aws_redshift_service_account

    0

    0

    lucycodes42

    Terraform snippets

    This is a resource file which defines an S3 bucket which will be used to store logs from a Redshift cluster. The bucket will have a policy which allows audit logging and it will be owned by the account which is defined as the data.aws_redshift_service_account.${main}.id in the code. The PutObject and GetBucketAcl actions will be used to manage the bucket's access permissions.

    Shortcut: tf_aws_redshift_service_account

    data "aws_redshift_service_account" "${main}" { }
    
    resource "aws_s3_bucket" "bucket" {
       bucket = "tf-redshift-logging-test-bucket"
       force_destroy = true
       policy = <<EOF
    {
       "Version": "2008-10-17",
       "Statement": [
           {
               "Sid": "Put bucket policy needed for audit logging",
               "Effect": "Allow",
               "Principal": {
                   "AWS": "arn:aws:iam:\${data.aws_redshift_service_account.${main}.id}:user/logs"
               },
               "Action": "s3:PutObject",
               "Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket/*"
           },
           {
               "Sid": "Get bucket policy needed for audit logging ",
               "Effect": "Allow",
               "Principal": {
                   "AWS": "arn:aws:iam:\${data.aws_redshift_service_account.${main}.id}:user/logs"
               },
               "Action": "s3:GetBucketAcl",
               "Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket"
           }
      ]
    }
    EOF
    }
    Codiga Logo
    Codiga Hub
    • Rulesets
    • Playground
    • Snippets
    • Cookbooks
    Legal
    • Security
    • Privacy Policy
    • Code Privacy
    • Terms of Service
    soc-2 icon

    We are SOC-2 Compliance Certified

    G2 high performer medal

    Codiga – All rights reserved 2022.