data "aws_redshift_service_account" "${main}" { }

resource "aws_s3_bucket" "bucket" {
   bucket = "tf-redshift-logging-test-bucket"
   force_destroy = true
   policy = <<EOF
{
   "Version": "2008-10-17",
   "Statement": [
       {
           "Sid": "Put bucket policy needed for audit logging",
           "Effect": "Allow",
           "Principal": {
               "AWS": "arn:aws:iam:\${data.aws_redshift_service_account.${main}.id}:user/logs"
           },
           "Action": "s3:PutObject",
           "Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket/*"
       },
       {
           "Sid": "Get bucket policy needed for audit logging ",
           "Effect": "Allow",
           "Principal": {
               "AWS": "arn:aws:iam:\${data.aws_redshift_service_account.${main}.id}:user/logs"
           },
           "Action": "s3:GetBucketAcl",
           "Resource": "arn:aws:s3:::tf-redshift-logging-test-bucket"
       }
  ]
}
EOF
}
      Terraform language logo

      aws_redshift_service_account

      0

      0

      Terraform snippets

      This is a resource file which defines an S3 bucket which will be used to store logs from a Redshift cluster. The bucket will have a policy which allows audit logging and it will be owned by the account which is defined as the data.aws_redshift_service_account.${main}.id in the code. The PutObject and GetBucketAcl actions will be used to manage the bucket's access permissions.

      Shortcut: tf_aws_redshift_service_account

      0 Comments

        Add Comment

        Log in to add a comment

        Codiga - All rights reserved 2022.