Merge pull request #8 from egarbi/master

webyneter · web-flow · commit d47405292a30 · 2018-09-25T21:03:23.000Z
Enhance retrieving of elb_account in s3_logs module
diff --git a/main.tf b/main.tf
@@ -235,7 +235,6 @@ module "s3_logs" {
   source                  = "./s3-logs"
   name                    = "${var.name}"
   environment             = "${var.environment}"
-  account_id              = "${module.defaults.s3_logs_account_id}"
   logs_expiration_enabled = "${var.logs_expiration_enabled}"
   logs_expiration_days    = "${var.logs_expiration_days}"
 }
diff --git a/s3-logs/main.tf b/s3-logs/main.tf
@@ -4,9 +4,6 @@ variable "name" {
 variable "environment" {
 }
 
-variable "account_id" {
-}
-
 variable "logs_expiration_enabled" {
   default = false
 }
@@ -15,12 +12,14 @@ variable "logs_expiration_days" {
   default = 30
 }
 
+data "aws_elb_service_account" "main" {}
+
 data "template_file" "policy" {
   template = "${file("${path.module}/policy.json")}"
 
   vars = {
     bucket     = "${var.name}-${var.environment}-logs"
-    account_id = "${var.account_id}"
+    elb_account_id = "${data.aws_elb_service_account.main.arn}"
   }
 }
 
diff --git a/s3-logs/policy.json b/s3-logs/policy.json
@@ -5,7 +5,7 @@
       "Action": "s3:PutObject",
       "Effect": "Allow",
       "Principal": {
-        "AWS": "arn:aws:iam::${account_id}:root"
+        "AWS": "${elb_account_id}"
       },
       "Resource": "arn:aws:s3:::${bucket}/*",
       "Sid": "log-bucket-policy"

Original file line number	Diff line number	Diff line change
`@@ -235,7 +235,6 @@ module "s3_logs" {`
`235`	`235`	`source = "./s3-logs"`
`236`	`236`	`name = "${var.name}"`
`237`	`237`	`environment = "${var.environment}"`
`238`		`- account_id = "${module.defaults.s3_logs_account_id}"`
`239`	`238`	`logs_expiration_enabled = "${var.logs_expiration_enabled}"`
`240`	`239`	`logs_expiration_days = "${var.logs_expiration_days}"`
`241`	`240`	`}`
Original file line number	Diff line number	Diff line change
`@@ -4,9 +4,6 @@ variable "name" {`
`4`	`4`	`variable "environment" {`
`5`	`5`	`}`
`6`	`6`
`7`		`-variable "account_id" {`
`8`		`-}`
`9`		`-`
`10`	`7`	`variable "logs_expiration_enabled" {`
`11`	`8`	`default = false`
`12`	`9`	`}`
`@@ -15,12 +12,14 @@ variable "logs_expiration_days" {`
`15`	`12`	`default = 30`
`16`	`13`	`}`
`17`	`14`
	`15`	`+data "aws_elb_service_account" "main" {}`
	`16`	`+`
`18`	`17`	`data "template_file" "policy" {`
`19`	`18`	`template = "${file("${path.module}/policy.json")}"`
`20`	`19`
`21`	`20`	`vars = {`
`22`	`21`	`bucket = "${var.name}-${var.environment}-logs"`
`23`		`- account_id = "${var.account_id}"`
	`22`	`+ elb_account_id = "${data.aws_elb_service_account.main.arn}"`
`24`	`23`	`}`
`25`	`24`	`}`
`26`	`25`