data "aws_redshift_service_account" "${main}" { }
      
      resource "aws_s3_bucket" "bucket" {
         bucket = "tf-redshift-logging-test-bucket"
         force_destroy = true
         policy = <<EOF
      {
         "Version": "2008-10-17",
         "Statement": [
             {
                 "Sid": "Put bucket policy needed for audit logging",
                 "Effect": "Allow",
                 "Principal": {
                     "AWS": "arn:aws:iam:\${data.aws_redshift_service_account.${main}.id}:user/logs"
                 },
                 "Action": "s3:PutObject",
                 "Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket/*"
             },
             {
                 "Sid": "Get bucket policy needed for audit logging ",
                 "Effect": "Allow",
                 "Principal": {
                     "AWS": "arn:aws:iam:\${data.aws_redshift_service_account.${main}.id}:user/logs"
                 },
                 "Action": "s3:GetBucketAcl",
                 "Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket"
             }
        ]
      }
      EOF
      }
      Terraform language logo

      aws_redshift_service_account

      Terraform snippets

      This is a resource file which defines an S3 bucket which will be used to store logs from a Redshift cluster. The bucket will have a policy which allows audit logging and it will be owned by the account which is defined as the data.aws_redshift_service_account.${main}.id in the code. The PutObject and GetBucketAcl actions will be used to manage the bucket's access permissions.

      Shortcut: tf_aws_redshift_service_account

      0 Comments

        Add Comment

        Log in to add a comment

        Codiga - All rights reserved 2022.