iam

package
v0.0.1-alpha.101 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 27, 2025 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Group 

type Group struct {
	pulumi.CustomResourceState

	// Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::Group` resource. For example: `arn:aws:iam::123456789012:group/mystack-mygroup-1DZETITOWEKVO` .
	Arn pulumi.StringOutput `pulumi:"arn"`
	// The name of the group to create. Do not include the path in this value.
	//  The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins". If you don't specify a name, CFN generates a unique physical ID and uses that ID for the group name.
	//   If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
	//   If you specify a name, you must specify the “CAPABILITY_NAMED_IAM“ value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities).
	//   Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using “Fn::Join“ and “AWS::Region“ to create a Region-specific name, as in the following example: “{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}“.
	GroupName pulumi.StringPtrOutput `pulumi:"groupName"`
	// The Amazon Resource Name (ARN) of the IAM policy you want to attach.
	//  For more information about ARNs, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.
	ManagedPolicyArns pulumi.StringArrayOutput `pulumi:"managedPolicyArns"`
	// The path to the group. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*.
	//  This parameter is optional. If it is not included, it defaults to a slash (/).
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (“\u0021“) through the DEL character (“\u007F“), including most punctuation characters, digits, and upper and lowercased letters.
	Path pulumi.StringPtrOutput `pulumi:"path"`
	// Adds or updates an inline policy document that is embedded in the specified IAM group. To view AWS::IAM::Group snippets, see [Declaring an Group Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-group).
	//   The name of each inline policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.
	//   For information about limits on the number of inline policies that you can embed in a group, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.
	Policies GroupPolicyTypeArrayOutput `pulumi:"policies"`
}

Creates a new group. 

For information about the number of groups you can create, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.

func GetGroup 

func GetGroup(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *GroupState, opts ...pulumi.ResourceOption) (*Group, error)

GetGroup gets an existing Group resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewGroup 

func NewGroup(ctx *pulumi.Context,
	name string, args *GroupArgs, opts ...pulumi.ResourceOption) (*Group, error)

NewGroup registers a new resource with the given unique name, arguments, and options.

func (*Group) ElementType 

func (*Group) ElementType() reflect.Type

func (*Group) ToGroupOutput 

func (i *Group) ToGroupOutput() GroupOutput

func (*Group) ToGroupOutputWithContext 

func (i *Group) ToGroupOutputWithContext(ctx context.Context) GroupOutput

type GroupArgs 

type GroupArgs struct {
	// The name of the group to create. Do not include the path in this value.
	//  The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins". If you don't specify a name, CFN generates a unique physical ID and uses that ID for the group name.
	//   If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
	//   If you specify a name, you must specify the “CAPABILITY_NAMED_IAM“ value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities).
	//   Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using “Fn::Join“ and “AWS::Region“ to create a Region-specific name, as in the following example: “{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}“.
	GroupName pulumi.StringPtrInput
	// The Amazon Resource Name (ARN) of the IAM policy you want to attach.
	//  For more information about ARNs, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.
	ManagedPolicyArns pulumi.StringArrayInput
	// The path to the group. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*.
	//  This parameter is optional. If it is not included, it defaults to a slash (/).
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (“\u0021“) through the DEL character (“\u007F“), including most punctuation characters, digits, and upper and lowercased letters.
	Path pulumi.StringPtrInput
	// Adds or updates an inline policy document that is embedded in the specified IAM group. To view AWS::IAM::Group snippets, see [Declaring an Group Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-group).
	//   The name of each inline policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.
	//   For information about limits on the number of inline policies that you can embed in a group, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.
	Policies GroupPolicyTypeArrayInput
}

The set of arguments for constructing a Group resource.

func (GroupArgs) ElementType 

func (GroupArgs) ElementType() reflect.Type

type GroupInput 

type GroupInput interface {
	pulumi.Input

	ToGroupOutput() GroupOutput
	ToGroupOutputWithContext(ctx context.Context) GroupOutput
}

type GroupOutput 

type GroupOutput struct{ *pulumi.OutputState }

func (GroupOutput) Arn added in v0.17.0 

func (o GroupOutput) Arn() pulumi.StringOutput

Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::Group` resource. For example: `arn:aws:iam::123456789012:group/mystack-mygroup-1DZETITOWEKVO` .

func (GroupOutput) ElementType 

func (GroupOutput) ElementType() reflect.Type

func (GroupOutput) GroupName added in v0.17.0 

func (o GroupOutput) GroupName() pulumi.StringPtrOutput

The name of the group to create. Do not include the path in this value. 

The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins". If you don't specify a name, CFN generates a unique physical ID and uses that ID for the group name.
 If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
 If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities).
 Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}``.

func (GroupOutput) ManagedPolicyArns added in v0.17.0 

func (o GroupOutput) ManagedPolicyArns() pulumi.StringArrayOutput

The Amazon Resource Name (ARN) of the IAM policy you want to attach. 

For more information about ARNs, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.

func (GroupOutput) Path added in v0.17.0 

func (o GroupOutput) Path() pulumi.StringPtrOutput

The path to the group. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. 

This parameter is optional. If it is not included, it defaults to a slash (/).
This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters.

func (GroupOutput) Policies added in v0.17.0 

func (o GroupOutput) Policies() GroupPolicyTypeArrayOutput

Adds or updates an inline policy document that is embedded in the specified IAM group. To view AWS::IAM::Group snippets, see [Declaring an Group Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-group). 

The name of each inline policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.
For information about limits on the number of inline policies that you can embed in a group, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.

func (GroupOutput) ToGroupOutput 

func (o GroupOutput) ToGroupOutput() GroupOutput

func (GroupOutput) ToGroupOutputWithContext 

func (o GroupOutput) ToGroupOutputWithContext(ctx context.Context) GroupOutput

type GroupPolicy 

type GroupPolicy struct {
	pulumi.CustomResourceState

	// The name of the group to associate the policy with.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-.
	GroupName pulumi.StringOutput `pulumi:"groupName"`
	// The policy document.
	//  You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.
	//  The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
	//   +  Any printable ASCII character ranging from the space character (“\u0020“) through the end of the ASCII character range
	//   +  The printable characters in the Basic Latin and Latin-1 Supplement character set (through “\u00FF“)
	//   +  The special characters tab (“\u0009“), line feed (“\u000A“), and carriage return (“\u000D“)
	//
	// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::GroupPolicy` for more information about the expected schema for this property.
	PolicyDocument pulumi.AnyOutput `pulumi:"policyDocument"`
	// The name of the policy document.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	PolicyName pulumi.StringOutput `pulumi:"policyName"`
}

Adds or updates an inline policy document that is embedded in the specified IAM group. 

A group can also have managed policies attached to it. To attach a managed policy to a group, use [AWS::IAM::Group](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*.
For information about the maximum number of inline policies that you can embed in a group, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.

func GetGroupPolicy added in v0.69.0 

func GetGroupPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *GroupPolicyState, opts ...pulumi.ResourceOption) (*GroupPolicy, error)

GetGroupPolicy gets an existing GroupPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewGroupPolicy added in v0.69.0 

func NewGroupPolicy(ctx *pulumi.Context,
	name string, args *GroupPolicyArgs, opts ...pulumi.ResourceOption) (*GroupPolicy, error)

NewGroupPolicy registers a new resource with the given unique name, arguments, and options.

func (*GroupPolicy) ElementType added in v0.69.0 

func (*GroupPolicy) ElementType() reflect.Type

func (*GroupPolicy) ToGroupPolicyOutput added in v0.69.0 

func (i *GroupPolicy) ToGroupPolicyOutput() GroupPolicyOutput

func (*GroupPolicy) ToGroupPolicyOutputWithContext added in v0.69.0 

func (i *GroupPolicy) ToGroupPolicyOutputWithContext(ctx context.Context) GroupPolicyOutput

type GroupPolicyArgs 

type GroupPolicyArgs struct {
	// The name of the group to associate the policy with.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-.
	GroupName pulumi.StringInput
	// The policy document.
	//  You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.
	//  The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
	//   +  Any printable ASCII character ranging from the space character (“\u0020“) through the end of the ASCII character range
	//   +  The printable characters in the Basic Latin and Latin-1 Supplement character set (through “\u00FF“)
	//   +  The special characters tab (“\u0009“), line feed (“\u000A“), and carriage return (“\u000D“)
	//
	// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::GroupPolicy` for more information about the expected schema for this property.
	PolicyDocument pulumi.Input
	// The name of the policy document.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	PolicyName pulumi.StringPtrInput
}

The set of arguments for constructing a GroupPolicy resource.

func (GroupPolicyArgs) ElementType 

func (GroupPolicyArgs) ElementType() reflect.Type

type GroupPolicyInput 

type GroupPolicyInput interface {
	pulumi.Input

	ToGroupPolicyOutput() GroupPolicyOutput
	ToGroupPolicyOutputWithContext(ctx context.Context) GroupPolicyOutput
}

type GroupPolicyOutput 

type GroupPolicyOutput struct{ *pulumi.OutputState }

func (GroupPolicyOutput) ElementType 

func (GroupPolicyOutput) ElementType() reflect.Type

func (GroupPolicyOutput) GroupName added in v0.69.0 

func (o GroupPolicyOutput) GroupName() pulumi.StringOutput

The name of the group to associate the policy with. 

This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-.

func (GroupPolicyOutput) PolicyDocument 

func (o GroupPolicyOutput) PolicyDocument() pulumi.AnyOutput

The policy document. 

You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.
The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
 +  Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range
 +  The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``)
 +  The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``)

Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::GroupPolicy` for more information about the expected schema for this property.

func (GroupPolicyOutput) PolicyName 

func (o GroupPolicyOutput) PolicyName() pulumi.StringOutput

The name of the policy document. 

This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

func (GroupPolicyOutput) ToGroupPolicyOutput 

func (o GroupPolicyOutput) ToGroupPolicyOutput() GroupPolicyOutput

func (GroupPolicyOutput) ToGroupPolicyOutputWithContext 

func (o GroupPolicyOutput) ToGroupPolicyOutputWithContext(ctx context.Context) GroupPolicyOutput

type GroupPolicyState added in v0.69.0 

type GroupPolicyState struct {
}

func (GroupPolicyState) ElementType added in v0.69.0 

func (GroupPolicyState) ElementType() reflect.Type

type GroupPolicyType added in v0.69.0 

type GroupPolicyType struct {
	// The policy document.
	PolicyDocument interface{} `pulumi:"policyDocument"`
	// The friendly name (not ARN) identifying the policy.
	PolicyName string `pulumi:"policyName"`
}

Contains information about an attached policy. 

An attached policy is a managed policy that has been attached to a user, group, or role.
For more information about managed policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*.

type GroupPolicyTypeArgs added in v0.69.0 

type GroupPolicyTypeArgs struct {
	// The policy document.
	PolicyDocument pulumi.Input `pulumi:"policyDocument"`
	// The friendly name (not ARN) identifying the policy.
	PolicyName pulumi.StringInput `pulumi:"policyName"`
}

Contains information about an attached policy. 

An attached policy is a managed policy that has been attached to a user, group, or role.
For more information about managed policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*.

func (GroupPolicyTypeArgs) ElementType added in v0.69.0 

func (GroupPolicyTypeArgs) ElementType() reflect.Type

func (GroupPolicyTypeArgs) ToGroupPolicyTypeOutput added in v0.69.0 

func (i GroupPolicyTypeArgs) ToGroupPolicyTypeOutput() GroupPolicyTypeOutput

func (GroupPolicyTypeArgs) ToGroupPolicyTypeOutputWithContext added in v0.69.0 

func (i GroupPolicyTypeArgs) ToGroupPolicyTypeOutputWithContext(ctx context.Context) GroupPolicyTypeOutput

type GroupPolicyTypeArray added in v0.69.0 

type GroupPolicyTypeArray []GroupPolicyTypeInput

func (GroupPolicyTypeArray) ElementType added in v0.69.0 

func (GroupPolicyTypeArray) ElementType() reflect.Type

func (GroupPolicyTypeArray) ToGroupPolicyTypeArrayOutput added in v0.69.0 

func (i GroupPolicyTypeArray) ToGroupPolicyTypeArrayOutput() GroupPolicyTypeArrayOutput

func (GroupPolicyTypeArray) ToGroupPolicyTypeArrayOutputWithContext added in v0.69.0 

func (i GroupPolicyTypeArray) ToGroupPolicyTypeArrayOutputWithContext(ctx context.Context) GroupPolicyTypeArrayOutput

type GroupPolicyTypeArrayInput added in v0.69.0 

type GroupPolicyTypeArrayInput interface {
	pulumi.Input

	ToGroupPolicyTypeArrayOutput() GroupPolicyTypeArrayOutput
	ToGroupPolicyTypeArrayOutputWithContext(context.Context) GroupPolicyTypeArrayOutput
}

GroupPolicyTypeArrayInput is an input type that accepts GroupPolicyTypeArray and GroupPolicyTypeArrayOutput values. You can construct a concrete instance of `GroupPolicyTypeArrayInput` via: 

GroupPolicyTypeArray{ GroupPolicyTypeArgs{...} }

type GroupPolicyTypeArrayOutput added in v0.69.0 

type GroupPolicyTypeArrayOutput struct{ *pulumi.OutputState }

func (GroupPolicyTypeArrayOutput) ElementType added in v0.69.0 

func (GroupPolicyTypeArrayOutput) ElementType() reflect.Type

func (GroupPolicyTypeArrayOutput) Index added in v0.69.0 

func (o GroupPolicyTypeArrayOutput) Index(i pulumi.IntInput) GroupPolicyTypeOutput

func (GroupPolicyTypeArrayOutput) ToGroupPolicyTypeArrayOutput added in v0.69.0 

func (o GroupPolicyTypeArrayOutput) ToGroupPolicyTypeArrayOutput() GroupPolicyTypeArrayOutput

func (GroupPolicyTypeArrayOutput) ToGroupPolicyTypeArrayOutputWithContext added in v0.69.0 

func (o GroupPolicyTypeArrayOutput) ToGroupPolicyTypeArrayOutputWithContext(ctx context.Context) GroupPolicyTypeArrayOutput

type GroupPolicyTypeInput added in v0.69.0 

type GroupPolicyTypeInput interface {
	pulumi.Input

	ToGroupPolicyTypeOutput() GroupPolicyTypeOutput
	ToGroupPolicyTypeOutputWithContext(context.Context) GroupPolicyTypeOutput
}

GroupPolicyTypeInput is an input type that accepts GroupPolicyTypeArgs and GroupPolicyTypeOutput values. You can construct a concrete instance of `GroupPolicyTypeInput` via: 

GroupPolicyTypeArgs{...}

type GroupPolicyTypeOutput added in v0.69.0 

type GroupPolicyTypeOutput struct{ *pulumi.OutputState }

Contains information about an attached policy. 

An attached policy is a managed policy that has been attached to a user, group, or role.
For more information about managed policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*.

func (GroupPolicyTypeOutput) ElementType added in v0.69.0 

func (GroupPolicyTypeOutput) ElementType() reflect.Type

func (GroupPolicyTypeOutput) PolicyDocument added in v0.69.0 

func (o GroupPolicyTypeOutput) PolicyDocument() pulumi.AnyOutput

The policy document.

func (GroupPolicyTypeOutput) PolicyName added in v0.69.0 

func (o GroupPolicyTypeOutput) PolicyName() pulumi.StringOutput

The friendly name (not ARN) identifying the policy.

func (GroupPolicyTypeOutput) ToGroupPolicyTypeOutput added in v0.69.0 

func (o GroupPolicyTypeOutput) ToGroupPolicyTypeOutput() GroupPolicyTypeOutput

func (GroupPolicyTypeOutput) ToGroupPolicyTypeOutputWithContext added in v0.69.0 

func (o GroupPolicyTypeOutput) ToGroupPolicyTypeOutputWithContext(ctx context.Context) GroupPolicyTypeOutput

type GroupState 

type GroupState struct {
}

func (GroupState) ElementType 

func (GroupState) ElementType() reflect.Type

type InstanceProfile 

type InstanceProfile struct {
	pulumi.CustomResourceState

	// Returns the Amazon Resource Name (ARN) for the instance profile. For example:
	//
	// `{"Fn::GetAtt" : ["MyProfile", "Arn"] }`
	//
	// This returns a value such as `arn:aws:iam::1234567890:instance-profile/MyProfile-ASDNSDLKJ` .
	Arn pulumi.StringOutput `pulumi:"arn"`
	// The name of the instance profile to create.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	InstanceProfileName pulumi.StringPtrOutput `pulumi:"instanceProfileName"`
	// The path to the instance profile. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*.
	//  This parameter is optional. If it is not included, it defaults to a slash (/).
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (“\u0021“) through the DEL character (“\u007F“), including most punctuation characters, digits, and upper and lowercased letters.
	Path pulumi.StringPtrOutput `pulumi:"path"`
	// The name of the role to associate with the instance profile. Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions.
	Roles pulumi.StringArrayOutput `pulumi:"roles"`
}

Creates a new instance profile. For information about instance profiles, see [Using instance profiles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html). 

For information about the number of instance profiles you can create, see [object quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *User Guide*.

## Example Usage ### Example

```go package main

import ( 

"github.com/pulumi/pulumi-aws-native/sdk/go/aws/ec2"
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myIamInstanceProfile, err := iam.NewInstanceProfile(ctx, "myIamInstanceProfile", &iam.InstanceProfileArgs{
			InstanceProfileName: pulumi.String("MyIamInstanceProfile"),
			Path:                pulumi.String("/"),
			Roles: pulumi.StringArray{
				pulumi.String("MyAdminRole"),
			},
		})
		if err != nil {
			return err
		}
		_, err = ec2.NewLaunchTemplate(ctx, "myLaunchTemplate", &ec2.LaunchTemplateArgs{
			LaunchTemplateName: pulumi.String("MyLaunchTemplate"),
			LaunchTemplateData: &ec2.LaunchTemplateDataArgs{
				IamInstanceProfile: &ec2.LaunchTemplateIamInstanceProfileArgs{
					Arn: myIamInstanceProfile.Arn,
				},
				DisableApiTermination: pulumi.Bool(true),
				ImageId:               pulumi.String("ami-04d5cc9b88example"),
				InstanceType:          pulumi.String("t2.micro"),
				KeyName:               pulumi.String("MyKeyPair"),
				SecurityGroupIds: pulumi.StringArray{
					pulumi.String("sg-083cd3bfb8example"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Example

```go package main

import ( 

"github.com/pulumi/pulumi-aws-native/sdk/go/aws/ec2"
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myIamInstanceProfile, err := iam.NewInstanceProfile(ctx, "myIamInstanceProfile", &iam.InstanceProfileArgs{
			InstanceProfileName: pulumi.String("MyIamInstanceProfile"),
			Path:                pulumi.String("/"),
			Roles: pulumi.StringArray{
				pulumi.String("MyAdminRole"),
			},
		})
		if err != nil {
			return err
		}
		_, err = ec2.NewLaunchTemplate(ctx, "myLaunchTemplate", &ec2.LaunchTemplateArgs{
			LaunchTemplateName: pulumi.String("MyLaunchTemplate"),
			LaunchTemplateData: &ec2.LaunchTemplateDataArgs{
				IamInstanceProfile: &ec2.LaunchTemplateIamInstanceProfileArgs{
					Arn: myIamInstanceProfile.Arn,
				},
				DisableApiTermination: pulumi.Bool(true),
				ImageId:               pulumi.String("ami-04d5cc9b88example"),
				InstanceType:          pulumi.String("t2.micro"),
				KeyName:               pulumi.String("MyKeyPair"),
				SecurityGroupIds: pulumi.StringArray{
					pulumi.String("sg-083cd3bfb8example"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetInstanceProfile 

func GetInstanceProfile(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *InstanceProfileState, opts ...pulumi.ResourceOption) (*InstanceProfile, error)

GetInstanceProfile gets an existing InstanceProfile resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewInstanceProfile 

func NewInstanceProfile(ctx *pulumi.Context,
	name string, args *InstanceProfileArgs, opts ...pulumi.ResourceOption) (*InstanceProfile, error)

NewInstanceProfile registers a new resource with the given unique name, arguments, and options.

func (*InstanceProfile) ElementType 

func (*InstanceProfile) ElementType() reflect.Type

func (*InstanceProfile) ToInstanceProfileOutput 

func (i *InstanceProfile) ToInstanceProfileOutput() InstanceProfileOutput

func (*InstanceProfile) ToInstanceProfileOutputWithContext 

func (i *InstanceProfile) ToInstanceProfileOutputWithContext(ctx context.Context) InstanceProfileOutput

type InstanceProfileArgs 

type InstanceProfileArgs struct {
	// The name of the instance profile to create.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	InstanceProfileName pulumi.StringPtrInput
	// The path to the instance profile. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*.
	//  This parameter is optional. If it is not included, it defaults to a slash (/).
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (“\u0021“) through the DEL character (“\u007F“), including most punctuation characters, digits, and upper and lowercased letters.
	Path pulumi.StringPtrInput
	// The name of the role to associate with the instance profile. Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions.
	Roles pulumi.StringArrayInput
}

The set of arguments for constructing a InstanceProfile resource.

func (InstanceProfileArgs) ElementType 

func (InstanceProfileArgs) ElementType() reflect.Type

type InstanceProfileInput 

type InstanceProfileInput interface {
	pulumi.Input

	ToInstanceProfileOutput() InstanceProfileOutput
	ToInstanceProfileOutputWithContext(ctx context.Context) InstanceProfileOutput
}

type InstanceProfileOutput 

type InstanceProfileOutput struct{ *pulumi.OutputState }

func (InstanceProfileOutput) Arn added in v0.17.0 

func (o InstanceProfileOutput) Arn() pulumi.StringOutput

Returns the Amazon Resource Name (ARN) for the instance profile. For example:

`{"Fn::GetAtt" : ["MyProfile", "Arn"] }`

This returns a value such as `arn:aws:iam::1234567890:instance-profile/MyProfile-ASDNSDLKJ` .

func (InstanceProfileOutput) ElementType 

func (InstanceProfileOutput) ElementType() reflect.Type

func (InstanceProfileOutput) InstanceProfileName added in v0.17.0 

func (o InstanceProfileOutput) InstanceProfileName() pulumi.StringPtrOutput

The name of the instance profile to create. 

This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

func (InstanceProfileOutput) Path added in v0.17.0 

func (o InstanceProfileOutput) Path() pulumi.StringPtrOutput

The path to the instance profile. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. 

This parameter is optional. If it is not included, it defaults to a slash (/).
This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters.

func (InstanceProfileOutput) Roles added in v0.17.0 

func (o InstanceProfileOutput) Roles() pulumi.StringArrayOutput

The name of the role to associate with the instance profile. Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions.

func (InstanceProfileOutput) ToInstanceProfileOutput 

func (o InstanceProfileOutput) ToInstanceProfileOutput() InstanceProfileOutput

func (InstanceProfileOutput) ToInstanceProfileOutputWithContext 

func (o InstanceProfileOutput) ToInstanceProfileOutputWithContext(ctx context.Context) InstanceProfileOutput

type InstanceProfileState 

type InstanceProfileState struct {
}

func (InstanceProfileState) ElementType 

func (InstanceProfileState) ElementType() reflect.Type

type LookupGroupArgs added in v0.12.0 

type LookupGroupArgs struct {
	// The name of the group to create. Do not include the path in this value.
	//  The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins". If you don't specify a name, CFN generates a unique physical ID and uses that ID for the group name.
	//   If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
	//   If you specify a name, you must specify the “CAPABILITY_NAMED_IAM“ value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities).
	//   Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using “Fn::Join“ and “AWS::Region“ to create a Region-specific name, as in the following example: “{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}“.
	GroupName string `pulumi:"groupName"`
}

type LookupGroupOutputArgs added in v0.12.0 

type LookupGroupOutputArgs struct {
	// The name of the group to create. Do not include the path in this value.
	//  The group name must be unique within the account. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins". If you don't specify a name, CFN generates a unique physical ID and uses that ID for the group name.
	//   If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
	//   If you specify a name, you must specify the “CAPABILITY_NAMED_IAM“ value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities).
	//   Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using “Fn::Join“ and “AWS::Region“ to create a Region-specific name, as in the following example: “{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}“.
	GroupName pulumi.StringInput `pulumi:"groupName"`
}

func (LookupGroupOutputArgs) ElementType added in v0.12.0 

func (LookupGroupOutputArgs) ElementType() reflect.Type

type LookupGroupPolicyArgs added in v0.69.0 

type LookupGroupPolicyArgs struct {
	// The name of the group to associate the policy with.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-.
	GroupName string `pulumi:"groupName"`
	// The name of the policy document.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	PolicyName string `pulumi:"policyName"`
}

type LookupGroupPolicyOutputArgs added in v0.69.0 

type LookupGroupPolicyOutputArgs struct {
	// The name of the group to associate the policy with.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-.
	GroupName pulumi.StringInput `pulumi:"groupName"`
	// The name of the policy document.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	PolicyName pulumi.StringInput `pulumi:"policyName"`
}

func (LookupGroupPolicyOutputArgs) ElementType added in v0.69.0 

func (LookupGroupPolicyOutputArgs) ElementType() reflect.Type

type LookupGroupPolicyResult added in v0.69.0 

type LookupGroupPolicyResult struct {
	// The policy document.
	//  You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.
	//  The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
	//   +  Any printable ASCII character ranging from the space character (“\u0020“) through the end of the ASCII character range
	//   +  The printable characters in the Basic Latin and Latin-1 Supplement character set (through “\u00FF“)
	//   +  The special characters tab (“\u0009“), line feed (“\u000A“), and carriage return (“\u000D“)
	//
	// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::GroupPolicy` for more information about the expected schema for this property.
	PolicyDocument interface{} `pulumi:"policyDocument"`
}

func LookupGroupPolicy added in v0.69.0 

func LookupGroupPolicy(ctx *pulumi.Context, args *LookupGroupPolicyArgs, opts ...pulumi.InvokeOption) (*LookupGroupPolicyResult, error)

Adds or updates an inline policy document that is embedded in the specified IAM group. 

A group can also have managed policies attached to it. To attach a managed policy to a group, use [AWS::IAM::Group](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*.
For information about the maximum number of inline policies that you can embed in a group, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.

type LookupGroupPolicyResultOutput added in v0.69.0 

type LookupGroupPolicyResultOutput struct{ *pulumi.OutputState }

func LookupGroupPolicyOutput added in v0.69.0 

func LookupGroupPolicyOutput(ctx *pulumi.Context, args LookupGroupPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupGroupPolicyResultOutput

func (LookupGroupPolicyResultOutput) ElementType added in v0.69.0 

func (LookupGroupPolicyResultOutput) ElementType() reflect.Type

func (LookupGroupPolicyResultOutput) PolicyDocument added in v0.69.0 

func (o LookupGroupPolicyResultOutput) PolicyDocument() pulumi.AnyOutput

The policy document. 

You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.
The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
 +  Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range
 +  The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``)
 +  The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``)

Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::GroupPolicy` for more information about the expected schema for this property.

func (LookupGroupPolicyResultOutput) ToLookupGroupPolicyResultOutput added in v0.69.0 

func (o LookupGroupPolicyResultOutput) ToLookupGroupPolicyResultOutput() LookupGroupPolicyResultOutput

func (LookupGroupPolicyResultOutput) ToLookupGroupPolicyResultOutputWithContext added in v0.69.0 

func (o LookupGroupPolicyResultOutput) ToLookupGroupPolicyResultOutputWithContext(ctx context.Context) LookupGroupPolicyResultOutput

type LookupGroupResult added in v0.12.0 

type LookupGroupResult struct {
	// Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::Group` resource. For example: `arn:aws:iam::123456789012:group/mystack-mygroup-1DZETITOWEKVO` .
	Arn *string `pulumi:"arn"`
	// The Amazon Resource Name (ARN) of the IAM policy you want to attach.
	//  For more information about ARNs, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.
	ManagedPolicyArns []string `pulumi:"managedPolicyArns"`
	// The path to the group. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*.
	//  This parameter is optional. If it is not included, it defaults to a slash (/).
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (“\u0021“) through the DEL character (“\u007F“), including most punctuation characters, digits, and upper and lowercased letters.
	Path *string `pulumi:"path"`
	// Adds or updates an inline policy document that is embedded in the specified IAM group. To view AWS::IAM::Group snippets, see [Declaring an Group Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-group).
	//   The name of each inline policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.
	//   For information about limits on the number of inline policies that you can embed in a group, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.
	Policies []GroupPolicyType `pulumi:"policies"`
}

func LookupGroup added in v0.12.0 

func LookupGroup(ctx *pulumi.Context, args *LookupGroupArgs, opts ...pulumi.InvokeOption) (*LookupGroupResult, error)

Creates a new group. 

For information about the number of groups you can create, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.

type LookupGroupResultOutput added in v0.12.0 

type LookupGroupResultOutput struct{ *pulumi.OutputState }

func LookupGroupOutput added in v0.12.0 

func LookupGroupOutput(ctx *pulumi.Context, args LookupGroupOutputArgs, opts ...pulumi.InvokeOption) LookupGroupResultOutput

func (LookupGroupResultOutput) Arn added in v0.12.0 

func (o LookupGroupResultOutput) Arn() pulumi.StringPtrOutput

Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::Group` resource. For example: `arn:aws:iam::123456789012:group/mystack-mygroup-1DZETITOWEKVO` .

func (LookupGroupResultOutput) ElementType added in v0.12.0 

func (LookupGroupResultOutput) ElementType() reflect.Type

func (LookupGroupResultOutput) ManagedPolicyArns added in v0.12.0 

func (o LookupGroupResultOutput) ManagedPolicyArns() pulumi.StringArrayOutput

The Amazon Resource Name (ARN) of the IAM policy you want to attach. 

For more information about ARNs, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.

func (LookupGroupResultOutput) Path added in v0.12.0 

func (o LookupGroupResultOutput) Path() pulumi.StringPtrOutput

The path to the group. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. 

This parameter is optional. If it is not included, it defaults to a slash (/).
This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters.

func (LookupGroupResultOutput) Policies added in v0.12.0 

func (o LookupGroupResultOutput) Policies() GroupPolicyTypeArrayOutput

Adds or updates an inline policy document that is embedded in the specified IAM group. To view AWS::IAM::Group snippets, see [Declaring an Group Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-group). 

The name of each inline policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.
For information about limits on the number of inline policies that you can embed in a group, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.

func (LookupGroupResultOutput) ToLookupGroupResultOutput added in v0.12.0 

func (o LookupGroupResultOutput) ToLookupGroupResultOutput() LookupGroupResultOutput

func (LookupGroupResultOutput) ToLookupGroupResultOutputWithContext added in v0.12.0 

func (o LookupGroupResultOutput) ToLookupGroupResultOutputWithContext(ctx context.Context) LookupGroupResultOutput

type LookupInstanceProfileArgs added in v0.12.0 

type LookupInstanceProfileArgs struct {
	// The name of the instance profile to create.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	InstanceProfileName string `pulumi:"instanceProfileName"`
}

type LookupInstanceProfileOutputArgs added in v0.12.0 

type LookupInstanceProfileOutputArgs struct {
	// The name of the instance profile to create.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	InstanceProfileName pulumi.StringInput `pulumi:"instanceProfileName"`
}

func (LookupInstanceProfileOutputArgs) ElementType added in v0.12.0 

func (LookupInstanceProfileOutputArgs) ElementType() reflect.Type

type LookupInstanceProfileResult added in v0.12.0 

type LookupInstanceProfileResult struct {
	// Returns the Amazon Resource Name (ARN) for the instance profile. For example:
	//
	// `{"Fn::GetAtt" : ["MyProfile", "Arn"] }`
	//
	// This returns a value such as `arn:aws:iam::1234567890:instance-profile/MyProfile-ASDNSDLKJ` .
	Arn *string `pulumi:"arn"`
	// The name of the role to associate with the instance profile. Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions.
	Roles []string `pulumi:"roles"`
}

func LookupInstanceProfile added in v0.12.0 

func LookupInstanceProfile(ctx *pulumi.Context, args *LookupInstanceProfileArgs, opts ...pulumi.InvokeOption) (*LookupInstanceProfileResult, error)

Creates a new instance profile. For information about instance profiles, see [Using instance profiles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html). 

For information about the number of instance profiles you can create, see [object quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *User Guide*.

type LookupInstanceProfileResultOutput added in v0.12.0 

type LookupInstanceProfileResultOutput struct{ *pulumi.OutputState }

func LookupInstanceProfileOutput added in v0.12.0 

func LookupInstanceProfileOutput(ctx *pulumi.Context, args LookupInstanceProfileOutputArgs, opts ...pulumi.InvokeOption) LookupInstanceProfileResultOutput

func (LookupInstanceProfileResultOutput) Arn added in v0.12.0 

func (o LookupInstanceProfileResultOutput) Arn() pulumi.StringPtrOutput

Returns the Amazon Resource Name (ARN) for the instance profile. For example:

`{"Fn::GetAtt" : ["MyProfile", "Arn"] }`

This returns a value such as `arn:aws:iam::1234567890:instance-profile/MyProfile-ASDNSDLKJ` .

func (LookupInstanceProfileResultOutput) ElementType added in v0.12.0 

func (LookupInstanceProfileResultOutput) ElementType() reflect.Type

func (LookupInstanceProfileResultOutput) Roles added in v0.12.0 

func (o LookupInstanceProfileResultOutput) Roles() pulumi.StringArrayOutput

The name of the role to associate with the instance profile. Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions.

func (LookupInstanceProfileResultOutput) ToLookupInstanceProfileResultOutput added in v0.12.0 

func (o LookupInstanceProfileResultOutput) ToLookupInstanceProfileResultOutput() LookupInstanceProfileResultOutput

func (LookupInstanceProfileResultOutput) ToLookupInstanceProfileResultOutputWithContext added in v0.12.0 

func (o LookupInstanceProfileResultOutput) ToLookupInstanceProfileResultOutputWithContext(ctx context.Context) LookupInstanceProfileResultOutput

type LookupManagedPolicyArgs added in v0.12.0 

type LookupManagedPolicyArgs struct {
	PolicyArn string `pulumi:"policyArn"`
}

type LookupManagedPolicyOutputArgs added in v0.12.0 

type LookupManagedPolicyOutputArgs struct {
	PolicyArn pulumi.StringInput `pulumi:"policyArn"`
}

func (LookupManagedPolicyOutputArgs) ElementType added in v0.12.0 

func (LookupManagedPolicyOutputArgs) ElementType() reflect.Type

type LookupManagedPolicyResult added in v0.12.0 

type LookupManagedPolicyResult struct {
	AttachmentCount  *int    `pulumi:"attachmentCount"`
	CreateDate       *string `pulumi:"createDate"`
	DefaultVersionId *string `pulumi:"defaultVersionId"`
	// The name (friendly name, not ARN) of the group to attach the policy to.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	Groups                        []string `pulumi:"groups"`
	IsAttachable                  *bool    `pulumi:"isAttachable"`
	PermissionsBoundaryUsageCount *int     `pulumi:"permissionsBoundaryUsageCount"`
	PolicyArn                     *string  `pulumi:"policyArn"`
	// The JSON policy document that you want to use as the content for the new policy.
	//  You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.
	//  The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see [IAM and character quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length).
	//  To learn more about JSON policy grammar, see [Grammar of the IAM JSON policy language](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) in the *IAM User Guide*.
	//  The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
	//   +  Any printable ASCII character ranging from the space character (“\u0020“) through the end of the ASCII character range
	//   +  The printable characters in the Basic Latin and Latin-1 Supplement character set (through “\u00FF“)
	//   +  The special characters tab (“\u0009“), line feed (“\u000A“), and carriage return (“\u000D“)
	//
	// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::ManagedPolicy` for more information about the expected schema for this property.
	PolicyDocument interface{} `pulumi:"policyDocument"`
	PolicyId       *string     `pulumi:"policyId"`
	// The name (friendly name, not ARN) of the role to attach the policy to.
	//  This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	//   If an external policy (such as “AWS::IAM::Policy“ or “AWS::IAM::ManagedPolicy“) has a “Ref“ to a role and if a resource (such as “AWS::ECS::Service“) also has a “Ref“ to the same role, add a “DependsOn“ attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an “AWS::ECS::Service“ resource, the “DependsOn“ attribute ensures that CFN deletes the “AWS::ECS::Service“ resource before deleting its role's policy.
	Roles      []string `pulumi:"roles"`
	UpdateDate *string  `pulumi:"updateDate"`
	// The name (friendly name, not ARN) of the IAM user to attach the policy to.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	Users []string `pulumi:"users"`
}

func LookupManagedPolicy added in v0.12.0 

func LookupManagedPolicy(ctx *pulumi.Context, args *LookupManagedPolicyArgs, opts ...pulumi.InvokeOption) (*LookupManagedPolicyResult, error)

Creates a new managed policy for your AWS-account. 

This operation creates a policy version with a version identifier of ``v1`` and sets v1 as the policy's default version. For more information about policy versions, see [Versioning for managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html) in the *IAM User Guide*.
As a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html) in the *IAM User Guide*.
For more information about managed policies in general, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*.

type LookupManagedPolicyResultOutput added in v0.12.0 

type LookupManagedPolicyResultOutput struct{ *pulumi.OutputState }

func LookupManagedPolicyOutput added in v0.12.0 

func LookupManagedPolicyOutput(ctx *pulumi.Context, args LookupManagedPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupManagedPolicyResultOutput

func (LookupManagedPolicyResultOutput) AttachmentCount added in v0.70.0 

func (o LookupManagedPolicyResultOutput) AttachmentCount() pulumi.IntPtrOutput

func (LookupManagedPolicyResultOutput) CreateDate added in v0.70.0 

func (o LookupManagedPolicyResultOutput) CreateDate() pulumi.StringPtrOutput

func (LookupManagedPolicyResultOutput) DefaultVersionId added in v0.70.0 

func (o LookupManagedPolicyResultOutput) DefaultVersionId() pulumi.StringPtrOutput

func (LookupManagedPolicyResultOutput) ElementType added in v0.12.0 

func (LookupManagedPolicyResultOutput) ElementType() reflect.Type

func (LookupManagedPolicyResultOutput) Groups added in v0.12.0 

func (o LookupManagedPolicyResultOutput) Groups() pulumi.StringArrayOutput

The name (friendly name, not ARN) of the group to attach the policy to. 

This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

func (LookupManagedPolicyResultOutput) IsAttachable added in v0.70.0 

func (o LookupManagedPolicyResultOutput) IsAttachable() pulumi.BoolPtrOutput

func (LookupManagedPolicyResultOutput) PermissionsBoundaryUsageCount added in v0.70.0 

func (o LookupManagedPolicyResultOutput) PermissionsBoundaryUsageCount() pulumi.IntPtrOutput

func (LookupManagedPolicyResultOutput) PolicyArn added in v0.70.0 

func (o LookupManagedPolicyResultOutput) PolicyArn() pulumi.StringPtrOutput

func (LookupManagedPolicyResultOutput) PolicyDocument added in v0.12.0 

func (o LookupManagedPolicyResultOutput) PolicyDocument() pulumi.AnyOutput

The JSON policy document that you want to use as the content for the new policy. 

You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.
The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see [IAM and character quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length).
To learn more about JSON policy grammar, see [Grammar of the IAM JSON policy language](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) in the *IAM User Guide*.
The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
 +  Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range
 +  The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``)
 +  The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``)

Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::ManagedPolicy` for more information about the expected schema for this property.

func (LookupManagedPolicyResultOutput) PolicyId added in v0.70.0 

func (o LookupManagedPolicyResultOutput) PolicyId() pulumi.StringPtrOutput

func (LookupManagedPolicyResultOutput) Roles added in v0.12.0 

func (o LookupManagedPolicyResultOutput) Roles() pulumi.StringArrayOutput

The name (friendly name, not ARN) of the role to attach the policy to. 

This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 If an external policy (such as ``AWS::IAM::Policy`` or ``AWS::IAM::ManagedPolicy``) has a ``Ref`` to a role and if a resource (such as ``AWS::ECS::Service``) also has a ``Ref`` to the same role, add a ``DependsOn`` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an ``AWS::ECS::Service`` resource, the ``DependsOn`` attribute ensures that CFN deletes the ``AWS::ECS::Service`` resource before deleting its role's policy.

func (LookupManagedPolicyResultOutput) ToLookupManagedPolicyResultOutput added in v0.12.0 

func (o LookupManagedPolicyResultOutput) ToLookupManagedPolicyResultOutput() LookupManagedPolicyResultOutput

func (LookupManagedPolicyResultOutput) ToLookupManagedPolicyResultOutputWithContext added in v0.12.0 

func (o LookupManagedPolicyResultOutput) ToLookupManagedPolicyResultOutputWithContext(ctx context.Context) LookupManagedPolicyResultOutput

func (LookupManagedPolicyResultOutput) UpdateDate added in v0.70.0 

func (o LookupManagedPolicyResultOutput) UpdateDate() pulumi.StringPtrOutput

func (LookupManagedPolicyResultOutput) Users added in v0.12.0 

func (o LookupManagedPolicyResultOutput) Users() pulumi.StringArrayOutput

The name (friendly name, not ARN) of the IAM user to attach the policy to. 

This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

type LookupOidcProviderArgs added in v0.72.0 

type LookupOidcProviderArgs struct {
	// Amazon Resource Name (ARN) of the OIDC provider
	Arn string `pulumi:"arn"`
}

type LookupOidcProviderOutputArgs added in v0.72.0 

type LookupOidcProviderOutputArgs struct {
	// Amazon Resource Name (ARN) of the OIDC provider
	Arn pulumi.StringInput `pulumi:"arn"`
}

func (LookupOidcProviderOutputArgs) ElementType added in v0.72.0 

func (LookupOidcProviderOutputArgs) ElementType() reflect.Type

type LookupOidcProviderResult added in v0.72.0 

type LookupOidcProviderResult struct {
	// Amazon Resource Name (ARN) of the OIDC provider
	Arn *string `pulumi:"arn"`
	// A list of client IDs (also known as audiences) that are associated with the specified IAM OIDC provider resource object. For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .
	ClientIdList []string `pulumi:"clientIdList"`
	// A list of tags that are attached to the specified IAM OIDC provider. The returned list of tags is sorted by tag key. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .
	Tags []aws.Tag `pulumi:"tags"`
	// A list of certificate thumbprints that are associated with the specified IAM OIDC provider resource object. For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .
	//
	// This property is optional. If it is not included, IAM will retrieve and use the top intermediate certificate authority (CA) thumbprint of the OpenID Connect identity provider server certificate.
	ThumbprintList []string `pulumi:"thumbprintList"`
}

func LookupOidcProvider added in v0.72.0 

func LookupOidcProvider(ctx *pulumi.Context, args *LookupOidcProviderArgs, opts ...pulumi.InvokeOption) (*LookupOidcProviderResult, error)

Resource Type definition for AWS::IAM::OIDCProvider

type LookupOidcProviderResultOutput added in v0.72.0 

type LookupOidcProviderResultOutput struct{ *pulumi.OutputState }

func LookupOidcProviderOutput added in v0.72.0 

func LookupOidcProviderOutput(ctx *pulumi.Context, args LookupOidcProviderOutputArgs, opts ...pulumi.InvokeOption) LookupOidcProviderResultOutput

func (LookupOidcProviderResultOutput) Arn added in v0.72.0 

func (o LookupOidcProviderResultOutput) Arn() pulumi.StringPtrOutput

Amazon Resource Name (ARN) of the OIDC provider

func (LookupOidcProviderResultOutput) ClientIdList added in v0.72.0 

func (o LookupOidcProviderResultOutput) ClientIdList() pulumi.StringArrayOutput

A list of client IDs (also known as audiences) that are associated with the specified IAM OIDC provider resource object. For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .

func (LookupOidcProviderResultOutput) ElementType added in v0.72.0 

func (LookupOidcProviderResultOutput) ElementType() reflect.Type

func (LookupOidcProviderResultOutput) Tags added in v0.72.0 

func (o LookupOidcProviderResultOutput) Tags() aws.TagArrayOutput

A list of tags that are attached to the specified IAM OIDC provider. The returned list of tags is sorted by tag key. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .

func (LookupOidcProviderResultOutput) ThumbprintList added in v0.72.0 

func (o LookupOidcProviderResultOutput) ThumbprintList() pulumi.StringArrayOutput

A list of certificate thumbprints that are associated with the specified IAM OIDC provider resource object. For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .

This property is optional. If it is not included, IAM will retrieve and use the top intermediate certificate authority (CA) thumbprint of the OpenID Connect identity provider server certificate.

func (LookupOidcProviderResultOutput) ToLookupOidcProviderResultOutput added in v0.72.0 

func (o LookupOidcProviderResultOutput) ToLookupOidcProviderResultOutput() LookupOidcProviderResultOutput

func (LookupOidcProviderResultOutput) ToLookupOidcProviderResultOutputWithContext added in v0.72.0 

func (o LookupOidcProviderResultOutput) ToLookupOidcProviderResultOutputWithContext(ctx context.Context) LookupOidcProviderResultOutput

type LookupRoleArgs added in v0.12.0 

type LookupRoleArgs struct {
	// A name for the IAM role, up to 64 characters in length. For valid values, see the `RoleName` parameter for the [`CreateRole`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *IAM User Guide* .
	//
	// This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both "Role1" and "role1".
	//
	// If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the role name.
	//
	// If you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .
	//
	// > Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}` .
	RoleName string `pulumi:"roleName"`
}

type LookupRoleOutputArgs added in v0.12.0 

type LookupRoleOutputArgs struct {
	// A name for the IAM role, up to 64 characters in length. For valid values, see the `RoleName` parameter for the [`CreateRole`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *IAM User Guide* .
	//
	// This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both "Role1" and "role1".
	//
	// If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the role name.
	//
	// If you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .
	//
	// > Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}` .
	RoleName pulumi.StringInput `pulumi:"roleName"`
}

func (LookupRoleOutputArgs) ElementType added in v0.12.0 

func (LookupRoleOutputArgs) ElementType() reflect.Type

type LookupRolePolicyArgs added in v0.69.0 

type LookupRolePolicyArgs struct {
	// The name of the policy document.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	PolicyName string `pulumi:"policyName"`
	// The name of the role to associate the policy with.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	RoleName string `pulumi:"roleName"`
}

type LookupRolePolicyOutputArgs added in v0.69.0 

type LookupRolePolicyOutputArgs struct {
	// The name of the policy document.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	PolicyName pulumi.StringInput `pulumi:"policyName"`
	// The name of the role to associate the policy with.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	RoleName pulumi.StringInput `pulumi:"roleName"`
}

func (LookupRolePolicyOutputArgs) ElementType added in v0.69.0 

func (LookupRolePolicyOutputArgs) ElementType() reflect.Type

type LookupRolePolicyResult added in v0.69.0 

type LookupRolePolicyResult struct {
	// The policy document.
	//  You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.
	//  The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
	//   +  Any printable ASCII character ranging from the space character (“\u0020“) through the end of the ASCII character range
	//   +  The printable characters in the Basic Latin and Latin-1 Supplement character set (through “\u00FF“)
	//   +  The special characters tab (“\u0009“), line feed (“\u000A“), and carriage return (“\u000D“)
	//
	// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::RolePolicy` for more information about the expected schema for this property.
	PolicyDocument interface{} `pulumi:"policyDocument"`
}

func LookupRolePolicy added in v0.69.0 

func LookupRolePolicy(ctx *pulumi.Context, args *LookupRolePolicyArgs, opts ...pulumi.InvokeOption) (*LookupRolePolicyResult, error)

Adds or updates an inline policy document that is embedded in the specified IAM role. 

When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role, using [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html). You can update a role's trust policy using [UpdateAssumeRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html). For information about roles, see [roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) in the *IAM User Guide*.
A role can also have a managed policy attached to it. To attach a managed policy to a role, use [AWS::IAM::Role](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*.
For information about the maximum number of inline policies that you can embed with a role, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.

type LookupRolePolicyResultOutput added in v0.69.0 

type LookupRolePolicyResultOutput struct{ *pulumi.OutputState }

func LookupRolePolicyOutput added in v0.69.0 

func LookupRolePolicyOutput(ctx *pulumi.Context, args LookupRolePolicyOutputArgs, opts ...pulumi.InvokeOption) LookupRolePolicyResultOutput

func (LookupRolePolicyResultOutput) ElementType added in v0.69.0 

func (LookupRolePolicyResultOutput) ElementType() reflect.Type

func (LookupRolePolicyResultOutput) PolicyDocument added in v0.69.0 

func (o LookupRolePolicyResultOutput) PolicyDocument() pulumi.AnyOutput

The policy document. 

You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.
The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
 +  Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range
 +  The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``)
 +  The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``)

Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::RolePolicy` for more information about the expected schema for this property.

func (LookupRolePolicyResultOutput) ToLookupRolePolicyResultOutput added in v0.69.0 

func (o LookupRolePolicyResultOutput) ToLookupRolePolicyResultOutput() LookupRolePolicyResultOutput

func (LookupRolePolicyResultOutput) ToLookupRolePolicyResultOutputWithContext added in v0.69.0 

func (o LookupRolePolicyResultOutput) ToLookupRolePolicyResultOutputWithContext(ctx context.Context) LookupRolePolicyResultOutput

type LookupRoleResult added in v0.12.0 

type LookupRoleResult struct {
	// Returns the Amazon Resource Name (ARN) for the role. For example:
	//
	// `{"Fn::GetAtt" : ["MyRole", "Arn"] }`
	//
	// This will return a value such as `arn:aws:iam::1234567890:role/MyRole-AJJHDSKSDF` .
	Arn *string `pulumi:"arn"`
	// The trust policy that is associated with this role. Trust policies define which entities can assume the role. You can associate only one trust policy with a role. For an example of a policy that can be used to assume a role, see [Template Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#aws-resource-iam-role--examples). For more information about the elements that you can use in an IAM policy, see [Policy Elements Reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the *User Guide*.
	//
	// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::Role` for more information about the expected schema for this property.
	AssumeRolePolicyDocument interface{} `pulumi:"assumeRolePolicyDocument"`
	// A description of the role that you provide.
	Description *string `pulumi:"description"`
	// A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role.
	//  For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.
	ManagedPolicyArns []string `pulumi:"managedPolicyArns"`
	// The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours.
	//  Anyone who assumes the role from the CLI or API can use the “DurationSeconds“ API parameter or the “duration-seconds“ CLI parameter to request a longer session. The “MaxSessionDuration“ setting determines the maximum duration that can be requested using the “DurationSeconds“ parameter. If users don't specify a value for the “DurationSeconds“ parameter, their security credentials are valid for one hour by default. This applies when you use the “AssumeRole*“ API operations or the “assume-role*“ CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide*.
	MaxSessionDuration *int `pulumi:"maxSessionDuration"`
	// The ARN of the policy used to set the permissions boundary for the role.
	//  For more information about permissions boundaries, see [Permissions boundaries for IAM identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*.
	PermissionsBoundary *string `pulumi:"permissionsBoundary"`
	// Adds or updates an inline policy document that is embedded in the specified IAM role.
	//
	// When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) .
	//
	// A role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .
	//
	// For information about limits on the number of inline policies that you can embed with a role, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .
	//
	// > If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.
	Policies []RolePolicyType `pulumi:"policies"`
	// Returns the stable and unique string identifying the role. For example, `AIDAJQABLZS4A3QDU576Q` .
	//
	// For more information about IDs, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) in the *IAM User Guide* .
	RoleId *string `pulumi:"roleId"`
	// A list of tags that are attached to the role. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*.
	Tags []aws.Tag `pulumi:"tags"`
}

func LookupRole added in v0.12.0 

func LookupRole(ctx *pulumi.Context, args *LookupRoleArgs, opts ...pulumi.InvokeOption) (*LookupRoleResult, error)

Creates a new role for your AWS-account. 

For more information about roles, see [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) in the *IAM User Guide*. For information about quotas for role names and the number of roles you can create, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.

type LookupRoleResultOutput added in v0.12.0 

type LookupRoleResultOutput struct{ *pulumi.OutputState }

func LookupRoleOutput added in v0.12.0 

func LookupRoleOutput(ctx *pulumi.Context, args LookupRoleOutputArgs, opts ...pulumi.InvokeOption) LookupRoleResultOutput

func (LookupRoleResultOutput) Arn added in v0.12.0 

func (o LookupRoleResultOutput) Arn() pulumi.StringPtrOutput

Returns the Amazon Resource Name (ARN) for the role. For example:

`{"Fn::GetAtt" : ["MyRole", "Arn"] }`

This will return a value such as `arn:aws:iam::1234567890:role/MyRole-AJJHDSKSDF` .

func (LookupRoleResultOutput) AssumeRolePolicyDocument added in v0.12.0 

func (o LookupRoleResultOutput) AssumeRolePolicyDocument() pulumi.AnyOutput

The trust policy that is associated with this role. Trust policies define which entities can assume the role. You can associate only one trust policy with a role. For an example of a policy that can be used to assume a role, see [Template Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#aws-resource-iam-role--examples). For more information about the elements that you can use in an IAM policy, see [Policy Elements Reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the *User Guide*.

Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::Role` for more information about the expected schema for this property.

func (LookupRoleResultOutput) Description added in v0.12.0 

func (o LookupRoleResultOutput) Description() pulumi.StringPtrOutput

A description of the role that you provide.

func (LookupRoleResultOutput) ElementType added in v0.12.0 

func (LookupRoleResultOutput) ElementType() reflect.Type

func (LookupRoleResultOutput) ManagedPolicyArns added in v0.12.0 

func (o LookupRoleResultOutput) ManagedPolicyArns() pulumi.StringArrayOutput

A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role. 

For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.

func (LookupRoleResultOutput) MaxSessionDuration added in v0.12.0 

func (o LookupRoleResultOutput) MaxSessionDuration() pulumi.IntPtrOutput

The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours. 

Anyone who assumes the role from the CLI or API can use the ``DurationSeconds`` API parameter or the ``duration-seconds`` CLI parameter to request a longer session. The ``MaxSessionDuration`` setting determines the maximum duration that can be requested using the ``DurationSeconds`` parameter. If users don't specify a value for the ``DurationSeconds`` parameter, their security credentials are valid for one hour by default. This applies when you use the ``AssumeRole*`` API operations or the ``assume-role*`` CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide*.

func (LookupRoleResultOutput) PermissionsBoundary added in v0.12.0 

func (o LookupRoleResultOutput) PermissionsBoundary() pulumi.StringPtrOutput

The ARN of the policy used to set the permissions boundary for the role. 

For more information about permissions boundaries, see [Permissions boundaries for IAM identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*.

func (LookupRoleResultOutput) Policies added in v0.12.0 

func (o LookupRoleResultOutput) Policies() RolePolicyTypeArrayOutput

Adds or updates an inline policy document that is embedded in the specified IAM role.

When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) .

A role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .

For information about limits on the number of inline policies that you can embed with a role, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .

> If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.

func (LookupRoleResultOutput) RoleId added in v0.12.0 

func (o LookupRoleResultOutput) RoleId() pulumi.StringPtrOutput

Returns the stable and unique string identifying the role. For example, `AIDAJQABLZS4A3QDU576Q` .

For more information about IDs, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) in the *IAM User Guide* .

func (LookupRoleResultOutput) Tags added in v0.12.0 

func (o LookupRoleResultOutput) Tags() aws.TagArrayOutput

A list of tags that are attached to the role. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*.

func (LookupRoleResultOutput) ToLookupRoleResultOutput added in v0.12.0 

func (o LookupRoleResultOutput) ToLookupRoleResultOutput() LookupRoleResultOutput

func (LookupRoleResultOutput) ToLookupRoleResultOutputWithContext added in v0.12.0 

func (o LookupRoleResultOutput) ToLookupRoleResultOutputWithContext(ctx context.Context) LookupRoleResultOutput

type LookupSamlProviderArgs added in v0.72.0 

type LookupSamlProviderArgs struct {
	// Amazon Resource Name (ARN) of the SAML provider
	Arn string `pulumi:"arn"`
}

type LookupSamlProviderOutputArgs added in v0.72.0 

type LookupSamlProviderOutputArgs struct {
	// Amazon Resource Name (ARN) of the SAML provider
	Arn pulumi.StringInput `pulumi:"arn"`
}

func (LookupSamlProviderOutputArgs) ElementType added in v0.72.0 

func (LookupSamlProviderOutputArgs) ElementType() reflect.Type

type LookupSamlProviderResult added in v0.72.0 

type LookupSamlProviderResult struct {
	// Amazon Resource Name (ARN) of the SAML provider
	Arn *string `pulumi:"arn"`
	// An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP.
	//
	// For more information, see [About SAML 2.0-based federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) in the *IAM User Guide*
	SamlMetadataDocument *string `pulumi:"samlMetadataDocument"`
	// A list of tags that you want to attach to the new IAM SAML provider. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .
	//
	// > If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.
	Tags []aws.Tag `pulumi:"tags"`
}

func LookupSamlProvider added in v0.72.0 

func LookupSamlProvider(ctx *pulumi.Context, args *LookupSamlProviderArgs, opts ...pulumi.InvokeOption) (*LookupSamlProviderResult, error)

Resource Type definition for AWS::IAM::SAMLProvider

type LookupSamlProviderResultOutput added in v0.72.0 

type LookupSamlProviderResultOutput struct{ *pulumi.OutputState }

func LookupSamlProviderOutput added in v0.72.0 

func LookupSamlProviderOutput(ctx *pulumi.Context, args LookupSamlProviderOutputArgs, opts ...pulumi.InvokeOption) LookupSamlProviderResultOutput

func (LookupSamlProviderResultOutput) Arn added in v0.72.0 

func (o LookupSamlProviderResultOutput) Arn() pulumi.StringPtrOutput

Amazon Resource Name (ARN) of the SAML provider

func (LookupSamlProviderResultOutput) ElementType added in v0.72.0 

func (LookupSamlProviderResultOutput) ElementType() reflect.Type

func (LookupSamlProviderResultOutput) SamlMetadataDocument added in v0.72.0 

func (o LookupSamlProviderResultOutput) SamlMetadataDocument() pulumi.StringPtrOutput

An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP.

For more information, see [About SAML 2.0-based federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) in the *IAM User Guide*

func (LookupSamlProviderResultOutput) Tags added in v0.72.0 

func (o LookupSamlProviderResultOutput) Tags() aws.TagArrayOutput

A list of tags that you want to attach to the new IAM SAML provider. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .

> If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.

func (LookupSamlProviderResultOutput) ToLookupSamlProviderResultOutput added in v0.72.0 

func (o LookupSamlProviderResultOutput) ToLookupSamlProviderResultOutput() LookupSamlProviderResultOutput

func (LookupSamlProviderResultOutput) ToLookupSamlProviderResultOutputWithContext added in v0.72.0 

func (o LookupSamlProviderResultOutput) ToLookupSamlProviderResultOutputWithContext(ctx context.Context) LookupSamlProviderResultOutput

type LookupServerCertificateArgs added in v0.12.0 

type LookupServerCertificateArgs struct {
	// The name for the server certificate. Do not include the path in this value. The name of the certificate cannot contain any spaces.
	//
	// This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	ServerCertificateName string `pulumi:"serverCertificateName"`
}

type LookupServerCertificateOutputArgs added in v0.12.0 

type LookupServerCertificateOutputArgs struct {
	// The name for the server certificate. Do not include the path in this value. The name of the certificate cannot contain any spaces.
	//
	// This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	ServerCertificateName pulumi.StringInput `pulumi:"serverCertificateName"`
}

func (LookupServerCertificateOutputArgs) ElementType added in v0.12.0 

func (LookupServerCertificateOutputArgs) ElementType() reflect.Type

type LookupServerCertificateResult added in v0.12.0 

type LookupServerCertificateResult struct {
	// Amazon Resource Name (ARN) of the server certificate
	Arn *string `pulumi:"arn"`
	// The path for the server certificate. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .
	//
	// This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\u0021` ) through the DEL character ( `\u007F` ), including most punctuation characters, digits, and upper and lowercased letters.
	//
	// > If you are uploading a server certificate specifically for use with Amazon CloudFront distributions, you must specify a path using the `path` parameter. The path must begin with `/cloudfront` and must include a trailing slash (for example, `/cloudfront/test/` ).
	Path *string `pulumi:"path"`
	// A list of tags that are attached to the server certificate. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .
	Tags []aws.Tag `pulumi:"tags"`
}

func LookupServerCertificate added in v0.12.0 

func LookupServerCertificate(ctx *pulumi.Context, args *LookupServerCertificateArgs, opts ...pulumi.InvokeOption) (*LookupServerCertificateResult, error)

Resource Type definition for AWS::IAM::ServerCertificate

type LookupServerCertificateResultOutput added in v0.12.0 

type LookupServerCertificateResultOutput struct{ *pulumi.OutputState }

func LookupServerCertificateOutput added in v0.12.0 

func LookupServerCertificateOutput(ctx *pulumi.Context, args LookupServerCertificateOutputArgs, opts ...pulumi.InvokeOption) LookupServerCertificateResultOutput

func (LookupServerCertificateResultOutput) Arn added in v0.12.0 

func (o LookupServerCertificateResultOutput) Arn() pulumi.StringPtrOutput

Amazon Resource Name (ARN) of the server certificate

func (LookupServerCertificateResultOutput) ElementType added in v0.12.0 

func (LookupServerCertificateResultOutput) ElementType() reflect.Type

func (LookupServerCertificateResultOutput) Path added in v0.12.0 

func (o LookupServerCertificateResultOutput) Path() pulumi.StringPtrOutput

The path for the server certificate. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .

This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\u0021` ) through the DEL character ( `\u007F` ), including most punctuation characters, digits, and upper and lowercased letters.

> If you are uploading a server certificate specifically for use with Amazon CloudFront distributions, you must specify a path using the `path` parameter. The path must begin with `/cloudfront` and must include a trailing slash (for example, `/cloudfront/test/` ).

func (LookupServerCertificateResultOutput) Tags added in v0.12.0 

func (o LookupServerCertificateResultOutput) Tags() aws.TagArrayOutput

A list of tags that are attached to the server certificate. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .

func (LookupServerCertificateResultOutput) ToLookupServerCertificateResultOutput added in v0.12.0 

func (o LookupServerCertificateResultOutput) ToLookupServerCertificateResultOutput() LookupServerCertificateResultOutput

func (LookupServerCertificateResultOutput) ToLookupServerCertificateResultOutputWithContext added in v0.12.0 

func (o LookupServerCertificateResultOutput) ToLookupServerCertificateResultOutputWithContext(ctx context.Context) LookupServerCertificateResultOutput

type LookupServiceLinkedRoleArgs added in v0.12.0 

type LookupServiceLinkedRoleArgs struct {
	// The name of the role.
	RoleName string `pulumi:"roleName"`
}

type LookupServiceLinkedRoleOutputArgs added in v0.12.0 

type LookupServiceLinkedRoleOutputArgs struct {
	// The name of the role.
	RoleName pulumi.StringInput `pulumi:"roleName"`
}

func (LookupServiceLinkedRoleOutputArgs) ElementType added in v0.12.0 

func (LookupServiceLinkedRoleOutputArgs) ElementType() reflect.Type

type LookupServiceLinkedRoleResult added in v0.12.0 

type LookupServiceLinkedRoleResult struct {
	// The description of the role.
	Description *string `pulumi:"description"`
	// The name of the role.
	RoleName *string `pulumi:"roleName"`
}

func LookupServiceLinkedRole added in v0.12.0 

func LookupServiceLinkedRole(ctx *pulumi.Context, args *LookupServiceLinkedRoleArgs, opts ...pulumi.InvokeOption) (*LookupServiceLinkedRoleResult, error)

Resource Type definition for AWS::IAM::ServiceLinkedRole

type LookupServiceLinkedRoleResultOutput added in v0.12.0 

type LookupServiceLinkedRoleResultOutput struct{ *pulumi.OutputState }

func LookupServiceLinkedRoleOutput added in v0.12.0 

func LookupServiceLinkedRoleOutput(ctx *pulumi.Context, args LookupServiceLinkedRoleOutputArgs, opts ...pulumi.InvokeOption) LookupServiceLinkedRoleResultOutput

func (LookupServiceLinkedRoleResultOutput) Description added in v0.12.0 

func (o LookupServiceLinkedRoleResultOutput) Description() pulumi.StringPtrOutput

The description of the role.

func (LookupServiceLinkedRoleResultOutput) ElementType added in v0.12.0 

func (LookupServiceLinkedRoleResultOutput) ElementType() reflect.Type

func (LookupServiceLinkedRoleResultOutput) RoleName added in v0.67.0 

func (o LookupServiceLinkedRoleResultOutput) RoleName() pulumi.StringPtrOutput

The name of the role.

func (LookupServiceLinkedRoleResultOutput) ToLookupServiceLinkedRoleResultOutput added in v0.12.0 

func (o LookupServiceLinkedRoleResultOutput) ToLookupServiceLinkedRoleResultOutput() LookupServiceLinkedRoleResultOutput

func (LookupServiceLinkedRoleResultOutput) ToLookupServiceLinkedRoleResultOutputWithContext added in v0.12.0 

func (o LookupServiceLinkedRoleResultOutput) ToLookupServiceLinkedRoleResultOutputWithContext(ctx context.Context) LookupServiceLinkedRoleResultOutput

type LookupUserArgs added in v0.12.0 

type LookupUserArgs struct {
	// The name of the user to create. Do not include the path in this value.
	//  This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The user name must be unique within the account. User names are not distinguished by case. For example, you cannot create users named both "John" and "john".
	//  If you don't specify a name, CFN generates a unique physical ID and uses that ID for the user name.
	//  If you specify a name, you must specify the “CAPABILITY_NAMED_IAM“ value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities).
	//   Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using “Fn::Join“ and “AWS::Region“ to create a Region-specific name, as in the following example: “{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}“.
	UserName string `pulumi:"userName"`
}

type LookupUserOutputArgs added in v0.12.0 

type LookupUserOutputArgs struct {
	// The name of the user to create. Do not include the path in this value.
	//  This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The user name must be unique within the account. User names are not distinguished by case. For example, you cannot create users named both "John" and "john".
	//  If you don't specify a name, CFN generates a unique physical ID and uses that ID for the user name.
	//  If you specify a name, you must specify the “CAPABILITY_NAMED_IAM“ value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities).
	//   Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using “Fn::Join“ and “AWS::Region“ to create a Region-specific name, as in the following example: “{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}“.
	UserName pulumi.StringInput `pulumi:"userName"`
}

func (LookupUserOutputArgs) ElementType added in v0.12.0 

func (LookupUserOutputArgs) ElementType() reflect.Type

type LookupUserPolicyArgs added in v0.69.0 

type LookupUserPolicyArgs struct {
	// The name of the policy document.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	PolicyName string `pulumi:"policyName"`
	// The name of the user to associate the policy with.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	UserName string `pulumi:"userName"`
}

type LookupUserPolicyOutputArgs added in v0.69.0 

type LookupUserPolicyOutputArgs struct {
	// The name of the policy document.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	PolicyName pulumi.StringInput `pulumi:"policyName"`
	// The name of the user to associate the policy with.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	UserName pulumi.StringInput `pulumi:"userName"`
}

func (LookupUserPolicyOutputArgs) ElementType added in v0.69.0 

func (LookupUserPolicyOutputArgs) ElementType() reflect.Type

type LookupUserPolicyResult added in v0.69.0 

type LookupUserPolicyResult struct {
	// The policy document.
	//  You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.
	//  The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
	//   +  Any printable ASCII character ranging from the space character (“\u0020“) through the end of the ASCII character range
	//   +  The printable characters in the Basic Latin and Latin-1 Supplement character set (through “\u00FF“)
	//   +  The special characters tab (“\u0009“), line feed (“\u000A“), and carriage return (“\u000D“)
	//
	// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::UserPolicy` for more information about the expected schema for this property.
	PolicyDocument interface{} `pulumi:"policyDocument"`
}

func LookupUserPolicy added in v0.69.0 

func LookupUserPolicy(ctx *pulumi.Context, args *LookupUserPolicyArgs, opts ...pulumi.InvokeOption) (*LookupUserPolicyResult, error)

Adds or updates an inline policy document that is embedded in the specified IAM user. 

An IAM user can also have a managed policy attached to it. To attach a managed policy to a user, use [AWS::IAM::User](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*.
For information about the maximum number of inline policies that you can embed in a user, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.

type LookupUserPolicyResultOutput added in v0.69.0 

type LookupUserPolicyResultOutput struct{ *pulumi.OutputState }

func LookupUserPolicyOutput added in v0.69.0 

func LookupUserPolicyOutput(ctx *pulumi.Context, args LookupUserPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupUserPolicyResultOutput

func (LookupUserPolicyResultOutput) ElementType added in v0.69.0 

func (LookupUserPolicyResultOutput) ElementType() reflect.Type

func (LookupUserPolicyResultOutput) PolicyDocument added in v0.69.0 

func (o LookupUserPolicyResultOutput) PolicyDocument() pulumi.AnyOutput

The policy document. 

You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.
The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
 +  Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range
 +  The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``)
 +  The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``)

Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::UserPolicy` for more information about the expected schema for this property.

func (LookupUserPolicyResultOutput) ToLookupUserPolicyResultOutput added in v0.69.0 

func (o LookupUserPolicyResultOutput) ToLookupUserPolicyResultOutput() LookupUserPolicyResultOutput

func (LookupUserPolicyResultOutput) ToLookupUserPolicyResultOutputWithContext added in v0.69.0 

func (o LookupUserPolicyResultOutput) ToLookupUserPolicyResultOutputWithContext(ctx context.Context) LookupUserPolicyResultOutput

type LookupUserResult added in v0.12.0 

type LookupUserResult struct {
	// Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::User` resource. For example: `arn:aws:iam::123456789012:user/mystack-myuser-1CCXAFG2H2U4D` .
	Arn *string `pulumi:"arn"`
	// A list of group names to which you want to add the user.
	Groups []string `pulumi:"groups"`
	// Creates a password for the specified IAM user. A password allows an IAM user to access AWS services through the console.
	//  You can use the CLI, the AWS API, or the *Users* page in the IAM console to create a password for any IAM user. Use [ChangePassword](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html) to update your own existing password in the *My Security Credentials* page in the console.
	//  For more information about managing passwords, see [Managing passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *User Guide*.
	LoginProfile *UserLoginProfile `pulumi:"loginProfile"`
	// A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the user.
	//  For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.
	ManagedPolicyArns []string `pulumi:"managedPolicyArns"`
	// The path for the user name. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*.
	//  This parameter is optional. If it is not included, it defaults to a slash (/).
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (“\u0021“) through the DEL character (“\u007F“), including most punctuation characters, digits, and upper and lowercased letters.
	Path *string `pulumi:"path"`
	// The ARN of the managed policy that is used to set the permissions boundary for the user.
	//  A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*.
	//  For more information about policy types, see [Policy types](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) in the *IAM User Guide*.
	PermissionsBoundary *string `pulumi:"permissionsBoundary"`
	// Adds or updates an inline policy document that is embedded in the specified IAM user. To view AWS::IAM::User snippets, see [Declaring an User Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-user).
	//   The name of each policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.
	//   For information about limits on the number of inline policies that you can embed in a user, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.
	Policies []UserPolicyType `pulumi:"policies"`
	// A list of tags that you want to attach to the new user. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*.
	//   If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.
	Tags []aws.Tag `pulumi:"tags"`
}

func LookupUser added in v0.12.0 

func LookupUser(ctx *pulumi.Context, args *LookupUserArgs, opts ...pulumi.InvokeOption) (*LookupUserResult, error)

Creates a new IAM user for your AWS-account. 

For information about quotas for the number of IAM users you can create, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.

type LookupUserResultOutput added in v0.12.0 

type LookupUserResultOutput struct{ *pulumi.OutputState }

func LookupUserOutput added in v0.12.0 

func LookupUserOutput(ctx *pulumi.Context, args LookupUserOutputArgs, opts ...pulumi.InvokeOption) LookupUserResultOutput

func (LookupUserResultOutput) Arn added in v0.12.0 

func (o LookupUserResultOutput) Arn() pulumi.StringPtrOutput

Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::User` resource. For example: `arn:aws:iam::123456789012:user/mystack-myuser-1CCXAFG2H2U4D` .

func (LookupUserResultOutput) ElementType added in v0.12.0 

func (LookupUserResultOutput) ElementType() reflect.Type

func (LookupUserResultOutput) Groups added in v0.12.0 

func (o LookupUserResultOutput) Groups() pulumi.StringArrayOutput

A list of group names to which you want to add the user.

func (LookupUserResultOutput) LoginProfile added in v0.12.0 

func (o LookupUserResultOutput) LoginProfile() UserLoginProfilePtrOutput

Creates a password for the specified IAM user. A password allows an IAM user to access AWS services through the console. 

You can use the CLI, the AWS API, or the *Users* page in the IAM console to create a password for any IAM user. Use [ChangePassword](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html) to update your own existing password in the *My Security Credentials* page in the console.
For more information about managing passwords, see [Managing passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *User Guide*.

func (LookupUserResultOutput) ManagedPolicyArns added in v0.12.0 

func (o LookupUserResultOutput) ManagedPolicyArns() pulumi.StringArrayOutput

A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the user. 

For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.

func (LookupUserResultOutput) Path added in v0.12.0 

func (o LookupUserResultOutput) Path() pulumi.StringPtrOutput

The path for the user name. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. 

This parameter is optional. If it is not included, it defaults to a slash (/).
This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters.

func (LookupUserResultOutput) PermissionsBoundary added in v0.12.0 

func (o LookupUserResultOutput) PermissionsBoundary() pulumi.StringPtrOutput

The ARN of the managed policy that is used to set the permissions boundary for the user. 

A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*.
For more information about policy types, see [Policy types](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) in the *IAM User Guide*.

func (LookupUserResultOutput) Policies added in v0.12.0 

func (o LookupUserResultOutput) Policies() UserPolicyTypeArrayOutput

Adds or updates an inline policy document that is embedded in the specified IAM user. To view AWS::IAM::User snippets, see [Declaring an User Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-user). 

The name of each policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.
For information about limits on the number of inline policies that you can embed in a user, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.

func (LookupUserResultOutput) Tags added in v0.12.0 

func (o LookupUserResultOutput) Tags() aws.TagArrayOutput

A list of tags that you want to attach to the new user. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*. 

If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.

func (LookupUserResultOutput) ToLookupUserResultOutput added in v0.12.0 

func (o LookupUserResultOutput) ToLookupUserResultOutput() LookupUserResultOutput

func (LookupUserResultOutput) ToLookupUserResultOutputWithContext added in v0.12.0 

func (o LookupUserResultOutput) ToLookupUserResultOutputWithContext(ctx context.Context) LookupUserResultOutput

type LookupVirtualMfaDeviceArgs added in v0.72.0 

type LookupVirtualMfaDeviceArgs struct {
	// Returns the serial number for the specified `AWS::IAM::VirtualMFADevice` resource.
	SerialNumber string `pulumi:"serialNumber"`
}

type LookupVirtualMfaDeviceOutputArgs added in v0.72.0 

type LookupVirtualMfaDeviceOutputArgs struct {
	// Returns the serial number for the specified `AWS::IAM::VirtualMFADevice` resource.
	SerialNumber pulumi.StringInput `pulumi:"serialNumber"`
}

func (LookupVirtualMfaDeviceOutputArgs) ElementType added in v0.72.0 

func (LookupVirtualMfaDeviceOutputArgs) ElementType() reflect.Type

type LookupVirtualMfaDeviceResult added in v0.72.0 

type LookupVirtualMfaDeviceResult struct {
	// Returns the serial number for the specified `AWS::IAM::VirtualMFADevice` resource.
	SerialNumber *string `pulumi:"serialNumber"`
	// A list of tags that you want to attach to the new IAM virtual MFA device. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .
	//
	// > If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.
	Tags []aws.Tag `pulumi:"tags"`
	// The IAM user associated with this virtual MFA device.
	Users []string `pulumi:"users"`
}

func LookupVirtualMfaDevice added in v0.72.0 

func LookupVirtualMfaDevice(ctx *pulumi.Context, args *LookupVirtualMfaDeviceArgs, opts ...pulumi.InvokeOption) (*LookupVirtualMfaDeviceResult, error)

Resource Type definition for AWS::IAM::VirtualMFADevice

type LookupVirtualMfaDeviceResultOutput added in v0.72.0 

type LookupVirtualMfaDeviceResultOutput struct{ *pulumi.OutputState }

func LookupVirtualMfaDeviceOutput added in v0.72.0 

func LookupVirtualMfaDeviceOutput(ctx *pulumi.Context, args LookupVirtualMfaDeviceOutputArgs, opts ...pulumi.InvokeOption) LookupVirtualMfaDeviceResultOutput

func (LookupVirtualMfaDeviceResultOutput) ElementType added in v0.72.0 

func (LookupVirtualMfaDeviceResultOutput) ElementType() reflect.Type

func (LookupVirtualMfaDeviceResultOutput) SerialNumber added in v0.72.0 

func (o LookupVirtualMfaDeviceResultOutput) SerialNumber() pulumi.StringPtrOutput

Returns the serial number for the specified `AWS::IAM::VirtualMFADevice` resource.

func (LookupVirtualMfaDeviceResultOutput) Tags added in v0.72.0 

func (o LookupVirtualMfaDeviceResultOutput) Tags() aws.TagArrayOutput

A list of tags that you want to attach to the new IAM virtual MFA device. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .

> If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.

func (LookupVirtualMfaDeviceResultOutput) ToLookupVirtualMfaDeviceResultOutput added in v0.72.0 

func (o LookupVirtualMfaDeviceResultOutput) ToLookupVirtualMfaDeviceResultOutput() LookupVirtualMfaDeviceResultOutput

func (LookupVirtualMfaDeviceResultOutput) ToLookupVirtualMfaDeviceResultOutputWithContext added in v0.72.0 

func (o LookupVirtualMfaDeviceResultOutput) ToLookupVirtualMfaDeviceResultOutputWithContext(ctx context.Context) LookupVirtualMfaDeviceResultOutput

func (LookupVirtualMfaDeviceResultOutput) Users added in v0.72.0 

func (o LookupVirtualMfaDeviceResultOutput) Users() pulumi.StringArrayOutput

The IAM user associated with this virtual MFA device.

type ManagedPolicy 

type ManagedPolicy struct {
	pulumi.CustomResourceState

	AttachmentCount  pulumi.IntOutput    `pulumi:"attachmentCount"`
	CreateDate       pulumi.StringOutput `pulumi:"createDate"`
	DefaultVersionId pulumi.StringOutput `pulumi:"defaultVersionId"`
	// A friendly description of the policy.
	//  Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables."
	//  The policy description is immutable. After a value is assigned, it cannot be changed.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The name (friendly name, not ARN) of the group to attach the policy to.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	Groups       pulumi.StringArrayOutput `pulumi:"groups"`
	IsAttachable pulumi.BoolOutput        `pulumi:"isAttachable"`
	// The friendly name of the policy.
	//   If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
	//   If you specify a name, you must specify the “CAPABILITY_NAMED_IAM“ value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities).
	//   Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using “Fn::Join“ and “AWS::Region“ to create a Region-specific name, as in the following example: “{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}“.
	ManagedPolicyName pulumi.StringPtrOutput `pulumi:"managedPolicyName"`
	// The path for the policy.
	//  For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*.
	//  This parameter is optional. If it is not included, it defaults to a slash (/).
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (“\u0021“) through the DEL character (“\u007F“), including most punctuation characters, digits, and upper and lowercased letters.
	//   You cannot use an asterisk (*) in the path name.
	Path                          pulumi.StringPtrOutput `pulumi:"path"`
	PermissionsBoundaryUsageCount pulumi.IntOutput       `pulumi:"permissionsBoundaryUsageCount"`
	PolicyArn                     pulumi.StringOutput    `pulumi:"policyArn"`
	// The JSON policy document that you want to use as the content for the new policy.
	//  You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.
	//  The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see [IAM and character quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length).
	//  To learn more about JSON policy grammar, see [Grammar of the IAM JSON policy language](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) in the *IAM User Guide*.
	//  The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
	//   +  Any printable ASCII character ranging from the space character (“\u0020“) through the end of the ASCII character range
	//   +  The printable characters in the Basic Latin and Latin-1 Supplement character set (through “\u00FF“)
	//   +  The special characters tab (“\u0009“), line feed (“\u000A“), and carriage return (“\u000D“)
	//
	// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::ManagedPolicy` for more information about the expected schema for this property.
	PolicyDocument pulumi.AnyOutput    `pulumi:"policyDocument"`
	PolicyId       pulumi.StringOutput `pulumi:"policyId"`
	// The name (friendly name, not ARN) of the role to attach the policy to.
	//  This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	//   If an external policy (such as “AWS::IAM::Policy“ or “AWS::IAM::ManagedPolicy“) has a “Ref“ to a role and if a resource (such as “AWS::ECS::Service“) also has a “Ref“ to the same role, add a “DependsOn“ attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an “AWS::ECS::Service“ resource, the “DependsOn“ attribute ensures that CFN deletes the “AWS::ECS::Service“ resource before deleting its role's policy.
	Roles      pulumi.StringArrayOutput `pulumi:"roles"`
	UpdateDate pulumi.StringOutput      `pulumi:"updateDate"`
	// The name (friendly name, not ARN) of the IAM user to attach the policy to.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	Users pulumi.StringArrayOutput `pulumi:"users"`
}

Creates a new managed policy for your AWS-account. 

This operation creates a policy version with a version identifier of ``v1`` and sets v1 as the policy's default version. For more information about policy versions, see [Versioning for managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html) in the *IAM User Guide*.
As a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html) in the *IAM User Guide*.
For more information about managed policies in general, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*.

func GetManagedPolicy 

func GetManagedPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ManagedPolicyState, opts ...pulumi.ResourceOption) (*ManagedPolicy, error)

GetManagedPolicy gets an existing ManagedPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewManagedPolicy 

func NewManagedPolicy(ctx *pulumi.Context,
	name string, args *ManagedPolicyArgs, opts ...pulumi.ResourceOption) (*ManagedPolicy, error)

NewManagedPolicy registers a new resource with the given unique name, arguments, and options.

func (*ManagedPolicy) ElementType 

func (*ManagedPolicy) ElementType() reflect.Type

func (*ManagedPolicy) ToManagedPolicyOutput 

func (i *ManagedPolicy) ToManagedPolicyOutput() ManagedPolicyOutput

func (*ManagedPolicy) ToManagedPolicyOutputWithContext 

func (i *ManagedPolicy) ToManagedPolicyOutputWithContext(ctx context.Context) ManagedPolicyOutput

type ManagedPolicyArgs 

type ManagedPolicyArgs struct {
	// A friendly description of the policy.
	//  Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables."
	//  The policy description is immutable. After a value is assigned, it cannot be changed.
	Description pulumi.StringPtrInput
	// The name (friendly name, not ARN) of the group to attach the policy to.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	Groups pulumi.StringArrayInput
	// The friendly name of the policy.
	//   If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
	//   If you specify a name, you must specify the “CAPABILITY_NAMED_IAM“ value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities).
	//   Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using “Fn::Join“ and “AWS::Region“ to create a Region-specific name, as in the following example: “{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}“.
	ManagedPolicyName pulumi.StringPtrInput
	// The path for the policy.
	//  For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*.
	//  This parameter is optional. If it is not included, it defaults to a slash (/).
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (“\u0021“) through the DEL character (“\u007F“), including most punctuation characters, digits, and upper and lowercased letters.
	//   You cannot use an asterisk (*) in the path name.
	Path pulumi.StringPtrInput
	// The JSON policy document that you want to use as the content for the new policy.
	//  You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.
	//  The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see [IAM and character quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length).
	//  To learn more about JSON policy grammar, see [Grammar of the IAM JSON policy language](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) in the *IAM User Guide*.
	//  The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
	//   +  Any printable ASCII character ranging from the space character (“\u0020“) through the end of the ASCII character range
	//   +  The printable characters in the Basic Latin and Latin-1 Supplement character set (through “\u00FF“)
	//   +  The special characters tab (“\u0009“), line feed (“\u000A“), and carriage return (“\u000D“)
	//
	// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::ManagedPolicy` for more information about the expected schema for this property.
	PolicyDocument pulumi.Input
	// The name (friendly name, not ARN) of the role to attach the policy to.
	//  This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	//   If an external policy (such as “AWS::IAM::Policy“ or “AWS::IAM::ManagedPolicy“) has a “Ref“ to a role and if a resource (such as “AWS::ECS::Service“) also has a “Ref“ to the same role, add a “DependsOn“ attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an “AWS::ECS::Service“ resource, the “DependsOn“ attribute ensures that CFN deletes the “AWS::ECS::Service“ resource before deleting its role's policy.
	Roles pulumi.StringArrayInput
	// The name (friendly name, not ARN) of the IAM user to attach the policy to.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	Users pulumi.StringArrayInput
}

The set of arguments for constructing a ManagedPolicy resource.

func (ManagedPolicyArgs) ElementType 

func (ManagedPolicyArgs) ElementType() reflect.Type

type ManagedPolicyInput 

type ManagedPolicyInput interface {
	pulumi.Input

	ToManagedPolicyOutput() ManagedPolicyOutput
	ToManagedPolicyOutputWithContext(ctx context.Context) ManagedPolicyOutput
}

type ManagedPolicyOutput 

type ManagedPolicyOutput struct{ *pulumi.OutputState }

func (ManagedPolicyOutput) AttachmentCount added in v0.70.0 

func (o ManagedPolicyOutput) AttachmentCount() pulumi.IntOutput

func (ManagedPolicyOutput) CreateDate added in v0.70.0 

func (o ManagedPolicyOutput) CreateDate() pulumi.StringOutput

func (ManagedPolicyOutput) DefaultVersionId added in v0.70.0 

func (o ManagedPolicyOutput) DefaultVersionId() pulumi.StringOutput

func (ManagedPolicyOutput) Description added in v0.17.0 

func (o ManagedPolicyOutput) Description() pulumi.StringPtrOutput

A friendly description of the policy. 

Typically used to store information about the permissions defined in the policy. For example, "Grants access to production DynamoDB tables."
The policy description is immutable. After a value is assigned, it cannot be changed.

func (ManagedPolicyOutput) ElementType 

func (ManagedPolicyOutput) ElementType() reflect.Type

func (ManagedPolicyOutput) Groups added in v0.17.0 

func (o ManagedPolicyOutput) Groups() pulumi.StringArrayOutput

The name (friendly name, not ARN) of the group to attach the policy to. 

This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

func (ManagedPolicyOutput) IsAttachable added in v0.70.0 

func (o ManagedPolicyOutput) IsAttachable() pulumi.BoolOutput

func (ManagedPolicyOutput) ManagedPolicyName added in v0.17.0 

func (o ManagedPolicyOutput) ManagedPolicyName() pulumi.StringPtrOutput

The friendly name of the policy. 

If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.
If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities).
Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}``.

func (ManagedPolicyOutput) Path added in v0.17.0 

func (o ManagedPolicyOutput) Path() pulumi.StringPtrOutput

The path for the policy. 

For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*.
This parameter is optional. If it is not included, it defaults to a slash (/).
This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters.
 You cannot use an asterisk (*) in the path name.

func (ManagedPolicyOutput) PermissionsBoundaryUsageCount added in v0.70.0 

func (o ManagedPolicyOutput) PermissionsBoundaryUsageCount() pulumi.IntOutput

func (ManagedPolicyOutput) PolicyArn added in v0.70.0 

func (o ManagedPolicyOutput) PolicyArn() pulumi.StringOutput

func (ManagedPolicyOutput) PolicyDocument added in v0.17.0 

func (o ManagedPolicyOutput) PolicyDocument() pulumi.AnyOutput

The JSON policy document that you want to use as the content for the new policy. 

You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.
The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see [IAM and character quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length).
To learn more about JSON policy grammar, see [Grammar of the IAM JSON policy language](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) in the *IAM User Guide*.
The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
 +  Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range
 +  The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``)
 +  The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``)

Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::ManagedPolicy` for more information about the expected schema for this property.

func (ManagedPolicyOutput) PolicyId added in v0.70.0 

func (o ManagedPolicyOutput) PolicyId() pulumi.StringOutput

func (ManagedPolicyOutput) Roles added in v0.17.0 

func (o ManagedPolicyOutput) Roles() pulumi.StringArrayOutput

The name (friendly name, not ARN) of the role to attach the policy to. 

This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
 If an external policy (such as ``AWS::IAM::Policy`` or ``AWS::IAM::ManagedPolicy``) has a ``Ref`` to a role and if a resource (such as ``AWS::ECS::Service``) also has a ``Ref`` to the same role, add a ``DependsOn`` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an ``AWS::ECS::Service`` resource, the ``DependsOn`` attribute ensures that CFN deletes the ``AWS::ECS::Service`` resource before deleting its role's policy.

func (ManagedPolicyOutput) ToManagedPolicyOutput 

func (o ManagedPolicyOutput) ToManagedPolicyOutput() ManagedPolicyOutput

func (ManagedPolicyOutput) ToManagedPolicyOutputWithContext 

func (o ManagedPolicyOutput) ToManagedPolicyOutputWithContext(ctx context.Context) ManagedPolicyOutput

func (ManagedPolicyOutput) UpdateDate added in v0.70.0 

func (o ManagedPolicyOutput) UpdateDate() pulumi.StringOutput

func (ManagedPolicyOutput) Users added in v0.17.0 

func (o ManagedPolicyOutput) Users() pulumi.StringArrayOutput

The name (friendly name, not ARN) of the IAM user to attach the policy to. 

This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

type ManagedPolicyState 

type ManagedPolicyState struct {
}

func (ManagedPolicyState) ElementType 

func (ManagedPolicyState) ElementType() reflect.Type

type OidcProvider added in v0.72.0 

type OidcProvider struct {
	pulumi.CustomResourceState

	// Amazon Resource Name (ARN) of the OIDC provider
	Arn pulumi.StringOutput `pulumi:"arn"`
	// A list of client IDs (also known as audiences) that are associated with the specified IAM OIDC provider resource object. For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .
	ClientIdList pulumi.StringArrayOutput `pulumi:"clientIdList"`
	// A list of tags that are attached to the specified IAM OIDC provider. The returned list of tags is sorted by tag key. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .
	Tags aws.TagArrayOutput `pulumi:"tags"`
	// A list of certificate thumbprints that are associated with the specified IAM OIDC provider resource object. For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .
	//
	// This property is optional. If it is not included, IAM will retrieve and use the top intermediate certificate authority (CA) thumbprint of the OpenID Connect identity provider server certificate.
	ThumbprintList pulumi.StringArrayOutput `pulumi:"thumbprintList"`
	// The URL that the IAM OIDC provider resource object is associated with. For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .
	Url pulumi.StringPtrOutput `pulumi:"url"`
}

Resource Type definition for AWS::IAM::OIDCProvider

func GetOidcProvider added in v0.72.0 

func GetOidcProvider(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *OidcProviderState, opts ...pulumi.ResourceOption) (*OidcProvider, error)

GetOidcProvider gets an existing OidcProvider resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewOidcProvider added in v0.72.0 

func NewOidcProvider(ctx *pulumi.Context,
	name string, args *OidcProviderArgs, opts ...pulumi.ResourceOption) (*OidcProvider, error)

NewOidcProvider registers a new resource with the given unique name, arguments, and options.

func (*OidcProvider) ElementType added in v0.72.0 

func (*OidcProvider) ElementType() reflect.Type

func (*OidcProvider) ToOidcProviderOutput added in v0.72.0 

func (i *OidcProvider) ToOidcProviderOutput() OidcProviderOutput

func (*OidcProvider) ToOidcProviderOutputWithContext added in v0.72.0 

func (i *OidcProvider) ToOidcProviderOutputWithContext(ctx context.Context) OidcProviderOutput

type OidcProviderArgs added in v0.72.0 

type OidcProviderArgs struct {
	// A list of client IDs (also known as audiences) that are associated with the specified IAM OIDC provider resource object. For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .
	ClientIdList pulumi.StringArrayInput
	// A list of tags that are attached to the specified IAM OIDC provider. The returned list of tags is sorted by tag key. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .
	Tags aws.TagArrayInput
	// A list of certificate thumbprints that are associated with the specified IAM OIDC provider resource object. For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .
	//
	// This property is optional. If it is not included, IAM will retrieve and use the top intermediate certificate authority (CA) thumbprint of the OpenID Connect identity provider server certificate.
	ThumbprintList pulumi.StringArrayInput
	// The URL that the IAM OIDC provider resource object is associated with. For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .
	Url pulumi.StringPtrInput
}

The set of arguments for constructing a OidcProvider resource.

func (OidcProviderArgs) ElementType added in v0.72.0 

func (OidcProviderArgs) ElementType() reflect.Type

type OidcProviderInput added in v0.72.0 

type OidcProviderInput interface {
	pulumi.Input

	ToOidcProviderOutput() OidcProviderOutput
	ToOidcProviderOutputWithContext(ctx context.Context) OidcProviderOutput
}

type OidcProviderOutput added in v0.72.0 

type OidcProviderOutput struct{ *pulumi.OutputState }

func (OidcProviderOutput) Arn added in v0.72.0 

func (o OidcProviderOutput) Arn() pulumi.StringOutput

Amazon Resource Name (ARN) of the OIDC provider

func (OidcProviderOutput) ClientIdList added in v0.72.0 

func (o OidcProviderOutput) ClientIdList() pulumi.StringArrayOutput

A list of client IDs (also known as audiences) that are associated with the specified IAM OIDC provider resource object. For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .

func (OidcProviderOutput) ElementType added in v0.72.0 

func (OidcProviderOutput) ElementType() reflect.Type

func (OidcProviderOutput) Tags added in v0.72.0 

func (o OidcProviderOutput) Tags() aws.TagArrayOutput

A list of tags that are attached to the specified IAM OIDC provider. The returned list of tags is sorted by tag key. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .

func (OidcProviderOutput) ThumbprintList added in v0.72.0 

func (o OidcProviderOutput) ThumbprintList() pulumi.StringArrayOutput

A list of certificate thumbprints that are associated with the specified IAM OIDC provider resource object. For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .

This property is optional. If it is not included, IAM will retrieve and use the top intermediate certificate authority (CA) thumbprint of the OpenID Connect identity provider server certificate.

func (OidcProviderOutput) ToOidcProviderOutput added in v0.72.0 

func (o OidcProviderOutput) ToOidcProviderOutput() OidcProviderOutput

func (OidcProviderOutput) ToOidcProviderOutputWithContext added in v0.72.0 

func (o OidcProviderOutput) ToOidcProviderOutputWithContext(ctx context.Context) OidcProviderOutput

func (OidcProviderOutput) Url added in v0.72.0 

func (o OidcProviderOutput) Url() pulumi.StringPtrOutput

The URL that the IAM OIDC provider resource object is associated with. For more information, see [CreateOpenIDConnectProvider](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateOpenIDConnectProvider.html) .

type OidcProviderState added in v0.72.0 

type OidcProviderState struct {
}

func (OidcProviderState) ElementType added in v0.72.0 

func (OidcProviderState) ElementType() reflect.Type

type OidcProviderTag added in v0.72.0 

type OidcProviderTag struct {
	// The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
	Key string `pulumi:"key"`
	// The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
	Value string `pulumi:"value"`
}

A key-value pair to associate with a resource.

type Role 

type Role struct {
	pulumi.CustomResourceState

	// Returns the Amazon Resource Name (ARN) for the role. For example:
	//
	// `{"Fn::GetAtt" : ["MyRole", "Arn"] }`
	//
	// This will return a value such as `arn:aws:iam::1234567890:role/MyRole-AJJHDSKSDF` .
	Arn pulumi.StringOutput `pulumi:"arn"`
	// The trust policy that is associated with this role. Trust policies define which entities can assume the role. You can associate only one trust policy with a role. For an example of a policy that can be used to assume a role, see [Template Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#aws-resource-iam-role--examples). For more information about the elements that you can use in an IAM policy, see [Policy Elements Reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the *User Guide*.
	//
	// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::Role` for more information about the expected schema for this property.
	AssumeRolePolicyDocument pulumi.AnyOutput `pulumi:"assumeRolePolicyDocument"`
	// A description of the role that you provide.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role.
	//  For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.
	ManagedPolicyArns pulumi.StringArrayOutput `pulumi:"managedPolicyArns"`
	// The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours.
	//  Anyone who assumes the role from the CLI or API can use the “DurationSeconds“ API parameter or the “duration-seconds“ CLI parameter to request a longer session. The “MaxSessionDuration“ setting determines the maximum duration that can be requested using the “DurationSeconds“ parameter. If users don't specify a value for the “DurationSeconds“ parameter, their security credentials are valid for one hour by default. This applies when you use the “AssumeRole*“ API operations or the “assume-role*“ CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide*.
	MaxSessionDuration pulumi.IntPtrOutput `pulumi:"maxSessionDuration"`
	// The path to the role. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*.
	//  This parameter is optional. If it is not included, it defaults to a slash (/).
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (“\u0021“) through the DEL character (“\u007F“), including most punctuation characters, digits, and upper and lowercased letters.
	Path pulumi.StringPtrOutput `pulumi:"path"`
	// The ARN of the policy used to set the permissions boundary for the role.
	//  For more information about permissions boundaries, see [Permissions boundaries for IAM identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*.
	PermissionsBoundary pulumi.StringPtrOutput `pulumi:"permissionsBoundary"`
	// Adds or updates an inline policy document that is embedded in the specified IAM role.
	//
	// When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) .
	//
	// A role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .
	//
	// For information about limits on the number of inline policies that you can embed with a role, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .
	//
	// > If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.
	Policies RolePolicyTypeArrayOutput `pulumi:"policies"`
	// Returns the stable and unique string identifying the role. For example, `AIDAJQABLZS4A3QDU576Q` .
	//
	// For more information about IDs, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) in the *IAM User Guide* .
	RoleId pulumi.StringOutput `pulumi:"roleId"`
	// A name for the IAM role, up to 64 characters in length. For valid values, see the `RoleName` parameter for the [`CreateRole`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *IAM User Guide* .
	//
	// This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both "Role1" and "role1".
	//
	// If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the role name.
	//
	// If you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .
	//
	// > Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}` .
	RoleName pulumi.StringPtrOutput `pulumi:"roleName"`
	// A list of tags that are attached to the role. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*.
	Tags aws.TagArrayOutput `pulumi:"tags"`
}

Creates a new role for your AWS-account. 

For more information about roles, see [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) in the *IAM User Guide*. For information about quotas for role names and the number of roles you can create, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.

## Example Usage ### Example

```go package main

import ( 

"github.com/pulumi/pulumi-aws-native/sdk/go/aws/gamelift"
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		iamRole, err := iam.NewRole(ctx, "iamRole", &iam.RoleArgs{
			AssumeRolePolicyDocument: pulumi.Any(map[string]interface{}{
				"version": "2012-10-17",
				"statement": []map[string]interface{}{
					map[string]interface{}{
						"effect": "Allow",
						"principal": map[string]interface{}{
							"service": []string{
								"cloudformation.amazonaws.com",
								"gamelift.amazonaws.com",
							},
						},
						"action": "sts:AssumeRole",
					},
				},
			}),
			RoleName: pulumi.String("ScriptIAMRole"),
			Policies: iam.RolePolicyTypeArray{
				&iam.RolePolicyTypeArgs{
					PolicyName: pulumi.String("ScriptResourceIAMPolicy"),
					PolicyDocument: pulumi.Any(map[string]interface{}{
						"version": "2012-10-17",
						"statement": []map[string]interface{}{
							map[string]interface{}{
								"effect": "Allow",
								"action": []string{
									"s3:GetObject",
									"s3:GetObjectVersion",
									"s3:GetObjectMetadata",
									"s3:*Object*",
								},
								"resource": []string{
									"*",
								},
							},
						},
					}),
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = gamelift.NewScript(ctx, "scriptResource", &gamelift.ScriptArgs{
			Name:    pulumi.String("MyRealtimeScript"),
			Version: pulumi.String("v1.0"),
			StorageLocation: &gamelift.ScriptS3LocationArgs{
				Bucket:  pulumi.String("MyBucketName"),
				Key:     pulumi.String("MyScriptFiles.zip"),
				RoleArn: iamRole.Arn,
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Example

```go package main

import ( 

"github.com/pulumi/pulumi-aws-native/sdk/go/aws/gamelift"
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		iamRole, err := iam.NewRole(ctx, "iamRole", &iam.RoleArgs{
			AssumeRolePolicyDocument: pulumi.Any(map[string]interface{}{
				"version": "2012-10-17",
				"statement": []map[string]interface{}{
					map[string]interface{}{
						"effect": "Allow",
						"principal": map[string]interface{}{
							"service": []string{
								"cloudformation.amazonaws.com",
								"gamelift.amazonaws.com",
							},
						},
						"action": "sts:AssumeRole",
					},
				},
			}),
			RoleName: pulumi.String("ScriptIAMRole"),
			Policies: iam.RolePolicyTypeArray{
				&iam.RolePolicyTypeArgs{
					PolicyName: pulumi.String("ScriptResourceIAMPolicy"),
					PolicyDocument: pulumi.Any(map[string]interface{}{
						"version": "2012-10-17",
						"statement": []map[string]interface{}{
							map[string]interface{}{
								"effect": "Allow",
								"action": []string{
									"s3:GetObject",
									"s3:GetObjectVersion",
									"s3:GetObjectMetadata",
									"s3:*Object*",
								},
								"resource": []string{
									"*",
								},
							},
						},
					}),
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = gamelift.NewScript(ctx, "scriptResource", &gamelift.ScriptArgs{
			Name:    pulumi.String("MyRealtimeScript"),
			Version: pulumi.String("v1.0"),
			StorageLocation: &gamelift.ScriptS3LocationArgs{
				Bucket:  pulumi.String("MyBucketName"),
				Key:     pulumi.String("MyScriptFiles.zip"),
				RoleArn: iamRole.Arn,
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Example

```go package main

import ( 

"github.com/pulumi/pulumi-aws-native/sdk/go/aws/glue"
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myJobRole, err := iam.NewRole(ctx, "myJobRole", &iam.RoleArgs{
			AssumeRolePolicyDocument: pulumi.Any(map[string]interface{}{
				"version": "2012-10-17",
				"statement": []map[string]interface{}{
					map[string]interface{}{
						"effect": "Allow",
						"principal": map[string]interface{}{
							"service": []string{
								"glue.amazonaws.com",
							},
						},
						"action": []string{
							"sts:AssumeRole",
						},
					},
				},
			}),
			Path: pulumi.String("/"),
			Policies: iam.RolePolicyTypeArray{
				&iam.RolePolicyTypeArgs{
					PolicyName: pulumi.String("root"),
					PolicyDocument: pulumi.Any(map[string]interface{}{
						"version": "2012-10-17",
						"statement": []map[string]interface{}{
							map[string]interface{}{
								"effect":   "Allow",
								"action":   "*",
								"resource": "*",
							},
						},
					}),
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = glue.NewJob(ctx, "myJob", &glue.JobArgs{
			Command: &glue.JobCommandArgs{
				Name:           pulumi.String("glueetl"),
				ScriptLocation: pulumi.String("s3://<your-S3-script-uri>"),
			},
			DefaultArguments: pulumi.Any(map[string]interface{}{
				"--job-bookmark-option": "job-bookmark-enable",
			}),
			ExecutionProperty: &glue.JobExecutionPropertyArgs{
				MaxConcurrentRuns: pulumi.Float64(2),
			},
			MaxRetries: pulumi.Float64(0),
			Name:       pulumi.String("cf-job1"),
			Role:       myJobRole.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Example

```go package main

import ( 

"github.com/pulumi/pulumi-aws-native/sdk/go/aws/glue"
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myJobRole, err := iam.NewRole(ctx, "myJobRole", &iam.RoleArgs{
			AssumeRolePolicyDocument: pulumi.Any(map[string]interface{}{
				"version": "2012-10-17",
				"statement": []map[string]interface{}{
					map[string]interface{}{
						"effect": "Allow",
						"principal": map[string]interface{}{
							"service": []string{
								"glue.amazonaws.com",
							},
						},
						"action": []string{
							"sts:AssumeRole",
						},
					},
				},
			}),
			Path: pulumi.String("/"),
			Policies: iam.RolePolicyTypeArray{
				&iam.RolePolicyTypeArgs{
					PolicyName: pulumi.String("root"),
					PolicyDocument: pulumi.Any(map[string]interface{}{
						"version": "2012-10-17",
						"statement": []map[string]interface{}{
							map[string]interface{}{
								"effect":   "Allow",
								"action":   "*",
								"resource": "*",
							},
						},
					}),
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = glue.NewJob(ctx, "myJob", &glue.JobArgs{
			Command: &glue.JobCommandArgs{
				Name:           pulumi.String("glueetl"),
				ScriptLocation: pulumi.String("s3://<your-S3-script-uri>"),
			},
			DefaultArguments: pulumi.Any(map[string]interface{}{
				"--job-bookmark-option": "job-bookmark-enable",
			}),
			ExecutionProperty: &glue.JobExecutionPropertyArgs{
				MaxConcurrentRuns: pulumi.Float64(2),
			},
			MaxRetries: pulumi.Float64(0),
			Name:       pulumi.String("cf-job1"),
			Role:       myJobRole.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Example

```go package main

import ( 

"github.com/pulumi/pulumi-aws-native/sdk/go/aws/glue"
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myJobTriggerRole, err := iam.NewRole(ctx, "myJobTriggerRole", &iam.RoleArgs{
			AssumeRolePolicyDocument: pulumi.Any(map[string]interface{}{
				"version": "2012-10-17",
				"statement": []map[string]interface{}{
					map[string]interface{}{
						"effect": "Allow",
						"principal": map[string]interface{}{
							"service": []string{
								"glue.amazonaws.com",
							},
						},
						"action": []string{
							"sts:AssumeRole",
						},
					},
				},
			}),
			Path: pulumi.String("/"),
			Policies: iam.RolePolicyTypeArray{
				&iam.RolePolicyTypeArgs{
					PolicyName: pulumi.String("root"),
					PolicyDocument: pulumi.Any(map[string]interface{}{
						"version": "2012-10-17",
						"statement": []map[string]interface{}{
							map[string]interface{}{
								"effect":   "Allow",
								"action":   "*",
								"resource": "*",
							},
						},
					}),
				},
			},
		})
		if err != nil {
			return err
		}
		myJob, err := glue.NewJob(ctx, "myJob", &glue.JobArgs{
			Name:   pulumi.String("MyJobTriggerJob"),
			LogUri: pulumi.String("wikiData"),
			Role:   myJobTriggerRole.ID(),
			Command: &glue.JobCommandArgs{
				Name:           pulumi.String("glueetl"),
				ScriptLocation: pulumi.String("s3://testdata-bucket/s3-target/create-delete-job-xtf-ETL-s3-json-to-csv.py"),
			},
			DefaultArguments: pulumi.Any(map[string]interface{}{
				"--job-bookmark-option": "job-bookmark-enable",
			}),
			MaxRetries: pulumi.Float64(0),
		})
		if err != nil {
			return err
		}
		_, err = glue.NewTrigger(ctx, "myJobTrigger", &glue.TriggerArgs{
			Name:        pulumi.String("MyJobTrigger"),
			Type:        pulumi.String("CONDITIONAL"),
			Description: pulumi.String("Description for a conditional job trigger"),
			Actions: glue.TriggerActionArray{
				&glue.TriggerActionArgs{
					JobName: myJob.ID(),
					Arguments: pulumi.Any(map[string]interface{}{
						"--job-bookmark-option": "job-bookmark-enable",
					}),
				},
			},
			Predicate: &glue.TriggerPredicateArgs{
				Conditions: glue.TriggerConditionArray{
					&glue.TriggerConditionArgs{
						LogicalOperator: pulumi.String("EQUALS"),
						JobName:         myJob.ID(),
						State:           pulumi.String("SUCCEEDED"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Example

```go package main

import ( 

"github.com/pulumi/pulumi-aws-native/sdk/go/aws/glue"
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myJobTriggerRole, err := iam.NewRole(ctx, "myJobTriggerRole", &iam.RoleArgs{
			AssumeRolePolicyDocument: pulumi.Any(map[string]interface{}{
				"version": "2012-10-17",
				"statement": []map[string]interface{}{
					map[string]interface{}{
						"effect": "Allow",
						"principal": map[string]interface{}{
							"service": []string{
								"glue.amazonaws.com",
							},
						},
						"action": []string{
							"sts:AssumeRole",
						},
					},
				},
			}),
			Path: pulumi.String("/"),
			Policies: iam.RolePolicyTypeArray{
				&iam.RolePolicyTypeArgs{
					PolicyName: pulumi.String("root"),
					PolicyDocument: pulumi.Any(map[string]interface{}{
						"version": "2012-10-17",
						"statement": []map[string]interface{}{
							map[string]interface{}{
								"effect":   "Allow",
								"action":   "*",
								"resource": "*",
							},
						},
					}),
				},
			},
		})
		if err != nil {
			return err
		}
		myJob, err := glue.NewJob(ctx, "myJob", &glue.JobArgs{
			Name:   pulumi.String("MyJobTriggerJob"),
			LogUri: pulumi.String("wikiData"),
			Role:   myJobTriggerRole.ID(),
			Command: &glue.JobCommandArgs{
				Name:           pulumi.String("glueetl"),
				ScriptLocation: pulumi.String("s3://testdata-bucket/s3-target/create-delete-job-xtf-ETL-s3-json-to-csv.py"),
			},
			DefaultArguments: pulumi.Any(map[string]interface{}{
				"--job-bookmark-option": "job-bookmark-enable",
			}),
			MaxRetries: pulumi.Float64(0),
		})
		if err != nil {
			return err
		}
		_, err = glue.NewTrigger(ctx, "myJobTrigger", &glue.TriggerArgs{
			Name:        pulumi.String("MyJobTrigger"),
			Type:        pulumi.String("CONDITIONAL"),
			Description: pulumi.String("Description for a conditional job trigger"),
			Actions: glue.TriggerActionArray{
				&glue.TriggerActionArgs{
					JobName: myJob.ID(),
					Arguments: pulumi.Any(map[string]interface{}{
						"--job-bookmark-option": "job-bookmark-enable",
					}),
				},
			},
			Predicate: &glue.TriggerPredicateArgs{
				Conditions: glue.TriggerConditionArray{
					&glue.TriggerConditionArgs{
						LogicalOperator: pulumi.String("EQUALS"),
						JobName:         myJob.ID(),
						State:           pulumi.String("SUCCEEDED"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Example

```go package main

import ( 

"github.com/pulumi/pulumi-aws-native/sdk/go/aws/grafana"
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		amazonGrafanaWorkspaceIAMRole, err := iam.NewRole(ctx, "amazonGrafanaWorkspaceIAMRole", &iam.RoleArgs{
			ManagedPolicyArns: pulumi.StringArray{
				pulumi.String("arn:aws:iam::aws:policy/service-role/AmazonGrafanaAthenaAccess"),
			},
			AssumeRolePolicyDocument: pulumi.Any(map[string]interface{}{
				"version": "2012-10-17",
				"statement": []map[string]interface{}{
					map[string]interface{}{
						"effect": "Allow",
						"principal": map[string]interface{}{
							"service": []string{
								"grafana.amazonaws.com",
							},
						},
						"action": []string{
							"sts:AssumeRole",
						},
					},
				},
			}),
		})
		if err != nil {
			return err
		}
		amazonGrafanaWorkspace, err := grafana.NewWorkspace(ctx, "amazonGrafanaWorkspace", &grafana.WorkspaceArgs{
			AccountAccessType: grafana.WorkspaceAccountAccessTypeCurrentAccount,
			Name:              pulumi.String("AmazonGrafanaWorkspace"),
			Description:       pulumi.String("Amazon Grafana Workspace"),
			AuthenticationProviders: grafana.WorkspaceAuthenticationProviderTypesArray{
				grafana.WorkspaceAuthenticationProviderTypesSaml,
			},
			PermissionType: grafana.WorkspacePermissionTypeCustomerManaged,
			GrafanaVersion: pulumi.String("9.4"),
			RoleArn:        amazonGrafanaWorkspaceIAMRole.Arn,
			SamlConfiguration: &grafana.WorkspaceSamlConfigurationArgs{
				IdpMetadata: &grafana.WorkspaceIdpMetadataArgs{
					Xml: pulumi.String("<md:EntityDescriptor xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata' entityID='entityId'>DATA</md:EntityDescriptor>"),
				},
				AssertionAttributes: &grafana.WorkspaceAssertionAttributesArgs{
					Name:   pulumi.String("displayName"),
					Login:  pulumi.String("login"),
					Email:  pulumi.String("email"),
					Groups: pulumi.String("group"),
					Role:   pulumi.String("role"),
					Org:    pulumi.String("org"),
				},
				RoleValues: &grafana.WorkspaceRoleValuesArgs{
					Editor: pulumi.StringArray{
						pulumi.String("editor1"),
					},
					Admin: pulumi.StringArray{
						pulumi.String("admin1"),
					},
				},
				AllowedOrganizations: pulumi.StringArray{
					pulumi.String("org1"),
				},
				LoginValidityDuration: pulumi.Float64(60),
			},
		})
		if err != nil {
			return err
		}
		ctx.Export("workspaceEndpoint", amazonGrafanaWorkspace.Endpoint)
		ctx.Export("workspaceStatus", amazonGrafanaWorkspace.Status.ApplyT(func(x *string) grafana.WorkspaceStatus { return grafana.WorkspaceStatus(*x) }).(grafana.WorkspaceStatusOutput))
		ctx.Export("workspaceId", amazonGrafanaWorkspace.ID())
		ctx.Export("grafanaVersion", amazonGrafanaWorkspace.GrafanaVersion)
		return nil
	})
}

``` ### Example

```go package main

import ( 

"github.com/pulumi/pulumi-aws-native/sdk/go/aws/grafana"
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		amazonGrafanaWorkspaceIAMRole, err := iam.NewRole(ctx, "amazonGrafanaWorkspaceIAMRole", &iam.RoleArgs{
			ManagedPolicyArns: pulumi.StringArray{
				pulumi.String("arn:aws:iam::aws:policy/service-role/AmazonGrafanaAthenaAccess"),
			},
			AssumeRolePolicyDocument: pulumi.Any(map[string]interface{}{
				"version": "2012-10-17",
				"statement": []map[string]interface{}{
					map[string]interface{}{
						"effect": "Allow",
						"principal": map[string]interface{}{
							"service": []string{
								"grafana.amazonaws.com",
							},
						},
						"action": []string{
							"sts:AssumeRole",
						},
					},
				},
			}),
		})
		if err != nil {
			return err
		}
		amazonGrafanaWorkspace, err := grafana.NewWorkspace(ctx, "amazonGrafanaWorkspace", &grafana.WorkspaceArgs{
			AccountAccessType: grafana.WorkspaceAccountAccessTypeCurrentAccount,
			Name:              pulumi.String("AmazonGrafanaWorkspace"),
			Description:       pulumi.String("Amazon Grafana Workspace"),
			AuthenticationProviders: grafana.WorkspaceAuthenticationProviderTypesArray{
				grafana.WorkspaceAuthenticationProviderTypesSaml,
			},
			PermissionType: grafana.WorkspacePermissionTypeCustomerManaged,
			GrafanaVersion: pulumi.String("9.4"),
			RoleArn:        amazonGrafanaWorkspaceIAMRole.Arn,
			SamlConfiguration: &grafana.WorkspaceSamlConfigurationArgs{
				IdpMetadata: &grafana.WorkspaceIdpMetadataArgs{
					Xml: pulumi.String("<md:EntityDescriptor xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata' entityID='entityId'>DATA</md:EntityDescriptor>"),
				},
				AssertionAttributes: &grafana.WorkspaceAssertionAttributesArgs{
					Name:   pulumi.String("displayName"),
					Login:  pulumi.String("login"),
					Email:  pulumi.String("email"),
					Groups: pulumi.String("group"),
					Role:   pulumi.String("role"),
					Org:    pulumi.String("org"),
				},
				RoleValues: &grafana.WorkspaceRoleValuesArgs{
					Editor: pulumi.StringArray{
						pulumi.String("editor1"),
					},
					Admin: pulumi.StringArray{
						pulumi.String("admin1"),
					},
				},
				AllowedOrganizations: pulumi.StringArray{
					pulumi.String("org1"),
				},
				LoginValidityDuration: pulumi.Float64(60),
			},
		})
		if err != nil {
			return err
		}
		ctx.Export("workspaceEndpoint", amazonGrafanaWorkspace.Endpoint)
		ctx.Export("workspaceStatus", amazonGrafanaWorkspace.Status.ApplyT(func(x *string) grafana.WorkspaceStatus { return grafana.WorkspaceStatus(*x) }).(grafana.WorkspaceStatusOutput))
		ctx.Export("workspaceId", amazonGrafanaWorkspace.ID())
		ctx.Export("grafanaVersion", amazonGrafanaWorkspace.GrafanaVersion)
		return nil
	})
}

``` ### Example

```go package main

import ( 

"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		rootRole, err := iam.NewRole(ctx, "rootRole", &iam.RoleArgs{
			AssumeRolePolicyDocument: pulumi.Any(map[string]interface{}{
				"version": "2012-10-17",
				"statement": []map[string]interface{}{
					map[string]interface{}{
						"effect": "Allow",
						"principal": map[string]interface{}{
							"service": []string{
								"ec2.amazonaws.com",
							},
						},
						"action": []string{
							"sts:AssumeRole",
						},
					},
				},
			}),
			Path: pulumi.String("/"),
			Policies: iam.RolePolicyTypeArray{
				&iam.RolePolicyTypeArgs{
					PolicyName: pulumi.String("root"),
					PolicyDocument: pulumi.Any(map[string]interface{}{
						"version": "2012-10-17",
						"statement": []map[string]interface{}{
							map[string]interface{}{
								"effect":   "Allow",
								"action":   "*",
								"resource": "*",
							},
						},
					}),
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = iam.NewInstanceProfile(ctx, "rootInstanceProfile", &iam.InstanceProfileArgs{
			Path: pulumi.String("/"),
			Roles: pulumi.StringArray{
				rootRole.ID(),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Example

```go package main

import ( 

"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		rootRole, err := iam.NewRole(ctx, "rootRole", &iam.RoleArgs{
			AssumeRolePolicyDocument: pulumi.Any(map[string]interface{}{
				"version": "2012-10-17",
				"statement": []map[string]interface{}{
					map[string]interface{}{
						"effect": "Allow",
						"principal": map[string]interface{}{
							"service": []string{
								"ec2.amazonaws.com",
							},
						},
						"action": []string{
							"sts:AssumeRole",
						},
					},
				},
			}),
			Path: pulumi.String("/"),
			Policies: iam.RolePolicyTypeArray{
				&iam.RolePolicyTypeArgs{
					PolicyName: pulumi.String("root"),
					PolicyDocument: pulumi.Any(map[string]interface{}{
						"version": "2012-10-17",
						"statement": []map[string]interface{}{
							map[string]interface{}{
								"effect":   "Allow",
								"action":   "*",
								"resource": "*",
							},
						},
					}),
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = iam.NewInstanceProfile(ctx, "rootInstanceProfile", &iam.InstanceProfileArgs{
			Path: pulumi.String("/"),
			Roles: pulumi.StringArray{
				rootRole.ID(),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Example

```go package main

import ( 

"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
"github.com/pulumi/pulumi-aws-native/sdk/go/aws/ssm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.NewRole(ctx, "automationExecutionRole", &iam.RoleArgs{
			AssumeRolePolicyDocument: pulumi.Any(map[string]interface{}{
				"version": "2012-10-17",
				"statement": []map[string]interface{}{
					map[string]interface{}{
						"effect": "Allow",
						"principal": map[string]interface{}{
							"service": "ssm.amazonaws.com",
						},
						"action": []string{
							"sts:AssumeRole",
						},
					},
				},
			}),
			Path: pulumi.String("/"),
			ManagedPolicyArns: pulumi.StringArray{
				pulumi.String("arn:${AWS::Partition}:iam::aws:policy/AmazonEC2FullAccess"),
			},
		})
		if err != nil {
			return err
		}
		_, err = ssm.NewAssociation(ctx, "automationAssociation", &ssm.AssociationArgs{
			Name: pulumi.String("AWS-StopEC2Instance"),
			Parameters: pulumi.StringArrayMap{
				"automationAssumeRole": pulumi.StringArray{
					pulumi.String("AutomationExecutionRole.Arn"),
				},
			},
			Targets: ssm.AssociationTargetArray{
				&ssm.AssociationTargetArgs{
					Key: pulumi.String("ParameterValues"),
					Values: pulumi.StringArray{
						pulumi.String("i-1234567890abcdef0"),
					},
				},
			},
			AutomationTargetParameterName: pulumi.String("InstanceId"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetRole 

func GetRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *RoleState, opts ...pulumi.ResourceOption) (*Role, error)

GetRole gets an existing Role resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewRole 

func NewRole(ctx *pulumi.Context,
	name string, args *RoleArgs, opts ...pulumi.ResourceOption) (*Role, error)

NewRole registers a new resource with the given unique name, arguments, and options.

func (*Role) ElementType 

func (*Role) ElementType() reflect.Type

func (*Role) ToRoleOutput 

func (i *Role) ToRoleOutput() RoleOutput

func (*Role) ToRoleOutputWithContext 

func (i *Role) ToRoleOutputWithContext(ctx context.Context) RoleOutput

type RoleArgs 

type RoleArgs struct {
	// The trust policy that is associated with this role. Trust policies define which entities can assume the role. You can associate only one trust policy with a role. For an example of a policy that can be used to assume a role, see [Template Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#aws-resource-iam-role--examples). For more information about the elements that you can use in an IAM policy, see [Policy Elements Reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the *User Guide*.
	//
	// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::Role` for more information about the expected schema for this property.
	AssumeRolePolicyDocument pulumi.Input
	// A description of the role that you provide.
	Description pulumi.StringPtrInput
	// A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role.
	//  For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.
	ManagedPolicyArns pulumi.StringArrayInput
	// The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours.
	//  Anyone who assumes the role from the CLI or API can use the “DurationSeconds“ API parameter or the “duration-seconds“ CLI parameter to request a longer session. The “MaxSessionDuration“ setting determines the maximum duration that can be requested using the “DurationSeconds“ parameter. If users don't specify a value for the “DurationSeconds“ parameter, their security credentials are valid for one hour by default. This applies when you use the “AssumeRole*“ API operations or the “assume-role*“ CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide*.
	MaxSessionDuration pulumi.IntPtrInput
	// The path to the role. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*.
	//  This parameter is optional. If it is not included, it defaults to a slash (/).
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (“\u0021“) through the DEL character (“\u007F“), including most punctuation characters, digits, and upper and lowercased letters.
	Path pulumi.StringPtrInput
	// The ARN of the policy used to set the permissions boundary for the role.
	//  For more information about permissions boundaries, see [Permissions boundaries for IAM identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*.
	PermissionsBoundary pulumi.StringPtrInput
	// Adds or updates an inline policy document that is embedded in the specified IAM role.
	//
	// When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) .
	//
	// A role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .
	//
	// For information about limits on the number of inline policies that you can embed with a role, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .
	//
	// > If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.
	Policies RolePolicyTypeArrayInput
	// A name for the IAM role, up to 64 characters in length. For valid values, see the `RoleName` parameter for the [`CreateRole`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *IAM User Guide* .
	//
	// This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both "Role1" and "role1".
	//
	// If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the role name.
	//
	// If you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .
	//
	// > Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}` .
	RoleName pulumi.StringPtrInput
	// A list of tags that are attached to the role. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*.
	Tags aws.TagArrayInput
}

The set of arguments for constructing a Role resource.

func (RoleArgs) ElementType 

func (RoleArgs) ElementType() reflect.Type

type RoleInput 

type RoleInput interface {
	pulumi.Input

	ToRoleOutput() RoleOutput
	ToRoleOutputWithContext(ctx context.Context) RoleOutput
}

type RoleOutput 

type RoleOutput struct{ *pulumi.OutputState }

func (RoleOutput) Arn added in v0.17.0 

func (o RoleOutput) Arn() pulumi.StringOutput

Returns the Amazon Resource Name (ARN) for the role. For example:

`{"Fn::GetAtt" : ["MyRole", "Arn"] }`

This will return a value such as `arn:aws:iam::1234567890:role/MyRole-AJJHDSKSDF` .

func (RoleOutput) AssumeRolePolicyDocument added in v0.17.0 

func (o RoleOutput) AssumeRolePolicyDocument() pulumi.AnyOutput

The trust policy that is associated with this role. Trust policies define which entities can assume the role. You can associate only one trust policy with a role. For an example of a policy that can be used to assume a role, see [Template Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#aws-resource-iam-role--examples). For more information about the elements that you can use in an IAM policy, see [Policy Elements Reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the *User Guide*.

Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::Role` for more information about the expected schema for this property.

func (RoleOutput) Description added in v0.17.0 

func (o RoleOutput) Description() pulumi.StringPtrOutput

A description of the role that you provide.

func (RoleOutput) ElementType 

func (RoleOutput) ElementType() reflect.Type

func (RoleOutput) ManagedPolicyArns added in v0.17.0 

func (o RoleOutput) ManagedPolicyArns() pulumi.StringArrayOutput

A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role. 

For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.

func (RoleOutput) MaxSessionDuration added in v0.17.0 

func (o RoleOutput) MaxSessionDuration() pulumi.IntPtrOutput

The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours. 

Anyone who assumes the role from the CLI or API can use the ``DurationSeconds`` API parameter or the ``duration-seconds`` CLI parameter to request a longer session. The ``MaxSessionDuration`` setting determines the maximum duration that can be requested using the ``DurationSeconds`` parameter. If users don't specify a value for the ``DurationSeconds`` parameter, their security credentials are valid for one hour by default. This applies when you use the ``AssumeRole*`` API operations or the ``assume-role*`` CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide*.

func (RoleOutput) Path added in v0.17.0 

func (o RoleOutput) Path() pulumi.StringPtrOutput

The path to the role. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. 

This parameter is optional. If it is not included, it defaults to a slash (/).
This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters.

func (RoleOutput) PermissionsBoundary added in v0.17.0 

func (o RoleOutput) PermissionsBoundary() pulumi.StringPtrOutput

The ARN of the policy used to set the permissions boundary for the role. 

For more information about permissions boundaries, see [Permissions boundaries for IAM identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*.

func (RoleOutput) Policies added in v0.17.0 

func (o RoleOutput) Policies() RolePolicyTypeArrayOutput

Adds or updates an inline policy document that is embedded in the specified IAM role.

When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) .

A role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide* .

For information about limits on the number of inline policies that you can embed with a role, see [Limitations on IAM Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *IAM User Guide* .

> If an external policy (such as `AWS::IAM::Policy` or `AWS::IAM::ManagedPolicy` ) has a `Ref` to a role and if a resource (such as `AWS::ECS::Service` ) also has a `Ref` to the same role, add a `DependsOn` attribute to the resource to make the resource depend on the external policy. This dependency ensures that the role's policy is available throughout the resource's lifecycle. For example, when you delete a stack with an `AWS::ECS::Service` resource, the `DependsOn` attribute ensures that AWS CloudFormation deletes the `AWS::ECS::Service` resource before deleting its role's policy.

func (RoleOutput) RoleId added in v0.17.0 

func (o RoleOutput) RoleId() pulumi.StringOutput

Returns the stable and unique string identifying the role. For example, `AIDAJQABLZS4A3QDU576Q` .

For more information about IDs, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) in the *IAM User Guide* .

func (RoleOutput) RoleName added in v0.17.0 

func (o RoleOutput) RoleName() pulumi.StringPtrOutput

A name for the IAM role, up to 64 characters in length. For valid values, see the `RoleName` parameter for the [`CreateRole`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *IAM User Guide* .

This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both "Role1" and "role1".

If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the role name.

If you specify a name, you must specify the `CAPABILITY_NAMED_IAM` value to acknowledge your template's capabilities. For more information, see [Acknowledging IAM Resources in AWS CloudFormation Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities) .

> Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using `Fn::Join` and `AWS::Region` to create a Region-specific name, as in the following example: `{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}` .

func (RoleOutput) Tags added in v0.17.0 

func (o RoleOutput) Tags() aws.TagArrayOutput

A list of tags that are attached to the role. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*.

func (RoleOutput) ToRoleOutput 

func (o RoleOutput) ToRoleOutput() RoleOutput

func (RoleOutput) ToRoleOutputWithContext 

func (o RoleOutput) ToRoleOutputWithContext(ctx context.Context) RoleOutput

type RolePolicy 

type RolePolicy struct {
	pulumi.CustomResourceState

	// The policy document.
	//  You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.
	//  The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
	//   +  Any printable ASCII character ranging from the space character (“\u0020“) through the end of the ASCII character range
	//   +  The printable characters in the Basic Latin and Latin-1 Supplement character set (through “\u00FF“)
	//   +  The special characters tab (“\u0009“), line feed (“\u000A“), and carriage return (“\u000D“)
	//
	// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::RolePolicy` for more information about the expected schema for this property.
	PolicyDocument pulumi.AnyOutput `pulumi:"policyDocument"`
	// The name of the policy document.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	PolicyName pulumi.StringOutput `pulumi:"policyName"`
	// The name of the role to associate the policy with.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	RoleName pulumi.StringOutput `pulumi:"roleName"`
}

Adds or updates an inline policy document that is embedded in the specified IAM role. 

When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role, using [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html). You can update a role's trust policy using [UpdateAssumeRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAssumeRolePolicy.html). For information about roles, see [roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html) in the *IAM User Guide*.
A role can also have a managed policy attached to it. To attach a managed policy to a role, use [AWS::IAM::Role](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*.
For information about the maximum number of inline policies that you can embed with a role, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.

func GetRolePolicy added in v0.69.0 

func GetRolePolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *RolePolicyState, opts ...pulumi.ResourceOption) (*RolePolicy, error)

GetRolePolicy gets an existing RolePolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewRolePolicy added in v0.69.0 

func NewRolePolicy(ctx *pulumi.Context,
	name string, args *RolePolicyArgs, opts ...pulumi.ResourceOption) (*RolePolicy, error)

NewRolePolicy registers a new resource with the given unique name, arguments, and options.

func (*RolePolicy) ElementType added in v0.69.0 

func (*RolePolicy) ElementType() reflect.Type

func (*RolePolicy) ToRolePolicyOutput added in v0.69.0 

func (i *RolePolicy) ToRolePolicyOutput() RolePolicyOutput

func (*RolePolicy) ToRolePolicyOutputWithContext added in v0.69.0 

func (i *RolePolicy) ToRolePolicyOutputWithContext(ctx context.Context) RolePolicyOutput

type RolePolicyArgs 

type RolePolicyArgs struct {
	// The policy document.
	//  You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.
	//  The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
	//   +  Any printable ASCII character ranging from the space character (“\u0020“) through the end of the ASCII character range
	//   +  The printable characters in the Basic Latin and Latin-1 Supplement character set (through “\u00FF“)
	//   +  The special characters tab (“\u0009“), line feed (“\u000A“), and carriage return (“\u000D“)
	//
	// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::RolePolicy` for more information about the expected schema for this property.
	PolicyDocument pulumi.Input
	// The name of the policy document.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	PolicyName pulumi.StringPtrInput
	// The name of the role to associate the policy with.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	RoleName pulumi.StringInput
}

The set of arguments for constructing a RolePolicy resource.

func (RolePolicyArgs) ElementType 

func (RolePolicyArgs) ElementType() reflect.Type

type RolePolicyInput 

type RolePolicyInput interface {
	pulumi.Input

	ToRolePolicyOutput() RolePolicyOutput
	ToRolePolicyOutputWithContext(ctx context.Context) RolePolicyOutput
}

type RolePolicyOutput 

type RolePolicyOutput struct{ *pulumi.OutputState }

func (RolePolicyOutput) ElementType 

func (RolePolicyOutput) ElementType() reflect.Type

func (RolePolicyOutput) PolicyDocument 

func (o RolePolicyOutput) PolicyDocument() pulumi.AnyOutput

The policy document. 

You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.
The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
 +  Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range
 +  The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``)
 +  The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``)

Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::RolePolicy` for more information about the expected schema for this property.

func (RolePolicyOutput) PolicyName 

func (o RolePolicyOutput) PolicyName() pulumi.StringOutput

The name of the policy document. 

This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

func (RolePolicyOutput) RoleName added in v0.69.0 

func (o RolePolicyOutput) RoleName() pulumi.StringOutput

The name of the role to associate the policy with. 

This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

func (RolePolicyOutput) ToRolePolicyOutput 

func (o RolePolicyOutput) ToRolePolicyOutput() RolePolicyOutput

func (RolePolicyOutput) ToRolePolicyOutputWithContext 

func (o RolePolicyOutput) ToRolePolicyOutputWithContext(ctx context.Context) RolePolicyOutput

type RolePolicyState added in v0.69.0 

type RolePolicyState struct {
}

func (RolePolicyState) ElementType added in v0.69.0 

func (RolePolicyState) ElementType() reflect.Type

type RolePolicyType added in v0.69.0 

type RolePolicyType struct {
	// The entire contents of the policy that defines permissions. For more information, see [Overview of JSON policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json).
	PolicyDocument interface{} `pulumi:"policyDocument"`
	// The friendly name (not ARN) identifying the policy.
	PolicyName string `pulumi:"policyName"`
}

Contains information about an attached policy. 

An attached policy is a managed policy that has been attached to a user, group, or role.
For more information about managed policies, refer to [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*.

type RolePolicyTypeArgs added in v0.69.0 

type RolePolicyTypeArgs struct {
	// The entire contents of the policy that defines permissions. For more information, see [Overview of JSON policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json).
	PolicyDocument pulumi.Input `pulumi:"policyDocument"`
	// The friendly name (not ARN) identifying the policy.
	PolicyName pulumi.StringInput `pulumi:"policyName"`
}

Contains information about an attached policy. 

An attached policy is a managed policy that has been attached to a user, group, or role.
For more information about managed policies, refer to [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*.

func (RolePolicyTypeArgs) ElementType added in v0.69.0 

func (RolePolicyTypeArgs) ElementType() reflect.Type

func (RolePolicyTypeArgs) ToRolePolicyTypeOutput added in v0.69.0 

func (i RolePolicyTypeArgs) ToRolePolicyTypeOutput() RolePolicyTypeOutput

func (RolePolicyTypeArgs) ToRolePolicyTypeOutputWithContext added in v0.69.0 

func (i RolePolicyTypeArgs) ToRolePolicyTypeOutputWithContext(ctx context.Context) RolePolicyTypeOutput

type RolePolicyTypeArray added in v0.69.0 

type RolePolicyTypeArray []RolePolicyTypeInput

func (RolePolicyTypeArray) ElementType added in v0.69.0 

func (RolePolicyTypeArray) ElementType() reflect.Type

func (RolePolicyTypeArray) ToRolePolicyTypeArrayOutput added in v0.69.0 

func (i RolePolicyTypeArray) ToRolePolicyTypeArrayOutput() RolePolicyTypeArrayOutput

func (RolePolicyTypeArray) ToRolePolicyTypeArrayOutputWithContext added in v0.69.0 

func (i RolePolicyTypeArray) ToRolePolicyTypeArrayOutputWithContext(ctx context.Context) RolePolicyTypeArrayOutput

type RolePolicyTypeArrayInput added in v0.69.0 

type RolePolicyTypeArrayInput interface {
	pulumi.Input

	ToRolePolicyTypeArrayOutput() RolePolicyTypeArrayOutput
	ToRolePolicyTypeArrayOutputWithContext(context.Context) RolePolicyTypeArrayOutput
}

RolePolicyTypeArrayInput is an input type that accepts RolePolicyTypeArray and RolePolicyTypeArrayOutput values. You can construct a concrete instance of `RolePolicyTypeArrayInput` via: 

RolePolicyTypeArray{ RolePolicyTypeArgs{...} }

type RolePolicyTypeArrayOutput added in v0.69.0 

type RolePolicyTypeArrayOutput struct{ *pulumi.OutputState }

func (RolePolicyTypeArrayOutput) ElementType added in v0.69.0 

func (RolePolicyTypeArrayOutput) ElementType() reflect.Type

func (RolePolicyTypeArrayOutput) Index added in v0.69.0 

func (o RolePolicyTypeArrayOutput) Index(i pulumi.IntInput) RolePolicyTypeOutput

func (RolePolicyTypeArrayOutput) ToRolePolicyTypeArrayOutput added in v0.69.0 

func (o RolePolicyTypeArrayOutput) ToRolePolicyTypeArrayOutput() RolePolicyTypeArrayOutput

func (RolePolicyTypeArrayOutput) ToRolePolicyTypeArrayOutputWithContext added in v0.69.0 

func (o RolePolicyTypeArrayOutput) ToRolePolicyTypeArrayOutputWithContext(ctx context.Context) RolePolicyTypeArrayOutput

type RolePolicyTypeInput added in v0.69.0 

type RolePolicyTypeInput interface {
	pulumi.Input

	ToRolePolicyTypeOutput() RolePolicyTypeOutput
	ToRolePolicyTypeOutputWithContext(context.Context) RolePolicyTypeOutput
}

RolePolicyTypeInput is an input type that accepts RolePolicyTypeArgs and RolePolicyTypeOutput values. You can construct a concrete instance of `RolePolicyTypeInput` via: 

RolePolicyTypeArgs{...}

type RolePolicyTypeOutput added in v0.69.0 

type RolePolicyTypeOutput struct{ *pulumi.OutputState }

Contains information about an attached policy. 

An attached policy is a managed policy that has been attached to a user, group, or role.
For more information about managed policies, refer to [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*.

func (RolePolicyTypeOutput) ElementType added in v0.69.0 

func (RolePolicyTypeOutput) ElementType() reflect.Type

func (RolePolicyTypeOutput) PolicyDocument added in v0.69.0 

func (o RolePolicyTypeOutput) PolicyDocument() pulumi.AnyOutput

The entire contents of the policy that defines permissions. For more information, see [Overview of JSON policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json).

func (RolePolicyTypeOutput) PolicyName added in v0.69.0 

func (o RolePolicyTypeOutput) PolicyName() pulumi.StringOutput

The friendly name (not ARN) identifying the policy.

func (RolePolicyTypeOutput) ToRolePolicyTypeOutput added in v0.69.0 

func (o RolePolicyTypeOutput) ToRolePolicyTypeOutput() RolePolicyTypeOutput

func (RolePolicyTypeOutput) ToRolePolicyTypeOutputWithContext added in v0.69.0 

func (o RolePolicyTypeOutput) ToRolePolicyTypeOutputWithContext(ctx context.Context) RolePolicyTypeOutput

type RoleState 

type RoleState struct {
}

func (RoleState) ElementType 

func (RoleState) ElementType() reflect.Type

type RoleTag 

type RoleTag struct {
	// The key name that can be used to look up or retrieve the associated value. For example, “Department“ or “Cost Center“ are common choices.
	Key string `pulumi:"key"`
	// The value associated with this tag. For example, tags with a key name of “Department“ could have values such as “Human Resources“, “Accounting“, and “Support“. Tags with a key name of “Cost Center“ might have values that consist of the number associated with the different cost centers in your company. Typically, many resources have tags with the same key name but with different values.
	//    AWS always interprets the tag “Value“ as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
	Value string `pulumi:"value"`
}

A structure that represents user-provided metadata that can be associated with an IAM resource. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*.

type SamlProvider added in v0.72.0 

type SamlProvider struct {
	pulumi.CustomResourceState

	// Amazon Resource Name (ARN) of the SAML provider
	Arn pulumi.StringOutput `pulumi:"arn"`
	// The name of the provider to create.
	//
	// This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	Name pulumi.StringPtrOutput `pulumi:"name"`
	// An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP.
	//
	// For more information, see [About SAML 2.0-based federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) in the *IAM User Guide*
	SamlMetadataDocument pulumi.StringOutput `pulumi:"samlMetadataDocument"`
	// A list of tags that you want to attach to the new IAM SAML provider. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .
	//
	// > If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.
	Tags aws.TagArrayOutput `pulumi:"tags"`
}

Resource Type definition for AWS::IAM::SAMLProvider

func GetSamlProvider added in v0.72.0 

func GetSamlProvider(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SamlProviderState, opts ...pulumi.ResourceOption) (*SamlProvider, error)

GetSamlProvider gets an existing SamlProvider resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSamlProvider added in v0.72.0 

func NewSamlProvider(ctx *pulumi.Context,
	name string, args *SamlProviderArgs, opts ...pulumi.ResourceOption) (*SamlProvider, error)

NewSamlProvider registers a new resource with the given unique name, arguments, and options.

func (*SamlProvider) ElementType added in v0.72.0 

func (*SamlProvider) ElementType() reflect.Type

func (*SamlProvider) ToSamlProviderOutput added in v0.72.0 

func (i *SamlProvider) ToSamlProviderOutput() SamlProviderOutput

func (*SamlProvider) ToSamlProviderOutputWithContext added in v0.72.0 

func (i *SamlProvider) ToSamlProviderOutputWithContext(ctx context.Context) SamlProviderOutput

type SamlProviderArgs added in v0.72.0 

type SamlProviderArgs struct {
	// The name of the provider to create.
	//
	// This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	Name pulumi.StringPtrInput
	// An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP.
	//
	// For more information, see [About SAML 2.0-based federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) in the *IAM User Guide*
	SamlMetadataDocument pulumi.StringInput
	// A list of tags that you want to attach to the new IAM SAML provider. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .
	//
	// > If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.
	Tags aws.TagArrayInput
}

The set of arguments for constructing a SamlProvider resource.

func (SamlProviderArgs) ElementType added in v0.72.0 

func (SamlProviderArgs) ElementType() reflect.Type

type SamlProviderInput added in v0.72.0 

type SamlProviderInput interface {
	pulumi.Input

	ToSamlProviderOutput() SamlProviderOutput
	ToSamlProviderOutputWithContext(ctx context.Context) SamlProviderOutput
}

type SamlProviderOutput added in v0.72.0 

type SamlProviderOutput struct{ *pulumi.OutputState }

func (SamlProviderOutput) Arn added in v0.72.0 

func (o SamlProviderOutput) Arn() pulumi.StringOutput

Amazon Resource Name (ARN) of the SAML provider

func (SamlProviderOutput) ElementType added in v0.72.0 

func (SamlProviderOutput) ElementType() reflect.Type

func (SamlProviderOutput) Name added in v0.72.0 

func (o SamlProviderOutput) Name() pulumi.StringPtrOutput

The name of the provider to create.

This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

func (SamlProviderOutput) SamlMetadataDocument added in v0.72.0 

func (o SamlProviderOutput) SamlMetadataDocument() pulumi.StringOutput

An XML document generated by an identity provider (IdP) that supports SAML 2.0. The document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that are received from the IdP. You must generate the metadata document using the identity management software that is used as your organization's IdP.

For more information, see [About SAML 2.0-based federation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) in the *IAM User Guide*

func (SamlProviderOutput) Tags added in v0.72.0 

func (o SamlProviderOutput) Tags() aws.TagArrayOutput

A list of tags that you want to attach to the new IAM SAML provider. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .

> If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.

func (SamlProviderOutput) ToSamlProviderOutput added in v0.72.0 

func (o SamlProviderOutput) ToSamlProviderOutput() SamlProviderOutput

func (SamlProviderOutput) ToSamlProviderOutputWithContext added in v0.72.0 

func (o SamlProviderOutput) ToSamlProviderOutputWithContext(ctx context.Context) SamlProviderOutput

type SamlProviderState added in v0.72.0 

type SamlProviderState struct {
}

func (SamlProviderState) ElementType added in v0.72.0 

func (SamlProviderState) ElementType() reflect.Type

type SamlProviderTag added in v0.72.0 

type SamlProviderTag struct {
	// The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
	Key string `pulumi:"key"`
	// The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
	Value string `pulumi:"value"`
}

A key-value pair to associate with a resource.

type ServerCertificate 

type ServerCertificate struct {
	pulumi.CustomResourceState

	// Amazon Resource Name (ARN) of the server certificate
	Arn pulumi.StringOutput `pulumi:"arn"`
	// The contents of the public key certificate.
	CertificateBody pulumi.StringPtrOutput `pulumi:"certificateBody"`
	// The contents of the public key certificate chain.
	CertificateChain pulumi.StringPtrOutput `pulumi:"certificateChain"`
	// The path for the server certificate. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .
	//
	// This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\u0021` ) through the DEL character ( `\u007F` ), including most punctuation characters, digits, and upper and lowercased letters.
	//
	// > If you are uploading a server certificate specifically for use with Amazon CloudFront distributions, you must specify a path using the `path` parameter. The path must begin with `/cloudfront` and must include a trailing slash (for example, `/cloudfront/test/` ).
	Path pulumi.StringPtrOutput `pulumi:"path"`
	// The contents of the private key in PEM-encoded format.
	//
	// The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
	//
	// - Any printable ASCII character ranging from the space character ( `\u0020` ) through the end of the ASCII character range
	// - The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\u00FF` )
	// - The special characters tab ( `\u0009` ), line feed ( `\u000A` ), and carriage return ( `\u000D` )
	PrivateKey pulumi.StringPtrOutput `pulumi:"privateKey"`
	// The name for the server certificate. Do not include the path in this value. The name of the certificate cannot contain any spaces.
	//
	// This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	ServerCertificateName pulumi.StringPtrOutput `pulumi:"serverCertificateName"`
	// A list of tags that are attached to the server certificate. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .
	Tags aws.TagArrayOutput `pulumi:"tags"`
}

Resource Type definition for AWS::IAM::ServerCertificate

func GetServerCertificate 

func GetServerCertificate(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ServerCertificateState, opts ...pulumi.ResourceOption) (*ServerCertificate, error)

GetServerCertificate gets an existing ServerCertificate resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewServerCertificate 

func NewServerCertificate(ctx *pulumi.Context,
	name string, args *ServerCertificateArgs, opts ...pulumi.ResourceOption) (*ServerCertificate, error)

NewServerCertificate registers a new resource with the given unique name, arguments, and options.

func (*ServerCertificate) ElementType 

func (*ServerCertificate) ElementType() reflect.Type

func (*ServerCertificate) ToServerCertificateOutput 

func (i *ServerCertificate) ToServerCertificateOutput() ServerCertificateOutput

func (*ServerCertificate) ToServerCertificateOutputWithContext 

func (i *ServerCertificate) ToServerCertificateOutputWithContext(ctx context.Context) ServerCertificateOutput

type ServerCertificateArgs 

type ServerCertificateArgs struct {
	// The contents of the public key certificate.
	CertificateBody pulumi.StringPtrInput
	// The contents of the public key certificate chain.
	CertificateChain pulumi.StringPtrInput
	// The path for the server certificate. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .
	//
	// This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\u0021` ) through the DEL character ( `\u007F` ), including most punctuation characters, digits, and upper and lowercased letters.
	//
	// > If you are uploading a server certificate specifically for use with Amazon CloudFront distributions, you must specify a path using the `path` parameter. The path must begin with `/cloudfront` and must include a trailing slash (for example, `/cloudfront/test/` ).
	Path pulumi.StringPtrInput
	// The contents of the private key in PEM-encoded format.
	//
	// The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
	//
	// - Any printable ASCII character ranging from the space character ( `\u0020` ) through the end of the ASCII character range
	// - The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\u00FF` )
	// - The special characters tab ( `\u0009` ), line feed ( `\u000A` ), and carriage return ( `\u000D` )
	PrivateKey pulumi.StringPtrInput
	// The name for the server certificate. Do not include the path in this value. The name of the certificate cannot contain any spaces.
	//
	// This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	ServerCertificateName pulumi.StringPtrInput
	// A list of tags that are attached to the server certificate. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .
	Tags aws.TagArrayInput
}

The set of arguments for constructing a ServerCertificate resource.

func (ServerCertificateArgs) ElementType 

func (ServerCertificateArgs) ElementType() reflect.Type

type ServerCertificateInput 

type ServerCertificateInput interface {
	pulumi.Input

	ToServerCertificateOutput() ServerCertificateOutput
	ToServerCertificateOutputWithContext(ctx context.Context) ServerCertificateOutput
}

type ServerCertificateOutput 

type ServerCertificateOutput struct{ *pulumi.OutputState }

func (ServerCertificateOutput) Arn added in v0.17.0 

func (o ServerCertificateOutput) Arn() pulumi.StringOutput

Amazon Resource Name (ARN) of the server certificate

func (ServerCertificateOutput) CertificateBody added in v0.17.0 

func (o ServerCertificateOutput) CertificateBody() pulumi.StringPtrOutput

The contents of the public key certificate.

func (ServerCertificateOutput) CertificateChain added in v0.17.0 

func (o ServerCertificateOutput) CertificateChain() pulumi.StringPtrOutput

The contents of the public key certificate chain.

func (ServerCertificateOutput) ElementType 

func (ServerCertificateOutput) ElementType() reflect.Type

func (ServerCertificateOutput) Path added in v0.17.0 

func (o ServerCertificateOutput) Path() pulumi.StringPtrOutput

The path for the server certificate. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .

This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\u0021` ) through the DEL character ( `\u007F` ), including most punctuation characters, digits, and upper and lowercased letters.

> If you are uploading a server certificate specifically for use with Amazon CloudFront distributions, you must specify a path using the `path` parameter. The path must begin with `/cloudfront` and must include a trailing slash (for example, `/cloudfront/test/` ).

func (ServerCertificateOutput) PrivateKey added in v0.17.0 

func (o ServerCertificateOutput) PrivateKey() pulumi.StringPtrOutput

The contents of the private key in PEM-encoded format.

The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:

- Any printable ASCII character ranging from the space character ( `\u0020` ) through the end of the ASCII character range - The printable characters in the Basic Latin and Latin-1 Supplement character set (through `\u00FF` ) - The special characters tab ( `\u0009` ), line feed ( `\u000A` ), and carriage return ( `\u000D` )

func (ServerCertificateOutput) ServerCertificateName added in v0.17.0 

func (o ServerCertificateOutput) ServerCertificateName() pulumi.StringPtrOutput

The name for the server certificate. Do not include the path in this value. The name of the certificate cannot contain any spaces.

This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

func (ServerCertificateOutput) Tags added in v0.17.0 

func (o ServerCertificateOutput) Tags() aws.TagArrayOutput

A list of tags that are attached to the server certificate. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .

func (ServerCertificateOutput) ToServerCertificateOutput 

func (o ServerCertificateOutput) ToServerCertificateOutput() ServerCertificateOutput

func (ServerCertificateOutput) ToServerCertificateOutputWithContext 

func (o ServerCertificateOutput) ToServerCertificateOutputWithContext(ctx context.Context) ServerCertificateOutput

type ServerCertificateState 

type ServerCertificateState struct {
}

func (ServerCertificateState) ElementType 

func (ServerCertificateState) ElementType() reflect.Type

type ServerCertificateTag 

type ServerCertificateTag struct {
	// The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
	Key string `pulumi:"key"`
	// The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
	Value string `pulumi:"value"`
}

A key-value pair to associate with a resource.

type ServiceLinkedRole 

type ServiceLinkedRole struct {
	pulumi.CustomResourceState

	// The service principal for the AWS service to which this role is attached.
	AwsServiceName pulumi.StringPtrOutput `pulumi:"awsServiceName"`
	// A string that you provide, which is combined with the service-provided prefix to form the complete role name.
	CustomSuffix pulumi.StringPtrOutput `pulumi:"customSuffix"`
	// The description of the role.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The name of the role.
	RoleName pulumi.StringOutput `pulumi:"roleName"`
}

Resource Type definition for AWS::IAM::ServiceLinkedRole

## Example Usage ### Example

```go package main

import ( 

"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		basicSLR, err := iam.NewServiceLinkedRole(ctx, "basicSLR", &iam.ServiceLinkedRoleArgs{
			AwsServiceName: pulumi.String("autoscaling.amazonaws.com"),
			Description:    pulumi.String("Test SLR description"),
			CustomSuffix:   pulumi.String("TestSuffix"),
		})
		if err != nil {
			return err
		}
		ctx.Export("slrId", basicSLR.ID())
		return nil
	})
}

``` ### Example

```go package main

import ( 

"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		basicSLR, err := iam.NewServiceLinkedRole(ctx, "basicSLR", &iam.ServiceLinkedRoleArgs{
			AwsServiceName: pulumi.String("autoscaling.amazonaws.com"),
			Description:    pulumi.String("Test SLR description"),
			CustomSuffix:   pulumi.String("TestSuffix"),
		})
		if err != nil {
			return err
		}
		ctx.Export("slrId", basicSLR.ID())
		return nil
	})
}

```

func GetServiceLinkedRole 

func GetServiceLinkedRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ServiceLinkedRoleState, opts ...pulumi.ResourceOption) (*ServiceLinkedRole, error)

GetServiceLinkedRole gets an existing ServiceLinkedRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewServiceLinkedRole 

func NewServiceLinkedRole(ctx *pulumi.Context,
	name string, args *ServiceLinkedRoleArgs, opts ...pulumi.ResourceOption) (*ServiceLinkedRole, error)

NewServiceLinkedRole registers a new resource with the given unique name, arguments, and options.

func (*ServiceLinkedRole) ElementType 

func (*ServiceLinkedRole) ElementType() reflect.Type

func (*ServiceLinkedRole) ToServiceLinkedRoleOutput 

func (i *ServiceLinkedRole) ToServiceLinkedRoleOutput() ServiceLinkedRoleOutput

func (*ServiceLinkedRole) ToServiceLinkedRoleOutputWithContext 

func (i *ServiceLinkedRole) ToServiceLinkedRoleOutputWithContext(ctx context.Context) ServiceLinkedRoleOutput

type ServiceLinkedRoleArgs 

type ServiceLinkedRoleArgs struct {
	// The service principal for the AWS service to which this role is attached.
	AwsServiceName pulumi.StringPtrInput
	// A string that you provide, which is combined with the service-provided prefix to form the complete role name.
	CustomSuffix pulumi.StringPtrInput
	// The description of the role.
	Description pulumi.StringPtrInput
}

The set of arguments for constructing a ServiceLinkedRole resource.

func (ServiceLinkedRoleArgs) ElementType 

func (ServiceLinkedRoleArgs) ElementType() reflect.Type

type ServiceLinkedRoleInput 

type ServiceLinkedRoleInput interface {
	pulumi.Input

	ToServiceLinkedRoleOutput() ServiceLinkedRoleOutput
	ToServiceLinkedRoleOutputWithContext(ctx context.Context) ServiceLinkedRoleOutput
}

type ServiceLinkedRoleOutput 

type ServiceLinkedRoleOutput struct{ *pulumi.OutputState }

func (ServiceLinkedRoleOutput) AwsServiceName added in v0.72.0 

func (o ServiceLinkedRoleOutput) AwsServiceName() pulumi.StringPtrOutput

The service principal for the AWS service to which this role is attached.

func (ServiceLinkedRoleOutput) CustomSuffix added in v0.17.0 

func (o ServiceLinkedRoleOutput) CustomSuffix() pulumi.StringPtrOutput

A string that you provide, which is combined with the service-provided prefix to form the complete role name.

func (ServiceLinkedRoleOutput) Description added in v0.17.0 

func (o ServiceLinkedRoleOutput) Description() pulumi.StringPtrOutput

The description of the role.

func (ServiceLinkedRoleOutput) ElementType 

func (ServiceLinkedRoleOutput) ElementType() reflect.Type

func (ServiceLinkedRoleOutput) RoleName added in v0.67.0 

func (o ServiceLinkedRoleOutput) RoleName() pulumi.StringOutput

The name of the role.

func (ServiceLinkedRoleOutput) ToServiceLinkedRoleOutput 

func (o ServiceLinkedRoleOutput) ToServiceLinkedRoleOutput() ServiceLinkedRoleOutput

func (ServiceLinkedRoleOutput) ToServiceLinkedRoleOutputWithContext 

func (o ServiceLinkedRoleOutput) ToServiceLinkedRoleOutputWithContext(ctx context.Context) ServiceLinkedRoleOutput

type ServiceLinkedRoleState 

type ServiceLinkedRoleState struct {
}

func (ServiceLinkedRoleState) ElementType 

func (ServiceLinkedRoleState) ElementType() reflect.Type

type User 

type User struct {
	pulumi.CustomResourceState

	// Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::User` resource. For example: `arn:aws:iam::123456789012:user/mystack-myuser-1CCXAFG2H2U4D` .
	Arn pulumi.StringOutput `pulumi:"arn"`
	// A list of group names to which you want to add the user.
	Groups pulumi.StringArrayOutput `pulumi:"groups"`
	// Creates a password for the specified IAM user. A password allows an IAM user to access AWS services through the console.
	//  You can use the CLI, the AWS API, or the *Users* page in the IAM console to create a password for any IAM user. Use [ChangePassword](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html) to update your own existing password in the *My Security Credentials* page in the console.
	//  For more information about managing passwords, see [Managing passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *User Guide*.
	LoginProfile UserLoginProfilePtrOutput `pulumi:"loginProfile"`
	// A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the user.
	//  For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.
	ManagedPolicyArns pulumi.StringArrayOutput `pulumi:"managedPolicyArns"`
	// The path for the user name. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*.
	//  This parameter is optional. If it is not included, it defaults to a slash (/).
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (“\u0021“) through the DEL character (“\u007F“), including most punctuation characters, digits, and upper and lowercased letters.
	Path pulumi.StringPtrOutput `pulumi:"path"`
	// The ARN of the managed policy that is used to set the permissions boundary for the user.
	//  A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*.
	//  For more information about policy types, see [Policy types](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) in the *IAM User Guide*.
	PermissionsBoundary pulumi.StringPtrOutput `pulumi:"permissionsBoundary"`
	// Adds or updates an inline policy document that is embedded in the specified IAM user. To view AWS::IAM::User snippets, see [Declaring an User Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-user).
	//   The name of each policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.
	//   For information about limits on the number of inline policies that you can embed in a user, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.
	Policies UserPolicyTypeArrayOutput `pulumi:"policies"`
	// A list of tags that you want to attach to the new user. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*.
	//   If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.
	Tags aws.TagArrayOutput `pulumi:"tags"`
	// The name of the user to create. Do not include the path in this value.
	//  This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The user name must be unique within the account. User names are not distinguished by case. For example, you cannot create users named both "John" and "john".
	//  If you don't specify a name, CFN generates a unique physical ID and uses that ID for the user name.
	//  If you specify a name, you must specify the “CAPABILITY_NAMED_IAM“ value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities).
	//   Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using “Fn::Join“ and “AWS::Region“ to create a Region-specific name, as in the following example: “{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}“.
	UserName pulumi.StringPtrOutput `pulumi:"userName"`
}

Creates a new IAM user for your AWS-account. 

For information about quotas for the number of IAM users you can create, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.

func GetUser 

func GetUser(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *UserState, opts ...pulumi.ResourceOption) (*User, error)

GetUser gets an existing User resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewUser 

func NewUser(ctx *pulumi.Context,
	name string, args *UserArgs, opts ...pulumi.ResourceOption) (*User, error)

NewUser registers a new resource with the given unique name, arguments, and options.

func (*User) ElementType 

func (*User) ElementType() reflect.Type

func (*User) ToUserOutput 

func (i *User) ToUserOutput() UserOutput

func (*User) ToUserOutputWithContext 

func (i *User) ToUserOutputWithContext(ctx context.Context) UserOutput

type UserArgs 

type UserArgs struct {
	// A list of group names to which you want to add the user.
	Groups pulumi.StringArrayInput
	// Creates a password for the specified IAM user. A password allows an IAM user to access AWS services through the console.
	//  You can use the CLI, the AWS API, or the *Users* page in the IAM console to create a password for any IAM user. Use [ChangePassword](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html) to update your own existing password in the *My Security Credentials* page in the console.
	//  For more information about managing passwords, see [Managing passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *User Guide*.
	LoginProfile UserLoginProfilePtrInput
	// A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the user.
	//  For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.
	ManagedPolicyArns pulumi.StringArrayInput
	// The path for the user name. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*.
	//  This parameter is optional. If it is not included, it defaults to a slash (/).
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (“\u0021“) through the DEL character (“\u007F“), including most punctuation characters, digits, and upper and lowercased letters.
	Path pulumi.StringPtrInput
	// The ARN of the managed policy that is used to set the permissions boundary for the user.
	//  A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*.
	//  For more information about policy types, see [Policy types](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) in the *IAM User Guide*.
	PermissionsBoundary pulumi.StringPtrInput
	// Adds or updates an inline policy document that is embedded in the specified IAM user. To view AWS::IAM::User snippets, see [Declaring an User Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-user).
	//   The name of each policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.
	//   For information about limits on the number of inline policies that you can embed in a user, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.
	Policies UserPolicyTypeArrayInput
	// A list of tags that you want to attach to the new user. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*.
	//   If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.
	Tags aws.TagArrayInput
	// The name of the user to create. Do not include the path in this value.
	//  This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The user name must be unique within the account. User names are not distinguished by case. For example, you cannot create users named both "John" and "john".
	//  If you don't specify a name, CFN generates a unique physical ID and uses that ID for the user name.
	//  If you specify a name, you must specify the “CAPABILITY_NAMED_IAM“ value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities).
	//   Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using “Fn::Join“ and “AWS::Region“ to create a Region-specific name, as in the following example: “{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}“.
	UserName pulumi.StringPtrInput
}

The set of arguments for constructing a User resource.

func (UserArgs) ElementType 

func (UserArgs) ElementType() reflect.Type

type UserInput 

type UserInput interface {
	pulumi.Input

	ToUserOutput() UserOutput
	ToUserOutputWithContext(ctx context.Context) UserOutput
}

type UserLoginProfile 

type UserLoginProfile struct {
	// The user's password.
	Password string `pulumi:"password"`
	// Specifies whether the user is required to set a new password on next sign-in.
	PasswordResetRequired *bool `pulumi:"passwordResetRequired"`
}

Creates a password for the specified user, giving the user the ability to access AWS services through the console. For more information about managing passwords, see [Managing Passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *User Guide*.

type UserLoginProfileArgs 

type UserLoginProfileArgs struct {
	// The user's password.
	Password pulumi.StringInput `pulumi:"password"`
	// Specifies whether the user is required to set a new password on next sign-in.
	PasswordResetRequired pulumi.BoolPtrInput `pulumi:"passwordResetRequired"`
}

Creates a password for the specified user, giving the user the ability to access AWS services through the console. For more information about managing passwords, see [Managing Passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *User Guide*.

func (UserLoginProfileArgs) ElementType 

func (UserLoginProfileArgs) ElementType() reflect.Type

func (UserLoginProfileArgs) ToUserLoginProfileOutput 

func (i UserLoginProfileArgs) ToUserLoginProfileOutput() UserLoginProfileOutput

func (UserLoginProfileArgs) ToUserLoginProfileOutputWithContext 

func (i UserLoginProfileArgs) ToUserLoginProfileOutputWithContext(ctx context.Context) UserLoginProfileOutput

func (UserLoginProfileArgs) ToUserLoginProfilePtrOutput 

func (i UserLoginProfileArgs) ToUserLoginProfilePtrOutput() UserLoginProfilePtrOutput

func (UserLoginProfileArgs) ToUserLoginProfilePtrOutputWithContext 

func (i UserLoginProfileArgs) ToUserLoginProfilePtrOutputWithContext(ctx context.Context) UserLoginProfilePtrOutput

type UserLoginProfileInput 

type UserLoginProfileInput interface {
	pulumi.Input

	ToUserLoginProfileOutput() UserLoginProfileOutput
	ToUserLoginProfileOutputWithContext(context.Context) UserLoginProfileOutput
}

UserLoginProfileInput is an input type that accepts UserLoginProfileArgs and UserLoginProfileOutput values. You can construct a concrete instance of `UserLoginProfileInput` via: 

UserLoginProfileArgs{...}

type UserLoginProfileOutput 

type UserLoginProfileOutput struct{ *pulumi.OutputState }

Creates a password for the specified user, giving the user the ability to access AWS services through the console. For more information about managing passwords, see [Managing Passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *User Guide*.

func (UserLoginProfileOutput) ElementType 

func (UserLoginProfileOutput) ElementType() reflect.Type

func (UserLoginProfileOutput) Password 

func (o UserLoginProfileOutput) Password() pulumi.StringOutput

The user's password.

func (UserLoginProfileOutput) PasswordResetRequired 

func (o UserLoginProfileOutput) PasswordResetRequired() pulumi.BoolPtrOutput

Specifies whether the user is required to set a new password on next sign-in.

func (UserLoginProfileOutput) ToUserLoginProfileOutput 

func (o UserLoginProfileOutput) ToUserLoginProfileOutput() UserLoginProfileOutput

func (UserLoginProfileOutput) ToUserLoginProfileOutputWithContext 

func (o UserLoginProfileOutput) ToUserLoginProfileOutputWithContext(ctx context.Context) UserLoginProfileOutput

func (UserLoginProfileOutput) ToUserLoginProfilePtrOutput 

func (o UserLoginProfileOutput) ToUserLoginProfilePtrOutput() UserLoginProfilePtrOutput

func (UserLoginProfileOutput) ToUserLoginProfilePtrOutputWithContext 

func (o UserLoginProfileOutput) ToUserLoginProfilePtrOutputWithContext(ctx context.Context) UserLoginProfilePtrOutput

type UserLoginProfilePtrInput 

type UserLoginProfilePtrInput interface {
	pulumi.Input

	ToUserLoginProfilePtrOutput() UserLoginProfilePtrOutput
	ToUserLoginProfilePtrOutputWithContext(context.Context) UserLoginProfilePtrOutput
}

UserLoginProfilePtrInput is an input type that accepts UserLoginProfileArgs, UserLoginProfilePtr and UserLoginProfilePtrOutput values. You can construct a concrete instance of `UserLoginProfilePtrInput` via: 

        UserLoginProfileArgs{...}

or:

        nil

func UserLoginProfilePtr 

func UserLoginProfilePtr(v *UserLoginProfileArgs) UserLoginProfilePtrInput

type UserLoginProfilePtrOutput 

type UserLoginProfilePtrOutput struct{ *pulumi.OutputState }

func (UserLoginProfilePtrOutput) Elem 

func (o UserLoginProfilePtrOutput) Elem() UserLoginProfileOutput

func (UserLoginProfilePtrOutput) ElementType 

func (UserLoginProfilePtrOutput) ElementType() reflect.Type

func (UserLoginProfilePtrOutput) Password 

func (o UserLoginProfilePtrOutput) Password() pulumi.StringPtrOutput

The user's password.

func (UserLoginProfilePtrOutput) PasswordResetRequired 

func (o UserLoginProfilePtrOutput) PasswordResetRequired() pulumi.BoolPtrOutput

Specifies whether the user is required to set a new password on next sign-in.

func (UserLoginProfilePtrOutput) ToUserLoginProfilePtrOutput 

func (o UserLoginProfilePtrOutput) ToUserLoginProfilePtrOutput() UserLoginProfilePtrOutput

func (UserLoginProfilePtrOutput) ToUserLoginProfilePtrOutputWithContext 

func (o UserLoginProfilePtrOutput) ToUserLoginProfilePtrOutputWithContext(ctx context.Context) UserLoginProfilePtrOutput

type UserOutput 

type UserOutput struct{ *pulumi.OutputState }

func (UserOutput) Arn added in v0.17.0 

func (o UserOutput) Arn() pulumi.StringOutput

Returns the Amazon Resource Name (ARN) for the specified `AWS::IAM::User` resource. For example: `arn:aws:iam::123456789012:user/mystack-myuser-1CCXAFG2H2U4D` .

func (UserOutput) ElementType 

func (UserOutput) ElementType() reflect.Type

func (UserOutput) Groups added in v0.17.0 

func (o UserOutput) Groups() pulumi.StringArrayOutput

A list of group names to which you want to add the user.

func (UserOutput) LoginProfile added in v0.17.0 

func (o UserOutput) LoginProfile() UserLoginProfilePtrOutput

Creates a password for the specified IAM user. A password allows an IAM user to access AWS services through the console. 

You can use the CLI, the AWS API, or the *Users* page in the IAM console to create a password for any IAM user. Use [ChangePassword](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ChangePassword.html) to update your own existing password in the *My Security Credentials* page in the console.
For more information about managing passwords, see [Managing passwords](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) in the *User Guide*.

func (UserOutput) ManagedPolicyArns added in v0.17.0 

func (o UserOutput) ManagedPolicyArns() pulumi.StringArrayOutput

A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the user. 

For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.

func (UserOutput) Path added in v0.17.0 

func (o UserOutput) Path() pulumi.StringPtrOutput

The path for the user name. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. 

This parameter is optional. If it is not included, it defaults to a slash (/).
This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters.

func (UserOutput) PermissionsBoundary added in v0.17.0 

func (o UserOutput) PermissionsBoundary() pulumi.StringPtrOutput

The ARN of the managed policy that is used to set the permissions boundary for the user. 

A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*.
For more information about policy types, see [Policy types](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) in the *IAM User Guide*.

func (UserOutput) Policies added in v0.17.0 

func (o UserOutput) Policies() UserPolicyTypeArrayOutput

Adds or updates an inline policy document that is embedded in the specified IAM user. To view AWS::IAM::User snippets, see [Declaring an User Resource](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-user). 

The name of each policy for a role, user, or group must be unique. If you don't choose unique names, updates to the IAM identity will fail.
For information about limits on the number of inline policies that you can embed in a user, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.

func (UserOutput) Tags added in v0.17.0 

func (o UserOutput) Tags() aws.TagArrayOutput

A list of tags that you want to attach to the new user. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*. 

If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.

func (UserOutput) ToUserOutput 

func (o UserOutput) ToUserOutput() UserOutput

func (UserOutput) ToUserOutputWithContext 

func (o UserOutput) ToUserOutputWithContext(ctx context.Context) UserOutput

func (UserOutput) UserName added in v0.17.0 

func (o UserOutput) UserName() pulumi.StringPtrOutput

The name of the user to create. Do not include the path in this value. 

This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The user name must be unique within the account. User names are not distinguished by case. For example, you cannot create users named both "John" and "john".
If you don't specify a name, CFN generates a unique physical ID and uses that ID for the user name.
If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html#using-iam-capabilities).
 Naming an IAM resource can cause an unrecoverable error if you reuse the same template in multiple Regions. To prevent this, we recommend using ``Fn::Join`` and ``AWS::Region`` to create a Region-specific name, as in the following example: ``{"Fn::Join": ["", [{"Ref": "AWS::Region"}, {"Ref": "MyResourceName"}]]}``.

type UserPolicy 

type UserPolicy struct {
	pulumi.CustomResourceState

	// The policy document.
	//  You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.
	//  The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
	//   +  Any printable ASCII character ranging from the space character (“\u0020“) through the end of the ASCII character range
	//   +  The printable characters in the Basic Latin and Latin-1 Supplement character set (through “\u00FF“)
	//   +  The special characters tab (“\u0009“), line feed (“\u000A“), and carriage return (“\u000D“)
	//
	// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::UserPolicy` for more information about the expected schema for this property.
	PolicyDocument pulumi.AnyOutput `pulumi:"policyDocument"`
	// The name of the policy document.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	PolicyName pulumi.StringOutput `pulumi:"policyName"`
	// The name of the user to associate the policy with.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	UserName pulumi.StringOutput `pulumi:"userName"`
}

Adds or updates an inline policy document that is embedded in the specified IAM user. 

An IAM user can also have a managed policy attached to it. To attach a managed policy to a user, use [AWS::IAM::User](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html). To create a new managed policy, use [AWS::IAM::ManagedPolicy](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-managedpolicy.html). For information about policies, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*.
For information about the maximum number of inline policies that you can embed in a user, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.

func GetUserPolicy added in v0.69.0 

func GetUserPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *UserPolicyState, opts ...pulumi.ResourceOption) (*UserPolicy, error)

GetUserPolicy gets an existing UserPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewUserPolicy added in v0.69.0 

func NewUserPolicy(ctx *pulumi.Context,
	name string, args *UserPolicyArgs, opts ...pulumi.ResourceOption) (*UserPolicy, error)

NewUserPolicy registers a new resource with the given unique name, arguments, and options.

func (*UserPolicy) ElementType added in v0.69.0 

func (*UserPolicy) ElementType() reflect.Type

func (*UserPolicy) ToUserPolicyOutput added in v0.69.0 

func (i *UserPolicy) ToUserPolicyOutput() UserPolicyOutput

func (*UserPolicy) ToUserPolicyOutputWithContext added in v0.69.0 

func (i *UserPolicy) ToUserPolicyOutputWithContext(ctx context.Context) UserPolicyOutput

type UserPolicyArgs 

type UserPolicyArgs struct {
	// The policy document.
	//  You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.
	//  The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
	//   +  Any printable ASCII character ranging from the space character (“\u0020“) through the end of the ASCII character range
	//   +  The printable characters in the Basic Latin and Latin-1 Supplement character set (through “\u00FF“)
	//   +  The special characters tab (“\u0009“), line feed (“\u000A“), and carriage return (“\u000D“)
	//
	// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::UserPolicy` for more information about the expected schema for this property.
	PolicyDocument pulumi.Input
	// The name of the policy document.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	PolicyName pulumi.StringPtrInput
	// The name of the user to associate the policy with.
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	UserName pulumi.StringInput
}

The set of arguments for constructing a UserPolicy resource.

func (UserPolicyArgs) ElementType 

func (UserPolicyArgs) ElementType() reflect.Type

type UserPolicyInput 

type UserPolicyInput interface {
	pulumi.Input

	ToUserPolicyOutput() UserPolicyOutput
	ToUserPolicyOutputWithContext(ctx context.Context) UserPolicyOutput
}

type UserPolicyOutput 

type UserPolicyOutput struct{ *pulumi.OutputState }

func (UserPolicyOutput) ElementType 

func (UserPolicyOutput) ElementType() reflect.Type

func (UserPolicyOutput) PolicyDocument 

func (o UserPolicyOutput) PolicyDocument() pulumi.AnyOutput

The policy document. 

You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.
The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:
 +  Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range
 +  The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``)
 +  The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``)

Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::UserPolicy` for more information about the expected schema for this property.

func (UserPolicyOutput) PolicyName 

func (o UserPolicyOutput) PolicyName() pulumi.StringOutput

The name of the policy document. 

This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

func (UserPolicyOutput) ToUserPolicyOutput 

func (o UserPolicyOutput) ToUserPolicyOutput() UserPolicyOutput

func (UserPolicyOutput) ToUserPolicyOutputWithContext 

func (o UserPolicyOutput) ToUserPolicyOutputWithContext(ctx context.Context) UserPolicyOutput

func (UserPolicyOutput) UserName added in v0.69.0 

func (o UserPolicyOutput) UserName() pulumi.StringOutput

The name of the user to associate the policy with. 

This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

type UserPolicyState added in v0.69.0 

type UserPolicyState struct {
}

func (UserPolicyState) ElementType added in v0.69.0 

func (UserPolicyState) ElementType() reflect.Type

type UserPolicyType added in v0.69.0 

type UserPolicyType struct {
	// The entire contents of the policy that defines permissions. For more information, see [Overview of JSON policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json).
	PolicyDocument interface{} `pulumi:"policyDocument"`
	// The friendly name (not ARN) identifying the policy.
	PolicyName string `pulumi:"policyName"`
}

Contains information about an attached policy. 

An attached policy is a managed policy that has been attached to a user, group, or role.
For more information about managed policies, refer to [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*.

type UserPolicyTypeArgs added in v0.69.0 

type UserPolicyTypeArgs struct {
	// The entire contents of the policy that defines permissions. For more information, see [Overview of JSON policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json).
	PolicyDocument pulumi.Input `pulumi:"policyDocument"`
	// The friendly name (not ARN) identifying the policy.
	PolicyName pulumi.StringInput `pulumi:"policyName"`
}

Contains information about an attached policy. 

An attached policy is a managed policy that has been attached to a user, group, or role.
For more information about managed policies, refer to [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*.

func (UserPolicyTypeArgs) ElementType added in v0.69.0 

func (UserPolicyTypeArgs) ElementType() reflect.Type

func (UserPolicyTypeArgs) ToUserPolicyTypeOutput added in v0.69.0 

func (i UserPolicyTypeArgs) ToUserPolicyTypeOutput() UserPolicyTypeOutput

func (UserPolicyTypeArgs) ToUserPolicyTypeOutputWithContext added in v0.69.0 

func (i UserPolicyTypeArgs) ToUserPolicyTypeOutputWithContext(ctx context.Context) UserPolicyTypeOutput

type UserPolicyTypeArray added in v0.69.0 

type UserPolicyTypeArray []UserPolicyTypeInput

func (UserPolicyTypeArray) ElementType added in v0.69.0 

func (UserPolicyTypeArray) ElementType() reflect.Type

func (UserPolicyTypeArray) ToUserPolicyTypeArrayOutput added in v0.69.0 

func (i UserPolicyTypeArray) ToUserPolicyTypeArrayOutput() UserPolicyTypeArrayOutput

func (UserPolicyTypeArray) ToUserPolicyTypeArrayOutputWithContext added in v0.69.0 

func (i UserPolicyTypeArray) ToUserPolicyTypeArrayOutputWithContext(ctx context.Context) UserPolicyTypeArrayOutput

type UserPolicyTypeArrayInput added in v0.69.0 

type UserPolicyTypeArrayInput interface {
	pulumi.Input

	ToUserPolicyTypeArrayOutput() UserPolicyTypeArrayOutput
	ToUserPolicyTypeArrayOutputWithContext(context.Context) UserPolicyTypeArrayOutput
}

UserPolicyTypeArrayInput is an input type that accepts UserPolicyTypeArray and UserPolicyTypeArrayOutput values. You can construct a concrete instance of `UserPolicyTypeArrayInput` via: 

UserPolicyTypeArray{ UserPolicyTypeArgs{...} }

type UserPolicyTypeArrayOutput added in v0.69.0 

type UserPolicyTypeArrayOutput struct{ *pulumi.OutputState }

func (UserPolicyTypeArrayOutput) ElementType added in v0.69.0 

func (UserPolicyTypeArrayOutput) ElementType() reflect.Type

func (UserPolicyTypeArrayOutput) Index added in v0.69.0 

func (o UserPolicyTypeArrayOutput) Index(i pulumi.IntInput) UserPolicyTypeOutput

func (UserPolicyTypeArrayOutput) ToUserPolicyTypeArrayOutput added in v0.69.0 

func (o UserPolicyTypeArrayOutput) ToUserPolicyTypeArrayOutput() UserPolicyTypeArrayOutput

func (UserPolicyTypeArrayOutput) ToUserPolicyTypeArrayOutputWithContext added in v0.69.0 

func (o UserPolicyTypeArrayOutput) ToUserPolicyTypeArrayOutputWithContext(ctx context.Context) UserPolicyTypeArrayOutput

type UserPolicyTypeInput added in v0.69.0 

type UserPolicyTypeInput interface {
	pulumi.Input

	ToUserPolicyTypeOutput() UserPolicyTypeOutput
	ToUserPolicyTypeOutputWithContext(context.Context) UserPolicyTypeOutput
}

UserPolicyTypeInput is an input type that accepts UserPolicyTypeArgs and UserPolicyTypeOutput values. You can construct a concrete instance of `UserPolicyTypeInput` via: 

UserPolicyTypeArgs{...}

type UserPolicyTypeOutput added in v0.69.0 

type UserPolicyTypeOutput struct{ *pulumi.OutputState }

Contains information about an attached policy. 

An attached policy is a managed policy that has been attached to a user, group, or role.
For more information about managed policies, refer to [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*.

func (UserPolicyTypeOutput) ElementType added in v0.69.0 

func (UserPolicyTypeOutput) ElementType() reflect.Type

func (UserPolicyTypeOutput) PolicyDocument added in v0.69.0 

func (o UserPolicyTypeOutput) PolicyDocument() pulumi.AnyOutput

The entire contents of the policy that defines permissions. For more information, see [Overview of JSON policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json).

func (UserPolicyTypeOutput) PolicyName added in v0.69.0 

func (o UserPolicyTypeOutput) PolicyName() pulumi.StringOutput

The friendly name (not ARN) identifying the policy.

func (UserPolicyTypeOutput) ToUserPolicyTypeOutput added in v0.69.0 

func (o UserPolicyTypeOutput) ToUserPolicyTypeOutput() UserPolicyTypeOutput

func (UserPolicyTypeOutput) ToUserPolicyTypeOutputWithContext added in v0.69.0 

func (o UserPolicyTypeOutput) ToUserPolicyTypeOutputWithContext(ctx context.Context) UserPolicyTypeOutput

type UserState 

type UserState struct {
}

func (UserState) ElementType 

func (UserState) ElementType() reflect.Type

type UserTag 

type UserTag struct {
	// The key name that can be used to look up or retrieve the associated value. For example, “Department“ or “Cost Center“ are common choices.
	Key string `pulumi:"key"`
	// The value associated with this tag. For example, tags with a key name of “Department“ could have values such as “Human Resources“, “Accounting“, and “Support“. Tags with a key name of “Cost Center“ might have values that consist of the number associated with the different cost centers in your company. Typically, many resources have tags with the same key name but with different values.
	//    AWS always interprets the tag “Value“ as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.
	Value string `pulumi:"value"`
}

A structure that represents user-provided metadata that can be associated with an IAM resource. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*.

type VirtualMfaDevice added in v0.72.0 

type VirtualMfaDevice struct {
	pulumi.CustomResourceState

	// The path for the virtual MFA device. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .
	//
	// This parameter is optional. If it is not included, it defaults to a slash (/).
	//
	// This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\u0021` ) through the DEL character ( `\u007F` ), including most punctuation characters, digits, and upper and lowercased letters.
	Path pulumi.StringPtrOutput `pulumi:"path"`
	// Returns the serial number for the specified `AWS::IAM::VirtualMFADevice` resource.
	SerialNumber pulumi.StringOutput `pulumi:"serialNumber"`
	// A list of tags that you want to attach to the new IAM virtual MFA device. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .
	//
	// > If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.
	Tags aws.TagArrayOutput `pulumi:"tags"`
	// The IAM user associated with this virtual MFA device.
	Users pulumi.StringArrayOutput `pulumi:"users"`
	// The name of the virtual MFA device, which must be unique. Use with path to uniquely identify a virtual MFA device.
	//
	// This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	VirtualMfaDeviceName pulumi.StringPtrOutput `pulumi:"virtualMfaDeviceName"`
}

Resource Type definition for AWS::IAM::VirtualMFADevice

func GetVirtualMfaDevice added in v0.72.0 

func GetVirtualMfaDevice(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *VirtualMfaDeviceState, opts ...pulumi.ResourceOption) (*VirtualMfaDevice, error)

GetVirtualMfaDevice gets an existing VirtualMfaDevice resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewVirtualMfaDevice added in v0.72.0 

func NewVirtualMfaDevice(ctx *pulumi.Context,
	name string, args *VirtualMfaDeviceArgs, opts ...pulumi.ResourceOption) (*VirtualMfaDevice, error)

NewVirtualMfaDevice registers a new resource with the given unique name, arguments, and options.

func (*VirtualMfaDevice) ElementType added in v0.72.0 

func (*VirtualMfaDevice) ElementType() reflect.Type

func (*VirtualMfaDevice) ToVirtualMfaDeviceOutput added in v0.72.0 

func (i *VirtualMfaDevice) ToVirtualMfaDeviceOutput() VirtualMfaDeviceOutput

func (*VirtualMfaDevice) ToVirtualMfaDeviceOutputWithContext added in v0.72.0 

func (i *VirtualMfaDevice) ToVirtualMfaDeviceOutputWithContext(ctx context.Context) VirtualMfaDeviceOutput

type VirtualMfaDeviceArgs added in v0.72.0 

type VirtualMfaDeviceArgs struct {
	// The path for the virtual MFA device. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .
	//
	// This parameter is optional. If it is not included, it defaults to a slash (/).
	//
	// This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\u0021` ) through the DEL character ( `\u007F` ), including most punctuation characters, digits, and upper and lowercased letters.
	Path pulumi.StringPtrInput
	// A list of tags that you want to attach to the new IAM virtual MFA device. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .
	//
	// > If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.
	Tags aws.TagArrayInput
	// The IAM user associated with this virtual MFA device.
	Users pulumi.StringArrayInput
	// The name of the virtual MFA device, which must be unique. Use with path to uniquely identify a virtual MFA device.
	//
	// This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-
	VirtualMfaDeviceName pulumi.StringPtrInput
}

The set of arguments for constructing a VirtualMfaDevice resource.

func (VirtualMfaDeviceArgs) ElementType added in v0.72.0 

func (VirtualMfaDeviceArgs) ElementType() reflect.Type

type VirtualMfaDeviceInput added in v0.72.0 

type VirtualMfaDeviceInput interface {
	pulumi.Input

	ToVirtualMfaDeviceOutput() VirtualMfaDeviceOutput
	ToVirtualMfaDeviceOutputWithContext(ctx context.Context) VirtualMfaDeviceOutput
}

type VirtualMfaDeviceOutput added in v0.72.0 

type VirtualMfaDeviceOutput struct{ *pulumi.OutputState }

func (VirtualMfaDeviceOutput) ElementType added in v0.72.0 

func (VirtualMfaDeviceOutput) ElementType() reflect.Type

func (VirtualMfaDeviceOutput) Path added in v0.72.0 

func (o VirtualMfaDeviceOutput) Path() pulumi.StringPtrOutput

The path for the virtual MFA device. For more information about paths, see [IAM identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide* .

This parameter is optional. If it is not included, it defaults to a slash (/).

This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( `\u0021` ) through the DEL character ( `\u007F` ), including most punctuation characters, digits, and upper and lowercased letters.

func (VirtualMfaDeviceOutput) SerialNumber added in v0.72.0 

func (o VirtualMfaDeviceOutput) SerialNumber() pulumi.StringOutput

Returns the serial number for the specified `AWS::IAM::VirtualMFADevice` resource.

func (VirtualMfaDeviceOutput) Tags added in v0.72.0 

func (o VirtualMfaDeviceOutput) Tags() aws.TagArrayOutput

A list of tags that you want to attach to the new IAM virtual MFA device. Each tag consists of a key name and an associated value. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide* .

> If any one of the tags is invalid or if you exceed the allowed maximum number of tags, then the entire request fails and the resource is not created.

func (VirtualMfaDeviceOutput) ToVirtualMfaDeviceOutput added in v0.72.0 

func (o VirtualMfaDeviceOutput) ToVirtualMfaDeviceOutput() VirtualMfaDeviceOutput

func (VirtualMfaDeviceOutput) ToVirtualMfaDeviceOutputWithContext added in v0.72.0 

func (o VirtualMfaDeviceOutput) ToVirtualMfaDeviceOutputWithContext(ctx context.Context) VirtualMfaDeviceOutput

func (VirtualMfaDeviceOutput) Users added in v0.72.0 

func (o VirtualMfaDeviceOutput) Users() pulumi.StringArrayOutput

The IAM user associated with this virtual MFA device.

func (VirtualMfaDeviceOutput) VirtualMfaDeviceName added in v0.72.0 

func (o VirtualMfaDeviceOutput) VirtualMfaDeviceName() pulumi.StringPtrOutput

The name of the virtual MFA device, which must be unique. Use with path to uniquely identify a virtual MFA device.

This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) ) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

type VirtualMfaDeviceState added in v0.72.0 

type VirtualMfaDeviceState struct {
}

func (VirtualMfaDeviceState) ElementType added in v0.72.0 

func (VirtualMfaDeviceState) ElementType() reflect.Type

type VirtualMfaDeviceTag added in v0.72.0 

type VirtualMfaDeviceTag struct {
	// The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
	Key string `pulumi:"key"`
	// The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
	Value string `pulumi:"value"`
}

A key-value pair to associate with a resource.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.