Documentation ¶
Index ¶
- type AccessKey
- type AccessKeyArgs
- type AccessKeyState
- type AccountAlias
- type AccountAliasArgs
- type AccountAliasState
- type AccountPasswordPolicy
- type AccountPasswordPolicyArgs
- type AccountPasswordPolicyState
- type GetGroupUser
- type GetGroupUserArgs
- type GetGroupUserArray
- type GetGroupUserArrayInput
- type GetGroupUserArrayOutput
- func (GetGroupUserArrayOutput) ElementType() reflect.Type
- func (o GetGroupUserArrayOutput) Index(i pulumi.IntInput) GetGroupUserOutput
- func (o GetGroupUserArrayOutput) ToGetGroupUserArrayOutput() GetGroupUserArrayOutput
- func (o GetGroupUserArrayOutput) ToGetGroupUserArrayOutputWithContext(ctx context.Context) GetGroupUserArrayOutput
- type GetGroupUserInput
- type GetGroupUserOutput
- func (o GetGroupUserOutput) Arn() pulumi.StringOutput
- func (GetGroupUserOutput) ElementType() reflect.Type
- func (o GetGroupUserOutput) Path() pulumi.StringOutput
- func (o GetGroupUserOutput) ToGetGroupUserOutput() GetGroupUserOutput
- func (o GetGroupUserOutput) ToGetGroupUserOutputWithContext(ctx context.Context) GetGroupUserOutput
- func (o GetGroupUserOutput) UserId() pulumi.StringOutput
- func (o GetGroupUserOutput) UserName() pulumi.StringOutput
- type GetPolicyDocumentArgs
- type GetPolicyDocumentResult
- type GetPolicyDocumentStatement
- type GetPolicyDocumentStatementArgs
- func (GetPolicyDocumentStatementArgs) ElementType() reflect.Type
- func (i GetPolicyDocumentStatementArgs) ToGetPolicyDocumentStatementOutput() GetPolicyDocumentStatementOutput
- func (i GetPolicyDocumentStatementArgs) ToGetPolicyDocumentStatementOutputWithContext(ctx context.Context) GetPolicyDocumentStatementOutput
- type GetPolicyDocumentStatementArray
- func (GetPolicyDocumentStatementArray) ElementType() reflect.Type
- func (i GetPolicyDocumentStatementArray) ToGetPolicyDocumentStatementArrayOutput() GetPolicyDocumentStatementArrayOutput
- func (i GetPolicyDocumentStatementArray) ToGetPolicyDocumentStatementArrayOutputWithContext(ctx context.Context) GetPolicyDocumentStatementArrayOutput
- type GetPolicyDocumentStatementArrayInput
- type GetPolicyDocumentStatementArrayOutput
- func (GetPolicyDocumentStatementArrayOutput) ElementType() reflect.Type
- func (o GetPolicyDocumentStatementArrayOutput) Index(i pulumi.IntInput) GetPolicyDocumentStatementOutput
- func (o GetPolicyDocumentStatementArrayOutput) ToGetPolicyDocumentStatementArrayOutput() GetPolicyDocumentStatementArrayOutput
- func (o GetPolicyDocumentStatementArrayOutput) ToGetPolicyDocumentStatementArrayOutputWithContext(ctx context.Context) GetPolicyDocumentStatementArrayOutput
- type GetPolicyDocumentStatementCondition
- type GetPolicyDocumentStatementConditionArgs
- func (GetPolicyDocumentStatementConditionArgs) ElementType() reflect.Type
- func (i GetPolicyDocumentStatementConditionArgs) ToGetPolicyDocumentStatementConditionOutput() GetPolicyDocumentStatementConditionOutput
- func (i GetPolicyDocumentStatementConditionArgs) ToGetPolicyDocumentStatementConditionOutputWithContext(ctx context.Context) GetPolicyDocumentStatementConditionOutput
- type GetPolicyDocumentStatementConditionArray
- func (GetPolicyDocumentStatementConditionArray) ElementType() reflect.Type
- func (i GetPolicyDocumentStatementConditionArray) ToGetPolicyDocumentStatementConditionArrayOutput() GetPolicyDocumentStatementConditionArrayOutput
- func (i GetPolicyDocumentStatementConditionArray) ToGetPolicyDocumentStatementConditionArrayOutputWithContext(ctx context.Context) GetPolicyDocumentStatementConditionArrayOutput
- type GetPolicyDocumentStatementConditionArrayInput
- type GetPolicyDocumentStatementConditionArrayOutput
- func (GetPolicyDocumentStatementConditionArrayOutput) ElementType() reflect.Type
- func (o GetPolicyDocumentStatementConditionArrayOutput) Index(i pulumi.IntInput) GetPolicyDocumentStatementConditionOutput
- func (o GetPolicyDocumentStatementConditionArrayOutput) ToGetPolicyDocumentStatementConditionArrayOutput() GetPolicyDocumentStatementConditionArrayOutput
- func (o GetPolicyDocumentStatementConditionArrayOutput) ToGetPolicyDocumentStatementConditionArrayOutputWithContext(ctx context.Context) GetPolicyDocumentStatementConditionArrayOutput
- type GetPolicyDocumentStatementConditionInput
- type GetPolicyDocumentStatementConditionOutput
- func (GetPolicyDocumentStatementConditionOutput) ElementType() reflect.Type
- func (o GetPolicyDocumentStatementConditionOutput) Test() pulumi.StringOutput
- func (o GetPolicyDocumentStatementConditionOutput) ToGetPolicyDocumentStatementConditionOutput() GetPolicyDocumentStatementConditionOutput
- func (o GetPolicyDocumentStatementConditionOutput) ToGetPolicyDocumentStatementConditionOutputWithContext(ctx context.Context) GetPolicyDocumentStatementConditionOutput
- func (o GetPolicyDocumentStatementConditionOutput) Values() pulumi.StringArrayOutput
- func (o GetPolicyDocumentStatementConditionOutput) Variable() pulumi.StringOutput
- type GetPolicyDocumentStatementInput
- type GetPolicyDocumentStatementNotPrincipal
- type GetPolicyDocumentStatementNotPrincipalArgs
- func (GetPolicyDocumentStatementNotPrincipalArgs) ElementType() reflect.Type
- func (i GetPolicyDocumentStatementNotPrincipalArgs) ToGetPolicyDocumentStatementNotPrincipalOutput() GetPolicyDocumentStatementNotPrincipalOutput
- func (i GetPolicyDocumentStatementNotPrincipalArgs) ToGetPolicyDocumentStatementNotPrincipalOutputWithContext(ctx context.Context) GetPolicyDocumentStatementNotPrincipalOutput
- type GetPolicyDocumentStatementNotPrincipalArray
- func (GetPolicyDocumentStatementNotPrincipalArray) ElementType() reflect.Type
- func (i GetPolicyDocumentStatementNotPrincipalArray) ToGetPolicyDocumentStatementNotPrincipalArrayOutput() GetPolicyDocumentStatementNotPrincipalArrayOutput
- func (i GetPolicyDocumentStatementNotPrincipalArray) ToGetPolicyDocumentStatementNotPrincipalArrayOutputWithContext(ctx context.Context) GetPolicyDocumentStatementNotPrincipalArrayOutput
- type GetPolicyDocumentStatementNotPrincipalArrayInput
- type GetPolicyDocumentStatementNotPrincipalArrayOutput
- func (GetPolicyDocumentStatementNotPrincipalArrayOutput) ElementType() reflect.Type
- func (o GetPolicyDocumentStatementNotPrincipalArrayOutput) Index(i pulumi.IntInput) GetPolicyDocumentStatementNotPrincipalOutput
- func (o GetPolicyDocumentStatementNotPrincipalArrayOutput) ToGetPolicyDocumentStatementNotPrincipalArrayOutput() GetPolicyDocumentStatementNotPrincipalArrayOutput
- func (o GetPolicyDocumentStatementNotPrincipalArrayOutput) ToGetPolicyDocumentStatementNotPrincipalArrayOutputWithContext(ctx context.Context) GetPolicyDocumentStatementNotPrincipalArrayOutput
- type GetPolicyDocumentStatementNotPrincipalInput
- type GetPolicyDocumentStatementNotPrincipalOutput
- func (GetPolicyDocumentStatementNotPrincipalOutput) ElementType() reflect.Type
- func (o GetPolicyDocumentStatementNotPrincipalOutput) Identifiers() pulumi.StringArrayOutput
- func (o GetPolicyDocumentStatementNotPrincipalOutput) ToGetPolicyDocumentStatementNotPrincipalOutput() GetPolicyDocumentStatementNotPrincipalOutput
- func (o GetPolicyDocumentStatementNotPrincipalOutput) ToGetPolicyDocumentStatementNotPrincipalOutputWithContext(ctx context.Context) GetPolicyDocumentStatementNotPrincipalOutput
- func (o GetPolicyDocumentStatementNotPrincipalOutput) Type() pulumi.StringOutput
- type GetPolicyDocumentStatementOutput
- func (o GetPolicyDocumentStatementOutput) Actions() pulumi.StringArrayOutput
- func (o GetPolicyDocumentStatementOutput) Conditions() GetPolicyDocumentStatementConditionArrayOutput
- func (o GetPolicyDocumentStatementOutput) Effect() pulumi.StringPtrOutput
- func (GetPolicyDocumentStatementOutput) ElementType() reflect.Type
- func (o GetPolicyDocumentStatementOutput) NotActions() pulumi.StringArrayOutput
- func (o GetPolicyDocumentStatementOutput) NotPrincipals() GetPolicyDocumentStatementNotPrincipalArrayOutput
- func (o GetPolicyDocumentStatementOutput) NotResources() pulumi.StringArrayOutput
- func (o GetPolicyDocumentStatementOutput) Principals() GetPolicyDocumentStatementPrincipalArrayOutput
- func (o GetPolicyDocumentStatementOutput) Resources() pulumi.StringArrayOutput
- func (o GetPolicyDocumentStatementOutput) Sid() pulumi.StringPtrOutput
- func (o GetPolicyDocumentStatementOutput) ToGetPolicyDocumentStatementOutput() GetPolicyDocumentStatementOutput
- func (o GetPolicyDocumentStatementOutput) ToGetPolicyDocumentStatementOutputWithContext(ctx context.Context) GetPolicyDocumentStatementOutput
- type GetPolicyDocumentStatementPrincipal
- type GetPolicyDocumentStatementPrincipalArgs
- func (GetPolicyDocumentStatementPrincipalArgs) ElementType() reflect.Type
- func (i GetPolicyDocumentStatementPrincipalArgs) ToGetPolicyDocumentStatementPrincipalOutput() GetPolicyDocumentStatementPrincipalOutput
- func (i GetPolicyDocumentStatementPrincipalArgs) ToGetPolicyDocumentStatementPrincipalOutputWithContext(ctx context.Context) GetPolicyDocumentStatementPrincipalOutput
- type GetPolicyDocumentStatementPrincipalArray
- func (GetPolicyDocumentStatementPrincipalArray) ElementType() reflect.Type
- func (i GetPolicyDocumentStatementPrincipalArray) ToGetPolicyDocumentStatementPrincipalArrayOutput() GetPolicyDocumentStatementPrincipalArrayOutput
- func (i GetPolicyDocumentStatementPrincipalArray) ToGetPolicyDocumentStatementPrincipalArrayOutputWithContext(ctx context.Context) GetPolicyDocumentStatementPrincipalArrayOutput
- type GetPolicyDocumentStatementPrincipalArrayInput
- type GetPolicyDocumentStatementPrincipalArrayOutput
- func (GetPolicyDocumentStatementPrincipalArrayOutput) ElementType() reflect.Type
- func (o GetPolicyDocumentStatementPrincipalArrayOutput) Index(i pulumi.IntInput) GetPolicyDocumentStatementPrincipalOutput
- func (o GetPolicyDocumentStatementPrincipalArrayOutput) ToGetPolicyDocumentStatementPrincipalArrayOutput() GetPolicyDocumentStatementPrincipalArrayOutput
- func (o GetPolicyDocumentStatementPrincipalArrayOutput) ToGetPolicyDocumentStatementPrincipalArrayOutputWithContext(ctx context.Context) GetPolicyDocumentStatementPrincipalArrayOutput
- type GetPolicyDocumentStatementPrincipalInput
- type GetPolicyDocumentStatementPrincipalOutput
- func (GetPolicyDocumentStatementPrincipalOutput) ElementType() reflect.Type
- func (o GetPolicyDocumentStatementPrincipalOutput) Identifiers() pulumi.StringArrayOutput
- func (o GetPolicyDocumentStatementPrincipalOutput) ToGetPolicyDocumentStatementPrincipalOutput() GetPolicyDocumentStatementPrincipalOutput
- func (o GetPolicyDocumentStatementPrincipalOutput) ToGetPolicyDocumentStatementPrincipalOutputWithContext(ctx context.Context) GetPolicyDocumentStatementPrincipalOutput
- func (o GetPolicyDocumentStatementPrincipalOutput) Type() pulumi.StringOutput
- type Group
- type GroupArgs
- type GroupMembership
- type GroupMembershipArgs
- type GroupMembershipState
- type GroupPolicy
- type GroupPolicyArgs
- type GroupPolicyAttachment
- type GroupPolicyAttachmentArgs
- type GroupPolicyAttachmentState
- type GroupPolicyState
- type GroupState
- type InstanceProfile
- type InstanceProfileArgs
- type InstanceProfileState
- type LookupAccountAliasResult
- type LookupGroupArgs
- type LookupGroupResult
- type LookupInstanceProfileArgs
- type LookupInstanceProfileResult
- type LookupPolicyArgs
- type LookupPolicyResult
- type LookupRoleArgs
- type LookupRoleResult
- type LookupServerCertificateArgs
- type LookupServerCertificateResult
- type LookupUserArgs
- type LookupUserResult
- type OpenIdConnectProvider
- type OpenIdConnectProviderArgs
- type OpenIdConnectProviderState
- type Policy
- type PolicyArgs
- type PolicyAttachment
- type PolicyAttachmentArgs
- type PolicyAttachmentState
- type PolicyState
- type Role
- type RoleArgs
- type RolePolicy
- type RolePolicyArgs
- type RolePolicyAttachment
- type RolePolicyAttachmentArgs
- type RolePolicyAttachmentState
- type RolePolicyState
- type RoleState
- type SamlProvider
- type SamlProviderArgs
- type SamlProviderState
- type ServerCertificate
- type ServerCertificateArgs
- type ServerCertificateState
- type ServiceLinkedRole
- type ServiceLinkedRoleArgs
- type ServiceLinkedRoleState
- type SshKey
- type SshKeyArgs
- type SshKeyState
- type User
- type UserArgs
- type UserGroupMembership
- type UserGroupMembershipArgs
- type UserGroupMembershipState
- type UserLoginProfile
- type UserLoginProfileArgs
- type UserLoginProfileState
- type UserPolicy
- type UserPolicyArgs
- type UserPolicyAttachment
- type UserPolicyAttachmentArgs
- type UserPolicyAttachmentState
- type UserPolicyState
- type UserState
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessKey ¶
type AccessKey struct { pulumi.CustomResourceState EncryptedSecret pulumi.StringOutput `pulumi:"encryptedSecret"` // The fingerprint of the PGP key used to encrypt // the secret KeyFingerprint pulumi.StringOutput `pulumi:"keyFingerprint"` // Either a base-64 encoded PGP public key, or a // keybase username in the form `keybase:some_person_that_exists`, for use // in the `encryptedSecret` output attribute. PgpKey pulumi.StringPtrOutput `pulumi:"pgpKey"` // The secret access key. Note that this will be written // to the state file. If you use this, please protect your backend state file // judiciously. Alternatively, you may supply a `pgpKey` instead, which will // prevent the secret from being stored in plaintext, at the cost of preventing // the use of the secret key in automation. Secret pulumi.StringOutput `pulumi:"secret"` // The secret access key converted into an SES SMTP // password by applying [AWS's documented Sigv4 conversion // algorithm](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html#smtp-credentials-convert). // As SigV4 is region specific, valid Provider regions are `ap-south-1`, `ap-southeast-2`, `eu-central-1`, `eu-west-1`, `us-east-1` and `us-west-2`. See current [AWS SES regions](https://docs.aws.amazon.com/general/latest/gr/rande.html#ses_region) SesSmtpPasswordV4 pulumi.StringOutput `pulumi:"sesSmtpPasswordV4"` // The access key status to apply. Defaults to `Active`. // Valid values are `Active` and `Inactive`. Status pulumi.StringOutput `pulumi:"status"` // The IAM user to associate with this access key. User pulumi.StringOutput `pulumi:"user"` }
Provides an IAM access key. This is a set of credentials that allow API requests to be made as an IAM user.
## Example Usage
```go package main
import (
"fmt" "github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { lbUser, err := iam.NewUser(ctx, "lbUser", &iam.UserArgs{ Path: pulumi.String("/system/"), }) if err != nil { return err } lbAccessKey, err := iam.NewAccessKey(ctx, "lbAccessKey", &iam.AccessKeyArgs{ User: lbUser.Name, PgpKey: pulumi.String("keybase:some_person_that_exists"), }) if err != nil { return err } _, err = iam.NewUserPolicy(ctx, "lbRo", &iam.UserPolicyArgs{ User: lbUser.Name, Policy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", " \"Version\": \"2012-10-17\",\n", " \"Statement\": [\n", " {\n", " \"Action\": [\n", " \"ec2:Describe*\"\n", " ],\n", " \"Effect\": \"Allow\",\n", " \"Resource\": \"*\"\n", " }\n", " ]\n", "}\n")), }) if err != nil { return err } ctx.Export("secret", lbAccessKey.EncryptedSecret) return nil }) }
```
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { testUser, err := iam.NewUser(ctx, "testUser", &iam.UserArgs{ Path: pulumi.String("/test/"), }) if err != nil { return err } testAccessKey, err := iam.NewAccessKey(ctx, "testAccessKey", &iam.AccessKeyArgs{ User: testUser.Name, }) if err != nil { return err } ctx.Export("awsIamSmtpPasswordV4", testAccessKey.SesSmtpPasswordV4) return nil }) }
```
func GetAccessKey ¶
func GetAccessKey(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AccessKeyState, opts ...pulumi.ResourceOption) (*AccessKey, error)
GetAccessKey gets an existing AccessKey resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAccessKey ¶
func NewAccessKey(ctx *pulumi.Context, name string, args *AccessKeyArgs, opts ...pulumi.ResourceOption) (*AccessKey, error)
NewAccessKey registers a new resource with the given unique name, arguments, and options.
type AccessKeyArgs ¶
type AccessKeyArgs struct { // Either a base-64 encoded PGP public key, or a // keybase username in the form `keybase:some_person_that_exists`, for use // in the `encryptedSecret` output attribute. PgpKey pulumi.StringPtrInput // The access key status to apply. Defaults to `Active`. // Valid values are `Active` and `Inactive`. Status pulumi.StringPtrInput // The IAM user to associate with this access key. User pulumi.StringInput }
The set of arguments for constructing a AccessKey resource.
func (AccessKeyArgs) ElementType ¶
func (AccessKeyArgs) ElementType() reflect.Type
type AccessKeyState ¶
type AccessKeyState struct { EncryptedSecret pulumi.StringPtrInput // The fingerprint of the PGP key used to encrypt // the secret KeyFingerprint pulumi.StringPtrInput // Either a base-64 encoded PGP public key, or a // keybase username in the form `keybase:some_person_that_exists`, for use // in the `encryptedSecret` output attribute. PgpKey pulumi.StringPtrInput // The secret access key. Note that this will be written // to the state file. If you use this, please protect your backend state file // judiciously. Alternatively, you may supply a `pgpKey` instead, which will // prevent the secret from being stored in plaintext, at the cost of preventing // the use of the secret key in automation. Secret pulumi.StringPtrInput // The secret access key converted into an SES SMTP // password by applying [AWS's documented Sigv4 conversion // algorithm](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html#smtp-credentials-convert). // As SigV4 is region specific, valid Provider regions are `ap-south-1`, `ap-southeast-2`, `eu-central-1`, `eu-west-1`, `us-east-1` and `us-west-2`. See current [AWS SES regions](https://docs.aws.amazon.com/general/latest/gr/rande.html#ses_region) SesSmtpPasswordV4 pulumi.StringPtrInput // The access key status to apply. Defaults to `Active`. // Valid values are `Active` and `Inactive`. Status pulumi.StringPtrInput // The IAM user to associate with this access key. User pulumi.StringPtrInput }
func (AccessKeyState) ElementType ¶
func (AccessKeyState) ElementType() reflect.Type
type AccountAlias ¶
type AccountAlias struct { pulumi.CustomResourceState // The account alias AccountAlias pulumi.StringOutput `pulumi:"accountAlias"` }
> **Note:** There is only a single account alias per AWS account.
Manages the account alias for the AWS Account.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iam.NewAccountAlias(ctx, "alias", &iam.AccountAliasArgs{ AccountAlias: pulumi.String("my-account-alias"), }) if err != nil { return err } return nil }) }
```
func GetAccountAlias ¶
func GetAccountAlias(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AccountAliasState, opts ...pulumi.ResourceOption) (*AccountAlias, error)
GetAccountAlias gets an existing AccountAlias resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAccountAlias ¶
func NewAccountAlias(ctx *pulumi.Context, name string, args *AccountAliasArgs, opts ...pulumi.ResourceOption) (*AccountAlias, error)
NewAccountAlias registers a new resource with the given unique name, arguments, and options.
type AccountAliasArgs ¶
type AccountAliasArgs struct { // The account alias AccountAlias pulumi.StringInput }
The set of arguments for constructing a AccountAlias resource.
func (AccountAliasArgs) ElementType ¶
func (AccountAliasArgs) ElementType() reflect.Type
type AccountAliasState ¶
type AccountAliasState struct { // The account alias AccountAlias pulumi.StringPtrInput }
func (AccountAliasState) ElementType ¶
func (AccountAliasState) ElementType() reflect.Type
type AccountPasswordPolicy ¶
type AccountPasswordPolicy struct { pulumi.CustomResourceState // Whether to allow users to change their own password AllowUsersToChangePassword pulumi.BoolPtrOutput `pulumi:"allowUsersToChangePassword"` // Indicates whether passwords in the account expire. // Returns `true` if `maxPasswordAge` contains a value greater than `0`. // Returns `false` if it is `0` or _not present_. ExpirePasswords pulumi.BoolOutput `pulumi:"expirePasswords"` // Whether users are prevented from setting a new password after their password has expired // (i.e. require administrator reset) HardExpiry pulumi.BoolOutput `pulumi:"hardExpiry"` // The number of days that an user password is valid. MaxPasswordAge pulumi.IntOutput `pulumi:"maxPasswordAge"` // Minimum length to require for user passwords. MinimumPasswordLength pulumi.IntPtrOutput `pulumi:"minimumPasswordLength"` // The number of previous passwords that users are prevented from reusing. PasswordReusePrevention pulumi.IntOutput `pulumi:"passwordReusePrevention"` // Whether to require lowercase characters for user passwords. RequireLowercaseCharacters pulumi.BoolOutput `pulumi:"requireLowercaseCharacters"` // Whether to require numbers for user passwords. RequireNumbers pulumi.BoolOutput `pulumi:"requireNumbers"` // Whether to require symbols for user passwords. RequireSymbols pulumi.BoolOutput `pulumi:"requireSymbols"` // Whether to require uppercase characters for user passwords. RequireUppercaseCharacters pulumi.BoolOutput `pulumi:"requireUppercaseCharacters"` }
> **Note:** There is only a single policy allowed per AWS account. An existing policy will be lost when using this resource as an effect of this limitation.
Manages Password Policy for the AWS Account. See more about [Account Password Policy](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html) in the official AWS docs.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iam.NewAccountPasswordPolicy(ctx, "strict", &iam.AccountPasswordPolicyArgs{ AllowUsersToChangePassword: pulumi.Bool(true), MinimumPasswordLength: pulumi.Int(8), RequireLowercaseCharacters: pulumi.Bool(true), RequireNumbers: pulumi.Bool(true), RequireSymbols: pulumi.Bool(true), RequireUppercaseCharacters: pulumi.Bool(true), }) if err != nil { return err } return nil }) }
```
func GetAccountPasswordPolicy ¶
func GetAccountPasswordPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AccountPasswordPolicyState, opts ...pulumi.ResourceOption) (*AccountPasswordPolicy, error)
GetAccountPasswordPolicy gets an existing AccountPasswordPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAccountPasswordPolicy ¶
func NewAccountPasswordPolicy(ctx *pulumi.Context, name string, args *AccountPasswordPolicyArgs, opts ...pulumi.ResourceOption) (*AccountPasswordPolicy, error)
NewAccountPasswordPolicy registers a new resource with the given unique name, arguments, and options.
type AccountPasswordPolicyArgs ¶
type AccountPasswordPolicyArgs struct { // Whether to allow users to change their own password AllowUsersToChangePassword pulumi.BoolPtrInput // Whether users are prevented from setting a new password after their password has expired // (i.e. require administrator reset) HardExpiry pulumi.BoolPtrInput // The number of days that an user password is valid. MaxPasswordAge pulumi.IntPtrInput // Minimum length to require for user passwords. MinimumPasswordLength pulumi.IntPtrInput // The number of previous passwords that users are prevented from reusing. PasswordReusePrevention pulumi.IntPtrInput // Whether to require lowercase characters for user passwords. RequireLowercaseCharacters pulumi.BoolPtrInput // Whether to require numbers for user passwords. RequireNumbers pulumi.BoolPtrInput // Whether to require symbols for user passwords. RequireSymbols pulumi.BoolPtrInput // Whether to require uppercase characters for user passwords. RequireUppercaseCharacters pulumi.BoolPtrInput }
The set of arguments for constructing a AccountPasswordPolicy resource.
func (AccountPasswordPolicyArgs) ElementType ¶
func (AccountPasswordPolicyArgs) ElementType() reflect.Type
type AccountPasswordPolicyState ¶
type AccountPasswordPolicyState struct { // Whether to allow users to change their own password AllowUsersToChangePassword pulumi.BoolPtrInput // Indicates whether passwords in the account expire. // Returns `true` if `maxPasswordAge` contains a value greater than `0`. // Returns `false` if it is `0` or _not present_. ExpirePasswords pulumi.BoolPtrInput // Whether users are prevented from setting a new password after their password has expired // (i.e. require administrator reset) HardExpiry pulumi.BoolPtrInput // The number of days that an user password is valid. MaxPasswordAge pulumi.IntPtrInput // Minimum length to require for user passwords. MinimumPasswordLength pulumi.IntPtrInput // The number of previous passwords that users are prevented from reusing. PasswordReusePrevention pulumi.IntPtrInput // Whether to require lowercase characters for user passwords. RequireLowercaseCharacters pulumi.BoolPtrInput // Whether to require numbers for user passwords. RequireNumbers pulumi.BoolPtrInput // Whether to require symbols for user passwords. RequireSymbols pulumi.BoolPtrInput // Whether to require uppercase characters for user passwords. RequireUppercaseCharacters pulumi.BoolPtrInput }
func (AccountPasswordPolicyState) ElementType ¶
func (AccountPasswordPolicyState) ElementType() reflect.Type
type GetGroupUser ¶
type GetGroupUser struct { // The Amazon Resource Name (ARN) specifying the iam user. Arn string `pulumi:"arn"` // The path to the iam user. Path string `pulumi:"path"` // The stable and unique string identifying the iam user. UserId string `pulumi:"userId"` // The name of the iam user. UserName string `pulumi:"userName"` }
type GetGroupUserArgs ¶
type GetGroupUserArgs struct { // The Amazon Resource Name (ARN) specifying the iam user. Arn pulumi.StringInput `pulumi:"arn"` // The path to the iam user. Path pulumi.StringInput `pulumi:"path"` // The stable and unique string identifying the iam user. UserId pulumi.StringInput `pulumi:"userId"` // The name of the iam user. UserName pulumi.StringInput `pulumi:"userName"` }
func (GetGroupUserArgs) ElementType ¶
func (GetGroupUserArgs) ElementType() reflect.Type
func (GetGroupUserArgs) ToGetGroupUserOutput ¶
func (i GetGroupUserArgs) ToGetGroupUserOutput() GetGroupUserOutput
func (GetGroupUserArgs) ToGetGroupUserOutputWithContext ¶
func (i GetGroupUserArgs) ToGetGroupUserOutputWithContext(ctx context.Context) GetGroupUserOutput
type GetGroupUserArray ¶
type GetGroupUserArray []GetGroupUserInput
func (GetGroupUserArray) ElementType ¶
func (GetGroupUserArray) ElementType() reflect.Type
func (GetGroupUserArray) ToGetGroupUserArrayOutput ¶
func (i GetGroupUserArray) ToGetGroupUserArrayOutput() GetGroupUserArrayOutput
func (GetGroupUserArray) ToGetGroupUserArrayOutputWithContext ¶
func (i GetGroupUserArray) ToGetGroupUserArrayOutputWithContext(ctx context.Context) GetGroupUserArrayOutput
type GetGroupUserArrayInput ¶
type GetGroupUserArrayInput interface { pulumi.Input ToGetGroupUserArrayOutput() GetGroupUserArrayOutput ToGetGroupUserArrayOutputWithContext(context.Context) GetGroupUserArrayOutput }
GetGroupUserArrayInput is an input type that accepts GetGroupUserArray and GetGroupUserArrayOutput values. You can construct a concrete instance of `GetGroupUserArrayInput` via:
GetGroupUserArray{ GetGroupUserArgs{...} }
type GetGroupUserArrayOutput ¶
type GetGroupUserArrayOutput struct{ *pulumi.OutputState }
func (GetGroupUserArrayOutput) ElementType ¶
func (GetGroupUserArrayOutput) ElementType() reflect.Type
func (GetGroupUserArrayOutput) Index ¶
func (o GetGroupUserArrayOutput) Index(i pulumi.IntInput) GetGroupUserOutput
func (GetGroupUserArrayOutput) ToGetGroupUserArrayOutput ¶
func (o GetGroupUserArrayOutput) ToGetGroupUserArrayOutput() GetGroupUserArrayOutput
func (GetGroupUserArrayOutput) ToGetGroupUserArrayOutputWithContext ¶
func (o GetGroupUserArrayOutput) ToGetGroupUserArrayOutputWithContext(ctx context.Context) GetGroupUserArrayOutput
type GetGroupUserInput ¶
type GetGroupUserInput interface { pulumi.Input ToGetGroupUserOutput() GetGroupUserOutput ToGetGroupUserOutputWithContext(context.Context) GetGroupUserOutput }
GetGroupUserInput is an input type that accepts GetGroupUserArgs and GetGroupUserOutput values. You can construct a concrete instance of `GetGroupUserInput` via:
GetGroupUserArgs{...}
type GetGroupUserOutput ¶
type GetGroupUserOutput struct{ *pulumi.OutputState }
func (GetGroupUserOutput) Arn ¶
func (o GetGroupUserOutput) Arn() pulumi.StringOutput
The Amazon Resource Name (ARN) specifying the iam user.
func (GetGroupUserOutput) ElementType ¶
func (GetGroupUserOutput) ElementType() reflect.Type
func (GetGroupUserOutput) Path ¶
func (o GetGroupUserOutput) Path() pulumi.StringOutput
The path to the iam user.
func (GetGroupUserOutput) ToGetGroupUserOutput ¶
func (o GetGroupUserOutput) ToGetGroupUserOutput() GetGroupUserOutput
func (GetGroupUserOutput) ToGetGroupUserOutputWithContext ¶
func (o GetGroupUserOutput) ToGetGroupUserOutputWithContext(ctx context.Context) GetGroupUserOutput
func (GetGroupUserOutput) UserId ¶
func (o GetGroupUserOutput) UserId() pulumi.StringOutput
The stable and unique string identifying the iam user.
func (GetGroupUserOutput) UserName ¶
func (o GetGroupUserOutput) UserName() pulumi.StringOutput
The name of the iam user.
type GetPolicyDocumentArgs ¶
type GetPolicyDocumentArgs struct { // An IAM policy document to import and override the // current policy document. Statements with non-blank `sid`s in the override // document will overwrite statements with the same `sid` in the current document. // Statements without an `sid` cannot be overwritten. OverrideJson *string `pulumi:"overrideJson"` // An ID for the policy document. PolicyId *string `pulumi:"policyId"` // An IAM policy document to import as a base for the // current policy document. Statements with non-blank `sid`s in the current // policy document will overwrite statements with the same `sid` in the source // json. Statements without an `sid` cannot be overwritten. SourceJson *string `pulumi:"sourceJson"` // A nested configuration block (described below) // configuring one *statement* to be included in the policy document. Statements []GetPolicyDocumentStatement `pulumi:"statements"` // IAM policy document version. Valid values: `2008-10-17`, `2012-10-17`. Defaults to `2012-10-17`. For more information, see the [AWS IAM User Guide](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_version.html). Version *string `pulumi:"version"` }
A collection of arguments for invoking getPolicyDocument.
type GetPolicyDocumentResult ¶
type GetPolicyDocumentResult struct { // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // The above arguments serialized as a standard JSON policy document. Json string `pulumi:"json"` OverrideJson *string `pulumi:"overrideJson"` PolicyId *string `pulumi:"policyId"` SourceJson *string `pulumi:"sourceJson"` Statements []GetPolicyDocumentStatement `pulumi:"statements"` Version *string `pulumi:"version"` }
A collection of values returned by getPolicyDocument.
func GetPolicyDocument ¶
func GetPolicyDocument(ctx *pulumi.Context, args *GetPolicyDocumentArgs, opts ...pulumi.InvokeOption) (*GetPolicyDocumentResult, error)
Generates an IAM policy document in JSON format.
This is a data source which can be used to construct a JSON representation of an IAM policy document, for use with resources which expect policy documents, such as the `iam.Policy` resource.
```go package main
import (
"fmt" "github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { examplePolicyDocument, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{ Statements: []iam.GetPolicyDocumentStatement{ iam.GetPolicyDocumentStatement{ Sid: "1", Actions: []string{ "s3:ListAllMyBuckets", "s3:GetBucketLocation", }, Resources: []string{ "arn:aws:s3:::*", }, }, iam.GetPolicyDocumentStatement{ Actions: []string{ "s3:ListBucket", }, Resources: []string{ fmt.Sprintf("%v%v", "arn:aws:s3:::", _var.S3_bucket_name), }, Conditions: []iam.GetPolicyDocumentStatementCondition{ iam.GetPolicyDocumentStatementCondition{ Test: "StringLike", Variable: "s3:prefix", Values: []string{ "", "home/", "home/&{aws:username}/", }, }, }, }, iam.GetPolicyDocumentStatement{ Actions: []string{ "s3:*", }, Resources: []string{ fmt.Sprintf("%v%v%v", "arn:aws:s3:::", _var.S3_bucket_name, "/home/&{aws:username}"), fmt.Sprintf("%v%v%v", "arn:aws:s3:::", _var.S3_bucket_name, "/home/&{aws:username}/*"), }, }, }, }, nil) if err != nil { return err } _, err = iam.NewPolicy(ctx, "examplePolicy", &iam.PolicyArgs{ Path: pulumi.String("/"), Policy: pulumi.String(examplePolicyDocument.Json), }) if err != nil { return err } return nil }) }
```
Using this data source to generate policy documents is *optional*. It is also valid to use literal JSON strings within your configuration, or to use the `file` interpolation function to read a raw JSON policy document from a file.
## Context Variable Interpolation
The IAM policy document format allows context variables to be interpolated into various strings within a statement. The native IAM policy document format uses `${...}`-style syntax that is in conflict with interpolation syntax, so this data source instead uses `&{...}` syntax for interpolations that should be processed by AWS rather than by this provider.
## Wildcard Principal
In order to define wildcard principal (a.k.a. anonymous user) use `type = "*"` and `identifiers = ["*"]`. In that case the rendered json will contain `"Principal": "*"`. Note, that even though the [IAM Documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html) states that `"Principal": "*"` and `"Principal": {"AWS": "*"}` are equivalent, those principals have different behavior for IAM Role Trust Policy. Therefore this provider will normalize the principal field only in above-mentioned case and principals like `type = "AWS"` and `identifiers = ["*"]` will be rendered as `"Principal": {"AWS": "*"}`.
## Example with Source and Override
Showing how you can use `sourceJson` and `overrideJson`
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { source, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{ Statements: []iam.GetPolicyDocumentStatement{ iam.GetPolicyDocumentStatement{ Actions: []string{ "ec2:*", }, Resources: []string{ "*", }, }, iam.GetPolicyDocumentStatement{ Sid: "SidToOverwrite", Actions: []string{ "s3:*", }, Resources: []string{ "*", }, }, }, }, nil) if err != nil { return err } opt0 := source.Json _, err = iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{ SourceJson: &opt0, Statements: []iam.GetPolicyDocumentStatement{ iam.GetPolicyDocumentStatement{ Sid: "SidToOverwrite", Actions: []string{ "s3:*", }, Resources: []string{ "arn:aws:s3:::somebucket", "arn:aws:s3:::somebucket/*", }, }, }, }, nil) if err != nil { return err } override, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{ Statements: []iam.GetPolicyDocumentStatement{ iam.GetPolicyDocumentStatement{ Sid: "SidToOverwrite", Actions: []string{ "s3:*", }, Resources: []string{ "*", }, }, }, }, nil) if err != nil { return err } opt1 := override.Json _, err = iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{ OverrideJson: &opt1, Statements: []iam.GetPolicyDocumentStatement{ iam.GetPolicyDocumentStatement{ Actions: []string{ "ec2:*", }, Resources: []string{ "*", }, }, iam.GetPolicyDocumentStatement{ Sid: "SidToOverwrite", Actions: []string{ "s3:*", }, Resources: []string{ "arn:aws:s3:::somebucket", "arn:aws:s3:::somebucket/*", }, }, }, }, nil) if err != nil { return err } return nil }) }
```
`data.aws_iam_policy_document.source_json_example.json` will evaluate to:
```go package main
import (
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
```
`data.aws_iam_policy_document.override_json_example.json` will evaluate to:
```go package main
import (
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
```
You can also combine `sourceJson` and `overrideJson` in the same document.
## Example without Statement
Use without a `statement`:
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { source, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{ Statements: []iam.GetPolicyDocumentStatement{ iam.GetPolicyDocumentStatement{ Sid: "OverridePlaceholder", Actions: []string{ "ec2:DescribeAccountAttributes", }, Resources: []string{ "*", }, }, }, }, nil) if err != nil { return err } override, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{ Statements: []iam.GetPolicyDocumentStatement{ iam.GetPolicyDocumentStatement{ Sid: "OverridePlaceholder", Actions: []string{ "s3:GetObject", }, Resources: []string{ "*", }, }, }, }, nil) if err != nil { return err } opt0 := source.Json opt1 := override.Json _, err = iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{ SourceJson: &opt0, OverrideJson: &opt1, }, nil) if err != nil { return err } return nil }) }
```
`data.aws_iam_policy_document.politik.json` will evaluate to:
```go package main
import (
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { return nil }) }
```
type GetPolicyDocumentStatement ¶
type GetPolicyDocumentStatement struct { // A list of actions that this statement either allows // or denies. For example, “["ec2:RunInstances", "s3:*"]“. Actions []string `pulumi:"actions"` // A nested configuration block (described below) // that defines a further, possibly-service-specific condition that constrains // whether this statement applies. Conditions []GetPolicyDocumentStatementCondition `pulumi:"conditions"` // Either "Allow" or "Deny", to specify whether this // statement allows or denies the given actions. The default is "Allow". Effect *string `pulumi:"effect"` // A list of actions that this statement does *not* // apply to. Used to apply a policy statement to all actions *except* those // listed. NotActions []string `pulumi:"notActions"` // Like `principals` except gives principals that // the statement does *not* apply to. NotPrincipals []GetPolicyDocumentStatementNotPrincipal `pulumi:"notPrincipals"` // A list of resource ARNs that this statement // does *not* apply to. Used to apply a policy statement to all resources // *except* those listed. NotResources []string `pulumi:"notResources"` // A nested configuration block (described below) // specifying a principal (or principal pattern) to which this statement applies. Principals []GetPolicyDocumentStatementPrincipal `pulumi:"principals"` // A list of resource ARNs that this statement applies // to. This is required by AWS if used for an IAM policy. Resources []string `pulumi:"resources"` // An ID for the policy statement. Sid *string `pulumi:"sid"` }
type GetPolicyDocumentStatementArgs ¶
type GetPolicyDocumentStatementArgs struct { // A list of actions that this statement either allows // or denies. For example, “["ec2:RunInstances", "s3:*"]“. Actions pulumi.StringArrayInput `pulumi:"actions"` // A nested configuration block (described below) // that defines a further, possibly-service-specific condition that constrains // whether this statement applies. Conditions GetPolicyDocumentStatementConditionArrayInput `pulumi:"conditions"` // Either "Allow" or "Deny", to specify whether this // statement allows or denies the given actions. The default is "Allow". Effect pulumi.StringPtrInput `pulumi:"effect"` // A list of actions that this statement does *not* // apply to. Used to apply a policy statement to all actions *except* those // listed. NotActions pulumi.StringArrayInput `pulumi:"notActions"` // Like `principals` except gives principals that // the statement does *not* apply to. NotPrincipals GetPolicyDocumentStatementNotPrincipalArrayInput `pulumi:"notPrincipals"` // A list of resource ARNs that this statement // does *not* apply to. Used to apply a policy statement to all resources // *except* those listed. NotResources pulumi.StringArrayInput `pulumi:"notResources"` // A nested configuration block (described below) // specifying a principal (or principal pattern) to which this statement applies. Principals GetPolicyDocumentStatementPrincipalArrayInput `pulumi:"principals"` // A list of resource ARNs that this statement applies // to. This is required by AWS if used for an IAM policy. Resources pulumi.StringArrayInput `pulumi:"resources"` // An ID for the policy statement. Sid pulumi.StringPtrInput `pulumi:"sid"` }
func (GetPolicyDocumentStatementArgs) ElementType ¶
func (GetPolicyDocumentStatementArgs) ElementType() reflect.Type
func (GetPolicyDocumentStatementArgs) ToGetPolicyDocumentStatementOutput ¶
func (i GetPolicyDocumentStatementArgs) ToGetPolicyDocumentStatementOutput() GetPolicyDocumentStatementOutput
func (GetPolicyDocumentStatementArgs) ToGetPolicyDocumentStatementOutputWithContext ¶
func (i GetPolicyDocumentStatementArgs) ToGetPolicyDocumentStatementOutputWithContext(ctx context.Context) GetPolicyDocumentStatementOutput
type GetPolicyDocumentStatementArray ¶
type GetPolicyDocumentStatementArray []GetPolicyDocumentStatementInput
func (GetPolicyDocumentStatementArray) ElementType ¶
func (GetPolicyDocumentStatementArray) ElementType() reflect.Type
func (GetPolicyDocumentStatementArray) ToGetPolicyDocumentStatementArrayOutput ¶
func (i GetPolicyDocumentStatementArray) ToGetPolicyDocumentStatementArrayOutput() GetPolicyDocumentStatementArrayOutput
func (GetPolicyDocumentStatementArray) ToGetPolicyDocumentStatementArrayOutputWithContext ¶
func (i GetPolicyDocumentStatementArray) ToGetPolicyDocumentStatementArrayOutputWithContext(ctx context.Context) GetPolicyDocumentStatementArrayOutput
type GetPolicyDocumentStatementArrayInput ¶
type GetPolicyDocumentStatementArrayInput interface { pulumi.Input ToGetPolicyDocumentStatementArrayOutput() GetPolicyDocumentStatementArrayOutput ToGetPolicyDocumentStatementArrayOutputWithContext(context.Context) GetPolicyDocumentStatementArrayOutput }
GetPolicyDocumentStatementArrayInput is an input type that accepts GetPolicyDocumentStatementArray and GetPolicyDocumentStatementArrayOutput values. You can construct a concrete instance of `GetPolicyDocumentStatementArrayInput` via:
GetPolicyDocumentStatementArray{ GetPolicyDocumentStatementArgs{...} }
type GetPolicyDocumentStatementArrayOutput ¶
type GetPolicyDocumentStatementArrayOutput struct{ *pulumi.OutputState }
func (GetPolicyDocumentStatementArrayOutput) ElementType ¶
func (GetPolicyDocumentStatementArrayOutput) ElementType() reflect.Type
func (GetPolicyDocumentStatementArrayOutput) Index ¶
func (o GetPolicyDocumentStatementArrayOutput) Index(i pulumi.IntInput) GetPolicyDocumentStatementOutput
func (GetPolicyDocumentStatementArrayOutput) ToGetPolicyDocumentStatementArrayOutput ¶
func (o GetPolicyDocumentStatementArrayOutput) ToGetPolicyDocumentStatementArrayOutput() GetPolicyDocumentStatementArrayOutput
func (GetPolicyDocumentStatementArrayOutput) ToGetPolicyDocumentStatementArrayOutputWithContext ¶
func (o GetPolicyDocumentStatementArrayOutput) ToGetPolicyDocumentStatementArrayOutputWithContext(ctx context.Context) GetPolicyDocumentStatementArrayOutput
type GetPolicyDocumentStatementCondition ¶
type GetPolicyDocumentStatementCondition struct { // The name of the // [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) // to evaluate. Test string `pulumi:"test"` // The values to evaluate the condition against. If multiple // values are provided, the condition matches if at least one of them applies. // (That is, the tests are combined with the "OR" boolean operation.) Values []string `pulumi:"values"` // The name of a // [Context Variable](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#AvailableKeys) // to apply the condition to. Context variables may either be standard AWS // variables starting with `aws:`, or service-specific variables prefixed with // the service name. Variable string `pulumi:"variable"` }
type GetPolicyDocumentStatementConditionArgs ¶
type GetPolicyDocumentStatementConditionArgs struct { // The name of the // [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) // to evaluate. Test pulumi.StringInput `pulumi:"test"` // The values to evaluate the condition against. If multiple // values are provided, the condition matches if at least one of them applies. // (That is, the tests are combined with the "OR" boolean operation.) Values pulumi.StringArrayInput `pulumi:"values"` // The name of a // [Context Variable](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#AvailableKeys) // to apply the condition to. Context variables may either be standard AWS // variables starting with `aws:`, or service-specific variables prefixed with // the service name. Variable pulumi.StringInput `pulumi:"variable"` }
func (GetPolicyDocumentStatementConditionArgs) ElementType ¶
func (GetPolicyDocumentStatementConditionArgs) ElementType() reflect.Type
func (GetPolicyDocumentStatementConditionArgs) ToGetPolicyDocumentStatementConditionOutput ¶
func (i GetPolicyDocumentStatementConditionArgs) ToGetPolicyDocumentStatementConditionOutput() GetPolicyDocumentStatementConditionOutput
func (GetPolicyDocumentStatementConditionArgs) ToGetPolicyDocumentStatementConditionOutputWithContext ¶
func (i GetPolicyDocumentStatementConditionArgs) ToGetPolicyDocumentStatementConditionOutputWithContext(ctx context.Context) GetPolicyDocumentStatementConditionOutput
type GetPolicyDocumentStatementConditionArray ¶
type GetPolicyDocumentStatementConditionArray []GetPolicyDocumentStatementConditionInput
func (GetPolicyDocumentStatementConditionArray) ElementType ¶
func (GetPolicyDocumentStatementConditionArray) ElementType() reflect.Type
func (GetPolicyDocumentStatementConditionArray) ToGetPolicyDocumentStatementConditionArrayOutput ¶
func (i GetPolicyDocumentStatementConditionArray) ToGetPolicyDocumentStatementConditionArrayOutput() GetPolicyDocumentStatementConditionArrayOutput
func (GetPolicyDocumentStatementConditionArray) ToGetPolicyDocumentStatementConditionArrayOutputWithContext ¶
func (i GetPolicyDocumentStatementConditionArray) ToGetPolicyDocumentStatementConditionArrayOutputWithContext(ctx context.Context) GetPolicyDocumentStatementConditionArrayOutput
type GetPolicyDocumentStatementConditionArrayInput ¶
type GetPolicyDocumentStatementConditionArrayInput interface { pulumi.Input ToGetPolicyDocumentStatementConditionArrayOutput() GetPolicyDocumentStatementConditionArrayOutput ToGetPolicyDocumentStatementConditionArrayOutputWithContext(context.Context) GetPolicyDocumentStatementConditionArrayOutput }
GetPolicyDocumentStatementConditionArrayInput is an input type that accepts GetPolicyDocumentStatementConditionArray and GetPolicyDocumentStatementConditionArrayOutput values. You can construct a concrete instance of `GetPolicyDocumentStatementConditionArrayInput` via:
GetPolicyDocumentStatementConditionArray{ GetPolicyDocumentStatementConditionArgs{...} }
type GetPolicyDocumentStatementConditionArrayOutput ¶
type GetPolicyDocumentStatementConditionArrayOutput struct{ *pulumi.OutputState }
func (GetPolicyDocumentStatementConditionArrayOutput) ElementType ¶
func (GetPolicyDocumentStatementConditionArrayOutput) ElementType() reflect.Type
func (GetPolicyDocumentStatementConditionArrayOutput) ToGetPolicyDocumentStatementConditionArrayOutput ¶
func (o GetPolicyDocumentStatementConditionArrayOutput) ToGetPolicyDocumentStatementConditionArrayOutput() GetPolicyDocumentStatementConditionArrayOutput
func (GetPolicyDocumentStatementConditionArrayOutput) ToGetPolicyDocumentStatementConditionArrayOutputWithContext ¶
func (o GetPolicyDocumentStatementConditionArrayOutput) ToGetPolicyDocumentStatementConditionArrayOutputWithContext(ctx context.Context) GetPolicyDocumentStatementConditionArrayOutput
type GetPolicyDocumentStatementConditionInput ¶
type GetPolicyDocumentStatementConditionInput interface { pulumi.Input ToGetPolicyDocumentStatementConditionOutput() GetPolicyDocumentStatementConditionOutput ToGetPolicyDocumentStatementConditionOutputWithContext(context.Context) GetPolicyDocumentStatementConditionOutput }
GetPolicyDocumentStatementConditionInput is an input type that accepts GetPolicyDocumentStatementConditionArgs and GetPolicyDocumentStatementConditionOutput values. You can construct a concrete instance of `GetPolicyDocumentStatementConditionInput` via:
GetPolicyDocumentStatementConditionArgs{...}
type GetPolicyDocumentStatementConditionOutput ¶
type GetPolicyDocumentStatementConditionOutput struct{ *pulumi.OutputState }
func (GetPolicyDocumentStatementConditionOutput) ElementType ¶
func (GetPolicyDocumentStatementConditionOutput) ElementType() reflect.Type
func (GetPolicyDocumentStatementConditionOutput) Test ¶
func (o GetPolicyDocumentStatementConditionOutput) Test() pulumi.StringOutput
The name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate.
func (GetPolicyDocumentStatementConditionOutput) ToGetPolicyDocumentStatementConditionOutput ¶
func (o GetPolicyDocumentStatementConditionOutput) ToGetPolicyDocumentStatementConditionOutput() GetPolicyDocumentStatementConditionOutput
func (GetPolicyDocumentStatementConditionOutput) ToGetPolicyDocumentStatementConditionOutputWithContext ¶
func (o GetPolicyDocumentStatementConditionOutput) ToGetPolicyDocumentStatementConditionOutputWithContext(ctx context.Context) GetPolicyDocumentStatementConditionOutput
func (GetPolicyDocumentStatementConditionOutput) Values ¶
func (o GetPolicyDocumentStatementConditionOutput) Values() pulumi.StringArrayOutput
The values to evaluate the condition against. If multiple values are provided, the condition matches if at least one of them applies. (That is, the tests are combined with the "OR" boolean operation.)
func (GetPolicyDocumentStatementConditionOutput) Variable ¶
func (o GetPolicyDocumentStatementConditionOutput) Variable() pulumi.StringOutput
The name of a [Context Variable](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#AvailableKeys) to apply the condition to. Context variables may either be standard AWS variables starting with `aws:`, or service-specific variables prefixed with the service name.
type GetPolicyDocumentStatementInput ¶
type GetPolicyDocumentStatementInput interface { pulumi.Input ToGetPolicyDocumentStatementOutput() GetPolicyDocumentStatementOutput ToGetPolicyDocumentStatementOutputWithContext(context.Context) GetPolicyDocumentStatementOutput }
GetPolicyDocumentStatementInput is an input type that accepts GetPolicyDocumentStatementArgs and GetPolicyDocumentStatementOutput values. You can construct a concrete instance of `GetPolicyDocumentStatementInput` via:
GetPolicyDocumentStatementArgs{...}
type GetPolicyDocumentStatementNotPrincipal ¶
type GetPolicyDocumentStatementNotPrincipal struct { // List of identifiers for principals. When `type` // is "AWS", these are IAM user or role ARNs. When `type` is "Service", these are AWS Service roles e.g. `lambda.amazonaws.com`. When `type` is "Federated", these are web identity users or SAML provider ARNs. Identifiers []string `pulumi:"identifiers"` // The type of principal. For AWS ARNs this is "AWS". For AWS services (e.g. Lambda), this is "Service". For Federated access the type is "Federated". Type string `pulumi:"type"` }
type GetPolicyDocumentStatementNotPrincipalArgs ¶
type GetPolicyDocumentStatementNotPrincipalArgs struct { // List of identifiers for principals. When `type` // is "AWS", these are IAM user or role ARNs. When `type` is "Service", these are AWS Service roles e.g. `lambda.amazonaws.com`. When `type` is "Federated", these are web identity users or SAML provider ARNs. Identifiers pulumi.StringArrayInput `pulumi:"identifiers"` // The type of principal. For AWS ARNs this is "AWS". For AWS services (e.g. Lambda), this is "Service". For Federated access the type is "Federated". Type pulumi.StringInput `pulumi:"type"` }
func (GetPolicyDocumentStatementNotPrincipalArgs) ElementType ¶
func (GetPolicyDocumentStatementNotPrincipalArgs) ElementType() reflect.Type
func (GetPolicyDocumentStatementNotPrincipalArgs) ToGetPolicyDocumentStatementNotPrincipalOutput ¶
func (i GetPolicyDocumentStatementNotPrincipalArgs) ToGetPolicyDocumentStatementNotPrincipalOutput() GetPolicyDocumentStatementNotPrincipalOutput
func (GetPolicyDocumentStatementNotPrincipalArgs) ToGetPolicyDocumentStatementNotPrincipalOutputWithContext ¶
func (i GetPolicyDocumentStatementNotPrincipalArgs) ToGetPolicyDocumentStatementNotPrincipalOutputWithContext(ctx context.Context) GetPolicyDocumentStatementNotPrincipalOutput
type GetPolicyDocumentStatementNotPrincipalArray ¶
type GetPolicyDocumentStatementNotPrincipalArray []GetPolicyDocumentStatementNotPrincipalInput
func (GetPolicyDocumentStatementNotPrincipalArray) ElementType ¶
func (GetPolicyDocumentStatementNotPrincipalArray) ElementType() reflect.Type
func (GetPolicyDocumentStatementNotPrincipalArray) ToGetPolicyDocumentStatementNotPrincipalArrayOutput ¶
func (i GetPolicyDocumentStatementNotPrincipalArray) ToGetPolicyDocumentStatementNotPrincipalArrayOutput() GetPolicyDocumentStatementNotPrincipalArrayOutput
func (GetPolicyDocumentStatementNotPrincipalArray) ToGetPolicyDocumentStatementNotPrincipalArrayOutputWithContext ¶
func (i GetPolicyDocumentStatementNotPrincipalArray) ToGetPolicyDocumentStatementNotPrincipalArrayOutputWithContext(ctx context.Context) GetPolicyDocumentStatementNotPrincipalArrayOutput
type GetPolicyDocumentStatementNotPrincipalArrayInput ¶
type GetPolicyDocumentStatementNotPrincipalArrayInput interface { pulumi.Input ToGetPolicyDocumentStatementNotPrincipalArrayOutput() GetPolicyDocumentStatementNotPrincipalArrayOutput ToGetPolicyDocumentStatementNotPrincipalArrayOutputWithContext(context.Context) GetPolicyDocumentStatementNotPrincipalArrayOutput }
GetPolicyDocumentStatementNotPrincipalArrayInput is an input type that accepts GetPolicyDocumentStatementNotPrincipalArray and GetPolicyDocumentStatementNotPrincipalArrayOutput values. You can construct a concrete instance of `GetPolicyDocumentStatementNotPrincipalArrayInput` via:
GetPolicyDocumentStatementNotPrincipalArray{ GetPolicyDocumentStatementNotPrincipalArgs{...} }
type GetPolicyDocumentStatementNotPrincipalArrayOutput ¶
type GetPolicyDocumentStatementNotPrincipalArrayOutput struct{ *pulumi.OutputState }
func (GetPolicyDocumentStatementNotPrincipalArrayOutput) ElementType ¶
func (GetPolicyDocumentStatementNotPrincipalArrayOutput) ElementType() reflect.Type
func (GetPolicyDocumentStatementNotPrincipalArrayOutput) ToGetPolicyDocumentStatementNotPrincipalArrayOutput ¶
func (o GetPolicyDocumentStatementNotPrincipalArrayOutput) ToGetPolicyDocumentStatementNotPrincipalArrayOutput() GetPolicyDocumentStatementNotPrincipalArrayOutput
func (GetPolicyDocumentStatementNotPrincipalArrayOutput) ToGetPolicyDocumentStatementNotPrincipalArrayOutputWithContext ¶
func (o GetPolicyDocumentStatementNotPrincipalArrayOutput) ToGetPolicyDocumentStatementNotPrincipalArrayOutputWithContext(ctx context.Context) GetPolicyDocumentStatementNotPrincipalArrayOutput
type GetPolicyDocumentStatementNotPrincipalInput ¶
type GetPolicyDocumentStatementNotPrincipalInput interface { pulumi.Input ToGetPolicyDocumentStatementNotPrincipalOutput() GetPolicyDocumentStatementNotPrincipalOutput ToGetPolicyDocumentStatementNotPrincipalOutputWithContext(context.Context) GetPolicyDocumentStatementNotPrincipalOutput }
GetPolicyDocumentStatementNotPrincipalInput is an input type that accepts GetPolicyDocumentStatementNotPrincipalArgs and GetPolicyDocumentStatementNotPrincipalOutput values. You can construct a concrete instance of `GetPolicyDocumentStatementNotPrincipalInput` via:
GetPolicyDocumentStatementNotPrincipalArgs{...}
type GetPolicyDocumentStatementNotPrincipalOutput ¶
type GetPolicyDocumentStatementNotPrincipalOutput struct{ *pulumi.OutputState }
func (GetPolicyDocumentStatementNotPrincipalOutput) ElementType ¶
func (GetPolicyDocumentStatementNotPrincipalOutput) ElementType() reflect.Type
func (GetPolicyDocumentStatementNotPrincipalOutput) Identifiers ¶
func (o GetPolicyDocumentStatementNotPrincipalOutput) Identifiers() pulumi.StringArrayOutput
List of identifiers for principals. When `type` is "AWS", these are IAM user or role ARNs. When `type` is "Service", these are AWS Service roles e.g. `lambda.amazonaws.com`. When `type` is "Federated", these are web identity users or SAML provider ARNs.
func (GetPolicyDocumentStatementNotPrincipalOutput) ToGetPolicyDocumentStatementNotPrincipalOutput ¶
func (o GetPolicyDocumentStatementNotPrincipalOutput) ToGetPolicyDocumentStatementNotPrincipalOutput() GetPolicyDocumentStatementNotPrincipalOutput
func (GetPolicyDocumentStatementNotPrincipalOutput) ToGetPolicyDocumentStatementNotPrincipalOutputWithContext ¶
func (o GetPolicyDocumentStatementNotPrincipalOutput) ToGetPolicyDocumentStatementNotPrincipalOutputWithContext(ctx context.Context) GetPolicyDocumentStatementNotPrincipalOutput
func (GetPolicyDocumentStatementNotPrincipalOutput) Type ¶
func (o GetPolicyDocumentStatementNotPrincipalOutput) Type() pulumi.StringOutput
The type of principal. For AWS ARNs this is "AWS". For AWS services (e.g. Lambda), this is "Service". For Federated access the type is "Federated".
type GetPolicyDocumentStatementOutput ¶
type GetPolicyDocumentStatementOutput struct{ *pulumi.OutputState }
func (GetPolicyDocumentStatementOutput) Actions ¶
func (o GetPolicyDocumentStatementOutput) Actions() pulumi.StringArrayOutput
A list of actions that this statement either allows or denies. For example, “["ec2:RunInstances", "s3:*"]“.
func (GetPolicyDocumentStatementOutput) Conditions ¶
func (o GetPolicyDocumentStatementOutput) Conditions() GetPolicyDocumentStatementConditionArrayOutput
A nested configuration block (described below) that defines a further, possibly-service-specific condition that constrains whether this statement applies.
func (GetPolicyDocumentStatementOutput) Effect ¶
func (o GetPolicyDocumentStatementOutput) Effect() pulumi.StringPtrOutput
Either "Allow" or "Deny", to specify whether this statement allows or denies the given actions. The default is "Allow".
func (GetPolicyDocumentStatementOutput) ElementType ¶
func (GetPolicyDocumentStatementOutput) ElementType() reflect.Type
func (GetPolicyDocumentStatementOutput) NotActions ¶
func (o GetPolicyDocumentStatementOutput) NotActions() pulumi.StringArrayOutput
A list of actions that this statement does *not* apply to. Used to apply a policy statement to all actions *except* those listed.
func (GetPolicyDocumentStatementOutput) NotPrincipals ¶
func (o GetPolicyDocumentStatementOutput) NotPrincipals() GetPolicyDocumentStatementNotPrincipalArrayOutput
Like `principals` except gives principals that the statement does *not* apply to.
func (GetPolicyDocumentStatementOutput) NotResources ¶
func (o GetPolicyDocumentStatementOutput) NotResources() pulumi.StringArrayOutput
A list of resource ARNs that this statement does *not* apply to. Used to apply a policy statement to all resources *except* those listed.
func (GetPolicyDocumentStatementOutput) Principals ¶
func (o GetPolicyDocumentStatementOutput) Principals() GetPolicyDocumentStatementPrincipalArrayOutput
A nested configuration block (described below) specifying a principal (or principal pattern) to which this statement applies.
func (GetPolicyDocumentStatementOutput) Resources ¶
func (o GetPolicyDocumentStatementOutput) Resources() pulumi.StringArrayOutput
A list of resource ARNs that this statement applies to. This is required by AWS if used for an IAM policy.
func (GetPolicyDocumentStatementOutput) Sid ¶
func (o GetPolicyDocumentStatementOutput) Sid() pulumi.StringPtrOutput
An ID for the policy statement.
func (GetPolicyDocumentStatementOutput) ToGetPolicyDocumentStatementOutput ¶
func (o GetPolicyDocumentStatementOutput) ToGetPolicyDocumentStatementOutput() GetPolicyDocumentStatementOutput
func (GetPolicyDocumentStatementOutput) ToGetPolicyDocumentStatementOutputWithContext ¶
func (o GetPolicyDocumentStatementOutput) ToGetPolicyDocumentStatementOutputWithContext(ctx context.Context) GetPolicyDocumentStatementOutput
type GetPolicyDocumentStatementPrincipal ¶
type GetPolicyDocumentStatementPrincipal struct { // List of identifiers for principals. When `type` // is "AWS", these are IAM user or role ARNs. When `type` is "Service", these are AWS Service roles e.g. `lambda.amazonaws.com`. When `type` is "Federated", these are web identity users or SAML provider ARNs. Identifiers []string `pulumi:"identifiers"` // The type of principal. For AWS ARNs this is "AWS". For AWS services (e.g. Lambda), this is "Service". For Federated access the type is "Federated". Type string `pulumi:"type"` }
type GetPolicyDocumentStatementPrincipalArgs ¶
type GetPolicyDocumentStatementPrincipalArgs struct { // List of identifiers for principals. When `type` // is "AWS", these are IAM user or role ARNs. When `type` is "Service", these are AWS Service roles e.g. `lambda.amazonaws.com`. When `type` is "Federated", these are web identity users or SAML provider ARNs. Identifiers pulumi.StringArrayInput `pulumi:"identifiers"` // The type of principal. For AWS ARNs this is "AWS". For AWS services (e.g. Lambda), this is "Service". For Federated access the type is "Federated". Type pulumi.StringInput `pulumi:"type"` }
func (GetPolicyDocumentStatementPrincipalArgs) ElementType ¶
func (GetPolicyDocumentStatementPrincipalArgs) ElementType() reflect.Type
func (GetPolicyDocumentStatementPrincipalArgs) ToGetPolicyDocumentStatementPrincipalOutput ¶
func (i GetPolicyDocumentStatementPrincipalArgs) ToGetPolicyDocumentStatementPrincipalOutput() GetPolicyDocumentStatementPrincipalOutput
func (GetPolicyDocumentStatementPrincipalArgs) ToGetPolicyDocumentStatementPrincipalOutputWithContext ¶
func (i GetPolicyDocumentStatementPrincipalArgs) ToGetPolicyDocumentStatementPrincipalOutputWithContext(ctx context.Context) GetPolicyDocumentStatementPrincipalOutput
type GetPolicyDocumentStatementPrincipalArray ¶
type GetPolicyDocumentStatementPrincipalArray []GetPolicyDocumentStatementPrincipalInput
func (GetPolicyDocumentStatementPrincipalArray) ElementType ¶
func (GetPolicyDocumentStatementPrincipalArray) ElementType() reflect.Type
func (GetPolicyDocumentStatementPrincipalArray) ToGetPolicyDocumentStatementPrincipalArrayOutput ¶
func (i GetPolicyDocumentStatementPrincipalArray) ToGetPolicyDocumentStatementPrincipalArrayOutput() GetPolicyDocumentStatementPrincipalArrayOutput
func (GetPolicyDocumentStatementPrincipalArray) ToGetPolicyDocumentStatementPrincipalArrayOutputWithContext ¶
func (i GetPolicyDocumentStatementPrincipalArray) ToGetPolicyDocumentStatementPrincipalArrayOutputWithContext(ctx context.Context) GetPolicyDocumentStatementPrincipalArrayOutput
type GetPolicyDocumentStatementPrincipalArrayInput ¶
type GetPolicyDocumentStatementPrincipalArrayInput interface { pulumi.Input ToGetPolicyDocumentStatementPrincipalArrayOutput() GetPolicyDocumentStatementPrincipalArrayOutput ToGetPolicyDocumentStatementPrincipalArrayOutputWithContext(context.Context) GetPolicyDocumentStatementPrincipalArrayOutput }
GetPolicyDocumentStatementPrincipalArrayInput is an input type that accepts GetPolicyDocumentStatementPrincipalArray and GetPolicyDocumentStatementPrincipalArrayOutput values. You can construct a concrete instance of `GetPolicyDocumentStatementPrincipalArrayInput` via:
GetPolicyDocumentStatementPrincipalArray{ GetPolicyDocumentStatementPrincipalArgs{...} }
type GetPolicyDocumentStatementPrincipalArrayOutput ¶
type GetPolicyDocumentStatementPrincipalArrayOutput struct{ *pulumi.OutputState }
func (GetPolicyDocumentStatementPrincipalArrayOutput) ElementType ¶
func (GetPolicyDocumentStatementPrincipalArrayOutput) ElementType() reflect.Type
func (GetPolicyDocumentStatementPrincipalArrayOutput) ToGetPolicyDocumentStatementPrincipalArrayOutput ¶
func (o GetPolicyDocumentStatementPrincipalArrayOutput) ToGetPolicyDocumentStatementPrincipalArrayOutput() GetPolicyDocumentStatementPrincipalArrayOutput
func (GetPolicyDocumentStatementPrincipalArrayOutput) ToGetPolicyDocumentStatementPrincipalArrayOutputWithContext ¶
func (o GetPolicyDocumentStatementPrincipalArrayOutput) ToGetPolicyDocumentStatementPrincipalArrayOutputWithContext(ctx context.Context) GetPolicyDocumentStatementPrincipalArrayOutput
type GetPolicyDocumentStatementPrincipalInput ¶
type GetPolicyDocumentStatementPrincipalInput interface { pulumi.Input ToGetPolicyDocumentStatementPrincipalOutput() GetPolicyDocumentStatementPrincipalOutput ToGetPolicyDocumentStatementPrincipalOutputWithContext(context.Context) GetPolicyDocumentStatementPrincipalOutput }
GetPolicyDocumentStatementPrincipalInput is an input type that accepts GetPolicyDocumentStatementPrincipalArgs and GetPolicyDocumentStatementPrincipalOutput values. You can construct a concrete instance of `GetPolicyDocumentStatementPrincipalInput` via:
GetPolicyDocumentStatementPrincipalArgs{...}
type GetPolicyDocumentStatementPrincipalOutput ¶
type GetPolicyDocumentStatementPrincipalOutput struct{ *pulumi.OutputState }
func (GetPolicyDocumentStatementPrincipalOutput) ElementType ¶
func (GetPolicyDocumentStatementPrincipalOutput) ElementType() reflect.Type
func (GetPolicyDocumentStatementPrincipalOutput) Identifiers ¶
func (o GetPolicyDocumentStatementPrincipalOutput) Identifiers() pulumi.StringArrayOutput
List of identifiers for principals. When `type` is "AWS", these are IAM user or role ARNs. When `type` is "Service", these are AWS Service roles e.g. `lambda.amazonaws.com`. When `type` is "Federated", these are web identity users or SAML provider ARNs.
func (GetPolicyDocumentStatementPrincipalOutput) ToGetPolicyDocumentStatementPrincipalOutput ¶
func (o GetPolicyDocumentStatementPrincipalOutput) ToGetPolicyDocumentStatementPrincipalOutput() GetPolicyDocumentStatementPrincipalOutput
func (GetPolicyDocumentStatementPrincipalOutput) ToGetPolicyDocumentStatementPrincipalOutputWithContext ¶
func (o GetPolicyDocumentStatementPrincipalOutput) ToGetPolicyDocumentStatementPrincipalOutputWithContext(ctx context.Context) GetPolicyDocumentStatementPrincipalOutput
func (GetPolicyDocumentStatementPrincipalOutput) Type ¶
func (o GetPolicyDocumentStatementPrincipalOutput) Type() pulumi.StringOutput
The type of principal. For AWS ARNs this is "AWS". For AWS services (e.g. Lambda), this is "Service". For Federated access the type is "Federated".
type Group ¶
type Group struct { pulumi.CustomResourceState // The ARN assigned by AWS for this group. Arn pulumi.StringOutput `pulumi:"arn"` // The group's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: `=,.@-_.`. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins". Name pulumi.StringOutput `pulumi:"name"` // Path in which to create the group. Path pulumi.StringPtrOutput `pulumi:"path"` // The [unique ID][1] assigned by AWS. UniqueId pulumi.StringOutput `pulumi:"uniqueId"` }
Provides an IAM group.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iam.NewGroup(ctx, "developers", &iam.GroupArgs{ Path: pulumi.String("/users/"), }) if err != nil { return err } return nil }) }
```
func GetGroup ¶
func GetGroup(ctx *pulumi.Context, name string, id pulumi.IDInput, state *GroupState, opts ...pulumi.ResourceOption) (*Group, error)
GetGroup gets an existing Group resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
type GroupArgs ¶
type GroupArgs struct { // The group's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: `=,.@-_.`. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins". Name pulumi.StringPtrInput // Path in which to create the group. Path pulumi.StringPtrInput }
The set of arguments for constructing a Group resource.
func (GroupArgs) ElementType ¶
type GroupMembership ¶
type GroupMembership struct { pulumi.CustomResourceState // The IAM Group name to attach the list of `users` to Group pulumi.StringOutput `pulumi:"group"` // The name to identify the Group Membership Name pulumi.StringOutput `pulumi:"name"` // A list of IAM User names to associate with the Group Users pulumi.StringArrayOutput `pulumi:"users"` }
> **WARNING:** Multiple iam.GroupMembership resources with the same group name will produce inconsistent behavior!
Provides a top level resource to manage IAM Group membership for IAM Users. For more information on managing IAM Groups or IAM Users, see [IAM Groups](https://www.terraform.io/docs/providers/aws/r/iam_group.html) or [IAM Users](https://www.terraform.io/docs/providers/aws/r/iam_user.html)
> **Note:** `iam.GroupMembership` will conflict with itself if used more than once with the same group. To non-exclusively manage the users in a group, see the [`iam.UserGroupMembership` resource][3].
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { group, err := iam.NewGroup(ctx, "group", nil) if err != nil { return err } userOne, err := iam.NewUser(ctx, "userOne", nil) if err != nil { return err } userTwo, err := iam.NewUser(ctx, "userTwo", nil) if err != nil { return err } _, err = iam.NewGroupMembership(ctx, "team", &iam.GroupMembershipArgs{ Users: pulumi.StringArray{ userOne.Name, userTwo.Name, }, Group: group.Name, }) if err != nil { return err } return nil }) }
```
func GetGroupMembership ¶
func GetGroupMembership(ctx *pulumi.Context, name string, id pulumi.IDInput, state *GroupMembershipState, opts ...pulumi.ResourceOption) (*GroupMembership, error)
GetGroupMembership gets an existing GroupMembership resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewGroupMembership ¶
func NewGroupMembership(ctx *pulumi.Context, name string, args *GroupMembershipArgs, opts ...pulumi.ResourceOption) (*GroupMembership, error)
NewGroupMembership registers a new resource with the given unique name, arguments, and options.
type GroupMembershipArgs ¶
type GroupMembershipArgs struct { // The IAM Group name to attach the list of `users` to Group pulumi.StringInput // The name to identify the Group Membership Name pulumi.StringPtrInput // A list of IAM User names to associate with the Group Users pulumi.StringArrayInput }
The set of arguments for constructing a GroupMembership resource.
func (GroupMembershipArgs) ElementType ¶
func (GroupMembershipArgs) ElementType() reflect.Type
type GroupMembershipState ¶
type GroupMembershipState struct { // The IAM Group name to attach the list of `users` to Group pulumi.StringPtrInput // The name to identify the Group Membership Name pulumi.StringPtrInput // A list of IAM User names to associate with the Group Users pulumi.StringArrayInput }
func (GroupMembershipState) ElementType ¶
func (GroupMembershipState) ElementType() reflect.Type
type GroupPolicy ¶
type GroupPolicy struct { pulumi.CustomResourceState // The IAM group to attach to the policy. Group pulumi.StringOutput `pulumi:"group"` // The name of the policy. If omitted, this provider will // assign a random, unique name. Name pulumi.StringOutput `pulumi:"name"` // Creates a unique name beginning with the specified // prefix. Conflicts with `name`. NamePrefix pulumi.StringPtrOutput `pulumi:"namePrefix"` // The policy document. This is a JSON formatted string. Policy pulumi.StringOutput `pulumi:"policy"` }
Provides an IAM policy attached to a group.
## Example Usage
```go package main
import (
"fmt" "github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { myDevelopers, err := iam.NewGroup(ctx, "myDevelopers", &iam.GroupArgs{ Path: pulumi.String("/users/"), }) if err != nil { return err } _, err = iam.NewGroupPolicy(ctx, "myDeveloperPolicy", &iam.GroupPolicyArgs{ Group: myDevelopers.Name, Policy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", " \"Version\": \"2012-10-17\",\n", " \"Statement\": [\n", " {\n", " \"Action\": [\n", " \"ec2:Describe*\"\n", " ],\n", " \"Effect\": \"Allow\",\n", " \"Resource\": \"*\"\n", " }\n", " ]\n", "}\n")), }) if err != nil { return err } return nil }) }
```
func GetGroupPolicy ¶
func GetGroupPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *GroupPolicyState, opts ...pulumi.ResourceOption) (*GroupPolicy, error)
GetGroupPolicy gets an existing GroupPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewGroupPolicy ¶
func NewGroupPolicy(ctx *pulumi.Context, name string, args *GroupPolicyArgs, opts ...pulumi.ResourceOption) (*GroupPolicy, error)
NewGroupPolicy registers a new resource with the given unique name, arguments, and options.
type GroupPolicyArgs ¶
type GroupPolicyArgs struct { // The IAM group to attach to the policy. Group pulumi.StringInput // The name of the policy. If omitted, this provider will // assign a random, unique name. Name pulumi.StringPtrInput // Creates a unique name beginning with the specified // prefix. Conflicts with `name`. NamePrefix pulumi.StringPtrInput // The policy document. This is a JSON formatted string. Policy pulumi.Input }
The set of arguments for constructing a GroupPolicy resource.
func (GroupPolicyArgs) ElementType ¶
func (GroupPolicyArgs) ElementType() reflect.Type
type GroupPolicyAttachment ¶
type GroupPolicyAttachment struct { pulumi.CustomResourceState // The group the policy should be applied to Group pulumi.StringOutput `pulumi:"group"` // The ARN of the policy you want to apply PolicyArn pulumi.StringOutput `pulumi:"policyArn"` }
Attaches a Managed IAM Policy to an IAM group
> **NOTE:** The usage of this resource conflicts with the `iam.PolicyAttachment` resource and will permanently show a difference if both are defined.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { group, err := iam.NewGroup(ctx, "group", nil) if err != nil { return err } policy, err := iam.NewPolicy(ctx, "policy", &iam.PolicyArgs{ Description: pulumi.String("A test policy"), Policy: pulumi.String("{ ... policy JSON ... }"), }) if err != nil { return err } _, err = iam.NewGroupPolicyAttachment(ctx, "test_attach", &iam.GroupPolicyAttachmentArgs{ Group: group.Name, PolicyArn: policy.Arn, }) if err != nil { return err } return nil }) }
```
func GetGroupPolicyAttachment ¶
func GetGroupPolicyAttachment(ctx *pulumi.Context, name string, id pulumi.IDInput, state *GroupPolicyAttachmentState, opts ...pulumi.ResourceOption) (*GroupPolicyAttachment, error)
GetGroupPolicyAttachment gets an existing GroupPolicyAttachment resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewGroupPolicyAttachment ¶
func NewGroupPolicyAttachment(ctx *pulumi.Context, name string, args *GroupPolicyAttachmentArgs, opts ...pulumi.ResourceOption) (*GroupPolicyAttachment, error)
NewGroupPolicyAttachment registers a new resource with the given unique name, arguments, and options.
type GroupPolicyAttachmentArgs ¶
type GroupPolicyAttachmentArgs struct { // The group the policy should be applied to Group pulumi.Input // The ARN of the policy you want to apply PolicyArn pulumi.StringInput }
The set of arguments for constructing a GroupPolicyAttachment resource.
func (GroupPolicyAttachmentArgs) ElementType ¶
func (GroupPolicyAttachmentArgs) ElementType() reflect.Type
type GroupPolicyAttachmentState ¶
type GroupPolicyAttachmentState struct { // The group the policy should be applied to Group pulumi.StringPtrInput // The ARN of the policy you want to apply PolicyArn pulumi.StringPtrInput }
func (GroupPolicyAttachmentState) ElementType ¶
func (GroupPolicyAttachmentState) ElementType() reflect.Type
type GroupPolicyState ¶
type GroupPolicyState struct { // The IAM group to attach to the policy. Group pulumi.StringPtrInput // The name of the policy. If omitted, this provider will // assign a random, unique name. Name pulumi.StringPtrInput // Creates a unique name beginning with the specified // prefix. Conflicts with `name`. NamePrefix pulumi.StringPtrInput // The policy document. This is a JSON formatted string. Policy pulumi.StringPtrInput }
func (GroupPolicyState) ElementType ¶
func (GroupPolicyState) ElementType() reflect.Type
type GroupState ¶
type GroupState struct { // The ARN assigned by AWS for this group. Arn pulumi.StringPtrInput // The group's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: `=,.@-_.`. Group names are not distinguished by case. For example, you cannot create groups named both "ADMINS" and "admins". Name pulumi.StringPtrInput // Path in which to create the group. Path pulumi.StringPtrInput // The [unique ID][1] assigned by AWS. UniqueId pulumi.StringPtrInput }
func (GroupState) ElementType ¶
func (GroupState) ElementType() reflect.Type
type InstanceProfile ¶
type InstanceProfile struct { pulumi.CustomResourceState // The ARN assigned by AWS to the instance profile. Arn pulumi.StringOutput `pulumi:"arn"` // The creation timestamp of the instance profile. CreateDate pulumi.StringOutput `pulumi:"createDate"` // The profile's name. If omitted, this provider will assign a random, unique name. Name pulumi.StringOutput `pulumi:"name"` // Creates a unique name beginning with the specified prefix. Conflicts with `name`. NamePrefix pulumi.StringPtrOutput `pulumi:"namePrefix"` // Path in which to create the profile. Path pulumi.StringPtrOutput `pulumi:"path"` // The role name to include in the profile. Role pulumi.StringPtrOutput `pulumi:"role"` // The [unique ID][1] assigned by AWS. UniqueId pulumi.StringOutput `pulumi:"uniqueId"` }
Provides an IAM instance profile.
## Example Usage
```go package main
import (
"fmt" "github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { role, err := iam.NewRole(ctx, "role", &iam.RoleArgs{ Path: pulumi.String("/"), AssumeRolePolicy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", " \"Version\": \"2012-10-17\",\n", " \"Statement\": [\n", " {\n", " \"Action\": \"sts:AssumeRole\",\n", " \"Principal\": {\n", " \"Service\": \"ec2.amazonaws.com\"\n", " },\n", " \"Effect\": \"Allow\",\n", " \"Sid\": \"\"\n", " }\n", " ]\n", "}\n")), }) if err != nil { return err } _, err = iam.NewInstanceProfile(ctx, "testProfile", &iam.InstanceProfileArgs{ Role: role.Name, }) if err != nil { return err } return nil }) }
```
func GetInstanceProfile ¶
func GetInstanceProfile(ctx *pulumi.Context, name string, id pulumi.IDInput, state *InstanceProfileState, opts ...pulumi.ResourceOption) (*InstanceProfile, error)
GetInstanceProfile gets an existing InstanceProfile resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewInstanceProfile ¶
func NewInstanceProfile(ctx *pulumi.Context, name string, args *InstanceProfileArgs, opts ...pulumi.ResourceOption) (*InstanceProfile, error)
NewInstanceProfile registers a new resource with the given unique name, arguments, and options.
type InstanceProfileArgs ¶
type InstanceProfileArgs struct { // The profile's name. If omitted, this provider will assign a random, unique name. Name pulumi.StringPtrInput // Creates a unique name beginning with the specified prefix. Conflicts with `name`. NamePrefix pulumi.StringPtrInput // Path in which to create the profile. Path pulumi.StringPtrInput // The role name to include in the profile. Role pulumi.Input }
The set of arguments for constructing a InstanceProfile resource.
func (InstanceProfileArgs) ElementType ¶
func (InstanceProfileArgs) ElementType() reflect.Type
type InstanceProfileState ¶
type InstanceProfileState struct { // The ARN assigned by AWS to the instance profile. Arn pulumi.StringPtrInput // The creation timestamp of the instance profile. CreateDate pulumi.StringPtrInput // The profile's name. If omitted, this provider will assign a random, unique name. Name pulumi.StringPtrInput // Creates a unique name beginning with the specified prefix. Conflicts with `name`. NamePrefix pulumi.StringPtrInput // Path in which to create the profile. Path pulumi.StringPtrInput // The role name to include in the profile. Role pulumi.StringPtrInput // The [unique ID][1] assigned by AWS. UniqueId pulumi.StringPtrInput }
func (InstanceProfileState) ElementType ¶
func (InstanceProfileState) ElementType() reflect.Type
type LookupAccountAliasResult ¶
type LookupAccountAliasResult struct { // The alias associated with the AWS account. AccountAlias string `pulumi:"accountAlias"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` }
A collection of values returned by getAccountAlias.
func LookupAccountAlias ¶
func LookupAccountAlias(ctx *pulumi.Context, opts ...pulumi.InvokeOption) (*LookupAccountAliasResult, error)
The IAM Account Alias data source allows access to the account alias for the effective account in which this provider is working.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { current, err := iam.LookupAccountAlias(ctx, nil, nil) if err != nil { return err } ctx.Export("accountId", current.AccountAlias) return nil }) }
```
type LookupGroupArgs ¶
type LookupGroupArgs struct { // The friendly IAM group name to match. GroupName string `pulumi:"groupName"` }
A collection of arguments for invoking getGroup.
type LookupGroupResult ¶
type LookupGroupResult struct { // The Amazon Resource Name (ARN) specifying the iam user. Arn string `pulumi:"arn"` // The stable and unique string identifying the group. GroupId string `pulumi:"groupId"` GroupName string `pulumi:"groupName"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // The path to the iam user. Path string `pulumi:"path"` // List of objects containing group member information. See supported fields below. Users []GetGroupUser `pulumi:"users"` }
A collection of values returned by getGroup.
func LookupGroup ¶
func LookupGroup(ctx *pulumi.Context, args *LookupGroupArgs, opts ...pulumi.InvokeOption) (*LookupGroupResult, error)
This data source can be used to fetch information about a specific IAM group. By using this data source, you can reference IAM group properties without having to hard code ARNs as input.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iam.LookupGroup(ctx, &iam.LookupGroupArgs{ GroupName: "an_example_group_name", }, nil) if err != nil { return err } return nil }) }
```
type LookupInstanceProfileArgs ¶
type LookupInstanceProfileArgs struct { // The friendly IAM instance profile name to match. Name string `pulumi:"name"` }
A collection of arguments for invoking getInstanceProfile.
type LookupInstanceProfileResult ¶
type LookupInstanceProfileResult struct { // The Amazon Resource Name (ARN) specifying the instance profile. Arn string `pulumi:"arn"` // The string representation of the date the instance profile // was created. CreateDate string `pulumi:"createDate"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` Name string `pulumi:"name"` // The path to the instance profile. Path string `pulumi:"path"` // The role arn associated with this instance profile. RoleArn string `pulumi:"roleArn"` // The role id associated with this instance profile. RoleId string `pulumi:"roleId"` // The role name associated with this instance profile. RoleName string `pulumi:"roleName"` }
A collection of values returned by getInstanceProfile.
func LookupInstanceProfile ¶
func LookupInstanceProfile(ctx *pulumi.Context, args *LookupInstanceProfileArgs, opts ...pulumi.InvokeOption) (*LookupInstanceProfileResult, error)
This data source can be used to fetch information about a specific IAM instance profile. By using this data source, you can reference IAM instance profile properties without having to hard code ARNs as input.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iam.LookupInstanceProfile(ctx, &iam.LookupInstanceProfileArgs{ Name: "an_example_instance_profile_name", }, nil) if err != nil { return err } return nil }) }
```
type LookupPolicyArgs ¶
type LookupPolicyArgs struct { // ARN of the IAM policy. Arn string `pulumi:"arn"` }
A collection of arguments for invoking getPolicy.
type LookupPolicyResult ¶
type LookupPolicyResult struct { // The Amazon Resource Name (ARN) specifying the policy. Arn string `pulumi:"arn"` // The description of the policy. Description string `pulumi:"description"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // The name of the IAM policy. Name string `pulumi:"name"` // The path to the policy. Path string `pulumi:"path"` // The policy document of the policy. Policy string `pulumi:"policy"` }
A collection of values returned by getPolicy.
func LookupPolicy ¶
func LookupPolicy(ctx *pulumi.Context, args *LookupPolicyArgs, opts ...pulumi.InvokeOption) (*LookupPolicyResult, error)
This data source can be used to fetch information about a specific IAM policy.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iam.LookupPolicy(ctx, &iam.LookupPolicyArgs{ Arn: "arn:aws:iam::123456789012:policy/UsersManageOwnCredentials", }, nil) if err != nil { return err } return nil }) }
```
type LookupRoleArgs ¶
type LookupRoleArgs struct { // The friendly IAM role name to match. Name string `pulumi:"name"` // The tags attached to the role. Tags map[string]string `pulumi:"tags"` }
A collection of arguments for invoking getRole.
type LookupRoleResult ¶
type LookupRoleResult struct { // The Amazon Resource Name (ARN) specifying the role. Arn string `pulumi:"arn"` // The policy document associated with the role. AssumeRolePolicy string `pulumi:"assumeRolePolicy"` // Creation date of the role in RFC 3339 format. CreateDate string `pulumi:"createDate"` // Description for the role. Description string `pulumi:"description"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // Maximum session duration. MaxSessionDuration int `pulumi:"maxSessionDuration"` Name string `pulumi:"name"` // The path to the role. Path string `pulumi:"path"` // The ARN of the policy that is used to set the permissions boundary for the role. PermissionsBoundary string `pulumi:"permissionsBoundary"` // The tags attached to the role. Tags map[string]string `pulumi:"tags"` // The stable and unique string identifying the role. UniqueId string `pulumi:"uniqueId"` }
A collection of values returned by getRole.
func LookupRole ¶
func LookupRole(ctx *pulumi.Context, args *LookupRoleArgs, opts ...pulumi.InvokeOption) (*LookupRoleResult, error)
This data source can be used to fetch information about a specific IAM role. By using this data source, you can reference IAM role properties without having to hard code ARNs as input.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iam.LookupRole(ctx, &iam.LookupRoleArgs{ Name: "an_example_role_name", }, nil) if err != nil { return err } return nil }) }
```
type LookupServerCertificateArgs ¶
type LookupServerCertificateArgs struct { // sort results by expiration date. returns the certificate with expiration date in furthest in the future. Latest *bool `pulumi:"latest"` // exact name of the cert to lookup Name *string `pulumi:"name"` // prefix of cert to filter by NamePrefix *string `pulumi:"namePrefix"` // prefix of path to filter by PathPrefix *string `pulumi:"pathPrefix"` }
A collection of arguments for invoking getServerCertificate.
type LookupServerCertificateResult ¶
type LookupServerCertificateResult struct { Arn string `pulumi:"arn"` CertificateBody string `pulumi:"certificateBody"` CertificateChain string `pulumi:"certificateChain"` ExpirationDate string `pulumi:"expirationDate"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` Latest *bool `pulumi:"latest"` Name string `pulumi:"name"` NamePrefix *string `pulumi:"namePrefix"` Path string `pulumi:"path"` PathPrefix *string `pulumi:"pathPrefix"` UploadDate string `pulumi:"uploadDate"` }
A collection of values returned by getServerCertificate.
func LookupServerCertificate ¶
func LookupServerCertificate(ctx *pulumi.Context, args *LookupServerCertificateArgs, opts ...pulumi.InvokeOption) (*LookupServerCertificateResult, error)
Use this data source to lookup information about IAM Server Certificates.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/elb" "github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { opt0 := "my-domain.org" opt1 := true my_domain, err := iam.LookupServerCertificate(ctx, &iam.LookupServerCertificateArgs{ NamePrefix: &opt0, Latest: &opt1, }, nil) if err != nil { return err } _, err = elb.NewLoadBalancer(ctx, "elb", &elb.LoadBalancerArgs{ Listeners: elb.LoadBalancerListenerArray{ &elb.LoadBalancerListenerArgs{ InstancePort: pulumi.Int(8000), InstanceProtocol: pulumi.String("https"), LbPort: pulumi.Int(443), LbProtocol: pulumi.String("https"), SslCertificateId: pulumi.String(my_domain.Arn), }, }, }) if err != nil { return err } return nil }) }
```
type LookupUserArgs ¶
type LookupUserArgs struct { // The friendly IAM user name to match. UserName string `pulumi:"userName"` }
A collection of arguments for invoking getUser.
type LookupUserResult ¶
type LookupUserResult struct { // The Amazon Resource Name (ARN) assigned by AWS for this user. Arn string `pulumi:"arn"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // Path in which this user was created. Path string `pulumi:"path"` // The ARN of the policy that is used to set the permissions boundary for the user. PermissionsBoundary string `pulumi:"permissionsBoundary"` // The unique ID assigned by AWS for this user. UserId string `pulumi:"userId"` // The name associated to this User UserName string `pulumi:"userName"` }
A collection of values returned by getUser.
func LookupUser ¶
func LookupUser(ctx *pulumi.Context, args *LookupUserArgs, opts ...pulumi.InvokeOption) (*LookupUserResult, error)
This data source can be used to fetch information about a specific IAM user. By using this data source, you can reference IAM user properties without having to hard code ARNs or unique IDs as input.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iam.LookupUser(ctx, &iam.LookupUserArgs{ UserName: "an_example_user_name", }, nil) if err != nil { return err } return nil }) }
```
type OpenIdConnectProvider ¶
type OpenIdConnectProvider struct { pulumi.CustomResourceState // The ARN assigned by AWS for this provider. Arn pulumi.StringOutput `pulumi:"arn"` // A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that's sent as the clientId parameter on OAuth requests.) ClientIdLists pulumi.StringArrayOutput `pulumi:"clientIdLists"` // A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s). ThumbprintLists pulumi.StringArrayOutput `pulumi:"thumbprintLists"` // The URL of the identity provider. Corresponds to the _iss_ claim. Url pulumi.StringOutput `pulumi:"url"` }
Provides an IAM OpenID Connect provider.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iam.NewOpenIdConnectProvider(ctx, "_default", &iam.OpenIdConnectProviderArgs{ ClientIdLists: pulumi.StringArray{ pulumi.String("266362248691-342342xasdasdasda-apps.googleusercontent.com"), }, ThumbprintLists: []interface{}{}, Url: pulumi.String("https://accounts.google.com"), }) if err != nil { return err } return nil }) }
```
func GetOpenIdConnectProvider ¶
func GetOpenIdConnectProvider(ctx *pulumi.Context, name string, id pulumi.IDInput, state *OpenIdConnectProviderState, opts ...pulumi.ResourceOption) (*OpenIdConnectProvider, error)
GetOpenIdConnectProvider gets an existing OpenIdConnectProvider resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewOpenIdConnectProvider ¶
func NewOpenIdConnectProvider(ctx *pulumi.Context, name string, args *OpenIdConnectProviderArgs, opts ...pulumi.ResourceOption) (*OpenIdConnectProvider, error)
NewOpenIdConnectProvider registers a new resource with the given unique name, arguments, and options.
type OpenIdConnectProviderArgs ¶
type OpenIdConnectProviderArgs struct { // A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that's sent as the clientId parameter on OAuth requests.) ClientIdLists pulumi.StringArrayInput // A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s). ThumbprintLists pulumi.StringArrayInput // The URL of the identity provider. Corresponds to the _iss_ claim. Url pulumi.StringInput }
The set of arguments for constructing a OpenIdConnectProvider resource.
func (OpenIdConnectProviderArgs) ElementType ¶
func (OpenIdConnectProviderArgs) ElementType() reflect.Type
type OpenIdConnectProviderState ¶
type OpenIdConnectProviderState struct { // The ARN assigned by AWS for this provider. Arn pulumi.StringPtrInput // A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that's sent as the clientId parameter on OAuth requests.) ClientIdLists pulumi.StringArrayInput // A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s). ThumbprintLists pulumi.StringArrayInput // The URL of the identity provider. Corresponds to the _iss_ claim. Url pulumi.StringPtrInput }
func (OpenIdConnectProviderState) ElementType ¶
func (OpenIdConnectProviderState) ElementType() reflect.Type
type Policy ¶
type Policy struct { pulumi.CustomResourceState // The ARN assigned by AWS to this policy. Arn pulumi.StringOutput `pulumi:"arn"` // Description of the IAM policy. Description pulumi.StringPtrOutput `pulumi:"description"` // The name of the policy. If omitted, this provider will assign a random, unique name. Name pulumi.StringOutput `pulumi:"name"` // Creates a unique name beginning with the specified prefix. Conflicts with `name`. NamePrefix pulumi.StringPtrOutput `pulumi:"namePrefix"` // Path in which to create the policy. // See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information. Path pulumi.StringPtrOutput `pulumi:"path"` // The policy document. This is a JSON formatted string. Policy pulumi.StringOutput `pulumi:"policy"` }
Provides an IAM policy.
## Example Usage
```go package main
import (
"fmt" "github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iam.NewPolicy(ctx, "policy", &iam.PolicyArgs{ Description: pulumi.String("My test policy"), Path: pulumi.String("/"), Policy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", " \"Version\": \"2012-10-17\",\n", " \"Statement\": [\n", " {\n", " \"Action\": [\n", " \"ec2:Describe*\"\n", " ],\n", " \"Effect\": \"Allow\",\n", " \"Resource\": \"*\"\n", " }\n", " ]\n", "}\n", "\n")), }) if err != nil { return err } return nil }) }
```
func GetPolicy ¶
func GetPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *PolicyState, opts ...pulumi.ResourceOption) (*Policy, error)
GetPolicy gets an existing Policy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewPolicy ¶
func NewPolicy(ctx *pulumi.Context, name string, args *PolicyArgs, opts ...pulumi.ResourceOption) (*Policy, error)
NewPolicy registers a new resource with the given unique name, arguments, and options.
type PolicyArgs ¶
type PolicyArgs struct { // Description of the IAM policy. Description pulumi.StringPtrInput // The name of the policy. If omitted, this provider will assign a random, unique name. Name pulumi.StringPtrInput // Creates a unique name beginning with the specified prefix. Conflicts with `name`. NamePrefix pulumi.StringPtrInput // Path in which to create the policy. // See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information. Path pulumi.StringPtrInput // The policy document. This is a JSON formatted string. Policy pulumi.Input }
The set of arguments for constructing a Policy resource.
func (PolicyArgs) ElementType ¶
func (PolicyArgs) ElementType() reflect.Type
type PolicyAttachment ¶
type PolicyAttachment struct { pulumi.CustomResourceState // The group(s) the policy should be applied to Groups pulumi.StringArrayOutput `pulumi:"groups"` // The name of the attachment. This cannot be an empty string. Name pulumi.StringOutput `pulumi:"name"` // The ARN of the policy you want to apply PolicyArn pulumi.StringOutput `pulumi:"policyArn"` // The role(s) the policy should be applied to Roles pulumi.StringArrayOutput `pulumi:"roles"` // The user(s) the policy should be applied to Users pulumi.StringArrayOutput `pulumi:"users"` }
Attaches a Managed IAM Policy to user(s), role(s), and/or group(s)
!> **WARNING:** The iam.PolicyAttachment resource creates **exclusive** attachments of IAM policies. Across the entire AWS account, all of the users/roles/groups to which a single policy is attached must be declared by a single iam.PolicyAttachment resource. This means that even any users/roles/groups that have the attached policy via any other mechanism (including other resources managed by this provider) will have that attached policy revoked by this resource. Consider `iam.RolePolicyAttachment`, `iam.UserPolicyAttachment`, or `iam.GroupPolicyAttachment` instead. These resources do not enforce exclusive attachment of an IAM policy.
> **NOTE:** The usage of this resource conflicts with the `iam.GroupPolicyAttachment`, `iam.RolePolicyAttachment`, and `iam.UserPolicyAttachment` resources and will permanently show a difference if both are defined.
## Example Usage
```go package main
import (
"fmt" "github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { user, err := iam.NewUser(ctx, "user", nil) if err != nil { return err } role, err := iam.NewRole(ctx, "role", &iam.RoleArgs{ AssumeRolePolicy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", " \"Version\": \"2012-10-17\",\n", " \"Statement\": [\n", " {\n", " \"Action\": \"sts:AssumeRole\",\n", " \"Principal\": {\n", " \"Service\": \"ec2.amazonaws.com\"\n", " },\n", " \"Effect\": \"Allow\",\n", " \"Sid\": \"\"\n", " }\n", " ]\n", "}\n")), }) if err != nil { return err } group, err := iam.NewGroup(ctx, "group", nil) if err != nil { return err } policy, err := iam.NewPolicy(ctx, "policy", &iam.PolicyArgs{ Description: pulumi.String("A test policy"), Policy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", " \"Version\": \"2012-10-17\",\n", " \"Statement\": [\n", " {\n", " \"Action\": [\n", " \"ec2:Describe*\"\n", " ],\n", " \"Effect\": \"Allow\",\n", " \"Resource\": \"*\"\n", " }\n", " ]\n", "}\n")), }) if err != nil { return err } _, err = iam.NewPolicyAttachment(ctx, "test_attach", &iam.PolicyAttachmentArgs{ Users: pulumi.StringArray{ user.Name, }, Roles: pulumi.StringArray{ role.Name, }, Groups: pulumi.StringArray{ group.Name, }, PolicyArn: policy.Arn, }) if err != nil { return err } return nil }) }
```
func GetPolicyAttachment ¶
func GetPolicyAttachment(ctx *pulumi.Context, name string, id pulumi.IDInput, state *PolicyAttachmentState, opts ...pulumi.ResourceOption) (*PolicyAttachment, error)
GetPolicyAttachment gets an existing PolicyAttachment resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewPolicyAttachment ¶
func NewPolicyAttachment(ctx *pulumi.Context, name string, args *PolicyAttachmentArgs, opts ...pulumi.ResourceOption) (*PolicyAttachment, error)
NewPolicyAttachment registers a new resource with the given unique name, arguments, and options.
type PolicyAttachmentArgs ¶
type PolicyAttachmentArgs struct { // The group(s) the policy should be applied to Groups pulumi.ArrayInput // The name of the attachment. This cannot be an empty string. Name pulumi.StringPtrInput // The ARN of the policy you want to apply PolicyArn pulumi.StringInput // The role(s) the policy should be applied to Roles pulumi.ArrayInput // The user(s) the policy should be applied to Users pulumi.ArrayInput }
The set of arguments for constructing a PolicyAttachment resource.
func (PolicyAttachmentArgs) ElementType ¶
func (PolicyAttachmentArgs) ElementType() reflect.Type
type PolicyAttachmentState ¶
type PolicyAttachmentState struct { // The group(s) the policy should be applied to Groups pulumi.StringArrayInput // The name of the attachment. This cannot be an empty string. Name pulumi.StringPtrInput // The ARN of the policy you want to apply PolicyArn pulumi.StringPtrInput // The role(s) the policy should be applied to Roles pulumi.StringArrayInput // The user(s) the policy should be applied to Users pulumi.StringArrayInput }
func (PolicyAttachmentState) ElementType ¶
func (PolicyAttachmentState) ElementType() reflect.Type
type PolicyState ¶
type PolicyState struct { // The ARN assigned by AWS to this policy. Arn pulumi.StringPtrInput // Description of the IAM policy. Description pulumi.StringPtrInput // The name of the policy. If omitted, this provider will assign a random, unique name. Name pulumi.StringPtrInput // Creates a unique name beginning with the specified prefix. Conflicts with `name`. NamePrefix pulumi.StringPtrInput // Path in which to create the policy. // See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information. Path pulumi.StringPtrInput // The policy document. This is a JSON formatted string. Policy pulumi.StringPtrInput }
func (PolicyState) ElementType ¶
func (PolicyState) ElementType() reflect.Type
type Role ¶
type Role struct { pulumi.CustomResourceState // The Amazon Resource Name (ARN) specifying the role. Arn pulumi.StringOutput `pulumi:"arn"` // The policy that grants an entity permission to assume the role. AssumeRolePolicy pulumi.StringOutput `pulumi:"assumeRolePolicy"` // The creation date of the IAM role. CreateDate pulumi.StringOutput `pulumi:"createDate"` // The description of the role. Description pulumi.StringPtrOutput `pulumi:"description"` // Specifies to force detaching any policies the role has before destroying it. Defaults to `false`. ForceDetachPolicies pulumi.BoolPtrOutput `pulumi:"forceDetachPolicies"` // The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. MaxSessionDuration pulumi.IntPtrOutput `pulumi:"maxSessionDuration"` // The name of the role. If omitted, this provider will assign a random, unique name. Name pulumi.StringOutput `pulumi:"name"` // Creates a unique name beginning with the specified prefix. Conflicts with `name`. NamePrefix pulumi.StringPtrOutput `pulumi:"namePrefix"` // The path to the role. // See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information. Path pulumi.StringPtrOutput `pulumi:"path"` // The ARN of the policy that is used to set the permissions boundary for the role. PermissionsBoundary pulumi.StringPtrOutput `pulumi:"permissionsBoundary"` // Key-value map of tags for the IAM role Tags pulumi.StringMapOutput `pulumi:"tags"` // The stable and unique string identifying the role. UniqueId pulumi.StringOutput `pulumi:"uniqueId"` }
Provides an IAM role.
> *NOTE:* If policies are attached to the role via the `iam.PolicyAttachment` resource and you are modifying the role `name` or `path`, the `forceDetachPolicies` argument must be set to `true` and applied before attempting the operation otherwise you will encounter a `DeleteConflict` error. The `iam.RolePolicyAttachment` resource (recommended) does not have this requirement.
## Example Usage
```go package main
import (
"fmt" "github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iam.NewRole(ctx, "testRole", &iam.RoleArgs{ AssumeRolePolicy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", " \"Version\": \"2012-10-17\",\n", " \"Statement\": [\n", " {\n", " \"Action\": \"sts:AssumeRole\",\n", " \"Principal\": {\n", " \"Service\": \"ec2.amazonaws.com\"\n", " },\n", " \"Effect\": \"Allow\",\n", " \"Sid\": \"\"\n", " }\n", " ]\n", "}\n", "\n")), Tags: pulumi.StringMap{ "tag-key": pulumi.String("tag-value"), }, }) if err != nil { return err } return nil }) }
``` ## Example of Using Data Source for Assume Role Policy
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { instance_assume_role_policy, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{ Statements: []iam.GetPolicyDocumentStatement{ iam.GetPolicyDocumentStatement{ Actions: []string{ "sts:AssumeRole", }, Principals: []iam.GetPolicyDocumentStatementPrincipal{ iam.GetPolicyDocumentStatementPrincipal{ Type: "Service", Identifiers: []string{ "ec2.amazonaws.com", }, }, }, }, }, }, nil) if err != nil { return err } _, err = iam.NewRole(ctx, "instance", &iam.RoleArgs{ Path: pulumi.String("/system/"), AssumeRolePolicy: pulumi.String(instance_assume_role_policy.Json), }) if err != nil { return err } return nil }) }
```
func GetRole ¶
func GetRole(ctx *pulumi.Context, name string, id pulumi.IDInput, state *RoleState, opts ...pulumi.ResourceOption) (*Role, error)
GetRole gets an existing Role resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
type RoleArgs ¶
type RoleArgs struct { // The policy that grants an entity permission to assume the role. AssumeRolePolicy pulumi.Input // The description of the role. Description pulumi.StringPtrInput // Specifies to force detaching any policies the role has before destroying it. Defaults to `false`. ForceDetachPolicies pulumi.BoolPtrInput // The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. MaxSessionDuration pulumi.IntPtrInput // The name of the role. If omitted, this provider will assign a random, unique name. Name pulumi.StringPtrInput // Creates a unique name beginning with the specified prefix. Conflicts with `name`. NamePrefix pulumi.StringPtrInput // The path to the role. // See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information. Path pulumi.StringPtrInput // The ARN of the policy that is used to set the permissions boundary for the role. PermissionsBoundary pulumi.StringPtrInput // Key-value map of tags for the IAM role Tags pulumi.StringMapInput }
The set of arguments for constructing a Role resource.
func (RoleArgs) ElementType ¶
type RolePolicy ¶
type RolePolicy struct { pulumi.CustomResourceState // The name of the role policy. If omitted, this provider will // assign a random, unique name. Name pulumi.StringOutput `pulumi:"name"` // Creates a unique name beginning with the specified // prefix. Conflicts with `name`. NamePrefix pulumi.StringPtrOutput `pulumi:"namePrefix"` // The policy document. This is a JSON formatted string. Policy pulumi.StringOutput `pulumi:"policy"` // The IAM role to attach to the policy. Role pulumi.StringOutput `pulumi:"role"` }
Provides an IAM role inline policy.
## Example Usage
```go package main
import (
"fmt" "github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { testRole, err := iam.NewRole(ctx, "testRole", &iam.RoleArgs{ AssumeRolePolicy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", " \"Version\": \"2012-10-17\",\n", " \"Statement\": [\n", " {\n", " \"Action\": \"sts:AssumeRole\",\n", " \"Principal\": {\n", " \"Service\": \"ec2.amazonaws.com\"\n", " },\n", " \"Effect\": \"Allow\",\n", " \"Sid\": \"\"\n", " }\n", " ]\n", "}\n")), }) if err != nil { return err } _, err = iam.NewRolePolicy(ctx, "testPolicy", &iam.RolePolicyArgs{ Role: testRole.ID(), Policy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", " \"Version\": \"2012-10-17\",\n", " \"Statement\": [\n", " {\n", " \"Action\": [\n", " \"ec2:Describe*\"\n", " ],\n", " \"Effect\": \"Allow\",\n", " \"Resource\": \"*\"\n", " }\n", " ]\n", "}\n")), }) if err != nil { return err } return nil }) }
```
func GetRolePolicy ¶
func GetRolePolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *RolePolicyState, opts ...pulumi.ResourceOption) (*RolePolicy, error)
GetRolePolicy gets an existing RolePolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewRolePolicy ¶
func NewRolePolicy(ctx *pulumi.Context, name string, args *RolePolicyArgs, opts ...pulumi.ResourceOption) (*RolePolicy, error)
NewRolePolicy registers a new resource with the given unique name, arguments, and options.
type RolePolicyArgs ¶
type RolePolicyArgs struct { // The name of the role policy. If omitted, this provider will // assign a random, unique name. Name pulumi.StringPtrInput // Creates a unique name beginning with the specified // prefix. Conflicts with `name`. NamePrefix pulumi.StringPtrInput // The policy document. This is a JSON formatted string. Policy pulumi.Input // The IAM role to attach to the policy. Role pulumi.Input }
The set of arguments for constructing a RolePolicy resource.
func (RolePolicyArgs) ElementType ¶
func (RolePolicyArgs) ElementType() reflect.Type
type RolePolicyAttachment ¶
type RolePolicyAttachment struct { pulumi.CustomResourceState // The ARN of the policy you want to apply PolicyArn pulumi.StringOutput `pulumi:"policyArn"` // The role the policy should be applied to Role pulumi.StringOutput `pulumi:"role"` }
Attaches a Managed IAM Policy to an IAM role
> **NOTE:** The usage of this resource conflicts with the `iam.PolicyAttachment` resource and will permanently show a difference if both are defined.
## Example Usage
```go package main
import (
"fmt" "github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { role, err := iam.NewRole(ctx, "role", &iam.RoleArgs{ AssumeRolePolicy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v", " {\n", " \"Version\": \"2012-10-17\",\n", " \"Statement\": [\n", " {\n", " \"Action\": \"sts:AssumeRole\",\n", " \"Principal\": {\n", " \"Service\": \"ec2.amazonaws.com\"\n", " },\n", " \"Effect\": \"Allow\",\n", " \"Sid\": \"\"\n", " }\n", " ]\n", " }\n")), }) if err != nil { return err } policy, err := iam.NewPolicy(ctx, "policy", &iam.PolicyArgs{ Description: pulumi.String("A test policy"), Policy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", " \"Version\": \"2012-10-17\",\n", " \"Statement\": [\n", " {\n", " \"Action\": [\n", " \"ec2:Describe*\"\n", " ],\n", " \"Effect\": \"Allow\",\n", " \"Resource\": \"*\"\n", " }\n", " ]\n", "}\n")), }) if err != nil { return err } _, err = iam.NewRolePolicyAttachment(ctx, "test_attach", &iam.RolePolicyAttachmentArgs{ Role: role.Name, PolicyArn: policy.Arn, }) if err != nil { return err } return nil }) }
```
func GetRolePolicyAttachment ¶
func GetRolePolicyAttachment(ctx *pulumi.Context, name string, id pulumi.IDInput, state *RolePolicyAttachmentState, opts ...pulumi.ResourceOption) (*RolePolicyAttachment, error)
GetRolePolicyAttachment gets an existing RolePolicyAttachment resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewRolePolicyAttachment ¶
func NewRolePolicyAttachment(ctx *pulumi.Context, name string, args *RolePolicyAttachmentArgs, opts ...pulumi.ResourceOption) (*RolePolicyAttachment, error)
NewRolePolicyAttachment registers a new resource with the given unique name, arguments, and options.
type RolePolicyAttachmentArgs ¶
type RolePolicyAttachmentArgs struct { // The ARN of the policy you want to apply PolicyArn pulumi.StringInput // The role the policy should be applied to Role pulumi.Input }
The set of arguments for constructing a RolePolicyAttachment resource.
func (RolePolicyAttachmentArgs) ElementType ¶
func (RolePolicyAttachmentArgs) ElementType() reflect.Type
type RolePolicyAttachmentState ¶
type RolePolicyAttachmentState struct { // The ARN of the policy you want to apply PolicyArn pulumi.StringPtrInput // The role the policy should be applied to Role pulumi.StringPtrInput }
func (RolePolicyAttachmentState) ElementType ¶
func (RolePolicyAttachmentState) ElementType() reflect.Type
type RolePolicyState ¶
type RolePolicyState struct { // The name of the role policy. If omitted, this provider will // assign a random, unique name. Name pulumi.StringPtrInput // Creates a unique name beginning with the specified // prefix. Conflicts with `name`. NamePrefix pulumi.StringPtrInput // The policy document. This is a JSON formatted string. Policy pulumi.StringPtrInput // The IAM role to attach to the policy. Role pulumi.StringPtrInput }
func (RolePolicyState) ElementType ¶
func (RolePolicyState) ElementType() reflect.Type
type RoleState ¶
type RoleState struct { // The Amazon Resource Name (ARN) specifying the role. Arn pulumi.StringPtrInput // The policy that grants an entity permission to assume the role. AssumeRolePolicy pulumi.StringPtrInput // The creation date of the IAM role. CreateDate pulumi.StringPtrInput // The description of the role. Description pulumi.StringPtrInput // Specifies to force detaching any policies the role has before destroying it. Defaults to `false`. ForceDetachPolicies pulumi.BoolPtrInput // The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours. MaxSessionDuration pulumi.IntPtrInput // The name of the role. If omitted, this provider will assign a random, unique name. Name pulumi.StringPtrInput // Creates a unique name beginning with the specified prefix. Conflicts with `name`. NamePrefix pulumi.StringPtrInput // The path to the role. // See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information. Path pulumi.StringPtrInput // The ARN of the policy that is used to set the permissions boundary for the role. PermissionsBoundary pulumi.StringPtrInput // Key-value map of tags for the IAM role Tags pulumi.StringMapInput // The stable and unique string identifying the role. UniqueId pulumi.StringPtrInput }
func (RoleState) ElementType ¶
type SamlProvider ¶
type SamlProvider struct { pulumi.CustomResourceState // The ARN assigned by AWS for this provider. Arn pulumi.StringOutput `pulumi:"arn"` // The name of the provider to create. Name pulumi.StringOutput `pulumi:"name"` // An XML document generated by an identity provider that supports SAML 2.0. SamlMetadataDocument pulumi.StringOutput `pulumi:"samlMetadataDocument"` // The expiration date and time for the SAML provider in RFC1123 format, e.g. `Mon, 02 Jan 2006 15:04:05 MST`. ValidUntil pulumi.StringOutput `pulumi:"validUntil"` }
Provides an IAM SAML provider.
func GetSamlProvider ¶
func GetSamlProvider(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SamlProviderState, opts ...pulumi.ResourceOption) (*SamlProvider, error)
GetSamlProvider gets an existing SamlProvider resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewSamlProvider ¶
func NewSamlProvider(ctx *pulumi.Context, name string, args *SamlProviderArgs, opts ...pulumi.ResourceOption) (*SamlProvider, error)
NewSamlProvider registers a new resource with the given unique name, arguments, and options.
type SamlProviderArgs ¶
type SamlProviderArgs struct { // The name of the provider to create. Name pulumi.StringPtrInput // An XML document generated by an identity provider that supports SAML 2.0. SamlMetadataDocument pulumi.StringInput }
The set of arguments for constructing a SamlProvider resource.
func (SamlProviderArgs) ElementType ¶
func (SamlProviderArgs) ElementType() reflect.Type
type SamlProviderState ¶
type SamlProviderState struct { // The ARN assigned by AWS for this provider. Arn pulumi.StringPtrInput // The name of the provider to create. Name pulumi.StringPtrInput // An XML document generated by an identity provider that supports SAML 2.0. SamlMetadataDocument pulumi.StringPtrInput // The expiration date and time for the SAML provider in RFC1123 format, e.g. `Mon, 02 Jan 2006 15:04:05 MST`. ValidUntil pulumi.StringPtrInput }
func (SamlProviderState) ElementType ¶
func (SamlProviderState) ElementType() reflect.Type
type ServerCertificate ¶
type ServerCertificate struct { pulumi.CustomResourceState // The Amazon Resource Name (ARN) specifying the server certificate. Arn pulumi.StringOutput `pulumi:"arn"` // The contents of the public key certificate in // PEM-encoded format. CertificateBody pulumi.StringOutput `pulumi:"certificateBody"` // The contents of the certificate chain. // This is typically a concatenation of the PEM-encoded public key certificates // of the chain. CertificateChain pulumi.StringPtrOutput `pulumi:"certificateChain"` // The name of the Server Certificate. Do not include the // path in this value. If omitted, this provider will assign a random, unique name. Name pulumi.StringOutput `pulumi:"name"` // Creates a unique name beginning with the specified // prefix. Conflicts with `name`. NamePrefix pulumi.StringPtrOutput `pulumi:"namePrefix"` // The IAM path for the server certificate. If it is not // included, it defaults to a slash (/). If this certificate is for use with // AWS CloudFront, the path must be in format `/cloudfront/your_path_here`. // See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more details on IAM Paths. Path pulumi.StringPtrOutput `pulumi:"path"` // The contents of the private key in PEM-encoded format. PrivateKey pulumi.StringOutput `pulumi:"privateKey"` }
Provides an IAM Server Certificate resource to upload Server Certificates. Certs uploaded to IAM can easily work with other AWS services such as:
- AWS Elastic Beanstalk - Elastic Load Balancing - CloudFront - AWS OpsWorks
For information about server certificates in IAM, see [Managing Server Certificates][2] in AWS Documentation.
> **Note:** All arguments including the private key will be stored in the raw state as plain-text.
func GetServerCertificate ¶
func GetServerCertificate(ctx *pulumi.Context, name string, id pulumi.IDInput, state *ServerCertificateState, opts ...pulumi.ResourceOption) (*ServerCertificate, error)
GetServerCertificate gets an existing ServerCertificate resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewServerCertificate ¶
func NewServerCertificate(ctx *pulumi.Context, name string, args *ServerCertificateArgs, opts ...pulumi.ResourceOption) (*ServerCertificate, error)
NewServerCertificate registers a new resource with the given unique name, arguments, and options.
type ServerCertificateArgs ¶
type ServerCertificateArgs struct { // The Amazon Resource Name (ARN) specifying the server certificate. Arn pulumi.StringPtrInput // The contents of the public key certificate in // PEM-encoded format. CertificateBody pulumi.StringInput // The contents of the certificate chain. // This is typically a concatenation of the PEM-encoded public key certificates // of the chain. CertificateChain pulumi.StringPtrInput // The name of the Server Certificate. Do not include the // path in this value. If omitted, this provider will assign a random, unique name. Name pulumi.StringPtrInput // Creates a unique name beginning with the specified // prefix. Conflicts with `name`. NamePrefix pulumi.StringPtrInput // The IAM path for the server certificate. If it is not // included, it defaults to a slash (/). If this certificate is for use with // AWS CloudFront, the path must be in format `/cloudfront/your_path_here`. // See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more details on IAM Paths. Path pulumi.StringPtrInput // The contents of the private key in PEM-encoded format. PrivateKey pulumi.StringInput }
The set of arguments for constructing a ServerCertificate resource.
func (ServerCertificateArgs) ElementType ¶
func (ServerCertificateArgs) ElementType() reflect.Type
type ServerCertificateState ¶
type ServerCertificateState struct { // The Amazon Resource Name (ARN) specifying the server certificate. Arn pulumi.StringPtrInput // The contents of the public key certificate in // PEM-encoded format. CertificateBody pulumi.StringPtrInput // The contents of the certificate chain. // This is typically a concatenation of the PEM-encoded public key certificates // of the chain. CertificateChain pulumi.StringPtrInput // The name of the Server Certificate. Do not include the // path in this value. If omitted, this provider will assign a random, unique name. Name pulumi.StringPtrInput // Creates a unique name beginning with the specified // prefix. Conflicts with `name`. NamePrefix pulumi.StringPtrInput // The IAM path for the server certificate. If it is not // included, it defaults to a slash (/). If this certificate is for use with // AWS CloudFront, the path must be in format `/cloudfront/your_path_here`. // See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more details on IAM Paths. Path pulumi.StringPtrInput // The contents of the private key in PEM-encoded format. PrivateKey pulumi.StringPtrInput }
func (ServerCertificateState) ElementType ¶
func (ServerCertificateState) ElementType() reflect.Type
type ServiceLinkedRole ¶
type ServiceLinkedRole struct { pulumi.CustomResourceState // The Amazon Resource Name (ARN) specifying the role. Arn pulumi.StringOutput `pulumi:"arn"` // The AWS service to which this role is attached. You use a string similar to a URL but without the `http://` in front. For example: `elasticbeanstalk.amazonaws.com`. To find the full list of services that support service-linked roles, check [the docs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html). AwsServiceName pulumi.StringOutput `pulumi:"awsServiceName"` // The creation date of the IAM role. CreateDate pulumi.StringOutput `pulumi:"createDate"` // Additional string appended to the role name. Not all AWS services support custom suffixes. CustomSuffix pulumi.StringPtrOutput `pulumi:"customSuffix"` // The description of the role. Description pulumi.StringPtrOutput `pulumi:"description"` // The name of the role. Name pulumi.StringOutput `pulumi:"name"` // The path of the role. Path pulumi.StringOutput `pulumi:"path"` // The stable and unique string identifying the role. UniqueId pulumi.StringOutput `pulumi:"uniqueId"` }
Provides an [IAM service-linked role](https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html).
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := iam.NewServiceLinkedRole(ctx, "elasticbeanstalk", &iam.ServiceLinkedRoleArgs{ AwsServiceName: pulumi.String("elasticbeanstalk.amazonaws.com"), }) if err != nil { return err } return nil }) }
```
func GetServiceLinkedRole ¶
func GetServiceLinkedRole(ctx *pulumi.Context, name string, id pulumi.IDInput, state *ServiceLinkedRoleState, opts ...pulumi.ResourceOption) (*ServiceLinkedRole, error)
GetServiceLinkedRole gets an existing ServiceLinkedRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewServiceLinkedRole ¶
func NewServiceLinkedRole(ctx *pulumi.Context, name string, args *ServiceLinkedRoleArgs, opts ...pulumi.ResourceOption) (*ServiceLinkedRole, error)
NewServiceLinkedRole registers a new resource with the given unique name, arguments, and options.
type ServiceLinkedRoleArgs ¶
type ServiceLinkedRoleArgs struct { // The AWS service to which this role is attached. You use a string similar to a URL but without the `http://` in front. For example: `elasticbeanstalk.amazonaws.com`. To find the full list of services that support service-linked roles, check [the docs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html). AwsServiceName pulumi.StringInput // Additional string appended to the role name. Not all AWS services support custom suffixes. CustomSuffix pulumi.StringPtrInput // The description of the role. Description pulumi.StringPtrInput }
The set of arguments for constructing a ServiceLinkedRole resource.
func (ServiceLinkedRoleArgs) ElementType ¶
func (ServiceLinkedRoleArgs) ElementType() reflect.Type
type ServiceLinkedRoleState ¶
type ServiceLinkedRoleState struct { // The Amazon Resource Name (ARN) specifying the role. Arn pulumi.StringPtrInput // The AWS service to which this role is attached. You use a string similar to a URL but without the `http://` in front. For example: `elasticbeanstalk.amazonaws.com`. To find the full list of services that support service-linked roles, check [the docs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html). AwsServiceName pulumi.StringPtrInput // The creation date of the IAM role. CreateDate pulumi.StringPtrInput // Additional string appended to the role name. Not all AWS services support custom suffixes. CustomSuffix pulumi.StringPtrInput // The description of the role. Description pulumi.StringPtrInput // The name of the role. Name pulumi.StringPtrInput // The path of the role. Path pulumi.StringPtrInput // The stable and unique string identifying the role. UniqueId pulumi.StringPtrInput }
func (ServiceLinkedRoleState) ElementType ¶
func (ServiceLinkedRoleState) ElementType() reflect.Type
type SshKey ¶
type SshKey struct { pulumi.CustomResourceState // Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use `SSH`. To retrieve the public key in PEM format, use `PEM`. Encoding pulumi.StringOutput `pulumi:"encoding"` // The MD5 message digest of the SSH public key. Fingerprint pulumi.StringOutput `pulumi:"fingerprint"` // The SSH public key. The public key must be encoded in ssh-rsa format or PEM format. PublicKey pulumi.StringOutput `pulumi:"publicKey"` // The unique identifier for the SSH public key. SshPublicKeyId pulumi.StringOutput `pulumi:"sshPublicKeyId"` // The status to assign to the SSH public key. Active means the key can be used for authentication with an AWS CodeCommit repository. Inactive means the key cannot be used. Default is `active`. Status pulumi.StringOutput `pulumi:"status"` // The name of the IAM user to associate the SSH public key with. Username pulumi.StringOutput `pulumi:"username"` }
Uploads an SSH public key and associates it with the specified IAM user.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { userUser, err := iam.NewUser(ctx, "userUser", &iam.UserArgs{ Path: pulumi.String("/"), }) if err != nil { return err } _, err = iam.NewSshKey(ctx, "userSshKey", &iam.SshKeyArgs{ Username: userUser.Name, Encoding: pulumi.String("SSH"), PublicKey: pulumi.String("ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 mytest@mydomain.com"), }) if err != nil { return err } return nil }) }
```
func GetSshKey ¶
func GetSshKey(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SshKeyState, opts ...pulumi.ResourceOption) (*SshKey, error)
GetSshKey gets an existing SshKey resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewSshKey ¶
func NewSshKey(ctx *pulumi.Context, name string, args *SshKeyArgs, opts ...pulumi.ResourceOption) (*SshKey, error)
NewSshKey registers a new resource with the given unique name, arguments, and options.
type SshKeyArgs ¶
type SshKeyArgs struct { // Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use `SSH`. To retrieve the public key in PEM format, use `PEM`. Encoding pulumi.StringInput // The SSH public key. The public key must be encoded in ssh-rsa format or PEM format. PublicKey pulumi.StringInput // The status to assign to the SSH public key. Active means the key can be used for authentication with an AWS CodeCommit repository. Inactive means the key cannot be used. Default is `active`. Status pulumi.StringPtrInput // The name of the IAM user to associate the SSH public key with. Username pulumi.StringInput }
The set of arguments for constructing a SshKey resource.
func (SshKeyArgs) ElementType ¶
func (SshKeyArgs) ElementType() reflect.Type
type SshKeyState ¶
type SshKeyState struct { // Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use `SSH`. To retrieve the public key in PEM format, use `PEM`. Encoding pulumi.StringPtrInput // The MD5 message digest of the SSH public key. Fingerprint pulumi.StringPtrInput // The SSH public key. The public key must be encoded in ssh-rsa format or PEM format. PublicKey pulumi.StringPtrInput // The unique identifier for the SSH public key. SshPublicKeyId pulumi.StringPtrInput // The status to assign to the SSH public key. Active means the key can be used for authentication with an AWS CodeCommit repository. Inactive means the key cannot be used. Default is `active`. Status pulumi.StringPtrInput // The name of the IAM user to associate the SSH public key with. Username pulumi.StringPtrInput }
func (SshKeyState) ElementType ¶
func (SshKeyState) ElementType() reflect.Type
type User ¶
type User struct { pulumi.CustomResourceState // The ARN assigned by AWS for this user. Arn pulumi.StringOutput `pulumi:"arn"` // When destroying this user, destroy even if it // has non-provider-managed IAM access keys, login profile or MFA devices. Without `forceDestroy` // a user with non-provider-managed access keys and login profile will fail to be destroyed. ForceDestroy pulumi.BoolPtrOutput `pulumi:"forceDestroy"` // The user's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: `=,.@-_.`. User names are not distinguished by case. For example, you cannot create users named both "TESTUSER" and "testuser". Name pulumi.StringOutput `pulumi:"name"` // Path in which to create the user. Path pulumi.StringPtrOutput `pulumi:"path"` // The ARN of the policy that is used to set the permissions boundary for the user. PermissionsBoundary pulumi.StringPtrOutput `pulumi:"permissionsBoundary"` // Key-value mapping of tags for the IAM user Tags pulumi.StringMapOutput `pulumi:"tags"` // The [unique ID][1] assigned by AWS. UniqueId pulumi.StringOutput `pulumi:"uniqueId"` }
Provides an IAM user.
> *NOTE:* If policies are attached to the user via the `iam.PolicyAttachment` resource and you are modifying the user `name` or `path`, the `forceDestroy` argument must be set to `true` and applied before attempting the operation otherwise you will encounter a `DeleteConflict` error. The `iam.UserPolicyAttachment` resource (recommended) does not have this requirement.
## Example Usage
```go package main
import (
"fmt" "github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { lbUser, err := iam.NewUser(ctx, "lbUser", &iam.UserArgs{ Path: pulumi.String("/system/"), Tags: pulumi.StringMap{ "tag-key": pulumi.String("tag-value"), }, }) if err != nil { return err } _, err = iam.NewAccessKey(ctx, "lbAccessKey", &iam.AccessKeyArgs{ User: lbUser.Name, }) if err != nil { return err } _, err = iam.NewUserPolicy(ctx, "lbRo", &iam.UserPolicyArgs{ User: lbUser.Name, Policy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", " \"Version\": \"2012-10-17\",\n", " \"Statement\": [\n", " {\n", " \"Action\": [\n", " \"ec2:Describe*\"\n", " ],\n", " \"Effect\": \"Allow\",\n", " \"Resource\": \"*\"\n", " }\n", " ]\n", "}\n")), }) if err != nil { return err } return nil }) }
```
func GetUser ¶
func GetUser(ctx *pulumi.Context, name string, id pulumi.IDInput, state *UserState, opts ...pulumi.ResourceOption) (*User, error)
GetUser gets an existing User resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
type UserArgs ¶
type UserArgs struct { // When destroying this user, destroy even if it // has non-provider-managed IAM access keys, login profile or MFA devices. Without `forceDestroy` // a user with non-provider-managed access keys and login profile will fail to be destroyed. ForceDestroy pulumi.BoolPtrInput // The user's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: `=,.@-_.`. User names are not distinguished by case. For example, you cannot create users named both "TESTUSER" and "testuser". Name pulumi.StringPtrInput // Path in which to create the user. Path pulumi.StringPtrInput // The ARN of the policy that is used to set the permissions boundary for the user. PermissionsBoundary pulumi.StringPtrInput // Key-value mapping of tags for the IAM user Tags pulumi.StringMapInput }
The set of arguments for constructing a User resource.
func (UserArgs) ElementType ¶
type UserGroupMembership ¶
type UserGroupMembership struct { pulumi.CustomResourceState // A list of [IAM Groups](https://www.terraform.io/docs/providers/aws/r/iam_group.html) to add the user to Groups pulumi.StringArrayOutput `pulumi:"groups"` // The name of the [IAM User](https://www.terraform.io/docs/providers/aws/r/iam_user.html) to add to groups User pulumi.StringOutput `pulumi:"user"` }
Provides a resource for adding an [IAM User](https://www.terraform.io/docs/providers/aws/r/iam_user.html) to [IAM Groups](https://www.terraform.io/docs/providers/aws/r/iam_group.html). This resource can be used multiple times with the same user for non-overlapping groups.
To exclusively manage the users in a group, see the [`iam.GroupMembership` resource][3].
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { user1, err := iam.NewUser(ctx, "user1", nil) if err != nil { return err } group1, err := iam.NewGroup(ctx, "group1", nil) if err != nil { return err } group2, err := iam.NewGroup(ctx, "group2", nil) if err != nil { return err } _, err = iam.NewUserGroupMembership(ctx, "example1", &iam.UserGroupMembershipArgs{ User: user1.Name, Groups: pulumi.StringArray{ group1.Name, group2.Name, }, }) if err != nil { return err } group3, err := iam.NewGroup(ctx, "group3", nil) if err != nil { return err } _, err = iam.NewUserGroupMembership(ctx, "example2", &iam.UserGroupMembershipArgs{ User: user1.Name, Groups: pulumi.StringArray{ group3.Name, }, }) if err != nil { return err } return nil }) }
```
func GetUserGroupMembership ¶
func GetUserGroupMembership(ctx *pulumi.Context, name string, id pulumi.IDInput, state *UserGroupMembershipState, opts ...pulumi.ResourceOption) (*UserGroupMembership, error)
GetUserGroupMembership gets an existing UserGroupMembership resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewUserGroupMembership ¶
func NewUserGroupMembership(ctx *pulumi.Context, name string, args *UserGroupMembershipArgs, opts ...pulumi.ResourceOption) (*UserGroupMembership, error)
NewUserGroupMembership registers a new resource with the given unique name, arguments, and options.
type UserGroupMembershipArgs ¶
type UserGroupMembershipArgs struct { // A list of [IAM Groups](https://www.terraform.io/docs/providers/aws/r/iam_group.html) to add the user to Groups pulumi.StringArrayInput // The name of the [IAM User](https://www.terraform.io/docs/providers/aws/r/iam_user.html) to add to groups User pulumi.StringInput }
The set of arguments for constructing a UserGroupMembership resource.
func (UserGroupMembershipArgs) ElementType ¶
func (UserGroupMembershipArgs) ElementType() reflect.Type
type UserGroupMembershipState ¶
type UserGroupMembershipState struct { // A list of [IAM Groups](https://www.terraform.io/docs/providers/aws/r/iam_group.html) to add the user to Groups pulumi.StringArrayInput // The name of the [IAM User](https://www.terraform.io/docs/providers/aws/r/iam_user.html) to add to groups User pulumi.StringPtrInput }
func (UserGroupMembershipState) ElementType ¶
func (UserGroupMembershipState) ElementType() reflect.Type
type UserLoginProfile ¶
type UserLoginProfile struct { pulumi.CustomResourceState // The encrypted password, base64 encoded. Only available if password was handled on this provider resource creation, not import. EncryptedPassword pulumi.StringOutput `pulumi:"encryptedPassword"` // The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import. KeyFingerprint pulumi.StringOutput `pulumi:"keyFingerprint"` // The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. PasswordLength pulumi.IntPtrOutput `pulumi:"passwordLength"` // Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. PasswordResetRequired pulumi.BoolPtrOutput `pulumi:"passwordResetRequired"` // Either a base-64 encoded PGP public key, or a keybase username in the form `keybase:username`. Only applies on resource creation. Drift detection is not possible with this argument. PgpKey pulumi.StringOutput `pulumi:"pgpKey"` // The IAM user's name. User pulumi.StringOutput `pulumi:"user"` }
Manages an IAM User Login Profile with limited support for password creation during this provider resource creation. Uses PGP to encrypt the password for safe transport to the user. PGP keys can be obtained from Keybase.
> To reset an IAM User login password via this provider, you can use delete and recreate this resource or change any of the arguments.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { exampleUser, err := iam.NewUser(ctx, "exampleUser", &iam.UserArgs{ Path: pulumi.String("/"), ForceDestroy: pulumi.Bool(true), }) if err != nil { return err } exampleUserLoginProfile, err := iam.NewUserLoginProfile(ctx, "exampleUserLoginProfile", &iam.UserLoginProfileArgs{ User: exampleUser.Name, PgpKey: pulumi.String("keybase:some_person_that_exists"), }) if err != nil { return err } ctx.Export("password", exampleUserLoginProfile.EncryptedPassword) return nil }) }
```
func GetUserLoginProfile ¶
func GetUserLoginProfile(ctx *pulumi.Context, name string, id pulumi.IDInput, state *UserLoginProfileState, opts ...pulumi.ResourceOption) (*UserLoginProfile, error)
GetUserLoginProfile gets an existing UserLoginProfile resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewUserLoginProfile ¶
func NewUserLoginProfile(ctx *pulumi.Context, name string, args *UserLoginProfileArgs, opts ...pulumi.ResourceOption) (*UserLoginProfile, error)
NewUserLoginProfile registers a new resource with the given unique name, arguments, and options.
type UserLoginProfileArgs ¶
type UserLoginProfileArgs struct { // The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. PasswordLength pulumi.IntPtrInput // Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. PasswordResetRequired pulumi.BoolPtrInput // Either a base-64 encoded PGP public key, or a keybase username in the form `keybase:username`. Only applies on resource creation. Drift detection is not possible with this argument. PgpKey pulumi.StringInput // The IAM user's name. User pulumi.StringInput }
The set of arguments for constructing a UserLoginProfile resource.
func (UserLoginProfileArgs) ElementType ¶
func (UserLoginProfileArgs) ElementType() reflect.Type
type UserLoginProfileState ¶
type UserLoginProfileState struct { // The encrypted password, base64 encoded. Only available if password was handled on this provider resource creation, not import. EncryptedPassword pulumi.StringPtrInput // The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import. KeyFingerprint pulumi.StringPtrInput // The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. PasswordLength pulumi.IntPtrInput // Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. PasswordResetRequired pulumi.BoolPtrInput // Either a base-64 encoded PGP public key, or a keybase username in the form `keybase:username`. Only applies on resource creation. Drift detection is not possible with this argument. PgpKey pulumi.StringPtrInput // The IAM user's name. User pulumi.StringPtrInput }
func (UserLoginProfileState) ElementType ¶
func (UserLoginProfileState) ElementType() reflect.Type
type UserPolicy ¶
type UserPolicy struct { pulumi.CustomResourceState // The name of the policy. If omitted, this provider will assign a random, unique name. Name pulumi.StringOutput `pulumi:"name"` // Creates a unique name beginning with the specified prefix. Conflicts with `name`. NamePrefix pulumi.StringPtrOutput `pulumi:"namePrefix"` // The policy document. This is a JSON formatted string. Policy pulumi.StringOutput `pulumi:"policy"` // IAM user to which to attach this policy. User pulumi.StringOutput `pulumi:"user"` }
Provides an IAM policy attached to a user.
## Example Usage
```go package main
import (
"fmt" "github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { lbUser, err := iam.NewUser(ctx, "lbUser", &iam.UserArgs{ Path: pulumi.String("/system/"), }) if err != nil { return err } _, err = iam.NewUserPolicy(ctx, "lbRo", &iam.UserPolicyArgs{ User: lbUser.Name, Policy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", " \"Version\": \"2012-10-17\",\n", " \"Statement\": [\n", " {\n", " \"Action\": [\n", " \"ec2:Describe*\"\n", " ],\n", " \"Effect\": \"Allow\",\n", " \"Resource\": \"*\"\n", " }\n", " ]\n", "}\n")), }) if err != nil { return err } _, err = iam.NewAccessKey(ctx, "lbAccessKey", &iam.AccessKeyArgs{ User: lbUser.Name, }) if err != nil { return err } return nil }) }
```
func GetUserPolicy ¶
func GetUserPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *UserPolicyState, opts ...pulumi.ResourceOption) (*UserPolicy, error)
GetUserPolicy gets an existing UserPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewUserPolicy ¶
func NewUserPolicy(ctx *pulumi.Context, name string, args *UserPolicyArgs, opts ...pulumi.ResourceOption) (*UserPolicy, error)
NewUserPolicy registers a new resource with the given unique name, arguments, and options.
type UserPolicyArgs ¶
type UserPolicyArgs struct { // The name of the policy. If omitted, this provider will assign a random, unique name. Name pulumi.StringPtrInput // Creates a unique name beginning with the specified prefix. Conflicts with `name`. NamePrefix pulumi.StringPtrInput // The policy document. This is a JSON formatted string. Policy pulumi.Input // IAM user to which to attach this policy. User pulumi.StringInput }
The set of arguments for constructing a UserPolicy resource.
func (UserPolicyArgs) ElementType ¶
func (UserPolicyArgs) ElementType() reflect.Type
type UserPolicyAttachment ¶
type UserPolicyAttachment struct { pulumi.CustomResourceState // The ARN of the policy you want to apply PolicyArn pulumi.StringOutput `pulumi:"policyArn"` // The user the policy should be applied to User pulumi.StringOutput `pulumi:"user"` }
Attaches a Managed IAM Policy to an IAM user
> **NOTE:** The usage of this resource conflicts with the `iam.PolicyAttachment` resource and will permanently show a difference if both are defined.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { user, err := iam.NewUser(ctx, "user", nil) if err != nil { return err } policy, err := iam.NewPolicy(ctx, "policy", &iam.PolicyArgs{ Description: pulumi.String("A test policy"), Policy: pulumi.String("{ ... policy JSON ... }"), }) if err != nil { return err } _, err = iam.NewUserPolicyAttachment(ctx, "test_attach", &iam.UserPolicyAttachmentArgs{ User: user.Name, PolicyArn: policy.Arn, }) if err != nil { return err } return nil }) }
```
func GetUserPolicyAttachment ¶
func GetUserPolicyAttachment(ctx *pulumi.Context, name string, id pulumi.IDInput, state *UserPolicyAttachmentState, opts ...pulumi.ResourceOption) (*UserPolicyAttachment, error)
GetUserPolicyAttachment gets an existing UserPolicyAttachment resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewUserPolicyAttachment ¶
func NewUserPolicyAttachment(ctx *pulumi.Context, name string, args *UserPolicyAttachmentArgs, opts ...pulumi.ResourceOption) (*UserPolicyAttachment, error)
NewUserPolicyAttachment registers a new resource with the given unique name, arguments, and options.
type UserPolicyAttachmentArgs ¶
type UserPolicyAttachmentArgs struct { // The ARN of the policy you want to apply PolicyArn pulumi.StringInput // The user the policy should be applied to User pulumi.Input }
The set of arguments for constructing a UserPolicyAttachment resource.
func (UserPolicyAttachmentArgs) ElementType ¶
func (UserPolicyAttachmentArgs) ElementType() reflect.Type
type UserPolicyAttachmentState ¶
type UserPolicyAttachmentState struct { // The ARN of the policy you want to apply PolicyArn pulumi.StringPtrInput // The user the policy should be applied to User pulumi.StringPtrInput }
func (UserPolicyAttachmentState) ElementType ¶
func (UserPolicyAttachmentState) ElementType() reflect.Type
type UserPolicyState ¶
type UserPolicyState struct { // The name of the policy. If omitted, this provider will assign a random, unique name. Name pulumi.StringPtrInput // Creates a unique name beginning with the specified prefix. Conflicts with `name`. NamePrefix pulumi.StringPtrInput // The policy document. This is a JSON formatted string. Policy pulumi.StringPtrInput // IAM user to which to attach this policy. User pulumi.StringPtrInput }
func (UserPolicyState) ElementType ¶
func (UserPolicyState) ElementType() reflect.Type
type UserState ¶
type UserState struct { // The ARN assigned by AWS for this user. Arn pulumi.StringPtrInput // When destroying this user, destroy even if it // has non-provider-managed IAM access keys, login profile or MFA devices. Without `forceDestroy` // a user with non-provider-managed access keys and login profile will fail to be destroyed. ForceDestroy pulumi.BoolPtrInput // The user's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: `=,.@-_.`. User names are not distinguished by case. For example, you cannot create users named both "TESTUSER" and "testuser". Name pulumi.StringPtrInput // Path in which to create the user. Path pulumi.StringPtrInput // The ARN of the policy that is used to set the permissions boundary for the user. PermissionsBoundary pulumi.StringPtrInput // Key-value mapping of tags for the IAM user Tags pulumi.StringMapInput // The [unique ID][1] assigned by AWS. UniqueId pulumi.StringPtrInput }
func (UserState) ElementType ¶
Source Files ¶
- accessKey.go
- accountAlias.go
- accountPasswordPolicy.go
- getAccountAlias.go
- getGroup.go
- getInstanceProfile.go
- getPolicy.go
- getPolicyDocument.go
- getRole.go
- getServerCertificate.go
- getUser.go
- group.go
- groupMembership.go
- groupPolicy.go
- groupPolicyAttachment.go
- instanceProfile.go
- openIdConnectProvider.go
- policy.go
- policyAttachment.go
- pulumiTypes.go
- role.go
- rolePolicy.go
- rolePolicyAttachment.go
- samlProvider.go
- serverCertificate.go
- serviceLinkedRole.go
- sshKey.go
- user.go
- userGroupMembership.go
- userLoginProfile.go
- userPolicy.go
- userPolicyAttachment.go