amazonka-redshift: deprecateGetAccountId, add getCloudTrailAccountId

brendanhay · Dec 8, 2022 · 20627b7 · 20627b7
1 parent e480b32
commit 20627b7
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 4 deletions.
diff --git a/lib/amazonka/CHANGELOG.md b/lib/amazonka/CHANGELOG.md
@@ -96,6 +96,8 @@ Released: **?**, Compare: [2.0.0-rc1](https://github.com/brendanhay/amazonka/com
 
 ### Changed
 
+- `amazonka-redshift`: Deprecate `getAccountId` as Redshift uses service-principal credentials to deliver logs to S3. Also provide `getCloudTrailAccountId`
+[\#858](https://github.com/brendanhay/amazonka/pull/858)
 - `amazonka-route53`: Return Hosted Zone ID for S3 websites in all regions
 [\#858](https://github.com/brendanhay/amazonka/pull/858)
 - `amazonka-s3`: Correctly return dotted S3 website hostnames in those regions

diff --git a/lib/services/amazonka-redshift/src/Amazonka/Redshift/Internal.hs b/lib/services/amazonka-redshift/src/Amazonka/Redshift/Internal.hs
@@ -11,16 +11,21 @@
 -- Portability : non-portable (GHC extensions)
 module Amazonka.Redshift.Internal
   ( getAccountId,
+    getCloudTrailAccountId,
   )
 where
 
 import Amazonka.Core
 import Amazonka.Data
 
--- | This account identifier is used when attaching a policy to your S3 bucket
--- allowing Redshift to upload and write database audit logs.
+-- | This account identifier used to be used when attaching a policy
+-- to your S3 bucket, allowing Redshift to upload and write database
+-- audit logs.
 --
--- /See:/ <http://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html#db-auditing-enable-logging Enabling Database Audit Logging>.
+-- This function should no longer be used, because Redshift now uses
+-- service-principal credentials to deliver logs to S3.
+--
+-- /See:/ <https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html#db-auditing-bucket-permissions Bucket permissions for Amazon Redshift audit logging>.
 getAccountId :: Region -> Maybe Text
 getAccountId = \case
   NorthVirginia -> Just "193672423079"
@@ -44,4 +49,43 @@ getAccountId = \case
   Stockholm -> Just "729911121831"
   Bahrain -> Just "013126148197"
   SaoPaulo -> Just "075028567923"
-  _other -> Nothing
+  Region' _ -> Nothing
+{-# DEPRECATED
+  getAccountId
+  "Redshift now delivers logs using service-principal credentials. \
+  \See the haddocks for more information."
+  #-}
+
+-- | This account identifier is used when Redshift calls other AWS
+-- services for you, and may appear in your CloudTrail logs.
+--
+-- /See:/ <https://docs.aws.amazon.com/redshift/latest/mgmt/logging-with-cloudtrail.html#cloudtrail-rs-acct-ids Amazon Redshift account IDs in AWS CloudTrail logs>
+getCloudTrailAccountId :: Region -> Maybe Text
+getCloudTrailAccountId = \case
+  NorthVirginia -> Just "368064434614"
+  Ohio -> Just "790247189693"
+  NorthCalifornia -> Just "703715109447"
+  Oregon -> Just "473191095985"
+  CapeTown -> Just "420376844563"
+  HongKong -> Just "651179539253"
+  Hyderabad -> Just "297058826802"
+  Jakarta -> Just "623197973179"
+  Mumbai -> Just "408097707231"
+  Osaka -> Just "398671365691"
+  Seoul -> Just "713597048934"
+  Singapore -> Just "960118270566"
+  Sydney -> Just "485979073181"
+  Tokyo -> Just "615915377779"
+  Montreal -> Just "764870610256"
+  Frankfurt -> Just "434091160558"
+  Ireland -> Just "246478207311"
+  London -> Just "885798887673"
+  Milan -> Just "041313461515"
+  Paris -> Just "694668203235"
+  Stockholm -> Just "553461782468"
+  Zurich -> Just "668912161003"
+  Spain -> Just "028811157404"
+  Bahrain -> Just "051362938876"
+  UAE -> Just "595013617770"
+  SaoPaulo -> Just "392442076723"
+  Region' _ -> Nothing