
   168  // ARN of the AWS Redshift service account in the selected region.
   169  func (o GetServiceAccountResultOutput) Arn() pulumi.StringOutput {
   170  	return o.ApplyT(func(v GetServiceAccountResult) string { return v.Arn }).(pulumi.StringOutput)
   171  }
   172  
   173  // The provider-assigned unique ID for this managed resource.
   174  func (o GetServiceAccountResultOutput) Id() pulumi.StringOutput {
   175  	return o.ApplyT(func(v GetServiceAccountResult) string { return v.Id }).(pulumi.StringOutput)
   176  }
   177  
   178  func (o GetServiceAccountResultOutput) Region() pulumi.StringPtrOutput {
   179  	return o.ApplyT(func(v GetServiceAccountResult) *string { return v.Region }).(pulumi.StringPtrOutput)
   180  }
   181  
   182  func init() {
   183  	pulumi.RegisterOutputType(GetServiceAccountResultOutput{})
   184  }