Data Source: aws_billing_service_account

Use this data source to get the Account ID of the AWS Billing and Cost Management Service Account for the purpose of whitelisting in S3 bucket policy.

Example Usage

data "aws_billing_service_account" "main" {}

resource "aws_s3_bucket" "billing_logs" {
  bucket = "my-billing-tf-test-bucket"
  acl    = "private"

  policy = <<POLICY
{
  "Id": "Policy",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:GetBucketAcl", "s3:GetBucketPolicy"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::my-billing-tf-test-bucket",
      "Principal": {
        "AWS": [
          "${data.aws_billing_service_account.main.arn}"
        ]
      }
    },
    {
      "Action": [
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::my-billing-tf-test-bucket/*",
      "Principal": {
        "AWS": [
          "${data.aws_billing_service_account.main.arn}"
        ]
      }
    }
  ]
}
POLICY
}

Attributes Reference

id - The ID of the AWS billing service account.
arn - The ARN of the AWS billing service account.

© 2018 HashiCorp
Licensed under the MPL 2.0 License.
https://www.terraform.io/docs/providers/aws/d/billing_service_account.html