0

I'm pretty new with AWS for devs. I worked with elb and created a policy for access logs as described here: https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html

one of the permissions is: { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::elb-account-id:root" }, "Action": "s3:PutObject", "Resource": "arn:aws:s3:::bucket-name/prefix/AWSLogs/your-aws-account-id/*" },

and the elb-account-id is taken from the table in the documentation i have attached.

I tried to search online but i couldn't find an answer-

  1. Is this table relevant only for elb or for other services too?
  2. can i get this list (or the account id for my region) somehow by code?

thanks for your help.

keren
  • 29
  • 2
  • 1
    1. Only for elb 2. I was curious about this so I looked up how terraform does it and they hard-code the account list, indicating AWS does not provide an API for it: https://github.com/hashicorp/terraform-provider-aws/blob/main/aws/data_source_aws_elb_service_account.go#L12 – jordanm Sep 22 '21 at 15:47
  • You can safely hardcode those in code as terraform did in the provider. As those are actual AWS account IDs which are actually owned by AWS themselves it is highly unlikely that they are going to be changed. – Nick Sep 22 '21 at 19:13

0 Answers0