Use this data source to get the Account ID of the AWS Billing and Cost Management Service Account for the purpose of whitelisting in S3 bucket policy.
data "aws_billing_service_account" "main" {} resource "aws_s3_bucket" "billing_logs" { bucket = "my-billing-tf-test-bucket" acl = "private" policy = <<POLICY { "Id": "Policy", "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:GetBucketAcl", "s3:GetBucketPolicy" ], "Effect": "Allow", "Resource": "arn:aws:s3:::my-billing-tf-test-bucket", "Principal": { "AWS": [ "${data.aws_billing_service_account.main.arn}" ] } }, { "Action": [ "s3:PutObject" ], "Effect": "Allow", "Resource": "arn:aws:s3:::my-billing-tf-test-bucket/*", "Principal": { "AWS": [ "${data.aws_billing_service_account.main.arn}" ] } } ] } POLICY }
© 2018 HashiCorpLicensed under the MPL 2.0 License.
https://www.terraform.io/docs/providers/aws/d/billing_service_account.html