aws_billing_service_account

Use this data source to get the Account ID of the AWS Billing and Cost Management Service Account for the purpose of whitelisting in S3 bucket policy.

Example Usage

data "aws_billing_service_account" "main" { }

resource "aws_s3_bucket" "billing_logs" {
    bucket = "my-billing-tf-test-bucket"
    acl = "private"
    policy = <<POLICY
{
  "Id": "Policy",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:GetBucketAcl", "s3:GetBucketPolicy"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::my-billing-tf-test-bucket",
      "Principal": {
        "AWS": [
          "${data.aws_billing_service_account.main.id}"
        ]
      }
    },
    {
      "Action": [
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::my-billing-tf-test-bucket/AWSLogs/*",
      "Principal": {
        "AWS": [
          "${data.aws_billing_service_account.main.id}"
        ]
      }
    }
  ]
}
POLICY
}

Attributes Reference

id - The ID of the AWS billing service account.
arn - The ARN of the AWS billing service account.

See the source of this document at Terraform.io