aws

package
v6.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 16, 2025 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthBackendCert 

type AuthBackendCert struct {
	pulumi.CustomResourceState

	// The  Base64 encoded AWS Public key required to
	// verify PKCS7 signature of the EC2 instance metadata. You can find this key in
	// the [AWS
	// documentation](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html).
	AwsPublicCert pulumi.StringOutput `pulumi:"awsPublicCert"`
	// The path the AWS auth backend being configured was
	// mounted at.  Defaults to `aws`.
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// The name of the certificate.
	CertName pulumi.StringOutput `pulumi:"certName"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Either "pkcs7" or "identity", indicating the type of
	// document which can be verified using the given certificate. Defaults to
	// "pkcs7".
	Type pulumi.StringPtrOutput `pulumi:"type"`
}

## Example Usage

## Import

AWS auth backend certificates can be imported using `auth/`, the `backend` path, `/config/certificate/`, and the `cert_name` e.g.

```sh $ pulumi import vault:aws/authBackendCert:AuthBackendCert example auth/aws/config/certificate/my-cert ```

func GetAuthBackendCert 

func GetAuthBackendCert(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendCertState, opts ...pulumi.ResourceOption) (*AuthBackendCert, error)

GetAuthBackendCert gets an existing AuthBackendCert resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendCert 

func NewAuthBackendCert(ctx *pulumi.Context,
	name string, args *AuthBackendCertArgs, opts ...pulumi.ResourceOption) (*AuthBackendCert, error)

NewAuthBackendCert registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendCert) ElementType 

func (*AuthBackendCert) ElementType() reflect.Type

func (*AuthBackendCert) ToAuthBackendCertOutput 

func (i *AuthBackendCert) ToAuthBackendCertOutput() AuthBackendCertOutput

func (*AuthBackendCert) ToAuthBackendCertOutputWithContext 

func (i *AuthBackendCert) ToAuthBackendCertOutputWithContext(ctx context.Context) AuthBackendCertOutput

type AuthBackendCertArgs 

type AuthBackendCertArgs struct {
	// The  Base64 encoded AWS Public key required to
	// verify PKCS7 signature of the EC2 instance metadata. You can find this key in
	// the [AWS
	// documentation](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html).
	AwsPublicCert pulumi.StringInput
	// The path the AWS auth backend being configured was
	// mounted at.  Defaults to `aws`.
	Backend pulumi.StringPtrInput
	// The name of the certificate.
	CertName pulumi.StringInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Either "pkcs7" or "identity", indicating the type of
	// document which can be verified using the given certificate. Defaults to
	// "pkcs7".
	Type pulumi.StringPtrInput
}

The set of arguments for constructing a AuthBackendCert resource.

func (AuthBackendCertArgs) ElementType 

func (AuthBackendCertArgs) ElementType() reflect.Type

type AuthBackendCertArray 

type AuthBackendCertArray []AuthBackendCertInput

func (AuthBackendCertArray) ElementType 

func (AuthBackendCertArray) ElementType() reflect.Type

func (AuthBackendCertArray) ToAuthBackendCertArrayOutput 

func (i AuthBackendCertArray) ToAuthBackendCertArrayOutput() AuthBackendCertArrayOutput

func (AuthBackendCertArray) ToAuthBackendCertArrayOutputWithContext 

func (i AuthBackendCertArray) ToAuthBackendCertArrayOutputWithContext(ctx context.Context) AuthBackendCertArrayOutput

type AuthBackendCertArrayInput 

type AuthBackendCertArrayInput interface {
	pulumi.Input

	ToAuthBackendCertArrayOutput() AuthBackendCertArrayOutput
	ToAuthBackendCertArrayOutputWithContext(context.Context) AuthBackendCertArrayOutput
}

AuthBackendCertArrayInput is an input type that accepts AuthBackendCertArray and AuthBackendCertArrayOutput values. You can construct a concrete instance of `AuthBackendCertArrayInput` via: 

AuthBackendCertArray{ AuthBackendCertArgs{...} }

type AuthBackendCertArrayOutput 

type AuthBackendCertArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendCertArrayOutput) ElementType 

func (AuthBackendCertArrayOutput) ElementType() reflect.Type

func (AuthBackendCertArrayOutput) Index 

func (o AuthBackendCertArrayOutput) Index(i pulumi.IntInput) AuthBackendCertOutput

func (AuthBackendCertArrayOutput) ToAuthBackendCertArrayOutput 

func (o AuthBackendCertArrayOutput) ToAuthBackendCertArrayOutput() AuthBackendCertArrayOutput

func (AuthBackendCertArrayOutput) ToAuthBackendCertArrayOutputWithContext 

func (o AuthBackendCertArrayOutput) ToAuthBackendCertArrayOutputWithContext(ctx context.Context) AuthBackendCertArrayOutput

type AuthBackendCertInput 

type AuthBackendCertInput interface {
	pulumi.Input

	ToAuthBackendCertOutput() AuthBackendCertOutput
	ToAuthBackendCertOutputWithContext(ctx context.Context) AuthBackendCertOutput
}

type AuthBackendCertMap 

type AuthBackendCertMap map[string]AuthBackendCertInput

func (AuthBackendCertMap) ElementType 

func (AuthBackendCertMap) ElementType() reflect.Type

func (AuthBackendCertMap) ToAuthBackendCertMapOutput 

func (i AuthBackendCertMap) ToAuthBackendCertMapOutput() AuthBackendCertMapOutput

func (AuthBackendCertMap) ToAuthBackendCertMapOutputWithContext 

func (i AuthBackendCertMap) ToAuthBackendCertMapOutputWithContext(ctx context.Context) AuthBackendCertMapOutput

type AuthBackendCertMapInput 

type AuthBackendCertMapInput interface {
	pulumi.Input

	ToAuthBackendCertMapOutput() AuthBackendCertMapOutput
	ToAuthBackendCertMapOutputWithContext(context.Context) AuthBackendCertMapOutput
}

AuthBackendCertMapInput is an input type that accepts AuthBackendCertMap and AuthBackendCertMapOutput values. You can construct a concrete instance of `AuthBackendCertMapInput` via: 

AuthBackendCertMap{ "key": AuthBackendCertArgs{...} }

type AuthBackendCertMapOutput 

type AuthBackendCertMapOutput struct{ *pulumi.OutputState }

func (AuthBackendCertMapOutput) ElementType 

func (AuthBackendCertMapOutput) ElementType() reflect.Type

func (AuthBackendCertMapOutput) MapIndex 

func (o AuthBackendCertMapOutput) MapIndex(k pulumi.StringInput) AuthBackendCertOutput

func (AuthBackendCertMapOutput) ToAuthBackendCertMapOutput 

func (o AuthBackendCertMapOutput) ToAuthBackendCertMapOutput() AuthBackendCertMapOutput

func (AuthBackendCertMapOutput) ToAuthBackendCertMapOutputWithContext 

func (o AuthBackendCertMapOutput) ToAuthBackendCertMapOutputWithContext(ctx context.Context) AuthBackendCertMapOutput

type AuthBackendCertOutput 

type AuthBackendCertOutput struct{ *pulumi.OutputState }

func (AuthBackendCertOutput) AwsPublicCert 

func (o AuthBackendCertOutput) AwsPublicCert() pulumi.StringOutput

The Base64 encoded AWS Public key required to verify PKCS7 signature of the EC2 instance metadata. You can find this key in the [AWS documentation](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html).

func (AuthBackendCertOutput) Backend 

func (o AuthBackendCertOutput) Backend() pulumi.StringPtrOutput

The path the AWS auth backend being configured was mounted at. Defaults to `aws`.

func (AuthBackendCertOutput) CertName 

func (o AuthBackendCertOutput) CertName() pulumi.StringOutput

The name of the certificate.

func (AuthBackendCertOutput) ElementType 

func (AuthBackendCertOutput) ElementType() reflect.Type

func (AuthBackendCertOutput) Namespace 

func (o AuthBackendCertOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (AuthBackendCertOutput) ToAuthBackendCertOutput 

func (o AuthBackendCertOutput) ToAuthBackendCertOutput() AuthBackendCertOutput

func (AuthBackendCertOutput) ToAuthBackendCertOutputWithContext 

func (o AuthBackendCertOutput) ToAuthBackendCertOutputWithContext(ctx context.Context) AuthBackendCertOutput

func (AuthBackendCertOutput) Type 

func (o AuthBackendCertOutput) Type() pulumi.StringPtrOutput

Either "pkcs7" or "identity", indicating the type of document which can be verified using the given certificate. Defaults to "pkcs7".

type AuthBackendCertState 

type AuthBackendCertState struct {
	// The  Base64 encoded AWS Public key required to
	// verify PKCS7 signature of the EC2 instance metadata. You can find this key in
	// the [AWS
	// documentation](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html).
	AwsPublicCert pulumi.StringPtrInput
	// The path the AWS auth backend being configured was
	// mounted at.  Defaults to `aws`.
	Backend pulumi.StringPtrInput
	// The name of the certificate.
	CertName pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Either "pkcs7" or "identity", indicating the type of
	// document which can be verified using the given certificate. Defaults to
	// "pkcs7".
	Type pulumi.StringPtrInput
}

func (AuthBackendCertState) ElementType 

func (AuthBackendCertState) ElementType() reflect.Type

type AuthBackendClient 

type AuthBackendClient struct {
	pulumi.CustomResourceState

	// The AWS access key that Vault should use for the
	// auth backend. Mutually exclusive with `identityTokenAudience`.
	AccessKey pulumi.StringPtrOutput `pulumi:"accessKey"`
	// The path the AWS auth backend being configured was
	// mounted at.  Defaults to `aws`.
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// Override the URL Vault uses when making EC2 API
	// calls.
	Ec2Endpoint pulumi.StringPtrOutput `pulumi:"ec2Endpoint"`
	// Override the URL Vault uses when making IAM API
	// calls.
	IamEndpoint pulumi.StringPtrOutput `pulumi:"iamEndpoint"`
	// The value to require in the
	// `X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
	// that are used in the IAM auth method.
	IamServerIdHeaderValue pulumi.StringPtrOutput `pulumi:"iamServerIdHeaderValue"`
	// The audience claim value. Mutually exclusive with `accessKey`.
	// Requires Vault 1.17+. *Available only for Vault Enterprise*
	IdentityTokenAudience pulumi.StringPtrOutput `pulumi:"identityTokenAudience"`
	// The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
	// *Available only for Vault Enterprise*
	IdentityTokenTtl pulumi.IntOutput `pulumi:"identityTokenTtl"`
	// Number of max retries the client should use for recoverable errors.
	// The default `-1` falls back to the AWS SDK's default behavior.
	MaxRetries pulumi.IntPtrOutput `pulumi:"maxRetries"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
	// *Available only for Vault Enterprise*
	RoleArn pulumi.StringPtrOutput `pulumi:"roleArn"`
	// The AWS secret key that Vault should use for the
	// auth backend.
	SecretKey pulumi.StringPtrOutput `pulumi:"secretKey"`
	// Override the URL Vault uses when making STS API
	// calls.
	StsEndpoint pulumi.StringPtrOutput `pulumi:"stsEndpoint"`
	// Override the default region when making STS API
	// calls. The `stsEndpoint` argument must be set when using `stsRegion`.
	StsRegion pulumi.StringPtrOutput `pulumi:"stsRegion"`
	// Available in Vault v1.15+. If set,
	// overrides both `stsEndpoint` and `stsRegion` to instead use the region
	// specified in the client request headers for IAM-based authentication.
	// This can be useful when you have client requests coming from different
	// regions and want flexibility in which regional STS API is used.
	UseStsRegionFromClient pulumi.BoolOutput `pulumi:"useStsRegionFromClient"`
}

## Example Usage

You can setup the AWS auth engine with Workload Identity Federation (WIF) for a secret-less configuration: ```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/aws"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := vault.NewAuthBackend(ctx, "example", &vault.AuthBackendArgs{
			Type: pulumi.String("aws"),
		})
		if err != nil {
			return err
		}
		_, err = aws.NewAuthBackendClient(ctx, "example", &aws.AuthBackendClientArgs{
			IdentityTokenAudience: pulumi.String("<TOKEN_AUDIENCE>"),
			IdentityTokenTtl:      pulumi.Int("<TOKEN_TTL>"),
			RoleArn:               pulumi.String("<AWS_ROLE_ARN>"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/aws"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := vault.NewAuthBackend(ctx, "example", &vault.AuthBackendArgs{
			Type: pulumi.String("aws"),
		})
		if err != nil {
			return err
		}
		_, err = aws.NewAuthBackendClient(ctx, "example", &aws.AuthBackendClientArgs{
			Backend:   example.Path,
			AccessKey: pulumi.String("INSERT_AWS_ACCESS_KEY"),
			SecretKey: pulumi.String("INSERT_AWS_SECRET_KEY"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

AWS auth backend clients can be imported using `auth/`, the `backend` path, and `/config/client` e.g.

```sh $ pulumi import vault:aws/authBackendClient:AuthBackendClient example auth/aws/config/client ```

func GetAuthBackendClient 

func GetAuthBackendClient(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendClientState, opts ...pulumi.ResourceOption) (*AuthBackendClient, error)

GetAuthBackendClient gets an existing AuthBackendClient resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendClient 

func NewAuthBackendClient(ctx *pulumi.Context,
	name string, args *AuthBackendClientArgs, opts ...pulumi.ResourceOption) (*AuthBackendClient, error)

NewAuthBackendClient registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendClient) ElementType 

func (*AuthBackendClient) ElementType() reflect.Type

func (*AuthBackendClient) ToAuthBackendClientOutput 

func (i *AuthBackendClient) ToAuthBackendClientOutput() AuthBackendClientOutput

func (*AuthBackendClient) ToAuthBackendClientOutputWithContext 

func (i *AuthBackendClient) ToAuthBackendClientOutputWithContext(ctx context.Context) AuthBackendClientOutput

type AuthBackendClientArgs 

type AuthBackendClientArgs struct {
	// The AWS access key that Vault should use for the
	// auth backend. Mutually exclusive with `identityTokenAudience`.
	AccessKey pulumi.StringPtrInput
	// The path the AWS auth backend being configured was
	// mounted at.  Defaults to `aws`.
	Backend pulumi.StringPtrInput
	// Override the URL Vault uses when making EC2 API
	// calls.
	Ec2Endpoint pulumi.StringPtrInput
	// Override the URL Vault uses when making IAM API
	// calls.
	IamEndpoint pulumi.StringPtrInput
	// The value to require in the
	// `X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
	// that are used in the IAM auth method.
	IamServerIdHeaderValue pulumi.StringPtrInput
	// The audience claim value. Mutually exclusive with `accessKey`.
	// Requires Vault 1.17+. *Available only for Vault Enterprise*
	IdentityTokenAudience pulumi.StringPtrInput
	// The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
	// *Available only for Vault Enterprise*
	IdentityTokenTtl pulumi.IntPtrInput
	// Number of max retries the client should use for recoverable errors.
	// The default `-1` falls back to the AWS SDK's default behavior.
	MaxRetries pulumi.IntPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
	// *Available only for Vault Enterprise*
	RoleArn pulumi.StringPtrInput
	// The AWS secret key that Vault should use for the
	// auth backend.
	SecretKey pulumi.StringPtrInput
	// Override the URL Vault uses when making STS API
	// calls.
	StsEndpoint pulumi.StringPtrInput
	// Override the default region when making STS API
	// calls. The `stsEndpoint` argument must be set when using `stsRegion`.
	StsRegion pulumi.StringPtrInput
	// Available in Vault v1.15+. If set,
	// overrides both `stsEndpoint` and `stsRegion` to instead use the region
	// specified in the client request headers for IAM-based authentication.
	// This can be useful when you have client requests coming from different
	// regions and want flexibility in which regional STS API is used.
	UseStsRegionFromClient pulumi.BoolPtrInput
}

The set of arguments for constructing a AuthBackendClient resource.

func (AuthBackendClientArgs) ElementType 

func (AuthBackendClientArgs) ElementType() reflect.Type

type AuthBackendClientArray 

type AuthBackendClientArray []AuthBackendClientInput

func (AuthBackendClientArray) ElementType 

func (AuthBackendClientArray) ElementType() reflect.Type

func (AuthBackendClientArray) ToAuthBackendClientArrayOutput 

func (i AuthBackendClientArray) ToAuthBackendClientArrayOutput() AuthBackendClientArrayOutput

func (AuthBackendClientArray) ToAuthBackendClientArrayOutputWithContext 

func (i AuthBackendClientArray) ToAuthBackendClientArrayOutputWithContext(ctx context.Context) AuthBackendClientArrayOutput

type AuthBackendClientArrayInput 

type AuthBackendClientArrayInput interface {
	pulumi.Input

	ToAuthBackendClientArrayOutput() AuthBackendClientArrayOutput
	ToAuthBackendClientArrayOutputWithContext(context.Context) AuthBackendClientArrayOutput
}

AuthBackendClientArrayInput is an input type that accepts AuthBackendClientArray and AuthBackendClientArrayOutput values. You can construct a concrete instance of `AuthBackendClientArrayInput` via: 

AuthBackendClientArray{ AuthBackendClientArgs{...} }

type AuthBackendClientArrayOutput 

type AuthBackendClientArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendClientArrayOutput) ElementType 

func (AuthBackendClientArrayOutput) ElementType() reflect.Type

func (AuthBackendClientArrayOutput) Index 

func (o AuthBackendClientArrayOutput) Index(i pulumi.IntInput) AuthBackendClientOutput

func (AuthBackendClientArrayOutput) ToAuthBackendClientArrayOutput 

func (o AuthBackendClientArrayOutput) ToAuthBackendClientArrayOutput() AuthBackendClientArrayOutput

func (AuthBackendClientArrayOutput) ToAuthBackendClientArrayOutputWithContext 

func (o AuthBackendClientArrayOutput) ToAuthBackendClientArrayOutputWithContext(ctx context.Context) AuthBackendClientArrayOutput

type AuthBackendClientInput 

type AuthBackendClientInput interface {
	pulumi.Input

	ToAuthBackendClientOutput() AuthBackendClientOutput
	ToAuthBackendClientOutputWithContext(ctx context.Context) AuthBackendClientOutput
}

type AuthBackendClientMap 

type AuthBackendClientMap map[string]AuthBackendClientInput

func (AuthBackendClientMap) ElementType 

func (AuthBackendClientMap) ElementType() reflect.Type

func (AuthBackendClientMap) ToAuthBackendClientMapOutput 

func (i AuthBackendClientMap) ToAuthBackendClientMapOutput() AuthBackendClientMapOutput

func (AuthBackendClientMap) ToAuthBackendClientMapOutputWithContext 

func (i AuthBackendClientMap) ToAuthBackendClientMapOutputWithContext(ctx context.Context) AuthBackendClientMapOutput

type AuthBackendClientMapInput 

type AuthBackendClientMapInput interface {
	pulumi.Input

	ToAuthBackendClientMapOutput() AuthBackendClientMapOutput
	ToAuthBackendClientMapOutputWithContext(context.Context) AuthBackendClientMapOutput
}

AuthBackendClientMapInput is an input type that accepts AuthBackendClientMap and AuthBackendClientMapOutput values. You can construct a concrete instance of `AuthBackendClientMapInput` via: 

AuthBackendClientMap{ "key": AuthBackendClientArgs{...} }

type AuthBackendClientMapOutput 

type AuthBackendClientMapOutput struct{ *pulumi.OutputState }

func (AuthBackendClientMapOutput) ElementType 

func (AuthBackendClientMapOutput) ElementType() reflect.Type

func (AuthBackendClientMapOutput) MapIndex 

func (o AuthBackendClientMapOutput) MapIndex(k pulumi.StringInput) AuthBackendClientOutput

func (AuthBackendClientMapOutput) ToAuthBackendClientMapOutput 

func (o AuthBackendClientMapOutput) ToAuthBackendClientMapOutput() AuthBackendClientMapOutput

func (AuthBackendClientMapOutput) ToAuthBackendClientMapOutputWithContext 

func (o AuthBackendClientMapOutput) ToAuthBackendClientMapOutputWithContext(ctx context.Context) AuthBackendClientMapOutput

type AuthBackendClientOutput 

type AuthBackendClientOutput struct{ *pulumi.OutputState }

func (AuthBackendClientOutput) AccessKey 

func (o AuthBackendClientOutput) AccessKey() pulumi.StringPtrOutput

The AWS access key that Vault should use for the auth backend. Mutually exclusive with `identityTokenAudience`.

func (AuthBackendClientOutput) Backend 

func (o AuthBackendClientOutput) Backend() pulumi.StringPtrOutput

The path the AWS auth backend being configured was mounted at. Defaults to `aws`.

func (AuthBackendClientOutput) Ec2Endpoint 

func (o AuthBackendClientOutput) Ec2Endpoint() pulumi.StringPtrOutput

Override the URL Vault uses when making EC2 API calls.

func (AuthBackendClientOutput) ElementType 

func (AuthBackendClientOutput) ElementType() reflect.Type

func (AuthBackendClientOutput) IamEndpoint 

func (o AuthBackendClientOutput) IamEndpoint() pulumi.StringPtrOutput

Override the URL Vault uses when making IAM API calls.

func (AuthBackendClientOutput) IamServerIdHeaderValue 

func (o AuthBackendClientOutput) IamServerIdHeaderValue() pulumi.StringPtrOutput

The value to require in the `X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests that are used in the IAM auth method.

func (AuthBackendClientOutput) IdentityTokenAudience added in v6.2.0 

func (o AuthBackendClientOutput) IdentityTokenAudience() pulumi.StringPtrOutput

The audience claim value. Mutually exclusive with `accessKey`. Requires Vault 1.17+. *Available only for Vault Enterprise*

func (AuthBackendClientOutput) IdentityTokenTtl added in v6.2.0 

func (o AuthBackendClientOutput) IdentityTokenTtl() pulumi.IntOutput

The TTL of generated identity tokens in seconds. Requires Vault 1.17+. *Available only for Vault Enterprise*

func (AuthBackendClientOutput) MaxRetries added in v6.2.0 

func (o AuthBackendClientOutput) MaxRetries() pulumi.IntPtrOutput

Number of max retries the client should use for recoverable errors. The default `-1` falls back to the AWS SDK's default behavior.

func (AuthBackendClientOutput) Namespace 

func (o AuthBackendClientOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (AuthBackendClientOutput) RoleArn added in v6.2.0 

func (o AuthBackendClientOutput) RoleArn() pulumi.StringPtrOutput

Role ARN to assume for plugin identity token federation. Requires Vault 1.17+. *Available only for Vault Enterprise*

func (AuthBackendClientOutput) SecretKey 

func (o AuthBackendClientOutput) SecretKey() pulumi.StringPtrOutput

The AWS secret key that Vault should use for the auth backend.

func (AuthBackendClientOutput) StsEndpoint 

func (o AuthBackendClientOutput) StsEndpoint() pulumi.StringPtrOutput

Override the URL Vault uses when making STS API calls.

func (AuthBackendClientOutput) StsRegion 

func (o AuthBackendClientOutput) StsRegion() pulumi.StringPtrOutput

Override the default region when making STS API calls. The `stsEndpoint` argument must be set when using `stsRegion`.

func (AuthBackendClientOutput) ToAuthBackendClientOutput 

func (o AuthBackendClientOutput) ToAuthBackendClientOutput() AuthBackendClientOutput

func (AuthBackendClientOutput) ToAuthBackendClientOutputWithContext 

func (o AuthBackendClientOutput) ToAuthBackendClientOutputWithContext(ctx context.Context) AuthBackendClientOutput

func (AuthBackendClientOutput) UseStsRegionFromClient 

func (o AuthBackendClientOutput) UseStsRegionFromClient() pulumi.BoolOutput

Available in Vault v1.15+. If set, overrides both `stsEndpoint` and `stsRegion` to instead use the region specified in the client request headers for IAM-based authentication. This can be useful when you have client requests coming from different regions and want flexibility in which regional STS API is used.

type AuthBackendClientState 

type AuthBackendClientState struct {
	// The AWS access key that Vault should use for the
	// auth backend. Mutually exclusive with `identityTokenAudience`.
	AccessKey pulumi.StringPtrInput
	// The path the AWS auth backend being configured was
	// mounted at.  Defaults to `aws`.
	Backend pulumi.StringPtrInput
	// Override the URL Vault uses when making EC2 API
	// calls.
	Ec2Endpoint pulumi.StringPtrInput
	// Override the URL Vault uses when making IAM API
	// calls.
	IamEndpoint pulumi.StringPtrInput
	// The value to require in the
	// `X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
	// that are used in the IAM auth method.
	IamServerIdHeaderValue pulumi.StringPtrInput
	// The audience claim value. Mutually exclusive with `accessKey`.
	// Requires Vault 1.17+. *Available only for Vault Enterprise*
	IdentityTokenAudience pulumi.StringPtrInput
	// The TTL of generated identity tokens in seconds. Requires Vault 1.17+.
	// *Available only for Vault Enterprise*
	IdentityTokenTtl pulumi.IntPtrInput
	// Number of max retries the client should use for recoverable errors.
	// The default `-1` falls back to the AWS SDK's default behavior.
	MaxRetries pulumi.IntPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Role ARN to assume for plugin identity token federation. Requires Vault 1.17+.
	// *Available only for Vault Enterprise*
	RoleArn pulumi.StringPtrInput
	// The AWS secret key that Vault should use for the
	// auth backend.
	SecretKey pulumi.StringPtrInput
	// Override the URL Vault uses when making STS API
	// calls.
	StsEndpoint pulumi.StringPtrInput
	// Override the default region when making STS API
	// calls. The `stsEndpoint` argument must be set when using `stsRegion`.
	StsRegion pulumi.StringPtrInput
	// Available in Vault v1.15+. If set,
	// overrides both `stsEndpoint` and `stsRegion` to instead use the region
	// specified in the client request headers for IAM-based authentication.
	// This can be useful when you have client requests coming from different
	// regions and want flexibility in which regional STS API is used.
	UseStsRegionFromClient pulumi.BoolPtrInput
}

func (AuthBackendClientState) ElementType 

func (AuthBackendClientState) ElementType() reflect.Type

type AuthBackendConfigIdentity 

type AuthBackendConfigIdentity struct {
	pulumi.CustomResourceState

	// Unique name of the auth backend to configure.
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// How to generate the identity alias when using the ec2 auth method. Valid choices are
	// `roleId`, `instanceId`, and `imageId`. Defaults to `roleId`
	Ec2Alias pulumi.StringPtrOutput `pulumi:"ec2Alias"`
	// The metadata to include on the token returned by the `login` endpoint. This metadata will be
	// added to both audit logs, and on the `ec2Alias`
	Ec2Metadatas pulumi.StringArrayOutput `pulumi:"ec2Metadatas"`
	// How to generate the identity alias when using the iam auth method. Valid choices are
	// `roleId`, `uniqueId`, and `fullArn`. Defaults to `roleId`
	IamAlias pulumi.StringPtrOutput `pulumi:"iamAlias"`
	// The metadata to include on the token returned by the `login` endpoint. This metadata will be
	// added to both audit logs, and on the `iamAlias`
	IamMetadatas pulumi.StringArrayOutput `pulumi:"iamMetadatas"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
}

Manages an AWS auth backend identity configuration in a Vault server. This configuration defines how Vault interacts with the identity store. See the [Vault documentation](https://www.vaultproject.io/docs/auth/aws.html) for more information.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/aws"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		aws, err := vault.NewAuthBackend(ctx, "aws", &vault.AuthBackendArgs{
			Type: pulumi.String("aws"),
		})
		if err != nil {
			return err
		}
		_, err = aws.NewAuthBackendConfigIdentity(ctx, "example", &aws.AuthBackendConfigIdentityArgs{
			Backend:  aws.Path,
			IamAlias: pulumi.String("full_arn"),
			IamMetadatas: pulumi.StringArray{
				pulumi.String("canonical_arn"),
				pulumi.String("account_id"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

AWS auth backend identity config can be imported using `auth/`, the `backend` path, and `/config/identity` e.g.

```sh $ pulumi import vault:aws/authBackendConfigIdentity:AuthBackendConfigIdentity example auth/aws/config/identity ```

func GetAuthBackendConfigIdentity 

func GetAuthBackendConfigIdentity(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendConfigIdentityState, opts ...pulumi.ResourceOption) (*AuthBackendConfigIdentity, error)

GetAuthBackendConfigIdentity gets an existing AuthBackendConfigIdentity resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendConfigIdentity 

func NewAuthBackendConfigIdentity(ctx *pulumi.Context,
	name string, args *AuthBackendConfigIdentityArgs, opts ...pulumi.ResourceOption) (*AuthBackendConfigIdentity, error)

NewAuthBackendConfigIdentity registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendConfigIdentity) ElementType 

func (*AuthBackendConfigIdentity) ElementType() reflect.Type

func (*AuthBackendConfigIdentity) ToAuthBackendConfigIdentityOutput 

func (i *AuthBackendConfigIdentity) ToAuthBackendConfigIdentityOutput() AuthBackendConfigIdentityOutput

func (*AuthBackendConfigIdentity) ToAuthBackendConfigIdentityOutputWithContext 

func (i *AuthBackendConfigIdentity) ToAuthBackendConfigIdentityOutputWithContext(ctx context.Context) AuthBackendConfigIdentityOutput

type AuthBackendConfigIdentityArgs 

type AuthBackendConfigIdentityArgs struct {
	// Unique name of the auth backend to configure.
	Backend pulumi.StringPtrInput
	// How to generate the identity alias when using the ec2 auth method. Valid choices are
	// `roleId`, `instanceId`, and `imageId`. Defaults to `roleId`
	Ec2Alias pulumi.StringPtrInput
	// The metadata to include on the token returned by the `login` endpoint. This metadata will be
	// added to both audit logs, and on the `ec2Alias`
	Ec2Metadatas pulumi.StringArrayInput
	// How to generate the identity alias when using the iam auth method. Valid choices are
	// `roleId`, `uniqueId`, and `fullArn`. Defaults to `roleId`
	IamAlias pulumi.StringPtrInput
	// The metadata to include on the token returned by the `login` endpoint. This metadata will be
	// added to both audit logs, and on the `iamAlias`
	IamMetadatas pulumi.StringArrayInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
}

The set of arguments for constructing a AuthBackendConfigIdentity resource.

func (AuthBackendConfigIdentityArgs) ElementType 

func (AuthBackendConfigIdentityArgs) ElementType() reflect.Type

type AuthBackendConfigIdentityArray 

type AuthBackendConfigIdentityArray []AuthBackendConfigIdentityInput

func (AuthBackendConfigIdentityArray) ElementType 

func (AuthBackendConfigIdentityArray) ElementType() reflect.Type

func (AuthBackendConfigIdentityArray) ToAuthBackendConfigIdentityArrayOutput 

func (i AuthBackendConfigIdentityArray) ToAuthBackendConfigIdentityArrayOutput() AuthBackendConfigIdentityArrayOutput

func (AuthBackendConfigIdentityArray) ToAuthBackendConfigIdentityArrayOutputWithContext 

func (i AuthBackendConfigIdentityArray) ToAuthBackendConfigIdentityArrayOutputWithContext(ctx context.Context) AuthBackendConfigIdentityArrayOutput

type AuthBackendConfigIdentityArrayInput 

type AuthBackendConfigIdentityArrayInput interface {
	pulumi.Input

	ToAuthBackendConfigIdentityArrayOutput() AuthBackendConfigIdentityArrayOutput
	ToAuthBackendConfigIdentityArrayOutputWithContext(context.Context) AuthBackendConfigIdentityArrayOutput
}

AuthBackendConfigIdentityArrayInput is an input type that accepts AuthBackendConfigIdentityArray and AuthBackendConfigIdentityArrayOutput values. You can construct a concrete instance of `AuthBackendConfigIdentityArrayInput` via: 

AuthBackendConfigIdentityArray{ AuthBackendConfigIdentityArgs{...} }

type AuthBackendConfigIdentityArrayOutput 

type AuthBackendConfigIdentityArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendConfigIdentityArrayOutput) ElementType 

func (AuthBackendConfigIdentityArrayOutput) ElementType() reflect.Type

func (AuthBackendConfigIdentityArrayOutput) Index 

func (o AuthBackendConfigIdentityArrayOutput) Index(i pulumi.IntInput) AuthBackendConfigIdentityOutput

func (AuthBackendConfigIdentityArrayOutput) ToAuthBackendConfigIdentityArrayOutput 

func (o AuthBackendConfigIdentityArrayOutput) ToAuthBackendConfigIdentityArrayOutput() AuthBackendConfigIdentityArrayOutput

func (AuthBackendConfigIdentityArrayOutput) ToAuthBackendConfigIdentityArrayOutputWithContext 

func (o AuthBackendConfigIdentityArrayOutput) ToAuthBackendConfigIdentityArrayOutputWithContext(ctx context.Context) AuthBackendConfigIdentityArrayOutput

type AuthBackendConfigIdentityInput 

type AuthBackendConfigIdentityInput interface {
	pulumi.Input

	ToAuthBackendConfigIdentityOutput() AuthBackendConfigIdentityOutput
	ToAuthBackendConfigIdentityOutputWithContext(ctx context.Context) AuthBackendConfigIdentityOutput
}

type AuthBackendConfigIdentityMap 

type AuthBackendConfigIdentityMap map[string]AuthBackendConfigIdentityInput

func (AuthBackendConfigIdentityMap) ElementType 

func (AuthBackendConfigIdentityMap) ElementType() reflect.Type

func (AuthBackendConfigIdentityMap) ToAuthBackendConfigIdentityMapOutput 

func (i AuthBackendConfigIdentityMap) ToAuthBackendConfigIdentityMapOutput() AuthBackendConfigIdentityMapOutput

func (AuthBackendConfigIdentityMap) ToAuthBackendConfigIdentityMapOutputWithContext 

func (i AuthBackendConfigIdentityMap) ToAuthBackendConfigIdentityMapOutputWithContext(ctx context.Context) AuthBackendConfigIdentityMapOutput

type AuthBackendConfigIdentityMapInput 

type AuthBackendConfigIdentityMapInput interface {
	pulumi.Input

	ToAuthBackendConfigIdentityMapOutput() AuthBackendConfigIdentityMapOutput
	ToAuthBackendConfigIdentityMapOutputWithContext(context.Context) AuthBackendConfigIdentityMapOutput
}

AuthBackendConfigIdentityMapInput is an input type that accepts AuthBackendConfigIdentityMap and AuthBackendConfigIdentityMapOutput values. You can construct a concrete instance of `AuthBackendConfigIdentityMapInput` via: 

AuthBackendConfigIdentityMap{ "key": AuthBackendConfigIdentityArgs{...} }

type AuthBackendConfigIdentityMapOutput 

type AuthBackendConfigIdentityMapOutput struct{ *pulumi.OutputState }

func (AuthBackendConfigIdentityMapOutput) ElementType 

func (AuthBackendConfigIdentityMapOutput) ElementType() reflect.Type

func (AuthBackendConfigIdentityMapOutput) MapIndex 

func (o AuthBackendConfigIdentityMapOutput) MapIndex(k pulumi.StringInput) AuthBackendConfigIdentityOutput

func (AuthBackendConfigIdentityMapOutput) ToAuthBackendConfigIdentityMapOutput 

func (o AuthBackendConfigIdentityMapOutput) ToAuthBackendConfigIdentityMapOutput() AuthBackendConfigIdentityMapOutput

func (AuthBackendConfigIdentityMapOutput) ToAuthBackendConfigIdentityMapOutputWithContext 

func (o AuthBackendConfigIdentityMapOutput) ToAuthBackendConfigIdentityMapOutputWithContext(ctx context.Context) AuthBackendConfigIdentityMapOutput

type AuthBackendConfigIdentityOutput 

type AuthBackendConfigIdentityOutput struct{ *pulumi.OutputState }

func (AuthBackendConfigIdentityOutput) Backend 

func (o AuthBackendConfigIdentityOutput) Backend() pulumi.StringPtrOutput

Unique name of the auth backend to configure.

func (AuthBackendConfigIdentityOutput) Ec2Alias 

func (o AuthBackendConfigIdentityOutput) Ec2Alias() pulumi.StringPtrOutput

How to generate the identity alias when using the ec2 auth method. Valid choices are `roleId`, `instanceId`, and `imageId`. Defaults to `roleId`

func (AuthBackendConfigIdentityOutput) Ec2Metadatas 

func (o AuthBackendConfigIdentityOutput) Ec2Metadatas() pulumi.StringArrayOutput

The metadata to include on the token returned by the `login` endpoint. This metadata will be added to both audit logs, and on the `ec2Alias`

func (AuthBackendConfigIdentityOutput) ElementType 

func (AuthBackendConfigIdentityOutput) ElementType() reflect.Type

func (AuthBackendConfigIdentityOutput) IamAlias 

func (o AuthBackendConfigIdentityOutput) IamAlias() pulumi.StringPtrOutput

How to generate the identity alias when using the iam auth method. Valid choices are `roleId`, `uniqueId`, and `fullArn`. Defaults to `roleId`

func (AuthBackendConfigIdentityOutput) IamMetadatas 

func (o AuthBackendConfigIdentityOutput) IamMetadatas() pulumi.StringArrayOutput

The metadata to include on the token returned by the `login` endpoint. This metadata will be added to both audit logs, and on the `iamAlias`

func (AuthBackendConfigIdentityOutput) Namespace 

func (o AuthBackendConfigIdentityOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (AuthBackendConfigIdentityOutput) ToAuthBackendConfigIdentityOutput 

func (o AuthBackendConfigIdentityOutput) ToAuthBackendConfigIdentityOutput() AuthBackendConfigIdentityOutput

func (AuthBackendConfigIdentityOutput) ToAuthBackendConfigIdentityOutputWithContext 

func (o AuthBackendConfigIdentityOutput) ToAuthBackendConfigIdentityOutputWithContext(ctx context.Context) AuthBackendConfigIdentityOutput

type AuthBackendConfigIdentityState 

type AuthBackendConfigIdentityState struct {
	// Unique name of the auth backend to configure.
	Backend pulumi.StringPtrInput
	// How to generate the identity alias when using the ec2 auth method. Valid choices are
	// `roleId`, `instanceId`, and `imageId`. Defaults to `roleId`
	Ec2Alias pulumi.StringPtrInput
	// The metadata to include on the token returned by the `login` endpoint. This metadata will be
	// added to both audit logs, and on the `ec2Alias`
	Ec2Metadatas pulumi.StringArrayInput
	// How to generate the identity alias when using the iam auth method. Valid choices are
	// `roleId`, `uniqueId`, and `fullArn`. Defaults to `roleId`
	IamAlias pulumi.StringPtrInput
	// The metadata to include on the token returned by the `login` endpoint. This metadata will be
	// added to both audit logs, and on the `iamAlias`
	IamMetadatas pulumi.StringArrayInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
}

func (AuthBackendConfigIdentityState) ElementType 

func (AuthBackendConfigIdentityState) ElementType() reflect.Type

type AuthBackendIdentityWhitelist 

type AuthBackendIdentityWhitelist struct {
	pulumi.CustomResourceState

	// The path of the AWS backend being configured.
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// If set to true, disables the periodic
	// tidying of the identity-whitelist entries.
	DisablePeriodicTidy pulumi.BoolPtrOutput `pulumi:"disablePeriodicTidy"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// The amount of extra time, in minutes, that must
	// have passed beyond the roletag expiration, before it is removed from the
	// backend storage.
	SafetyBuffer pulumi.IntPtrOutput `pulumi:"safetyBuffer"`
}

Configures the periodic tidying operation of the whitelisted identity entries.

For more information, see the [Vault docs](https://www.vaultproject.io/api-docs/auth/aws#configure-identity-whitelist-tidy-operation).

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/aws"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := vault.NewAuthBackend(ctx, "example", &vault.AuthBackendArgs{
			Type: pulumi.String("aws"),
		})
		if err != nil {
			return err
		}
		_, err = aws.NewAuthBackendIdentityWhitelist(ctx, "example", &aws.AuthBackendIdentityWhitelistArgs{
			Backend:      example.Path,
			SafetyBuffer: pulumi.Int(3600),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

AWS auth backend identity whitelists can be imported using `auth/`, the `backend` path, and `/config/tidy/identity-whitelist` e.g.

```sh $ pulumi import vault:aws/authBackendIdentityWhitelist:AuthBackendIdentityWhitelist example auth/aws/config/tidy/identity-whitelist ```

func GetAuthBackendIdentityWhitelist 

func GetAuthBackendIdentityWhitelist(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendIdentityWhitelistState, opts ...pulumi.ResourceOption) (*AuthBackendIdentityWhitelist, error)

GetAuthBackendIdentityWhitelist gets an existing AuthBackendIdentityWhitelist resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendIdentityWhitelist 

func NewAuthBackendIdentityWhitelist(ctx *pulumi.Context,
	name string, args *AuthBackendIdentityWhitelistArgs, opts ...pulumi.ResourceOption) (*AuthBackendIdentityWhitelist, error)

NewAuthBackendIdentityWhitelist registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendIdentityWhitelist) ElementType 

func (*AuthBackendIdentityWhitelist) ElementType() reflect.Type

func (*AuthBackendIdentityWhitelist) ToAuthBackendIdentityWhitelistOutput 

func (i *AuthBackendIdentityWhitelist) ToAuthBackendIdentityWhitelistOutput() AuthBackendIdentityWhitelistOutput

func (*AuthBackendIdentityWhitelist) ToAuthBackendIdentityWhitelistOutputWithContext 

func (i *AuthBackendIdentityWhitelist) ToAuthBackendIdentityWhitelistOutputWithContext(ctx context.Context) AuthBackendIdentityWhitelistOutput

type AuthBackendIdentityWhitelistArgs 

type AuthBackendIdentityWhitelistArgs struct {
	// The path of the AWS backend being configured.
	Backend pulumi.StringPtrInput
	// If set to true, disables the periodic
	// tidying of the identity-whitelist entries.
	DisablePeriodicTidy pulumi.BoolPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The amount of extra time, in minutes, that must
	// have passed beyond the roletag expiration, before it is removed from the
	// backend storage.
	SafetyBuffer pulumi.IntPtrInput
}

The set of arguments for constructing a AuthBackendIdentityWhitelist resource.

func (AuthBackendIdentityWhitelistArgs) ElementType 

func (AuthBackendIdentityWhitelistArgs) ElementType() reflect.Type

type AuthBackendIdentityWhitelistArray 

type AuthBackendIdentityWhitelistArray []AuthBackendIdentityWhitelistInput

func (AuthBackendIdentityWhitelistArray) ElementType 

func (AuthBackendIdentityWhitelistArray) ElementType() reflect.Type

func (AuthBackendIdentityWhitelistArray) ToAuthBackendIdentityWhitelistArrayOutput 

func (i AuthBackendIdentityWhitelistArray) ToAuthBackendIdentityWhitelistArrayOutput() AuthBackendIdentityWhitelistArrayOutput

func (AuthBackendIdentityWhitelistArray) ToAuthBackendIdentityWhitelistArrayOutputWithContext 

func (i AuthBackendIdentityWhitelistArray) ToAuthBackendIdentityWhitelistArrayOutputWithContext(ctx context.Context) AuthBackendIdentityWhitelistArrayOutput

type AuthBackendIdentityWhitelistArrayInput 

type AuthBackendIdentityWhitelistArrayInput interface {
	pulumi.Input

	ToAuthBackendIdentityWhitelistArrayOutput() AuthBackendIdentityWhitelistArrayOutput
	ToAuthBackendIdentityWhitelistArrayOutputWithContext(context.Context) AuthBackendIdentityWhitelistArrayOutput
}

AuthBackendIdentityWhitelistArrayInput is an input type that accepts AuthBackendIdentityWhitelistArray and AuthBackendIdentityWhitelistArrayOutput values. You can construct a concrete instance of `AuthBackendIdentityWhitelistArrayInput` via: 

AuthBackendIdentityWhitelistArray{ AuthBackendIdentityWhitelistArgs{...} }

type AuthBackendIdentityWhitelistArrayOutput 

type AuthBackendIdentityWhitelistArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendIdentityWhitelistArrayOutput) ElementType 

func (AuthBackendIdentityWhitelistArrayOutput) ElementType() reflect.Type

func (AuthBackendIdentityWhitelistArrayOutput) Index 

func (o AuthBackendIdentityWhitelistArrayOutput) Index(i pulumi.IntInput) AuthBackendIdentityWhitelistOutput

func (AuthBackendIdentityWhitelistArrayOutput) ToAuthBackendIdentityWhitelistArrayOutput 

func (o AuthBackendIdentityWhitelistArrayOutput) ToAuthBackendIdentityWhitelistArrayOutput() AuthBackendIdentityWhitelistArrayOutput

func (AuthBackendIdentityWhitelistArrayOutput) ToAuthBackendIdentityWhitelistArrayOutputWithContext 

func (o AuthBackendIdentityWhitelistArrayOutput) ToAuthBackendIdentityWhitelistArrayOutputWithContext(ctx context.Context) AuthBackendIdentityWhitelistArrayOutput

type AuthBackendIdentityWhitelistInput 

type AuthBackendIdentityWhitelistInput interface {
	pulumi.Input

	ToAuthBackendIdentityWhitelistOutput() AuthBackendIdentityWhitelistOutput
	ToAuthBackendIdentityWhitelistOutputWithContext(ctx context.Context) AuthBackendIdentityWhitelistOutput
}

type AuthBackendIdentityWhitelistMap 

type AuthBackendIdentityWhitelistMap map[string]AuthBackendIdentityWhitelistInput

func (AuthBackendIdentityWhitelistMap) ElementType 

func (AuthBackendIdentityWhitelistMap) ElementType() reflect.Type

func (AuthBackendIdentityWhitelistMap) ToAuthBackendIdentityWhitelistMapOutput 

func (i AuthBackendIdentityWhitelistMap) ToAuthBackendIdentityWhitelistMapOutput() AuthBackendIdentityWhitelistMapOutput

func (AuthBackendIdentityWhitelistMap) ToAuthBackendIdentityWhitelistMapOutputWithContext 

func (i AuthBackendIdentityWhitelistMap) ToAuthBackendIdentityWhitelistMapOutputWithContext(ctx context.Context) AuthBackendIdentityWhitelistMapOutput

type AuthBackendIdentityWhitelistMapInput 

type AuthBackendIdentityWhitelistMapInput interface {
	pulumi.Input

	ToAuthBackendIdentityWhitelistMapOutput() AuthBackendIdentityWhitelistMapOutput
	ToAuthBackendIdentityWhitelistMapOutputWithContext(context.Context) AuthBackendIdentityWhitelistMapOutput
}

AuthBackendIdentityWhitelistMapInput is an input type that accepts AuthBackendIdentityWhitelistMap and AuthBackendIdentityWhitelistMapOutput values. You can construct a concrete instance of `AuthBackendIdentityWhitelistMapInput` via: 

AuthBackendIdentityWhitelistMap{ "key": AuthBackendIdentityWhitelistArgs{...} }

type AuthBackendIdentityWhitelistMapOutput 

type AuthBackendIdentityWhitelistMapOutput struct{ *pulumi.OutputState }

func (AuthBackendIdentityWhitelistMapOutput) ElementType 

func (AuthBackendIdentityWhitelistMapOutput) ElementType() reflect.Type

func (AuthBackendIdentityWhitelistMapOutput) MapIndex 

func (o AuthBackendIdentityWhitelistMapOutput) MapIndex(k pulumi.StringInput) AuthBackendIdentityWhitelistOutput

func (AuthBackendIdentityWhitelistMapOutput) ToAuthBackendIdentityWhitelistMapOutput 

func (o AuthBackendIdentityWhitelistMapOutput) ToAuthBackendIdentityWhitelistMapOutput() AuthBackendIdentityWhitelistMapOutput

func (AuthBackendIdentityWhitelistMapOutput) ToAuthBackendIdentityWhitelistMapOutputWithContext 

func (o AuthBackendIdentityWhitelistMapOutput) ToAuthBackendIdentityWhitelistMapOutputWithContext(ctx context.Context) AuthBackendIdentityWhitelistMapOutput

type AuthBackendIdentityWhitelistOutput 

type AuthBackendIdentityWhitelistOutput struct{ *pulumi.OutputState }

func (AuthBackendIdentityWhitelistOutput) Backend 

func (o AuthBackendIdentityWhitelistOutput) Backend() pulumi.StringPtrOutput

The path of the AWS backend being configured.

func (AuthBackendIdentityWhitelistOutput) DisablePeriodicTidy 

func (o AuthBackendIdentityWhitelistOutput) DisablePeriodicTidy() pulumi.BoolPtrOutput

If set to true, disables the periodic tidying of the identity-whitelist entries.

func (AuthBackendIdentityWhitelistOutput) ElementType 

func (AuthBackendIdentityWhitelistOutput) ElementType() reflect.Type

func (AuthBackendIdentityWhitelistOutput) Namespace 

func (o AuthBackendIdentityWhitelistOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (AuthBackendIdentityWhitelistOutput) SafetyBuffer 

func (o AuthBackendIdentityWhitelistOutput) SafetyBuffer() pulumi.IntPtrOutput

The amount of extra time, in minutes, that must have passed beyond the roletag expiration, before it is removed from the backend storage.

func (AuthBackendIdentityWhitelistOutput) ToAuthBackendIdentityWhitelistOutput 

func (o AuthBackendIdentityWhitelistOutput) ToAuthBackendIdentityWhitelistOutput() AuthBackendIdentityWhitelistOutput

func (AuthBackendIdentityWhitelistOutput) ToAuthBackendIdentityWhitelistOutputWithContext 

func (o AuthBackendIdentityWhitelistOutput) ToAuthBackendIdentityWhitelistOutputWithContext(ctx context.Context) AuthBackendIdentityWhitelistOutput

type AuthBackendIdentityWhitelistState 

type AuthBackendIdentityWhitelistState struct {
	// The path of the AWS backend being configured.
	Backend pulumi.StringPtrInput
	// If set to true, disables the periodic
	// tidying of the identity-whitelist entries.
	DisablePeriodicTidy pulumi.BoolPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The amount of extra time, in minutes, that must
	// have passed beyond the roletag expiration, before it is removed from the
	// backend storage.
	SafetyBuffer pulumi.IntPtrInput
}

func (AuthBackendIdentityWhitelistState) ElementType 

func (AuthBackendIdentityWhitelistState) ElementType() reflect.Type

type AuthBackendLogin 

type AuthBackendLogin struct {
	pulumi.CustomResourceState

	// The token's accessor.
	Accessor pulumi.StringOutput `pulumi:"accessor"`
	// The authentication type used to generate this token.
	AuthType pulumi.StringOutput `pulumi:"authType"`
	// The unique name of the AWS auth backend. Defaults to
	// 'aws'.
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// The token returned by Vault.
	ClientToken pulumi.StringOutput `pulumi:"clientToken"`
	// The HTTP method used in the signed IAM
	// request.
	IamHttpRequestMethod pulumi.StringPtrOutput `pulumi:"iamHttpRequestMethod"`
	// The base64-encoded body of the signed
	// request.
	IamRequestBody pulumi.StringPtrOutput `pulumi:"iamRequestBody"`
	// The base64-encoded, JSON serialized
	// representation of the GetCallerIdentity HTTP request headers.
	IamRequestHeaders pulumi.StringPtrOutput `pulumi:"iamRequestHeaders"`
	// The base64-encoded HTTP URL used in the signed
	// request.
	IamRequestUrl pulumi.StringPtrOutput `pulumi:"iamRequestUrl"`
	// The base64-encoded EC2 instance identity document to
	// authenticate with. Can be retrieved from the EC2 metadata server.
	Identity pulumi.StringPtrOutput `pulumi:"identity"`
	// The duration in seconds the token will be valid, relative
	// to the time in `leaseStartTime`.
	LeaseDuration  pulumi.IntOutput    `pulumi:"leaseDuration"`
	LeaseStartTime pulumi.StringOutput `pulumi:"leaseStartTime"`
	// A map of information returned by the Vault server about the
	// authentication used to generate this token.
	Metadata pulumi.StringMapOutput `pulumi:"metadata"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// The unique nonce to be used for login requests. Can be
	// set to a user-specified value, or will contain the server-generated value
	// once a token is issued. EC2 instances can only acquire a single token until
	// the whitelist is tidied again unless they keep track of this nonce.
	Nonce pulumi.StringOutput `pulumi:"nonce"`
	// The PKCS#7 signature of the identity document to
	// authenticate with, with all newline characters removed. Can be retrieved from
	// the EC2 metadata server.
	Pkcs7 pulumi.StringPtrOutput `pulumi:"pkcs7"`
	// The Vault policies assigned to this token.
	Policies pulumi.StringArrayOutput `pulumi:"policies"`
	// Set to true if the token can be extended through renewal.
	Renewable pulumi.BoolOutput `pulumi:"renewable"`
	// The name of the AWS auth backend role to create tokens
	// against.
	Role pulumi.StringOutput `pulumi:"role"`
	// The base64-encoded SHA256 RSA signature of the
	// instance identity document to authenticate with, with all newline characters
	// removed. Can be retrieved from the EC2 metadata server.
	Signature pulumi.StringPtrOutput `pulumi:"signature"`
}

Logs into a Vault server using an AWS auth backend. Login can be accomplished using a signed identity request from IAM or using ec2 instance metadata. For more information, see the [Vault documentation](https://www.vaultproject.io/docs/auth/aws.html).

func GetAuthBackendLogin 

func GetAuthBackendLogin(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendLoginState, opts ...pulumi.ResourceOption) (*AuthBackendLogin, error)

GetAuthBackendLogin gets an existing AuthBackendLogin resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendLogin 

func NewAuthBackendLogin(ctx *pulumi.Context,
	name string, args *AuthBackendLoginArgs, opts ...pulumi.ResourceOption) (*AuthBackendLogin, error)

NewAuthBackendLogin registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendLogin) ElementType 

func (*AuthBackendLogin) ElementType() reflect.Type

func (*AuthBackendLogin) ToAuthBackendLoginOutput 

func (i *AuthBackendLogin) ToAuthBackendLoginOutput() AuthBackendLoginOutput

func (*AuthBackendLogin) ToAuthBackendLoginOutputWithContext 

func (i *AuthBackendLogin) ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput

type AuthBackendLoginArgs 

type AuthBackendLoginArgs struct {
	// The unique name of the AWS auth backend. Defaults to
	// 'aws'.
	Backend pulumi.StringPtrInput
	// The HTTP method used in the signed IAM
	// request.
	IamHttpRequestMethod pulumi.StringPtrInput
	// The base64-encoded body of the signed
	// request.
	IamRequestBody pulumi.StringPtrInput
	// The base64-encoded, JSON serialized
	// representation of the GetCallerIdentity HTTP request headers.
	IamRequestHeaders pulumi.StringPtrInput
	// The base64-encoded HTTP URL used in the signed
	// request.
	IamRequestUrl pulumi.StringPtrInput
	// The base64-encoded EC2 instance identity document to
	// authenticate with. Can be retrieved from the EC2 metadata server.
	Identity pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The unique nonce to be used for login requests. Can be
	// set to a user-specified value, or will contain the server-generated value
	// once a token is issued. EC2 instances can only acquire a single token until
	// the whitelist is tidied again unless they keep track of this nonce.
	Nonce pulumi.StringPtrInput
	// The PKCS#7 signature of the identity document to
	// authenticate with, with all newline characters removed. Can be retrieved from
	// the EC2 metadata server.
	Pkcs7 pulumi.StringPtrInput
	// The name of the AWS auth backend role to create tokens
	// against.
	Role pulumi.StringPtrInput
	// The base64-encoded SHA256 RSA signature of the
	// instance identity document to authenticate with, with all newline characters
	// removed. Can be retrieved from the EC2 metadata server.
	Signature pulumi.StringPtrInput
}

The set of arguments for constructing a AuthBackendLogin resource.

func (AuthBackendLoginArgs) ElementType 

func (AuthBackendLoginArgs) ElementType() reflect.Type

type AuthBackendLoginArray 

type AuthBackendLoginArray []AuthBackendLoginInput

func (AuthBackendLoginArray) ElementType 

func (AuthBackendLoginArray) ElementType() reflect.Type

func (AuthBackendLoginArray) ToAuthBackendLoginArrayOutput 

func (i AuthBackendLoginArray) ToAuthBackendLoginArrayOutput() AuthBackendLoginArrayOutput

func (AuthBackendLoginArray) ToAuthBackendLoginArrayOutputWithContext 

func (i AuthBackendLoginArray) ToAuthBackendLoginArrayOutputWithContext(ctx context.Context) AuthBackendLoginArrayOutput

type AuthBackendLoginArrayInput 

type AuthBackendLoginArrayInput interface {
	pulumi.Input

	ToAuthBackendLoginArrayOutput() AuthBackendLoginArrayOutput
	ToAuthBackendLoginArrayOutputWithContext(context.Context) AuthBackendLoginArrayOutput
}

AuthBackendLoginArrayInput is an input type that accepts AuthBackendLoginArray and AuthBackendLoginArrayOutput values. You can construct a concrete instance of `AuthBackendLoginArrayInput` via: 

AuthBackendLoginArray{ AuthBackendLoginArgs{...} }

type AuthBackendLoginArrayOutput 

type AuthBackendLoginArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendLoginArrayOutput) ElementType 

func (AuthBackendLoginArrayOutput) ElementType() reflect.Type

func (AuthBackendLoginArrayOutput) Index 

func (o AuthBackendLoginArrayOutput) Index(i pulumi.IntInput) AuthBackendLoginOutput

func (AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutput 

func (o AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutput() AuthBackendLoginArrayOutput

func (AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutputWithContext 

func (o AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutputWithContext(ctx context.Context) AuthBackendLoginArrayOutput

type AuthBackendLoginInput 

type AuthBackendLoginInput interface {
	pulumi.Input

	ToAuthBackendLoginOutput() AuthBackendLoginOutput
	ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput
}

type AuthBackendLoginMap 

type AuthBackendLoginMap map[string]AuthBackendLoginInput

func (AuthBackendLoginMap) ElementType 

func (AuthBackendLoginMap) ElementType() reflect.Type

func (AuthBackendLoginMap) ToAuthBackendLoginMapOutput 

func (i AuthBackendLoginMap) ToAuthBackendLoginMapOutput() AuthBackendLoginMapOutput

func (AuthBackendLoginMap) ToAuthBackendLoginMapOutputWithContext 

func (i AuthBackendLoginMap) ToAuthBackendLoginMapOutputWithContext(ctx context.Context) AuthBackendLoginMapOutput

type AuthBackendLoginMapInput 

type AuthBackendLoginMapInput interface {
	pulumi.Input

	ToAuthBackendLoginMapOutput() AuthBackendLoginMapOutput
	ToAuthBackendLoginMapOutputWithContext(context.Context) AuthBackendLoginMapOutput
}

AuthBackendLoginMapInput is an input type that accepts AuthBackendLoginMap and AuthBackendLoginMapOutput values. You can construct a concrete instance of `AuthBackendLoginMapInput` via: 

AuthBackendLoginMap{ "key": AuthBackendLoginArgs{...} }

type AuthBackendLoginMapOutput 

type AuthBackendLoginMapOutput struct{ *pulumi.OutputState }

func (AuthBackendLoginMapOutput) ElementType 

func (AuthBackendLoginMapOutput) ElementType() reflect.Type

func (AuthBackendLoginMapOutput) MapIndex 

func (o AuthBackendLoginMapOutput) MapIndex(k pulumi.StringInput) AuthBackendLoginOutput

func (AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutput 

func (o AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutput() AuthBackendLoginMapOutput

func (AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutputWithContext 

func (o AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutputWithContext(ctx context.Context) AuthBackendLoginMapOutput

type AuthBackendLoginOutput 

type AuthBackendLoginOutput struct{ *pulumi.OutputState }

func (AuthBackendLoginOutput) Accessor 

func (o AuthBackendLoginOutput) Accessor() pulumi.StringOutput

The token's accessor.

func (AuthBackendLoginOutput) AuthType 

func (o AuthBackendLoginOutput) AuthType() pulumi.StringOutput

The authentication type used to generate this token.

func (AuthBackendLoginOutput) Backend 

func (o AuthBackendLoginOutput) Backend() pulumi.StringPtrOutput

The unique name of the AWS auth backend. Defaults to 'aws'.

func (AuthBackendLoginOutput) ClientToken 

func (o AuthBackendLoginOutput) ClientToken() pulumi.StringOutput

The token returned by Vault.

func (AuthBackendLoginOutput) ElementType 

func (AuthBackendLoginOutput) ElementType() reflect.Type

func (AuthBackendLoginOutput) IamHttpRequestMethod 

func (o AuthBackendLoginOutput) IamHttpRequestMethod() pulumi.StringPtrOutput

The HTTP method used in the signed IAM request.

func (AuthBackendLoginOutput) IamRequestBody 

func (o AuthBackendLoginOutput) IamRequestBody() pulumi.StringPtrOutput

The base64-encoded body of the signed request.

func (AuthBackendLoginOutput) IamRequestHeaders 

func (o AuthBackendLoginOutput) IamRequestHeaders() pulumi.StringPtrOutput

The base64-encoded, JSON serialized representation of the GetCallerIdentity HTTP request headers.

func (AuthBackendLoginOutput) IamRequestUrl 

func (o AuthBackendLoginOutput) IamRequestUrl() pulumi.StringPtrOutput

The base64-encoded HTTP URL used in the signed request.

func (AuthBackendLoginOutput) Identity 

func (o AuthBackendLoginOutput) Identity() pulumi.StringPtrOutput

The base64-encoded EC2 instance identity document to authenticate with. Can be retrieved from the EC2 metadata server.

func (AuthBackendLoginOutput) LeaseDuration 

func (o AuthBackendLoginOutput) LeaseDuration() pulumi.IntOutput

The duration in seconds the token will be valid, relative to the time in `leaseStartTime`.

func (AuthBackendLoginOutput) LeaseStartTime 

func (o AuthBackendLoginOutput) LeaseStartTime() pulumi.StringOutput

func (AuthBackendLoginOutput) Metadata 

func (o AuthBackendLoginOutput) Metadata() pulumi.StringMapOutput

A map of information returned by the Vault server about the authentication used to generate this token.

func (AuthBackendLoginOutput) Namespace 

func (o AuthBackendLoginOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (AuthBackendLoginOutput) Nonce 

func (o AuthBackendLoginOutput) Nonce() pulumi.StringOutput

The unique nonce to be used for login requests. Can be set to a user-specified value, or will contain the server-generated value once a token is issued. EC2 instances can only acquire a single token until the whitelist is tidied again unless they keep track of this nonce.

func (AuthBackendLoginOutput) Pkcs7 

func (o AuthBackendLoginOutput) Pkcs7() pulumi.StringPtrOutput

The PKCS#7 signature of the identity document to authenticate with, with all newline characters removed. Can be retrieved from the EC2 metadata server.

func (AuthBackendLoginOutput) Policies 

func (o AuthBackendLoginOutput) Policies() pulumi.StringArrayOutput

The Vault policies assigned to this token.

func (AuthBackendLoginOutput) Renewable 

func (o AuthBackendLoginOutput) Renewable() pulumi.BoolOutput

Set to true if the token can be extended through renewal.

func (AuthBackendLoginOutput) Role 

func (o AuthBackendLoginOutput) Role() pulumi.StringOutput

The name of the AWS auth backend role to create tokens against.

func (AuthBackendLoginOutput) Signature 

func (o AuthBackendLoginOutput) Signature() pulumi.StringPtrOutput

The base64-encoded SHA256 RSA signature of the instance identity document to authenticate with, with all newline characters removed. Can be retrieved from the EC2 metadata server.

func (AuthBackendLoginOutput) ToAuthBackendLoginOutput 

func (o AuthBackendLoginOutput) ToAuthBackendLoginOutput() AuthBackendLoginOutput

func (AuthBackendLoginOutput) ToAuthBackendLoginOutputWithContext 

func (o AuthBackendLoginOutput) ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput

type AuthBackendLoginState 

type AuthBackendLoginState struct {
	// The token's accessor.
	Accessor pulumi.StringPtrInput
	// The authentication type used to generate this token.
	AuthType pulumi.StringPtrInput
	// The unique name of the AWS auth backend. Defaults to
	// 'aws'.
	Backend pulumi.StringPtrInput
	// The token returned by Vault.
	ClientToken pulumi.StringPtrInput
	// The HTTP method used in the signed IAM
	// request.
	IamHttpRequestMethod pulumi.StringPtrInput
	// The base64-encoded body of the signed
	// request.
	IamRequestBody pulumi.StringPtrInput
	// The base64-encoded, JSON serialized
	// representation of the GetCallerIdentity HTTP request headers.
	IamRequestHeaders pulumi.StringPtrInput
	// The base64-encoded HTTP URL used in the signed
	// request.
	IamRequestUrl pulumi.StringPtrInput
	// The base64-encoded EC2 instance identity document to
	// authenticate with. Can be retrieved from the EC2 metadata server.
	Identity pulumi.StringPtrInput
	// The duration in seconds the token will be valid, relative
	// to the time in `leaseStartTime`.
	LeaseDuration  pulumi.IntPtrInput
	LeaseStartTime pulumi.StringPtrInput
	// A map of information returned by the Vault server about the
	// authentication used to generate this token.
	Metadata pulumi.StringMapInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The unique nonce to be used for login requests. Can be
	// set to a user-specified value, or will contain the server-generated value
	// once a token is issued. EC2 instances can only acquire a single token until
	// the whitelist is tidied again unless they keep track of this nonce.
	Nonce pulumi.StringPtrInput
	// The PKCS#7 signature of the identity document to
	// authenticate with, with all newline characters removed. Can be retrieved from
	// the EC2 metadata server.
	Pkcs7 pulumi.StringPtrInput
	// The Vault policies assigned to this token.
	Policies pulumi.StringArrayInput
	// Set to true if the token can be extended through renewal.
	Renewable pulumi.BoolPtrInput
	// The name of the AWS auth backend role to create tokens
	// against.
	Role pulumi.StringPtrInput
	// The base64-encoded SHA256 RSA signature of the
	// instance identity document to authenticate with, with all newline characters
	// removed. Can be retrieved from the EC2 metadata server.
	Signature pulumi.StringPtrInput
}

func (AuthBackendLoginState) ElementType 

func (AuthBackendLoginState) ElementType() reflect.Type

type AuthBackendRole 

type AuthBackendRole struct {
	pulumi.CustomResourceState

	// If set to `true`, allows migration of
	// the underlying instance where the client resides.
	AllowInstanceMigration pulumi.BoolPtrOutput `pulumi:"allowInstanceMigration"`
	// The auth type permitted for this role. Valid choices
	// are `ec2` and `iam`. Defaults to `iam`.
	AuthType pulumi.StringPtrOutput `pulumi:"authType"`
	// Path to the mounted aws auth backend.
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// If set, defines a constraint on the EC2
	// instances that can perform the login operation that they should be using the
	// account ID specified by this field. `authType` must be set to `ec2` or
	// `inferredEntityType` must be set to `ec2Instance` to use this constraint.
	BoundAccountIds pulumi.StringArrayOutput `pulumi:"boundAccountIds"`
	// If set, defines a constraint on the EC2 instances
	// that can perform the login operation that they should be using the AMI ID
	// specified by this field. `authType` must be set to `ec2` or
	// `inferredEntityType` must be set to `ec2Instance` to use this constraint.
	BoundAmiIds pulumi.StringArrayOutput `pulumi:"boundAmiIds"`
	// Only EC2 instances that match this instance ID will be permitted to log in.
	BoundEc2InstanceIds pulumi.StringArrayOutput `pulumi:"boundEc2InstanceIds"`
	// If set, defines a constraint on
	// the EC2 instances that can perform the login operation that they must be
	// associated with an IAM instance profile ARN which has a prefix that matches
	// the value specified by this field. The value is prefix-matched as though it
	// were a glob ending in `*`. `authType` must be set to `ec2` or
	// `inferredEntityType` must be set to `ec2Instance` to use this constraint.
	BoundIamInstanceProfileArns pulumi.StringArrayOutput `pulumi:"boundIamInstanceProfileArns"`
	// If set, defines the IAM principal that
	// must be authenticated when `authType` is set to `iam`. Wildcards are
	// supported at the end of the ARN.
	BoundIamPrincipalArns pulumi.StringArrayOutput `pulumi:"boundIamPrincipalArns"`
	// If set, defines a constraint on the EC2
	// instances that can perform the login operation that they must match the IAM
	// role ARN specified by this field. `authType` must be set to `ec2` or
	// `inferredEntityType` must be set to `ec2Instance` to use this constraint.
	BoundIamRoleArns pulumi.StringArrayOutput `pulumi:"boundIamRoleArns"`
	// If set, defines a constraint on the EC2 instances
	// that can perform the login operation that the region in their identity
	// document must match the one specified by this field. `authType` must be set
	// to `ec2` or `inferredEntityType` must be set to `ec2Instance` to use this
	// constraint.
	BoundRegions pulumi.StringArrayOutput `pulumi:"boundRegions"`
	// If set, defines a constraint on the EC2
	// instances that can perform the login operation that they be associated with
	// the subnet ID that matches the value specified by this field. `authType`
	// must be set to `ec2` or `inferredEntityType` must be set to `ec2Instance`
	// to use this constraint.
	BoundSubnetIds pulumi.StringArrayOutput `pulumi:"boundSubnetIds"`
	// If set, defines a constraint on the EC2 instances
	// that can perform the login operation that they be associated with the VPC ID
	// that matches the value specified by this field. `authType` must be set to
	// `ec2` or `inferredEntityType` must be set to `ec2Instance` to use this
	// constraint.
	BoundVpcIds pulumi.StringArrayOutput `pulumi:"boundVpcIds"`
	// IF set to `true`, only allows a
	// single token to be granted per instance ID. This can only be set when
	// `authType` is set to `ec2`.
	DisallowReauthentication pulumi.BoolPtrOutput `pulumi:"disallowReauthentication"`
	// When `inferredEntityType` is set, this
	// is the region to search for the inferred entities. Required if
	// `inferredEntityType` is set. This only applies when `authType` is set to
	// `iam`.
	InferredAwsRegion pulumi.StringPtrOutput `pulumi:"inferredAwsRegion"`
	// If set, instructs Vault to turn on
	// inferencing. The only valid value is `ec2Instance`, which instructs Vault to
	// infer that the role comes from an EC2 instance in an IAM instance profile.
	// This only applies when `authType` is set to `iam`.
	InferredEntityType pulumi.StringPtrOutput `pulumi:"inferredEntityType"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// Only valid when
	// `authType` is `iam`. If set to `true`, the `boundIamPrincipalArns` are
	// resolved to [AWS Unique
	// IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)
	// for the bound principal ARN. This field is ignored when a
	// `boundIamPrincipalArn` ends in a wildcard. Resolving to unique IDs more
	// closely mimics the behavior of AWS services in that if an IAM user or role is
	// deleted and a new one is recreated with the same name, those new users or
	// roles won't get access to roles in Vault that were permissioned to the prior
	// principals of the same name. Defaults to `true`.
	// Once set to `true`, this cannot be changed to `false` without recreating the role.
	ResolveAwsUniqueIds pulumi.BoolPtrOutput `pulumi:"resolveAwsUniqueIds"`
	// The name of the role.
	Role pulumi.StringOutput `pulumi:"role"`
	// The Vault generated role ID.
	RoleId pulumi.StringOutput `pulumi:"roleId"`
	// If set, enable role tags for this role. The value set
	// for this field should be the key of the tag on the EC2 instance. `authType`
	// must be set to `ec2` or `inferredEntityType` must be set to `ec2Instance`
	// to use this constraint.
	RoleTag pulumi.StringPtrOutput `pulumi:"roleTag"`
	// Specifies the blocks of IP addresses which are allowed to use the generated token
	TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"`
	// Generated Token's Explicit Maximum TTL in seconds
	TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"`
	// The maximum lifetime of the generated token
	TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"`
	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"`
	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"`
	// Generated Token's Period
	TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"`
	// Generated Token's Policies
	TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"`
	// The initial ttl of the token to generate in seconds
	TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"`
	// The type of token to generate, service or batch
	TokenType pulumi.StringPtrOutput `pulumi:"tokenType"`
}

Manages an AWS auth backend role in a Vault server. Roles constrain the instances or principals that can perform the login operation against the backend. See the [Vault documentation](https://www.vaultproject.io/docs/auth/aws.html) for more information.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/aws"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		aws, err := vault.NewAuthBackend(ctx, "aws", &vault.AuthBackendArgs{
			Type: pulumi.String("aws"),
		})
		if err != nil {
			return err
		}
		_, err = aws.NewAuthBackendRole(ctx, "example", &aws.AuthBackendRoleArgs{
			Backend:  aws.Path,
			Role:     pulumi.String("test-role"),
			AuthType: pulumi.String("iam"),
			BoundAmiIds: pulumi.StringArray{
				pulumi.String("ami-8c1be5f6"),
			},
			BoundAccountIds: pulumi.StringArray{
				pulumi.String("123456789012"),
			},
			BoundVpcIds: pulumi.StringArray{
				pulumi.String("vpc-b61106d4"),
			},
			BoundSubnetIds: pulumi.StringArray{
				pulumi.String("vpc-133128f1"),
			},
			BoundIamRoleArns: pulumi.StringArray{
				pulumi.String("arn:aws:iam::123456789012:role/MyRole"),
			},
			BoundIamInstanceProfileArns: pulumi.StringArray{
				pulumi.String("arn:aws:iam::123456789012:instance-profile/MyProfile"),
			},
			InferredEntityType: pulumi.String("ec2_instance"),
			InferredAwsRegion:  pulumi.String("us-east-1"),
			TokenTtl:           pulumi.Int(60),
			TokenMaxTtl:        pulumi.Int(120),
			TokenPolicies: pulumi.StringArray{
				pulumi.String("default"),
				pulumi.String("dev"),
				pulumi.String("prod"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

AWS auth backend roles can be imported using `auth/`, the `backend` path, `/role/`, and the `role` name e.g.

```sh $ pulumi import vault:aws/authBackendRole:AuthBackendRole example auth/aws/role/test-role ```

func GetAuthBackendRole 

func GetAuthBackendRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendRoleState, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)

GetAuthBackendRole gets an existing AuthBackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendRole 

func NewAuthBackendRole(ctx *pulumi.Context,
	name string, args *AuthBackendRoleArgs, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)

NewAuthBackendRole registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendRole) ElementType 

func (*AuthBackendRole) ElementType() reflect.Type

func (*AuthBackendRole) ToAuthBackendRoleOutput 

func (i *AuthBackendRole) ToAuthBackendRoleOutput() AuthBackendRoleOutput

func (*AuthBackendRole) ToAuthBackendRoleOutputWithContext 

func (i *AuthBackendRole) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput

type AuthBackendRoleArgs 

type AuthBackendRoleArgs struct {
	// If set to `true`, allows migration of
	// the underlying instance where the client resides.
	AllowInstanceMigration pulumi.BoolPtrInput
	// The auth type permitted for this role. Valid choices
	// are `ec2` and `iam`. Defaults to `iam`.
	AuthType pulumi.StringPtrInput
	// Path to the mounted aws auth backend.
	Backend pulumi.StringPtrInput
	// If set, defines a constraint on the EC2
	// instances that can perform the login operation that they should be using the
	// account ID specified by this field. `authType` must be set to `ec2` or
	// `inferredEntityType` must be set to `ec2Instance` to use this constraint.
	BoundAccountIds pulumi.StringArrayInput
	// If set, defines a constraint on the EC2 instances
	// that can perform the login operation that they should be using the AMI ID
	// specified by this field. `authType` must be set to `ec2` or
	// `inferredEntityType` must be set to `ec2Instance` to use this constraint.
	BoundAmiIds pulumi.StringArrayInput
	// Only EC2 instances that match this instance ID will be permitted to log in.
	BoundEc2InstanceIds pulumi.StringArrayInput
	// If set, defines a constraint on
	// the EC2 instances that can perform the login operation that they must be
	// associated with an IAM instance profile ARN which has a prefix that matches
	// the value specified by this field. The value is prefix-matched as though it
	// were a glob ending in `*`. `authType` must be set to `ec2` or
	// `inferredEntityType` must be set to `ec2Instance` to use this constraint.
	BoundIamInstanceProfileArns pulumi.StringArrayInput
	// If set, defines the IAM principal that
	// must be authenticated when `authType` is set to `iam`. Wildcards are
	// supported at the end of the ARN.
	BoundIamPrincipalArns pulumi.StringArrayInput
	// If set, defines a constraint on the EC2
	// instances that can perform the login operation that they must match the IAM
	// role ARN specified by this field. `authType` must be set to `ec2` or
	// `inferredEntityType` must be set to `ec2Instance` to use this constraint.
	BoundIamRoleArns pulumi.StringArrayInput
	// If set, defines a constraint on the EC2 instances
	// that can perform the login operation that the region in their identity
	// document must match the one specified by this field. `authType` must be set
	// to `ec2` or `inferredEntityType` must be set to `ec2Instance` to use this
	// constraint.
	BoundRegions pulumi.StringArrayInput
	// If set, defines a constraint on the EC2
	// instances that can perform the login operation that they be associated with
	// the subnet ID that matches the value specified by this field. `authType`
	// must be set to `ec2` or `inferredEntityType` must be set to `ec2Instance`
	// to use this constraint.
	BoundSubnetIds pulumi.StringArrayInput
	// If set, defines a constraint on the EC2 instances
	// that can perform the login operation that they be associated with the VPC ID
	// that matches the value specified by this field. `authType` must be set to
	// `ec2` or `inferredEntityType` must be set to `ec2Instance` to use this
	// constraint.
	BoundVpcIds pulumi.StringArrayInput
	// IF set to `true`, only allows a
	// single token to be granted per instance ID. This can only be set when
	// `authType` is set to `ec2`.
	DisallowReauthentication pulumi.BoolPtrInput
	// When `inferredEntityType` is set, this
	// is the region to search for the inferred entities. Required if
	// `inferredEntityType` is set. This only applies when `authType` is set to
	// `iam`.
	InferredAwsRegion pulumi.StringPtrInput
	// If set, instructs Vault to turn on
	// inferencing. The only valid value is `ec2Instance`, which instructs Vault to
	// infer that the role comes from an EC2 instance in an IAM instance profile.
	// This only applies when `authType` is set to `iam`.
	InferredEntityType pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Only valid when
	// `authType` is `iam`. If set to `true`, the `boundIamPrincipalArns` are
	// resolved to [AWS Unique
	// IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)
	// for the bound principal ARN. This field is ignored when a
	// `boundIamPrincipalArn` ends in a wildcard. Resolving to unique IDs more
	// closely mimics the behavior of AWS services in that if an IAM user or role is
	// deleted and a new one is recreated with the same name, those new users or
	// roles won't get access to roles in Vault that were permissioned to the prior
	// principals of the same name. Defaults to `true`.
	// Once set to `true`, this cannot be changed to `false` without recreating the role.
	ResolveAwsUniqueIds pulumi.BoolPtrInput
	// The name of the role.
	Role pulumi.StringInput
	// If set, enable role tags for this role. The value set
	// for this field should be the key of the tag on the EC2 instance. `authType`
	// must be set to `ec2` or `inferredEntityType` must be set to `ec2Instance`
	// to use this constraint.
	RoleTag pulumi.StringPtrInput
	// Specifies the blocks of IP addresses which are allowed to use the generated token
	TokenBoundCidrs pulumi.StringArrayInput
	// Generated Token's Explicit Maximum TTL in seconds
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime of the generated token
	TokenMaxTtl pulumi.IntPtrInput
	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses pulumi.IntPtrInput
	// Generated Token's Period
	TokenPeriod pulumi.IntPtrInput
	// Generated Token's Policies
	TokenPolicies pulumi.StringArrayInput
	// The initial ttl of the token to generate in seconds
	TokenTtl pulumi.IntPtrInput
	// The type of token to generate, service or batch
	TokenType pulumi.StringPtrInput
}

The set of arguments for constructing a AuthBackendRole resource.

func (AuthBackendRoleArgs) ElementType 

func (AuthBackendRoleArgs) ElementType() reflect.Type

type AuthBackendRoleArray 

type AuthBackendRoleArray []AuthBackendRoleInput

func (AuthBackendRoleArray) ElementType 

func (AuthBackendRoleArray) ElementType() reflect.Type

func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutput 

func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput

func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext 

func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput

type AuthBackendRoleArrayInput 

type AuthBackendRoleArrayInput interface {
	pulumi.Input

	ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
	ToAuthBackendRoleArrayOutputWithContext(context.Context) AuthBackendRoleArrayOutput
}

AuthBackendRoleArrayInput is an input type that accepts AuthBackendRoleArray and AuthBackendRoleArrayOutput values. You can construct a concrete instance of `AuthBackendRoleArrayInput` via: 

AuthBackendRoleArray{ AuthBackendRoleArgs{...} }

type AuthBackendRoleArrayOutput 

type AuthBackendRoleArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleArrayOutput) ElementType 

func (AuthBackendRoleArrayOutput) ElementType() reflect.Type

func (AuthBackendRoleArrayOutput) Index 

func (o AuthBackendRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleOutput

func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput 

func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput

func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext 

func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput

type AuthBackendRoleInput 

type AuthBackendRoleInput interface {
	pulumi.Input

	ToAuthBackendRoleOutput() AuthBackendRoleOutput
	ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
}

type AuthBackendRoleMap 

type AuthBackendRoleMap map[string]AuthBackendRoleInput

func (AuthBackendRoleMap) ElementType 

func (AuthBackendRoleMap) ElementType() reflect.Type

func (AuthBackendRoleMap) ToAuthBackendRoleMapOutput 

func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput

func (AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext 

func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput

type AuthBackendRoleMapInput 

type AuthBackendRoleMapInput interface {
	pulumi.Input

	ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
	ToAuthBackendRoleMapOutputWithContext(context.Context) AuthBackendRoleMapOutput
}

AuthBackendRoleMapInput is an input type that accepts AuthBackendRoleMap and AuthBackendRoleMapOutput values. You can construct a concrete instance of `AuthBackendRoleMapInput` via: 

AuthBackendRoleMap{ "key": AuthBackendRoleArgs{...} }

type AuthBackendRoleMapOutput 

type AuthBackendRoleMapOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleMapOutput) ElementType 

func (AuthBackendRoleMapOutput) ElementType() reflect.Type

func (AuthBackendRoleMapOutput) MapIndex 

func (o AuthBackendRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleOutput

func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput 

func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput

func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext 

func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput

type AuthBackendRoleOutput 

type AuthBackendRoleOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleOutput) AllowInstanceMigration 

func (o AuthBackendRoleOutput) AllowInstanceMigration() pulumi.BoolPtrOutput

If set to `true`, allows migration of the underlying instance where the client resides.

func (AuthBackendRoleOutput) AuthType 

func (o AuthBackendRoleOutput) AuthType() pulumi.StringPtrOutput

The auth type permitted for this role. Valid choices are `ec2` and `iam`. Defaults to `iam`.

func (AuthBackendRoleOutput) Backend 

func (o AuthBackendRoleOutput) Backend() pulumi.StringPtrOutput

Path to the mounted aws auth backend.

func (AuthBackendRoleOutput) BoundAccountIds 

func (o AuthBackendRoleOutput) BoundAccountIds() pulumi.StringArrayOutput

If set, defines a constraint on the EC2 instances that can perform the login operation that they should be using the account ID specified by this field. `authType` must be set to `ec2` or `inferredEntityType` must be set to `ec2Instance` to use this constraint.

func (AuthBackendRoleOutput) BoundAmiIds 

func (o AuthBackendRoleOutput) BoundAmiIds() pulumi.StringArrayOutput

If set, defines a constraint on the EC2 instances that can perform the login operation that they should be using the AMI ID specified by this field. `authType` must be set to `ec2` or `inferredEntityType` must be set to `ec2Instance` to use this constraint.

func (AuthBackendRoleOutput) BoundEc2InstanceIds 

func (o AuthBackendRoleOutput) BoundEc2InstanceIds() pulumi.StringArrayOutput

Only EC2 instances that match this instance ID will be permitted to log in.

func (AuthBackendRoleOutput) BoundIamInstanceProfileArns 

func (o AuthBackendRoleOutput) BoundIamInstanceProfileArns() pulumi.StringArrayOutput

If set, defines a constraint on the EC2 instances that can perform the login operation that they must be associated with an IAM instance profile ARN which has a prefix that matches the value specified by this field. The value is prefix-matched as though it were a glob ending in `*`. `authType` must be set to `ec2` or `inferredEntityType` must be set to `ec2Instance` to use this constraint.

func (AuthBackendRoleOutput) BoundIamPrincipalArns 

func (o AuthBackendRoleOutput) BoundIamPrincipalArns() pulumi.StringArrayOutput

If set, defines the IAM principal that must be authenticated when `authType` is set to `iam`. Wildcards are supported at the end of the ARN.

func (AuthBackendRoleOutput) BoundIamRoleArns 

func (o AuthBackendRoleOutput) BoundIamRoleArns() pulumi.StringArrayOutput

If set, defines a constraint on the EC2 instances that can perform the login operation that they must match the IAM role ARN specified by this field. `authType` must be set to `ec2` or `inferredEntityType` must be set to `ec2Instance` to use this constraint.

func (AuthBackendRoleOutput) BoundRegions 

func (o AuthBackendRoleOutput) BoundRegions() pulumi.StringArrayOutput

If set, defines a constraint on the EC2 instances that can perform the login operation that the region in their identity document must match the one specified by this field. `authType` must be set to `ec2` or `inferredEntityType` must be set to `ec2Instance` to use this constraint.

func (AuthBackendRoleOutput) BoundSubnetIds 

func (o AuthBackendRoleOutput) BoundSubnetIds() pulumi.StringArrayOutput

If set, defines a constraint on the EC2 instances that can perform the login operation that they be associated with the subnet ID that matches the value specified by this field. `authType` must be set to `ec2` or `inferredEntityType` must be set to `ec2Instance` to use this constraint.

func (AuthBackendRoleOutput) BoundVpcIds 

func (o AuthBackendRoleOutput) BoundVpcIds() pulumi.StringArrayOutput

If set, defines a constraint on the EC2 instances that can perform the login operation that they be associated with the VPC ID that matches the value specified by this field. `authType` must be set to `ec2` or `inferredEntityType` must be set to `ec2Instance` to use this constraint.

func (AuthBackendRoleOutput) DisallowReauthentication 

func (o AuthBackendRoleOutput) DisallowReauthentication() pulumi.BoolPtrOutput

IF set to `true`, only allows a single token to be granted per instance ID. This can only be set when `authType` is set to `ec2`.

func (AuthBackendRoleOutput) ElementType 

func (AuthBackendRoleOutput) ElementType() reflect.Type

func (AuthBackendRoleOutput) InferredAwsRegion 

func (o AuthBackendRoleOutput) InferredAwsRegion() pulumi.StringPtrOutput

When `inferredEntityType` is set, this is the region to search for the inferred entities. Required if `inferredEntityType` is set. This only applies when `authType` is set to `iam`.

func (AuthBackendRoleOutput) InferredEntityType 

func (o AuthBackendRoleOutput) InferredEntityType() pulumi.StringPtrOutput

If set, instructs Vault to turn on inferencing. The only valid value is `ec2Instance`, which instructs Vault to infer that the role comes from an EC2 instance in an IAM instance profile. This only applies when `authType` is set to `iam`.

func (AuthBackendRoleOutput) Namespace 

func (o AuthBackendRoleOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (AuthBackendRoleOutput) ResolveAwsUniqueIds 

func (o AuthBackendRoleOutput) ResolveAwsUniqueIds() pulumi.BoolPtrOutput

Only valid when `authType` is `iam`. If set to `true`, the `boundIamPrincipalArns` are resolved to [AWS Unique IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids) for the bound principal ARN. This field is ignored when a `boundIamPrincipalArn` ends in a wildcard. Resolving to unique IDs more closely mimics the behavior of AWS services in that if an IAM user or role is deleted and a new one is recreated with the same name, those new users or roles won't get access to roles in Vault that were permissioned to the prior principals of the same name. Defaults to `true`. Once set to `true`, this cannot be changed to `false` without recreating the role.

func (AuthBackendRoleOutput) Role 

func (o AuthBackendRoleOutput) Role() pulumi.StringOutput

The name of the role.

func (AuthBackendRoleOutput) RoleId 

func (o AuthBackendRoleOutput) RoleId() pulumi.StringOutput

The Vault generated role ID.

func (AuthBackendRoleOutput) RoleTag 

func (o AuthBackendRoleOutput) RoleTag() pulumi.StringPtrOutput

If set, enable role tags for this role. The value set for this field should be the key of the tag on the EC2 instance. `authType` must be set to `ec2` or `inferredEntityType` must be set to `ec2Instance` to use this constraint.

func (AuthBackendRoleOutput) ToAuthBackendRoleOutput 

func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput

func (AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext 

func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput

func (AuthBackendRoleOutput) TokenBoundCidrs 

func (o AuthBackendRoleOutput) TokenBoundCidrs() pulumi.StringArrayOutput

Specifies the blocks of IP addresses which are allowed to use the generated token

func (AuthBackendRoleOutput) TokenExplicitMaxTtl 

func (o AuthBackendRoleOutput) TokenExplicitMaxTtl() pulumi.IntPtrOutput

Generated Token's Explicit Maximum TTL in seconds

func (AuthBackendRoleOutput) TokenMaxTtl 

func (o AuthBackendRoleOutput) TokenMaxTtl() pulumi.IntPtrOutput

The maximum lifetime of the generated token

func (AuthBackendRoleOutput) TokenNoDefaultPolicy 

func (o AuthBackendRoleOutput) TokenNoDefaultPolicy() pulumi.BoolPtrOutput

If true, the 'default' policy will not automatically be added to generated tokens

func (AuthBackendRoleOutput) TokenNumUses 

func (o AuthBackendRoleOutput) TokenNumUses() pulumi.IntPtrOutput

The maximum number of times a token may be used, a value of zero means unlimited

func (AuthBackendRoleOutput) TokenPeriod 

func (o AuthBackendRoleOutput) TokenPeriod() pulumi.IntPtrOutput

Generated Token's Period

func (AuthBackendRoleOutput) TokenPolicies 

func (o AuthBackendRoleOutput) TokenPolicies() pulumi.StringArrayOutput

Generated Token's Policies

func (AuthBackendRoleOutput) TokenTtl 

func (o AuthBackendRoleOutput) TokenTtl() pulumi.IntPtrOutput

The initial ttl of the token to generate in seconds

func (AuthBackendRoleOutput) TokenType 

func (o AuthBackendRoleOutput) TokenType() pulumi.StringPtrOutput

The type of token to generate, service or batch

type AuthBackendRoleState 

type AuthBackendRoleState struct {
	// If set to `true`, allows migration of
	// the underlying instance where the client resides.
	AllowInstanceMigration pulumi.BoolPtrInput
	// The auth type permitted for this role. Valid choices
	// are `ec2` and `iam`. Defaults to `iam`.
	AuthType pulumi.StringPtrInput
	// Path to the mounted aws auth backend.
	Backend pulumi.StringPtrInput
	// If set, defines a constraint on the EC2
	// instances that can perform the login operation that they should be using the
	// account ID specified by this field. `authType` must be set to `ec2` or
	// `inferredEntityType` must be set to `ec2Instance` to use this constraint.
	BoundAccountIds pulumi.StringArrayInput
	// If set, defines a constraint on the EC2 instances
	// that can perform the login operation that they should be using the AMI ID
	// specified by this field. `authType` must be set to `ec2` or
	// `inferredEntityType` must be set to `ec2Instance` to use this constraint.
	BoundAmiIds pulumi.StringArrayInput
	// Only EC2 instances that match this instance ID will be permitted to log in.
	BoundEc2InstanceIds pulumi.StringArrayInput
	// If set, defines a constraint on
	// the EC2 instances that can perform the login operation that they must be
	// associated with an IAM instance profile ARN which has a prefix that matches
	// the value specified by this field. The value is prefix-matched as though it
	// were a glob ending in `*`. `authType` must be set to `ec2` or
	// `inferredEntityType` must be set to `ec2Instance` to use this constraint.
	BoundIamInstanceProfileArns pulumi.StringArrayInput
	// If set, defines the IAM principal that
	// must be authenticated when `authType` is set to `iam`. Wildcards are
	// supported at the end of the ARN.
	BoundIamPrincipalArns pulumi.StringArrayInput
	// If set, defines a constraint on the EC2
	// instances that can perform the login operation that they must match the IAM
	// role ARN specified by this field. `authType` must be set to `ec2` or
	// `inferredEntityType` must be set to `ec2Instance` to use this constraint.
	BoundIamRoleArns pulumi.StringArrayInput
	// If set, defines a constraint on the EC2 instances
	// that can perform the login operation that the region in their identity
	// document must match the one specified by this field. `authType` must be set
	// to `ec2` or `inferredEntityType` must be set to `ec2Instance` to use this
	// constraint.
	BoundRegions pulumi.StringArrayInput
	// If set, defines a constraint on the EC2
	// instances that can perform the login operation that they be associated with
	// the subnet ID that matches the value specified by this field. `authType`
	// must be set to `ec2` or `inferredEntityType` must be set to `ec2Instance`
	// to use this constraint.
	BoundSubnetIds pulumi.StringArrayInput
	// If set, defines a constraint on the EC2 instances
	// that can perform the login operation that they be associated with the VPC ID
	// that matches the value specified by this field. `authType` must be set to
	// `ec2` or `inferredEntityType` must be set to `ec2Instance` to use this
	// constraint.
	BoundVpcIds pulumi.StringArrayInput
	// IF set to `true`, only allows a
	// single token to be granted per instance ID. This can only be set when
	// `authType` is set to `ec2`.
	DisallowReauthentication pulumi.BoolPtrInput
	// When `inferredEntityType` is set, this
	// is the region to search for the inferred entities. Required if
	// `inferredEntityType` is set. This only applies when `authType` is set to
	// `iam`.
	InferredAwsRegion pulumi.StringPtrInput
	// If set, instructs Vault to turn on
	// inferencing. The only valid value is `ec2Instance`, which instructs Vault to
	// infer that the role comes from an EC2 instance in an IAM instance profile.
	// This only applies when `authType` is set to `iam`.
	InferredEntityType pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// Only valid when
	// `authType` is `iam`. If set to `true`, the `boundIamPrincipalArns` are
	// resolved to [AWS Unique
	// IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)
	// for the bound principal ARN. This field is ignored when a
	// `boundIamPrincipalArn` ends in a wildcard. Resolving to unique IDs more
	// closely mimics the behavior of AWS services in that if an IAM user or role is
	// deleted and a new one is recreated with the same name, those new users or
	// roles won't get access to roles in Vault that were permissioned to the prior
	// principals of the same name. Defaults to `true`.
	// Once set to `true`, this cannot be changed to `false` without recreating the role.
	ResolveAwsUniqueIds pulumi.BoolPtrInput
	// The name of the role.
	Role pulumi.StringPtrInput
	// The Vault generated role ID.
	RoleId pulumi.StringPtrInput
	// If set, enable role tags for this role. The value set
	// for this field should be the key of the tag on the EC2 instance. `authType`
	// must be set to `ec2` or `inferredEntityType` must be set to `ec2Instance`
	// to use this constraint.
	RoleTag pulumi.StringPtrInput
	// Specifies the blocks of IP addresses which are allowed to use the generated token
	TokenBoundCidrs pulumi.StringArrayInput
	// Generated Token's Explicit Maximum TTL in seconds
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime of the generated token
	TokenMaxTtl pulumi.IntPtrInput
	// If true, the 'default' policy will not automatically be added to generated tokens
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The maximum number of times a token may be used, a value of zero means unlimited
	TokenNumUses pulumi.IntPtrInput
	// Generated Token's Period
	TokenPeriod pulumi.IntPtrInput
	// Generated Token's Policies
	TokenPolicies pulumi.StringArrayInput
	// The initial ttl of the token to generate in seconds
	TokenTtl pulumi.IntPtrInput
	// The type of token to generate, service or batch
	TokenType pulumi.StringPtrInput
}

func (AuthBackendRoleState) ElementType 

func (AuthBackendRoleState) ElementType() reflect.Type

type AuthBackendRoleTag 

type AuthBackendRoleTag struct {
	pulumi.CustomResourceState

	// If set, allows migration of the underlying instances where the client resides. Use with caution.
	AllowInstanceMigration pulumi.BoolPtrOutput `pulumi:"allowInstanceMigration"`
	// The path to the AWS auth backend to
	// read role tags from, with no leading or trailing `/`s. Defaults to "aws".
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// If set, only allows a single token to be granted per instance ID.
	DisallowReauthentication pulumi.BoolPtrOutput `pulumi:"disallowReauthentication"`
	// Instance ID for which this tag is intended for. If set, the created tag can only be used by the instance with the given ID.
	InstanceId pulumi.StringPtrOutput `pulumi:"instanceId"`
	// The maximum TTL of the tokens issued using this role.
	MaxTtl pulumi.StringPtrOutput `pulumi:"maxTtl"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// The policies to be associated with the tag. Must be a subset of the policies associated with the role.
	Policies pulumi.StringArrayOutput `pulumi:"policies"`
	// The name of the AWS auth backend role to read
	// role tags from, with no leading or trailing `/`s.
	Role pulumi.StringOutput `pulumi:"role"`
	// The key of the role tag.
	TagKey pulumi.StringOutput `pulumi:"tagKey"`
	// The value to set the role key.
	TagValue pulumi.StringOutput `pulumi:"tagValue"`
}

Reads role tag information from an AWS auth backend in Vault.

func GetAuthBackendRoleTag 

func GetAuthBackendRoleTag(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendRoleTagState, opts ...pulumi.ResourceOption) (*AuthBackendRoleTag, error)

GetAuthBackendRoleTag gets an existing AuthBackendRoleTag resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendRoleTag 

func NewAuthBackendRoleTag(ctx *pulumi.Context,
	name string, args *AuthBackendRoleTagArgs, opts ...pulumi.ResourceOption) (*AuthBackendRoleTag, error)

NewAuthBackendRoleTag registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendRoleTag) ElementType 

func (*AuthBackendRoleTag) ElementType() reflect.Type

func (*AuthBackendRoleTag) ToAuthBackendRoleTagOutput 

func (i *AuthBackendRoleTag) ToAuthBackendRoleTagOutput() AuthBackendRoleTagOutput

func (*AuthBackendRoleTag) ToAuthBackendRoleTagOutputWithContext 

func (i *AuthBackendRoleTag) ToAuthBackendRoleTagOutputWithContext(ctx context.Context) AuthBackendRoleTagOutput

type AuthBackendRoleTagArgs 

type AuthBackendRoleTagArgs struct {
	// If set, allows migration of the underlying instances where the client resides. Use with caution.
	AllowInstanceMigration pulumi.BoolPtrInput
	// The path to the AWS auth backend to
	// read role tags from, with no leading or trailing `/`s. Defaults to "aws".
	Backend pulumi.StringPtrInput
	// If set, only allows a single token to be granted per instance ID.
	DisallowReauthentication pulumi.BoolPtrInput
	// Instance ID for which this tag is intended for. If set, the created tag can only be used by the instance with the given ID.
	InstanceId pulumi.StringPtrInput
	// The maximum TTL of the tokens issued using this role.
	MaxTtl pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The policies to be associated with the tag. Must be a subset of the policies associated with the role.
	Policies pulumi.StringArrayInput
	// The name of the AWS auth backend role to read
	// role tags from, with no leading or trailing `/`s.
	Role pulumi.StringInput
}

The set of arguments for constructing a AuthBackendRoleTag resource.

func (AuthBackendRoleTagArgs) ElementType 

func (AuthBackendRoleTagArgs) ElementType() reflect.Type

type AuthBackendRoleTagArray 

type AuthBackendRoleTagArray []AuthBackendRoleTagInput

func (AuthBackendRoleTagArray) ElementType 

func (AuthBackendRoleTagArray) ElementType() reflect.Type

func (AuthBackendRoleTagArray) ToAuthBackendRoleTagArrayOutput 

func (i AuthBackendRoleTagArray) ToAuthBackendRoleTagArrayOutput() AuthBackendRoleTagArrayOutput

func (AuthBackendRoleTagArray) ToAuthBackendRoleTagArrayOutputWithContext 

func (i AuthBackendRoleTagArray) ToAuthBackendRoleTagArrayOutputWithContext(ctx context.Context) AuthBackendRoleTagArrayOutput

type AuthBackendRoleTagArrayInput 

type AuthBackendRoleTagArrayInput interface {
	pulumi.Input

	ToAuthBackendRoleTagArrayOutput() AuthBackendRoleTagArrayOutput
	ToAuthBackendRoleTagArrayOutputWithContext(context.Context) AuthBackendRoleTagArrayOutput
}

AuthBackendRoleTagArrayInput is an input type that accepts AuthBackendRoleTagArray and AuthBackendRoleTagArrayOutput values. You can construct a concrete instance of `AuthBackendRoleTagArrayInput` via: 

AuthBackendRoleTagArray{ AuthBackendRoleTagArgs{...} }

type AuthBackendRoleTagArrayOutput 

type AuthBackendRoleTagArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleTagArrayOutput) ElementType 

func (AuthBackendRoleTagArrayOutput) ElementType() reflect.Type

func (AuthBackendRoleTagArrayOutput) Index 

func (o AuthBackendRoleTagArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleTagOutput

func (AuthBackendRoleTagArrayOutput) ToAuthBackendRoleTagArrayOutput 

func (o AuthBackendRoleTagArrayOutput) ToAuthBackendRoleTagArrayOutput() AuthBackendRoleTagArrayOutput

func (AuthBackendRoleTagArrayOutput) ToAuthBackendRoleTagArrayOutputWithContext 

func (o AuthBackendRoleTagArrayOutput) ToAuthBackendRoleTagArrayOutputWithContext(ctx context.Context) AuthBackendRoleTagArrayOutput

type AuthBackendRoleTagInput 

type AuthBackendRoleTagInput interface {
	pulumi.Input

	ToAuthBackendRoleTagOutput() AuthBackendRoleTagOutput
	ToAuthBackendRoleTagOutputWithContext(ctx context.Context) AuthBackendRoleTagOutput
}

type AuthBackendRoleTagMap 

type AuthBackendRoleTagMap map[string]AuthBackendRoleTagInput

func (AuthBackendRoleTagMap) ElementType 

func (AuthBackendRoleTagMap) ElementType() reflect.Type

func (AuthBackendRoleTagMap) ToAuthBackendRoleTagMapOutput 

func (i AuthBackendRoleTagMap) ToAuthBackendRoleTagMapOutput() AuthBackendRoleTagMapOutput

func (AuthBackendRoleTagMap) ToAuthBackendRoleTagMapOutputWithContext 

func (i AuthBackendRoleTagMap) ToAuthBackendRoleTagMapOutputWithContext(ctx context.Context) AuthBackendRoleTagMapOutput

type AuthBackendRoleTagMapInput 

type AuthBackendRoleTagMapInput interface {
	pulumi.Input

	ToAuthBackendRoleTagMapOutput() AuthBackendRoleTagMapOutput
	ToAuthBackendRoleTagMapOutputWithContext(context.Context) AuthBackendRoleTagMapOutput
}

AuthBackendRoleTagMapInput is an input type that accepts AuthBackendRoleTagMap and AuthBackendRoleTagMapOutput values. You can construct a concrete instance of `AuthBackendRoleTagMapInput` via: 

AuthBackendRoleTagMap{ "key": AuthBackendRoleTagArgs{...} }

type AuthBackendRoleTagMapOutput 

type AuthBackendRoleTagMapOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleTagMapOutput) ElementType 

func (AuthBackendRoleTagMapOutput) ElementType() reflect.Type

func (AuthBackendRoleTagMapOutput) MapIndex 

func (o AuthBackendRoleTagMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleTagOutput

func (AuthBackendRoleTagMapOutput) ToAuthBackendRoleTagMapOutput 

func (o AuthBackendRoleTagMapOutput) ToAuthBackendRoleTagMapOutput() AuthBackendRoleTagMapOutput

func (AuthBackendRoleTagMapOutput) ToAuthBackendRoleTagMapOutputWithContext 

func (o AuthBackendRoleTagMapOutput) ToAuthBackendRoleTagMapOutputWithContext(ctx context.Context) AuthBackendRoleTagMapOutput

type AuthBackendRoleTagOutput 

type AuthBackendRoleTagOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleTagOutput) AllowInstanceMigration 

func (o AuthBackendRoleTagOutput) AllowInstanceMigration() pulumi.BoolPtrOutput

If set, allows migration of the underlying instances where the client resides. Use with caution.

func (AuthBackendRoleTagOutput) Backend 

func (o AuthBackendRoleTagOutput) Backend() pulumi.StringPtrOutput

The path to the AWS auth backend to read role tags from, with no leading or trailing `/`s. Defaults to "aws".

func (AuthBackendRoleTagOutput) DisallowReauthentication 

func (o AuthBackendRoleTagOutput) DisallowReauthentication() pulumi.BoolPtrOutput

If set, only allows a single token to be granted per instance ID.

func (AuthBackendRoleTagOutput) ElementType 

func (AuthBackendRoleTagOutput) ElementType() reflect.Type

func (AuthBackendRoleTagOutput) InstanceId 

func (o AuthBackendRoleTagOutput) InstanceId() pulumi.StringPtrOutput

Instance ID for which this tag is intended for. If set, the created tag can only be used by the instance with the given ID.

func (AuthBackendRoleTagOutput) MaxTtl 

func (o AuthBackendRoleTagOutput) MaxTtl() pulumi.StringPtrOutput

The maximum TTL of the tokens issued using this role.

func (AuthBackendRoleTagOutput) Namespace 

func (o AuthBackendRoleTagOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (AuthBackendRoleTagOutput) Policies 

func (o AuthBackendRoleTagOutput) Policies() pulumi.StringArrayOutput

The policies to be associated with the tag. Must be a subset of the policies associated with the role.

func (AuthBackendRoleTagOutput) Role 

func (o AuthBackendRoleTagOutput) Role() pulumi.StringOutput

The name of the AWS auth backend role to read role tags from, with no leading or trailing `/`s.

func (AuthBackendRoleTagOutput) TagKey 

func (o AuthBackendRoleTagOutput) TagKey() pulumi.StringOutput

The key of the role tag.

func (AuthBackendRoleTagOutput) TagValue 

func (o AuthBackendRoleTagOutput) TagValue() pulumi.StringOutput

The value to set the role key.

func (AuthBackendRoleTagOutput) ToAuthBackendRoleTagOutput 

func (o AuthBackendRoleTagOutput) ToAuthBackendRoleTagOutput() AuthBackendRoleTagOutput

func (AuthBackendRoleTagOutput) ToAuthBackendRoleTagOutputWithContext 

func (o AuthBackendRoleTagOutput) ToAuthBackendRoleTagOutputWithContext(ctx context.Context) AuthBackendRoleTagOutput

type AuthBackendRoleTagState 

type AuthBackendRoleTagState struct {
	// If set, allows migration of the underlying instances where the client resides. Use with caution.
	AllowInstanceMigration pulumi.BoolPtrInput
	// The path to the AWS auth backend to
	// read role tags from, with no leading or trailing `/`s. Defaults to "aws".
	Backend pulumi.StringPtrInput
	// If set, only allows a single token to be granted per instance ID.
	DisallowReauthentication pulumi.BoolPtrInput
	// Instance ID for which this tag is intended for. If set, the created tag can only be used by the instance with the given ID.
	InstanceId pulumi.StringPtrInput
	// The maximum TTL of the tokens issued using this role.
	MaxTtl pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The policies to be associated with the tag. Must be a subset of the policies associated with the role.
	Policies pulumi.StringArrayInput
	// The name of the AWS auth backend role to read
	// role tags from, with no leading or trailing `/`s.
	Role pulumi.StringPtrInput
	// The key of the role tag.
	TagKey pulumi.StringPtrInput
	// The value to set the role key.
	TagValue pulumi.StringPtrInput
}

func (AuthBackendRoleTagState) ElementType 

func (AuthBackendRoleTagState) ElementType() reflect.Type

type AuthBackendRoletagBlacklist 

type AuthBackendRoletagBlacklist struct {
	pulumi.CustomResourceState

	// The path the AWS auth backend being configured was
	// mounted at.
	Backend pulumi.StringOutput `pulumi:"backend"`
	// If set to true, disables the periodic
	// tidying of the roletag blacklist entries. Defaults to false.
	DisablePeriodicTidy pulumi.BoolPtrOutput `pulumi:"disablePeriodicTidy"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// The amount of extra time that must have passed
	// beyond the roletag expiration, before it is removed from the backend storage.
	// Defaults to 259,200 seconds, or 72 hours.
	SafetyBuffer pulumi.IntPtrOutput `pulumi:"safetyBuffer"`
}

Configures the periodic tidying operation of the blacklisted role tag entries.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/aws"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := vault.NewAuthBackend(ctx, "example", &vault.AuthBackendArgs{
			Type: pulumi.String("aws"),
		})
		if err != nil {
			return err
		}
		_, err = aws.NewAuthBackendRoletagBlacklist(ctx, "example", &aws.AuthBackendRoletagBlacklistArgs{
			Backend:      example.Path,
			SafetyBuffer: pulumi.Int(360),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetAuthBackendRoletagBlacklist 

func GetAuthBackendRoletagBlacklist(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendRoletagBlacklistState, opts ...pulumi.ResourceOption) (*AuthBackendRoletagBlacklist, error)

GetAuthBackendRoletagBlacklist gets an existing AuthBackendRoletagBlacklist resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendRoletagBlacklist 

func NewAuthBackendRoletagBlacklist(ctx *pulumi.Context,
	name string, args *AuthBackendRoletagBlacklistArgs, opts ...pulumi.ResourceOption) (*AuthBackendRoletagBlacklist, error)

NewAuthBackendRoletagBlacklist registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendRoletagBlacklist) ElementType 

func (*AuthBackendRoletagBlacklist) ElementType() reflect.Type

func (*AuthBackendRoletagBlacklist) ToAuthBackendRoletagBlacklistOutput 

func (i *AuthBackendRoletagBlacklist) ToAuthBackendRoletagBlacklistOutput() AuthBackendRoletagBlacklistOutput

func (*AuthBackendRoletagBlacklist) ToAuthBackendRoletagBlacklistOutputWithContext 

func (i *AuthBackendRoletagBlacklist) ToAuthBackendRoletagBlacklistOutputWithContext(ctx context.Context) AuthBackendRoletagBlacklistOutput

type AuthBackendRoletagBlacklistArgs 

type AuthBackendRoletagBlacklistArgs struct {
	// The path the AWS auth backend being configured was
	// mounted at.
	Backend pulumi.StringInput
	// If set to true, disables the periodic
	// tidying of the roletag blacklist entries. Defaults to false.
	DisablePeriodicTidy pulumi.BoolPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The amount of extra time that must have passed
	// beyond the roletag expiration, before it is removed from the backend storage.
	// Defaults to 259,200 seconds, or 72 hours.
	SafetyBuffer pulumi.IntPtrInput
}

The set of arguments for constructing a AuthBackendRoletagBlacklist resource.

func (AuthBackendRoletagBlacklistArgs) ElementType 

func (AuthBackendRoletagBlacklistArgs) ElementType() reflect.Type

type AuthBackendRoletagBlacklistArray 

type AuthBackendRoletagBlacklistArray []AuthBackendRoletagBlacklistInput

func (AuthBackendRoletagBlacklistArray) ElementType 

func (AuthBackendRoletagBlacklistArray) ElementType() reflect.Type

func (AuthBackendRoletagBlacklistArray) ToAuthBackendRoletagBlacklistArrayOutput 

func (i AuthBackendRoletagBlacklistArray) ToAuthBackendRoletagBlacklistArrayOutput() AuthBackendRoletagBlacklistArrayOutput

func (AuthBackendRoletagBlacklistArray) ToAuthBackendRoletagBlacklistArrayOutputWithContext 

func (i AuthBackendRoletagBlacklistArray) ToAuthBackendRoletagBlacklistArrayOutputWithContext(ctx context.Context) AuthBackendRoletagBlacklistArrayOutput

type AuthBackendRoletagBlacklistArrayInput 

type AuthBackendRoletagBlacklistArrayInput interface {
	pulumi.Input

	ToAuthBackendRoletagBlacklistArrayOutput() AuthBackendRoletagBlacklistArrayOutput
	ToAuthBackendRoletagBlacklistArrayOutputWithContext(context.Context) AuthBackendRoletagBlacklistArrayOutput
}

AuthBackendRoletagBlacklistArrayInput is an input type that accepts AuthBackendRoletagBlacklistArray and AuthBackendRoletagBlacklistArrayOutput values. You can construct a concrete instance of `AuthBackendRoletagBlacklistArrayInput` via: 

AuthBackendRoletagBlacklistArray{ AuthBackendRoletagBlacklistArgs{...} }

type AuthBackendRoletagBlacklistArrayOutput 

type AuthBackendRoletagBlacklistArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendRoletagBlacklistArrayOutput) ElementType 

func (AuthBackendRoletagBlacklistArrayOutput) ElementType() reflect.Type

func (AuthBackendRoletagBlacklistArrayOutput) Index 

func (o AuthBackendRoletagBlacklistArrayOutput) Index(i pulumi.IntInput) AuthBackendRoletagBlacklistOutput

func (AuthBackendRoletagBlacklistArrayOutput) ToAuthBackendRoletagBlacklistArrayOutput 

func (o AuthBackendRoletagBlacklistArrayOutput) ToAuthBackendRoletagBlacklistArrayOutput() AuthBackendRoletagBlacklistArrayOutput

func (AuthBackendRoletagBlacklistArrayOutput) ToAuthBackendRoletagBlacklistArrayOutputWithContext 

func (o AuthBackendRoletagBlacklistArrayOutput) ToAuthBackendRoletagBlacklistArrayOutputWithContext(ctx context.Context) AuthBackendRoletagBlacklistArrayOutput

type AuthBackendRoletagBlacklistInput 

type AuthBackendRoletagBlacklistInput interface {
	pulumi.Input

	ToAuthBackendRoletagBlacklistOutput() AuthBackendRoletagBlacklistOutput
	ToAuthBackendRoletagBlacklistOutputWithContext(ctx context.Context) AuthBackendRoletagBlacklistOutput
}

type AuthBackendRoletagBlacklistMap 

type AuthBackendRoletagBlacklistMap map[string]AuthBackendRoletagBlacklistInput

func (AuthBackendRoletagBlacklistMap) ElementType 

func (AuthBackendRoletagBlacklistMap) ElementType() reflect.Type

func (AuthBackendRoletagBlacklistMap) ToAuthBackendRoletagBlacklistMapOutput 

func (i AuthBackendRoletagBlacklistMap) ToAuthBackendRoletagBlacklistMapOutput() AuthBackendRoletagBlacklistMapOutput

func (AuthBackendRoletagBlacklistMap) ToAuthBackendRoletagBlacklistMapOutputWithContext 

func (i AuthBackendRoletagBlacklistMap) ToAuthBackendRoletagBlacklistMapOutputWithContext(ctx context.Context) AuthBackendRoletagBlacklistMapOutput

type AuthBackendRoletagBlacklistMapInput 

type AuthBackendRoletagBlacklistMapInput interface {
	pulumi.Input

	ToAuthBackendRoletagBlacklistMapOutput() AuthBackendRoletagBlacklistMapOutput
	ToAuthBackendRoletagBlacklistMapOutputWithContext(context.Context) AuthBackendRoletagBlacklistMapOutput
}

AuthBackendRoletagBlacklistMapInput is an input type that accepts AuthBackendRoletagBlacklistMap and AuthBackendRoletagBlacklistMapOutput values. You can construct a concrete instance of `AuthBackendRoletagBlacklistMapInput` via: 

AuthBackendRoletagBlacklistMap{ "key": AuthBackendRoletagBlacklistArgs{...} }

type AuthBackendRoletagBlacklistMapOutput 

type AuthBackendRoletagBlacklistMapOutput struct{ *pulumi.OutputState }

func (AuthBackendRoletagBlacklistMapOutput) ElementType 

func (AuthBackendRoletagBlacklistMapOutput) ElementType() reflect.Type

func (AuthBackendRoletagBlacklistMapOutput) MapIndex 

func (o AuthBackendRoletagBlacklistMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoletagBlacklistOutput

func (AuthBackendRoletagBlacklistMapOutput) ToAuthBackendRoletagBlacklistMapOutput 

func (o AuthBackendRoletagBlacklistMapOutput) ToAuthBackendRoletagBlacklistMapOutput() AuthBackendRoletagBlacklistMapOutput

func (AuthBackendRoletagBlacklistMapOutput) ToAuthBackendRoletagBlacklistMapOutputWithContext 

func (o AuthBackendRoletagBlacklistMapOutput) ToAuthBackendRoletagBlacklistMapOutputWithContext(ctx context.Context) AuthBackendRoletagBlacklistMapOutput

type AuthBackendRoletagBlacklistOutput 

type AuthBackendRoletagBlacklistOutput struct{ *pulumi.OutputState }

func (AuthBackendRoletagBlacklistOutput) Backend 

func (o AuthBackendRoletagBlacklistOutput) Backend() pulumi.StringOutput

The path the AWS auth backend being configured was mounted at.

func (AuthBackendRoletagBlacklistOutput) DisablePeriodicTidy 

func (o AuthBackendRoletagBlacklistOutput) DisablePeriodicTidy() pulumi.BoolPtrOutput

If set to true, disables the periodic tidying of the roletag blacklist entries. Defaults to false.

func (AuthBackendRoletagBlacklistOutput) ElementType 

func (AuthBackendRoletagBlacklistOutput) ElementType() reflect.Type

func (AuthBackendRoletagBlacklistOutput) Namespace 

func (o AuthBackendRoletagBlacklistOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (AuthBackendRoletagBlacklistOutput) SafetyBuffer 

func (o AuthBackendRoletagBlacklistOutput) SafetyBuffer() pulumi.IntPtrOutput

The amount of extra time that must have passed beyond the roletag expiration, before it is removed from the backend storage. Defaults to 259,200 seconds, or 72 hours.

func (AuthBackendRoletagBlacklistOutput) ToAuthBackendRoletagBlacklistOutput 

func (o AuthBackendRoletagBlacklistOutput) ToAuthBackendRoletagBlacklistOutput() AuthBackendRoletagBlacklistOutput

func (AuthBackendRoletagBlacklistOutput) ToAuthBackendRoletagBlacklistOutputWithContext 

func (o AuthBackendRoletagBlacklistOutput) ToAuthBackendRoletagBlacklistOutputWithContext(ctx context.Context) AuthBackendRoletagBlacklistOutput

type AuthBackendRoletagBlacklistState 

type AuthBackendRoletagBlacklistState struct {
	// The path the AWS auth backend being configured was
	// mounted at.
	Backend pulumi.StringPtrInput
	// If set to true, disables the periodic
	// tidying of the roletag blacklist entries. Defaults to false.
	DisablePeriodicTidy pulumi.BoolPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The amount of extra time that must have passed
	// beyond the roletag expiration, before it is removed from the backend storage.
	// Defaults to 259,200 seconds, or 72 hours.
	SafetyBuffer pulumi.IntPtrInput
}

func (AuthBackendRoletagBlacklistState) ElementType 

func (AuthBackendRoletagBlacklistState) ElementType() reflect.Type

type AuthBackendStsRole 

type AuthBackendStsRole struct {
	pulumi.CustomResourceState

	// The AWS account ID to configure the STS role for.
	AccountId pulumi.StringOutput `pulumi:"accountId"`
	// The path the AWS auth backend being configured was
	// mounted at.  Defaults to `aws`.
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// External ID expected by the STS role. The associated STS role must be configured to require the external ID. Requires Vault 1.17+.
	ExternalId pulumi.StringPtrOutput `pulumi:"externalId"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// The STS role to assume when verifying requests made
	// by EC2 instances in the account specified by `accountId`.
	StsRole pulumi.StringOutput `pulumi:"stsRole"`
}

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/aws"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		aws, err := vault.NewAuthBackend(ctx, "aws", &vault.AuthBackendArgs{
			Type: pulumi.String("aws"),
		})
		if err != nil {
			return err
		}
		_, err = aws.NewAuthBackendStsRole(ctx, "role", &aws.AuthBackendStsRoleArgs{
			Backend:   aws.Path,
			AccountId: pulumi.String("1234567890"),
			StsRole:   pulumi.String("arn:aws:iam::1234567890:role/my-role"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

AWS auth backend STS roles can be imported using `auth/`, the `backend` path, `/config/sts/`, and the `account_id` e.g.

```sh $ pulumi import vault:aws/authBackendStsRole:AuthBackendStsRole example auth/aws/config/sts/1234567890 ```

func GetAuthBackendStsRole 

func GetAuthBackendStsRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendStsRoleState, opts ...pulumi.ResourceOption) (*AuthBackendStsRole, error)

GetAuthBackendStsRole gets an existing AuthBackendStsRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendStsRole 

func NewAuthBackendStsRole(ctx *pulumi.Context,
	name string, args *AuthBackendStsRoleArgs, opts ...pulumi.ResourceOption) (*AuthBackendStsRole, error)

NewAuthBackendStsRole registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendStsRole) ElementType 

func (*AuthBackendStsRole) ElementType() reflect.Type

func (*AuthBackendStsRole) ToAuthBackendStsRoleOutput 

func (i *AuthBackendStsRole) ToAuthBackendStsRoleOutput() AuthBackendStsRoleOutput

func (*AuthBackendStsRole) ToAuthBackendStsRoleOutputWithContext 

func (i *AuthBackendStsRole) ToAuthBackendStsRoleOutputWithContext(ctx context.Context) AuthBackendStsRoleOutput

type AuthBackendStsRoleArgs 

type AuthBackendStsRoleArgs struct {
	// The AWS account ID to configure the STS role for.
	AccountId pulumi.StringInput
	// The path the AWS auth backend being configured was
	// mounted at.  Defaults to `aws`.
	Backend pulumi.StringPtrInput
	// External ID expected by the STS role. The associated STS role must be configured to require the external ID. Requires Vault 1.17+.
	ExternalId pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The STS role to assume when verifying requests made
	// by EC2 instances in the account specified by `accountId`.
	StsRole pulumi.StringInput
}

The set of arguments for constructing a AuthBackendStsRole resource.

func (AuthBackendStsRoleArgs) ElementType 

func (AuthBackendStsRoleArgs) ElementType() reflect.Type

type AuthBackendStsRoleArray 

type AuthBackendStsRoleArray []AuthBackendStsRoleInput

func (AuthBackendStsRoleArray) ElementType 

func (AuthBackendStsRoleArray) ElementType() reflect.Type

func (AuthBackendStsRoleArray) ToAuthBackendStsRoleArrayOutput 

func (i AuthBackendStsRoleArray) ToAuthBackendStsRoleArrayOutput() AuthBackendStsRoleArrayOutput

func (AuthBackendStsRoleArray) ToAuthBackendStsRoleArrayOutputWithContext 

func (i AuthBackendStsRoleArray) ToAuthBackendStsRoleArrayOutputWithContext(ctx context.Context) AuthBackendStsRoleArrayOutput

type AuthBackendStsRoleArrayInput 

type AuthBackendStsRoleArrayInput interface {
	pulumi.Input

	ToAuthBackendStsRoleArrayOutput() AuthBackendStsRoleArrayOutput
	ToAuthBackendStsRoleArrayOutputWithContext(context.Context) AuthBackendStsRoleArrayOutput
}

AuthBackendStsRoleArrayInput is an input type that accepts AuthBackendStsRoleArray and AuthBackendStsRoleArrayOutput values. You can construct a concrete instance of `AuthBackendStsRoleArrayInput` via: 

AuthBackendStsRoleArray{ AuthBackendStsRoleArgs{...} }

type AuthBackendStsRoleArrayOutput 

type AuthBackendStsRoleArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendStsRoleArrayOutput) ElementType 

func (AuthBackendStsRoleArrayOutput) ElementType() reflect.Type

func (AuthBackendStsRoleArrayOutput) Index 

func (o AuthBackendStsRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendStsRoleOutput

func (AuthBackendStsRoleArrayOutput) ToAuthBackendStsRoleArrayOutput 

func (o AuthBackendStsRoleArrayOutput) ToAuthBackendStsRoleArrayOutput() AuthBackendStsRoleArrayOutput

func (AuthBackendStsRoleArrayOutput) ToAuthBackendStsRoleArrayOutputWithContext 

func (o AuthBackendStsRoleArrayOutput) ToAuthBackendStsRoleArrayOutputWithContext(ctx context.Context) AuthBackendStsRoleArrayOutput

type AuthBackendStsRoleInput 

type AuthBackendStsRoleInput interface {
	pulumi.Input

	ToAuthBackendStsRoleOutput() AuthBackendStsRoleOutput
	ToAuthBackendStsRoleOutputWithContext(ctx context.Context) AuthBackendStsRoleOutput
}

type AuthBackendStsRoleMap 

type AuthBackendStsRoleMap map[string]AuthBackendStsRoleInput

func (AuthBackendStsRoleMap) ElementType 

func (AuthBackendStsRoleMap) ElementType() reflect.Type

func (AuthBackendStsRoleMap) ToAuthBackendStsRoleMapOutput 

func (i AuthBackendStsRoleMap) ToAuthBackendStsRoleMapOutput() AuthBackendStsRoleMapOutput

func (AuthBackendStsRoleMap) ToAuthBackendStsRoleMapOutputWithContext 

func (i AuthBackendStsRoleMap) ToAuthBackendStsRoleMapOutputWithContext(ctx context.Context) AuthBackendStsRoleMapOutput

type AuthBackendStsRoleMapInput 

type AuthBackendStsRoleMapInput interface {
	pulumi.Input

	ToAuthBackendStsRoleMapOutput() AuthBackendStsRoleMapOutput
	ToAuthBackendStsRoleMapOutputWithContext(context.Context) AuthBackendStsRoleMapOutput
}

AuthBackendStsRoleMapInput is an input type that accepts AuthBackendStsRoleMap and AuthBackendStsRoleMapOutput values. You can construct a concrete instance of `AuthBackendStsRoleMapInput` via: 

AuthBackendStsRoleMap{ "key": AuthBackendStsRoleArgs{...} }

type AuthBackendStsRoleMapOutput 

type AuthBackendStsRoleMapOutput struct{ *pulumi.OutputState }

func (AuthBackendStsRoleMapOutput) ElementType 

func (AuthBackendStsRoleMapOutput) ElementType() reflect.Type

func (AuthBackendStsRoleMapOutput) MapIndex 

func (o AuthBackendStsRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendStsRoleOutput

func (AuthBackendStsRoleMapOutput) ToAuthBackendStsRoleMapOutput 

func (o AuthBackendStsRoleMapOutput) ToAuthBackendStsRoleMapOutput() AuthBackendStsRoleMapOutput

func (AuthBackendStsRoleMapOutput) ToAuthBackendStsRoleMapOutputWithContext 

func (o AuthBackendStsRoleMapOutput) ToAuthBackendStsRoleMapOutputWithContext(ctx context.Context) AuthBackendStsRoleMapOutput

type AuthBackendStsRoleOutput 

type AuthBackendStsRoleOutput struct{ *pulumi.OutputState }

func (AuthBackendStsRoleOutput) AccountId 

func (o AuthBackendStsRoleOutput) AccountId() pulumi.StringOutput

The AWS account ID to configure the STS role for.

func (AuthBackendStsRoleOutput) Backend 

func (o AuthBackendStsRoleOutput) Backend() pulumi.StringPtrOutput

The path the AWS auth backend being configured was mounted at. Defaults to `aws`.

func (AuthBackendStsRoleOutput) ElementType 

func (AuthBackendStsRoleOutput) ElementType() reflect.Type

func (AuthBackendStsRoleOutput) ExternalId added in v6.5.0 

func (o AuthBackendStsRoleOutput) ExternalId() pulumi.StringPtrOutput

External ID expected by the STS role. The associated STS role must be configured to require the external ID. Requires Vault 1.17+.

func (AuthBackendStsRoleOutput) Namespace 

func (o AuthBackendStsRoleOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (AuthBackendStsRoleOutput) StsRole 

func (o AuthBackendStsRoleOutput) StsRole() pulumi.StringOutput

The STS role to assume when verifying requests made by EC2 instances in the account specified by `accountId`.

func (AuthBackendStsRoleOutput) ToAuthBackendStsRoleOutput 

func (o AuthBackendStsRoleOutput) ToAuthBackendStsRoleOutput() AuthBackendStsRoleOutput

func (AuthBackendStsRoleOutput) ToAuthBackendStsRoleOutputWithContext 

func (o AuthBackendStsRoleOutput) ToAuthBackendStsRoleOutputWithContext(ctx context.Context) AuthBackendStsRoleOutput

type AuthBackendStsRoleState 

type AuthBackendStsRoleState struct {
	// The AWS account ID to configure the STS role for.
	AccountId pulumi.StringPtrInput
	// The path the AWS auth backend being configured was
	// mounted at.  Defaults to `aws`.
	Backend pulumi.StringPtrInput
	// External ID expected by the STS role. The associated STS role must be configured to require the external ID. Requires Vault 1.17+.
	ExternalId pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The STS role to assume when verifying requests made
	// by EC2 instances in the account specified by `accountId`.
	StsRole pulumi.StringPtrInput
}

func (AuthBackendStsRoleState) ElementType 

func (AuthBackendStsRoleState) ElementType() reflect.Type

type GetAccessCredentialsArgs 

type GetAccessCredentialsArgs struct {
	// The path to the AWS secret backend to
	// read credentials from, with no leading or trailing `/`s.
	Backend string `pulumi:"backend"`
	// The namespace of the target resource.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace *string `pulumi:"namespace"`
	// The region the read credentials belong to.
	Region *string `pulumi:"region"`
	// The name of the AWS secret backend role to read
	// credentials from, with no leading or trailing `/`s.
	Role string `pulumi:"role"`
	// The specific AWS ARN to use
	// from the configured role. If the role does not have multiple ARNs, this does
	// not need to be specified.
	RoleArn *string `pulumi:"roleArn"`
	// Specifies the TTL for the use of the STS token. This
	// is specified as a string with a duration suffix. Valid only when
	// `credentialType` of the connected `aws.SecretBackendRole` resource is `assumedRole` or `federationToken`
	Ttl *string `pulumi:"ttl"`
	// The type of credentials to read. Defaults
	// to `"creds"`, which just returns an AWS Access Key ID and Secret
	// Key. Can also be set to `"sts"`, which will return a security token
	// in addition to the keys.
	Type *string `pulumi:"type"`
}

A collection of arguments for invoking getAccessCredentials.

type GetAccessCredentialsOutputArgs 

type GetAccessCredentialsOutputArgs struct {
	// The path to the AWS secret backend to
	// read credentials from, with no leading or trailing `/`s.
	Backend pulumi.StringInput `pulumi:"backend"`
	// The namespace of the target resource.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput `pulumi:"namespace"`
	// The region the read credentials belong to.
	Region pulumi.StringPtrInput `pulumi:"region"`
	// The name of the AWS secret backend role to read
	// credentials from, with no leading or trailing `/`s.
	Role pulumi.StringInput `pulumi:"role"`
	// The specific AWS ARN to use
	// from the configured role. If the role does not have multiple ARNs, this does
	// not need to be specified.
	RoleArn pulumi.StringPtrInput `pulumi:"roleArn"`
	// Specifies the TTL for the use of the STS token. This
	// is specified as a string with a duration suffix. Valid only when
	// `credentialType` of the connected `aws.SecretBackendRole` resource is `assumedRole` or `federationToken`
	Ttl pulumi.StringPtrInput `pulumi:"ttl"`
	// The type of credentials to read. Defaults
	// to `"creds"`, which just returns an AWS Access Key ID and Secret
	// Key. Can also be set to `"sts"`, which will return a security token
	// in addition to the keys.
	Type pulumi.StringPtrInput `pulumi:"type"`
}

A collection of arguments for invoking getAccessCredentials.

func (GetAccessCredentialsOutputArgs) ElementType 

func (GetAccessCredentialsOutputArgs) ElementType() reflect.Type

type GetAccessCredentialsResult 

type GetAccessCredentialsResult struct {
	// The AWS Access Key ID returned by Vault.
	AccessKey string `pulumi:"accessKey"`
	Backend   string `pulumi:"backend"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The duration of the secret lease, in seconds relative
	// to the time the data was requested. Once this time has passed any plan
	// generated with this data may fail to apply.
	LeaseDuration int `pulumi:"leaseDuration"`
	// The lease identifier assigned by Vault.
	LeaseId        string  `pulumi:"leaseId"`
	LeaseRenewable bool    `pulumi:"leaseRenewable"`
	LeaseStartTime string  `pulumi:"leaseStartTime"`
	Namespace      *string `pulumi:"namespace"`
	Region         *string `pulumi:"region"`
	Role           string  `pulumi:"role"`
	RoleArn        *string `pulumi:"roleArn"`
	// The AWS Secret Key returned by Vault.
	SecretKey string `pulumi:"secretKey"`
	// The STS token returned by Vault, if any.
	SecurityToken string  `pulumi:"securityToken"`
	Ttl           *string `pulumi:"ttl"`
	Type          *string `pulumi:"type"`
}

A collection of values returned by getAccessCredentials.

func GetAccessCredentials 

func GetAccessCredentials(ctx *pulumi.Context, args *GetAccessCredentialsArgs, opts ...pulumi.InvokeOption) (*GetAccessCredentialsResult, error)

## Example Usage

type GetAccessCredentialsResultOutput 

type GetAccessCredentialsResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getAccessCredentials.

func GetAccessCredentialsOutput 

func GetAccessCredentialsOutput(ctx *pulumi.Context, args GetAccessCredentialsOutputArgs, opts ...pulumi.InvokeOption) GetAccessCredentialsResultOutput

func (GetAccessCredentialsResultOutput) AccessKey 

func (o GetAccessCredentialsResultOutput) AccessKey() pulumi.StringOutput

The AWS Access Key ID returned by Vault.

func (GetAccessCredentialsResultOutput) Backend 

func (o GetAccessCredentialsResultOutput) Backend() pulumi.StringOutput

func (GetAccessCredentialsResultOutput) ElementType 

func (GetAccessCredentialsResultOutput) ElementType() reflect.Type

func (GetAccessCredentialsResultOutput) Id 

func (o GetAccessCredentialsResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetAccessCredentialsResultOutput) LeaseDuration 

func (o GetAccessCredentialsResultOutput) LeaseDuration() pulumi.IntOutput

The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.

func (GetAccessCredentialsResultOutput) LeaseId 

func (o GetAccessCredentialsResultOutput) LeaseId() pulumi.StringOutput

The lease identifier assigned by Vault.

func (GetAccessCredentialsResultOutput) LeaseRenewable 

func (o GetAccessCredentialsResultOutput) LeaseRenewable() pulumi.BoolOutput

func (GetAccessCredentialsResultOutput) LeaseStartTime 

func (o GetAccessCredentialsResultOutput) LeaseStartTime() pulumi.StringOutput

func (GetAccessCredentialsResultOutput) Namespace 

func (o GetAccessCredentialsResultOutput) Namespace() pulumi.StringPtrOutput

func (GetAccessCredentialsResultOutput) Region 

func (o GetAccessCredentialsResultOutput) Region() pulumi.StringPtrOutput

func (GetAccessCredentialsResultOutput) Role 

func (o GetAccessCredentialsResultOutput) Role() pulumi.StringOutput

func (GetAccessCredentialsResultOutput) RoleArn 

func (o GetAccessCredentialsResultOutput) RoleArn() pulumi.StringPtrOutput

func (GetAccessCredentialsResultOutput) SecretKey 

func (o GetAccessCredentialsResultOutput) SecretKey() pulumi.StringOutput

The AWS Secret Key returned by Vault.

func (GetAccessCredentialsResultOutput) SecurityToken 

func (o GetAccessCredentialsResultOutput) SecurityToken() pulumi.StringOutput

The STS token returned by Vault, if any.

func (GetAccessCredentialsResultOutput) ToGetAccessCredentialsResultOutput 

func (o GetAccessCredentialsResultOutput) ToGetAccessCredentialsResultOutput() GetAccessCredentialsResultOutput

func (GetAccessCredentialsResultOutput) ToGetAccessCredentialsResultOutputWithContext 

func (o GetAccessCredentialsResultOutput) ToGetAccessCredentialsResultOutputWithContext(ctx context.Context) GetAccessCredentialsResultOutput

func (GetAccessCredentialsResultOutput) Ttl 

func (o GetAccessCredentialsResultOutput) Ttl() pulumi.StringPtrOutput

func (GetAccessCredentialsResultOutput) Type 

func (o GetAccessCredentialsResultOutput) Type() pulumi.StringPtrOutput

type GetStaticAccessCredentialsArgs 

type GetStaticAccessCredentialsArgs struct {
	Backend   string  `pulumi:"backend"`
	Name      string  `pulumi:"name"`
	Namespace *string `pulumi:"namespace"`
}

A collection of arguments for invoking getStaticAccessCredentials.

type GetStaticAccessCredentialsOutputArgs 

type GetStaticAccessCredentialsOutputArgs struct {
	Backend   pulumi.StringInput    `pulumi:"backend"`
	Name      pulumi.StringInput    `pulumi:"name"`
	Namespace pulumi.StringPtrInput `pulumi:"namespace"`
}

A collection of arguments for invoking getStaticAccessCredentials.

func (GetStaticAccessCredentialsOutputArgs) ElementType 

func (GetStaticAccessCredentialsOutputArgs) ElementType() reflect.Type

type GetStaticAccessCredentialsResult 

type GetStaticAccessCredentialsResult struct {
	AccessKey string `pulumi:"accessKey"`
	Backend   string `pulumi:"backend"`
	// The provider-assigned unique ID for this managed resource.
	Id        string  `pulumi:"id"`
	Name      string  `pulumi:"name"`
	Namespace *string `pulumi:"namespace"`
	SecretKey string  `pulumi:"secretKey"`
}

A collection of values returned by getStaticAccessCredentials.

func GetStaticAccessCredentials 

func GetStaticAccessCredentials(ctx *pulumi.Context, args *GetStaticAccessCredentialsArgs, opts ...pulumi.InvokeOption) (*GetStaticAccessCredentialsResult, error)

type GetStaticAccessCredentialsResultOutput 

type GetStaticAccessCredentialsResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getStaticAccessCredentials.

func GetStaticAccessCredentialsOutput 

func GetStaticAccessCredentialsOutput(ctx *pulumi.Context, args GetStaticAccessCredentialsOutputArgs, opts ...pulumi.InvokeOption) GetStaticAccessCredentialsResultOutput

func (GetStaticAccessCredentialsResultOutput) AccessKey 

func (o GetStaticAccessCredentialsResultOutput) AccessKey() pulumi.StringOutput

func (GetStaticAccessCredentialsResultOutput) Backend 

func (o GetStaticAccessCredentialsResultOutput) Backend() pulumi.StringOutput

func (GetStaticAccessCredentialsResultOutput) ElementType 

func (GetStaticAccessCredentialsResultOutput) ElementType() reflect.Type

func (GetStaticAccessCredentialsResultOutput) Id 

func (o GetStaticAccessCredentialsResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetStaticAccessCredentialsResultOutput) Name 

func (o GetStaticAccessCredentialsResultOutput) Name() pulumi.StringOutput

func (GetStaticAccessCredentialsResultOutput) Namespace 

func (o GetStaticAccessCredentialsResultOutput) Namespace() pulumi.StringPtrOutput

func (GetStaticAccessCredentialsResultOutput) SecretKey 

func (o GetStaticAccessCredentialsResultOutput) SecretKey() pulumi.StringOutput

func (GetStaticAccessCredentialsResultOutput) ToGetStaticAccessCredentialsResultOutput 

func (o GetStaticAccessCredentialsResultOutput) ToGetStaticAccessCredentialsResultOutput() GetStaticAccessCredentialsResultOutput

func (GetStaticAccessCredentialsResultOutput) ToGetStaticAccessCredentialsResultOutputWithContext 

func (o GetStaticAccessCredentialsResultOutput) ToGetStaticAccessCredentialsResultOutputWithContext(ctx context.Context) GetStaticAccessCredentialsResultOutput

type SecretBackend 

type SecretBackend struct {
	pulumi.CustomResourceState

	// The AWS Access Key ID this backend should use to
	// issue new credentials. Vault uses the official AWS SDK to authenticate, and thus can also use standard AWS environment credentials, shared file credentials or IAM role/ECS task credentials.
	AccessKey pulumi.StringPtrOutput `pulumi:"accessKey"`
	// The default TTL for credentials
	// issued by this backend.
	DefaultLeaseTtlSeconds pulumi.IntOutput `pulumi:"defaultLeaseTtlSeconds"`
	// A human-friendly description for this backend.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// If set, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrOutput `pulumi:"disableRemount"`
	// Specifies a custom HTTP IAM endpoint to use.
	IamEndpoint pulumi.StringPtrOutput `pulumi:"iamEndpoint"`
	// The audience claim value. Requires Vault 1.16+.
	IdentityTokenAudience pulumi.StringPtrOutput `pulumi:"identityTokenAudience"`
	// The key to use for signing identity tokens. Requires Vault 1.16+.
	IdentityTokenKey pulumi.StringPtrOutput `pulumi:"identityTokenKey"`
	// The TTL of generated identity tokens in seconds. Requires Vault 1.16+.
	IdentityTokenTtl pulumi.IntOutput `pulumi:"identityTokenTtl"`
	// Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas.
	Local pulumi.BoolPtrOutput `pulumi:"local"`
	// The maximum TTL that can be requested
	// for credentials issued by this backend.
	MaxLeaseTtlSeconds pulumi.IntOutput `pulumi:"maxLeaseTtlSeconds"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `aws`.
	Path pulumi.StringPtrOutput `pulumi:"path"`
	// The AWS region to make API calls against. Defaults to us-east-1.
	Region pulumi.StringOutput `pulumi:"region"`
	// Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
	RoleArn pulumi.StringPtrOutput `pulumi:"roleArn"`
	// The AWS Secret Access Key to use when generating new credentials.
	SecretKey pulumi.StringPtrOutput `pulumi:"secretKey"`
	// Specifies a custom HTTP STS endpoint to use.
	StsEndpoint pulumi.StringPtrOutput `pulumi:"stsEndpoint"`
	// Ordered list of `stsEndpoint`s to try if the defined one fails. Requires Vault 1.19+
	StsFallbackEndpoints pulumi.StringArrayOutput `pulumi:"stsFallbackEndpoints"`
	// Ordered list of `stsRegion`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
	StsFallbackRegions pulumi.StringArrayOutput `pulumi:"stsFallbackRegions"`
	// Specifies the region of the STS endpoint. Should be included if `stsEndpoint` is supplied. Requires Vault 1.19+
	StsRegion pulumi.StringPtrOutput `pulumi:"stsRegion"`
	// Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
	UsernameTemplate pulumi.StringOutput `pulumi:"usernameTemplate"`
}

## Import

AWS secret backends can be imported using the `path`, e.g.

```sh $ pulumi import vault:aws/secretBackend:SecretBackend aws aws ```

func GetSecretBackend 

func GetSecretBackend(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretBackendState, opts ...pulumi.ResourceOption) (*SecretBackend, error)

GetSecretBackend gets an existing SecretBackend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretBackend 

func NewSecretBackend(ctx *pulumi.Context,
	name string, args *SecretBackendArgs, opts ...pulumi.ResourceOption) (*SecretBackend, error)

NewSecretBackend registers a new resource with the given unique name, arguments, and options.

func (*SecretBackend) ElementType 

func (*SecretBackend) ElementType() reflect.Type

func (*SecretBackend) ToSecretBackendOutput 

func (i *SecretBackend) ToSecretBackendOutput() SecretBackendOutput

func (*SecretBackend) ToSecretBackendOutputWithContext 

func (i *SecretBackend) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput

type SecretBackendArgs 

type SecretBackendArgs struct {
	// The AWS Access Key ID this backend should use to
	// issue new credentials. Vault uses the official AWS SDK to authenticate, and thus can also use standard AWS environment credentials, shared file credentials or IAM role/ECS task credentials.
	AccessKey pulumi.StringPtrInput
	// The default TTL for credentials
	// issued by this backend.
	DefaultLeaseTtlSeconds pulumi.IntPtrInput
	// A human-friendly description for this backend.
	Description pulumi.StringPtrInput
	// If set, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrInput
	// Specifies a custom HTTP IAM endpoint to use.
	IamEndpoint pulumi.StringPtrInput
	// The audience claim value. Requires Vault 1.16+.
	IdentityTokenAudience pulumi.StringPtrInput
	// The key to use for signing identity tokens. Requires Vault 1.16+.
	IdentityTokenKey pulumi.StringPtrInput
	// The TTL of generated identity tokens in seconds. Requires Vault 1.16+.
	IdentityTokenTtl pulumi.IntPtrInput
	// Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas.
	Local pulumi.BoolPtrInput
	// The maximum TTL that can be requested
	// for credentials issued by this backend.
	MaxLeaseTtlSeconds pulumi.IntPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `aws`.
	Path pulumi.StringPtrInput
	// The AWS region to make API calls against. Defaults to us-east-1.
	Region pulumi.StringPtrInput
	// Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
	RoleArn pulumi.StringPtrInput
	// The AWS Secret Access Key to use when generating new credentials.
	SecretKey pulumi.StringPtrInput
	// Specifies a custom HTTP STS endpoint to use.
	StsEndpoint pulumi.StringPtrInput
	// Ordered list of `stsEndpoint`s to try if the defined one fails. Requires Vault 1.19+
	StsFallbackEndpoints pulumi.StringArrayInput
	// Ordered list of `stsRegion`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
	StsFallbackRegions pulumi.StringArrayInput
	// Specifies the region of the STS endpoint. Should be included if `stsEndpoint` is supplied. Requires Vault 1.19+
	StsRegion pulumi.StringPtrInput
	// Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
	UsernameTemplate pulumi.StringPtrInput
}

The set of arguments for constructing a SecretBackend resource.

func (SecretBackendArgs) ElementType 

func (SecretBackendArgs) ElementType() reflect.Type

type SecretBackendArray 

type SecretBackendArray []SecretBackendInput

func (SecretBackendArray) ElementType 

func (SecretBackendArray) ElementType() reflect.Type

func (SecretBackendArray) ToSecretBackendArrayOutput 

func (i SecretBackendArray) ToSecretBackendArrayOutput() SecretBackendArrayOutput

func (SecretBackendArray) ToSecretBackendArrayOutputWithContext 

func (i SecretBackendArray) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput

type SecretBackendArrayInput 

type SecretBackendArrayInput interface {
	pulumi.Input

	ToSecretBackendArrayOutput() SecretBackendArrayOutput
	ToSecretBackendArrayOutputWithContext(context.Context) SecretBackendArrayOutput
}

SecretBackendArrayInput is an input type that accepts SecretBackendArray and SecretBackendArrayOutput values. You can construct a concrete instance of `SecretBackendArrayInput` via: 

SecretBackendArray{ SecretBackendArgs{...} }

type SecretBackendArrayOutput 

type SecretBackendArrayOutput struct{ *pulumi.OutputState }

func (SecretBackendArrayOutput) ElementType 

func (SecretBackendArrayOutput) ElementType() reflect.Type

func (SecretBackendArrayOutput) Index 

func (o SecretBackendArrayOutput) Index(i pulumi.IntInput) SecretBackendOutput

func (SecretBackendArrayOutput) ToSecretBackendArrayOutput 

func (o SecretBackendArrayOutput) ToSecretBackendArrayOutput() SecretBackendArrayOutput

func (SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext 

func (o SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput

type SecretBackendInput 

type SecretBackendInput interface {
	pulumi.Input

	ToSecretBackendOutput() SecretBackendOutput
	ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput
}

type SecretBackendMap 

type SecretBackendMap map[string]SecretBackendInput

func (SecretBackendMap) ElementType 

func (SecretBackendMap) ElementType() reflect.Type

func (SecretBackendMap) ToSecretBackendMapOutput 

func (i SecretBackendMap) ToSecretBackendMapOutput() SecretBackendMapOutput

func (SecretBackendMap) ToSecretBackendMapOutputWithContext 

func (i SecretBackendMap) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput

type SecretBackendMapInput 

type SecretBackendMapInput interface {
	pulumi.Input

	ToSecretBackendMapOutput() SecretBackendMapOutput
	ToSecretBackendMapOutputWithContext(context.Context) SecretBackendMapOutput
}

SecretBackendMapInput is an input type that accepts SecretBackendMap and SecretBackendMapOutput values. You can construct a concrete instance of `SecretBackendMapInput` via: 

SecretBackendMap{ "key": SecretBackendArgs{...} }

type SecretBackendMapOutput 

type SecretBackendMapOutput struct{ *pulumi.OutputState }

func (SecretBackendMapOutput) ElementType 

func (SecretBackendMapOutput) ElementType() reflect.Type

func (SecretBackendMapOutput) MapIndex 

func (o SecretBackendMapOutput) MapIndex(k pulumi.StringInput) SecretBackendOutput

func (SecretBackendMapOutput) ToSecretBackendMapOutput 

func (o SecretBackendMapOutput) ToSecretBackendMapOutput() SecretBackendMapOutput

func (SecretBackendMapOutput) ToSecretBackendMapOutputWithContext 

func (o SecretBackendMapOutput) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput

type SecretBackendOutput 

type SecretBackendOutput struct{ *pulumi.OutputState }

func (SecretBackendOutput) AccessKey 

func (o SecretBackendOutput) AccessKey() pulumi.StringPtrOutput

The AWS Access Key ID this backend should use to issue new credentials. Vault uses the official AWS SDK to authenticate, and thus can also use standard AWS environment credentials, shared file credentials or IAM role/ECS task credentials.

func (SecretBackendOutput) DefaultLeaseTtlSeconds 

func (o SecretBackendOutput) DefaultLeaseTtlSeconds() pulumi.IntOutput

The default TTL for credentials issued by this backend.

func (SecretBackendOutput) Description 

func (o SecretBackendOutput) Description() pulumi.StringPtrOutput

A human-friendly description for this backend.

func (SecretBackendOutput) DisableRemount 

func (o SecretBackendOutput) DisableRemount() pulumi.BoolPtrOutput

If set, opts out of mount migration on path updates. See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)

func (SecretBackendOutput) ElementType 

func (SecretBackendOutput) ElementType() reflect.Type

func (SecretBackendOutput) IamEndpoint 

func (o SecretBackendOutput) IamEndpoint() pulumi.StringPtrOutput

Specifies a custom HTTP IAM endpoint to use.

func (SecretBackendOutput) IdentityTokenAudience 

func (o SecretBackendOutput) IdentityTokenAudience() pulumi.StringPtrOutput

The audience claim value. Requires Vault 1.16+.

func (SecretBackendOutput) IdentityTokenKey 

func (o SecretBackendOutput) IdentityTokenKey() pulumi.StringPtrOutput

The key to use for signing identity tokens. Requires Vault 1.16+.

func (SecretBackendOutput) IdentityTokenTtl 

func (o SecretBackendOutput) IdentityTokenTtl() pulumi.IntOutput

The TTL of generated identity tokens in seconds. Requires Vault 1.16+.

func (SecretBackendOutput) Local 

func (o SecretBackendOutput) Local() pulumi.BoolPtrOutput

Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas.

func (SecretBackendOutput) MaxLeaseTtlSeconds 

func (o SecretBackendOutput) MaxLeaseTtlSeconds() pulumi.IntOutput

The maximum TTL that can be requested for credentials issued by this backend.

func (SecretBackendOutput) Namespace 

func (o SecretBackendOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (SecretBackendOutput) Path 

func (o SecretBackendOutput) Path() pulumi.StringPtrOutput

The unique path this backend should be mounted at. Must not begin or end with a `/`. Defaults to `aws`.

func (SecretBackendOutput) Region 

func (o SecretBackendOutput) Region() pulumi.StringOutput

The AWS region to make API calls against. Defaults to us-east-1.

func (SecretBackendOutput) RoleArn 

func (o SecretBackendOutput) RoleArn() pulumi.StringPtrOutput

Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.

func (SecretBackendOutput) SecretKey 

func (o SecretBackendOutput) SecretKey() pulumi.StringPtrOutput

The AWS Secret Access Key to use when generating new credentials.

func (SecretBackendOutput) StsEndpoint 

func (o SecretBackendOutput) StsEndpoint() pulumi.StringPtrOutput

Specifies a custom HTTP STS endpoint to use.

func (SecretBackendOutput) StsFallbackEndpoints added in v6.5.0 

func (o SecretBackendOutput) StsFallbackEndpoints() pulumi.StringArrayOutput

Ordered list of `stsEndpoint`s to try if the defined one fails. Requires Vault 1.19+

func (SecretBackendOutput) StsFallbackRegions added in v6.5.0 

func (o SecretBackendOutput) StsFallbackRegions() pulumi.StringArrayOutput

Ordered list of `stsRegion`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+

func (SecretBackendOutput) StsRegion added in v6.5.0 

func (o SecretBackendOutput) StsRegion() pulumi.StringPtrOutput

Specifies the region of the STS endpoint. Should be included if `stsEndpoint` is supplied. Requires Vault 1.19+

func (SecretBackendOutput) ToSecretBackendOutput 

func (o SecretBackendOutput) ToSecretBackendOutput() SecretBackendOutput

func (SecretBackendOutput) ToSecretBackendOutputWithContext 

func (o SecretBackendOutput) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput

func (SecretBackendOutput) UsernameTemplate 

func (o SecretBackendOutput) UsernameTemplate() pulumi.StringOutput

Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:

type SecretBackendRole 

type SecretBackendRole struct {
	pulumi.CustomResourceState

	// The path the AWS secret backend is mounted at,
	// with no leading or trailing `/`s.
	Backend pulumi.StringOutput `pulumi:"backend"`
	// Specifies the type of credential to be used when
	// retrieving credentials from the role. Must be one of `iamUser`, `assumedRole`, or
	// `federationToken`.
	CredentialType pulumi.StringOutput `pulumi:"credentialType"`
	// The default TTL in seconds for STS credentials.
	// When a TTL is not specified when STS credentials are requested,
	// and a default TTL is specified on the role,
	// then this default TTL will be used. Valid only when `credentialType` is one of
	// `assumedRole` or `federationToken`.
	DefaultStsTtl pulumi.IntOutput `pulumi:"defaultStsTtl"`
	// External ID to set for assume role creds.
	// Valid only when `credentialType` is set to `assumedRole`.
	ExternalId pulumi.StringPtrOutput `pulumi:"externalId"`
	// A list of IAM group names. IAM users generated
	// against this vault role will be added to these IAM Groups. For a credential
	// type of `assumedRole` or `federationToken`, the policies sent to the
	// corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
	// policies from each group in `iamGroups` combined with the `policyDocument`
	// and `policyArns` parameters.
	IamGroups pulumi.StringArrayOutput `pulumi:"iamGroups"`
	// A map of strings representing key/value pairs
	// to be used as tags for any IAM user that is created by this role.
	IamTags pulumi.StringMapOutput `pulumi:"iamTags"`
	// The max allowed TTL in seconds for STS credentials
	// (credentials TTL are capped to `maxStsTtl`). Valid only when `credentialType` is
	// one of `assumedRole` or `federationToken`.
	MaxStsTtl pulumi.IntOutput `pulumi:"maxStsTtl"`
	// The name to identify this role within the backend.
	// Must be unique within the backend.
	Name pulumi.StringOutput `pulumi:"name"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// The ARN of the AWS Permissions
	// Boundary to attach to IAM users created in the role. Valid only when
	// `credentialType` is `iamUser`. If not specified, then no permissions boundary
	// policy will be attached.
	PermissionsBoundaryArn pulumi.StringPtrOutput `pulumi:"permissionsBoundaryArn"`
	// Specifies a list of AWS managed policy ARNs. The
	// behavior depends on the credential type. With `iamUser`, the policies will be
	// attached to IAM users when they are requested. With `assumedRole` and
	// `federationToken`, the policy ARNs will act as a filter on what the credentials
	// can do, similar to `policyDocument`. When `credentialType` is `iamUser` or
	// `federationToken`, at least one of `policyDocument` or `policyArns` must
	// be specified.
	PolicyArns pulumi.StringArrayOutput `pulumi:"policyArns"`
	// The IAM policy document for the role. The
	// behavior depends on the credential type. With `iamUser`, the policy document
	// will be attached to the IAM user generated and augment the permissions the IAM
	// user has. With `assumedRole` and `federationToken`, the policy document will
	// act as a filter on what the credentials can do, similar to `policyArns`.
	PolicyDocument pulumi.StringPtrOutput `pulumi:"policyDocument"`
	// Specifies the ARNs of the AWS roles this Vault role
	// is allowed to assume. Required when `credentialType` is `assumedRole` and
	// prohibited otherwise.
	RoleArns pulumi.StringArrayOutput `pulumi:"roleArns"`
	// A map of strings representing key/value pairs to be set
	// during assume role creds creation. Valid only when `credentialType` is set to
	// `assumedRole`.
	SessionTags pulumi.StringMapOutput `pulumi:"sessionTags"`
	// The path for the user name. Valid only when
	// `credentialType` is `iamUser`. Default is `/`.
	UserPath pulumi.StringPtrOutput `pulumi:"userPath"`
}

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/aws"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		aws, err := aws.NewSecretBackend(ctx, "aws", &aws.SecretBackendArgs{
			AccessKey: pulumi.String("AKIA....."),
			SecretKey: pulumi.String("AWS secret key"),
		})
		if err != nil {
			return err
		}
		_, err = aws.NewSecretBackendRole(ctx, "role", &aws.SecretBackendRoleArgs{
			Backend:        aws.Path,
			Name:           pulumi.String("deploy"),
			CredentialType: pulumi.String("iam_user"),
			PolicyDocument: pulumi.String(`{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iam:*",
      "Resource": "*"
    }
  ]
}

`), 

		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

AWS secret backend roles can be imported using the `path`, e.g.

```sh $ pulumi import vault:aws/secretBackendRole:SecretBackendRole role aws/roles/deploy ```

func GetSecretBackendRole 

func GetSecretBackendRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretBackendRoleState, opts ...pulumi.ResourceOption) (*SecretBackendRole, error)

GetSecretBackendRole gets an existing SecretBackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretBackendRole 

func NewSecretBackendRole(ctx *pulumi.Context,
	name string, args *SecretBackendRoleArgs, opts ...pulumi.ResourceOption) (*SecretBackendRole, error)

NewSecretBackendRole registers a new resource with the given unique name, arguments, and options.

func (*SecretBackendRole) ElementType 

func (*SecretBackendRole) ElementType() reflect.Type

func (*SecretBackendRole) ToSecretBackendRoleOutput 

func (i *SecretBackendRole) ToSecretBackendRoleOutput() SecretBackendRoleOutput

func (*SecretBackendRole) ToSecretBackendRoleOutputWithContext 

func (i *SecretBackendRole) ToSecretBackendRoleOutputWithContext(ctx context.Context) SecretBackendRoleOutput

type SecretBackendRoleArgs 

type SecretBackendRoleArgs struct {
	// The path the AWS secret backend is mounted at,
	// with no leading or trailing `/`s.
	Backend pulumi.StringInput
	// Specifies the type of credential to be used when
	// retrieving credentials from the role. Must be one of `iamUser`, `assumedRole`, or
	// `federationToken`.
	CredentialType pulumi.StringInput
	// The default TTL in seconds for STS credentials.
	// When a TTL is not specified when STS credentials are requested,
	// and a default TTL is specified on the role,
	// then this default TTL will be used. Valid only when `credentialType` is one of
	// `assumedRole` or `federationToken`.
	DefaultStsTtl pulumi.IntPtrInput
	// External ID to set for assume role creds.
	// Valid only when `credentialType` is set to `assumedRole`.
	ExternalId pulumi.StringPtrInput
	// A list of IAM group names. IAM users generated
	// against this vault role will be added to these IAM Groups. For a credential
	// type of `assumedRole` or `federationToken`, the policies sent to the
	// corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
	// policies from each group in `iamGroups` combined with the `policyDocument`
	// and `policyArns` parameters.
	IamGroups pulumi.StringArrayInput
	// A map of strings representing key/value pairs
	// to be used as tags for any IAM user that is created by this role.
	IamTags pulumi.StringMapInput
	// The max allowed TTL in seconds for STS credentials
	// (credentials TTL are capped to `maxStsTtl`). Valid only when `credentialType` is
	// one of `assumedRole` or `federationToken`.
	MaxStsTtl pulumi.IntPtrInput
	// The name to identify this role within the backend.
	// Must be unique within the backend.
	Name pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The ARN of the AWS Permissions
	// Boundary to attach to IAM users created in the role. Valid only when
	// `credentialType` is `iamUser`. If not specified, then no permissions boundary
	// policy will be attached.
	PermissionsBoundaryArn pulumi.StringPtrInput
	// Specifies a list of AWS managed policy ARNs. The
	// behavior depends on the credential type. With `iamUser`, the policies will be
	// attached to IAM users when they are requested. With `assumedRole` and
	// `federationToken`, the policy ARNs will act as a filter on what the credentials
	// can do, similar to `policyDocument`. When `credentialType` is `iamUser` or
	// `federationToken`, at least one of `policyDocument` or `policyArns` must
	// be specified.
	PolicyArns pulumi.StringArrayInput
	// The IAM policy document for the role. The
	// behavior depends on the credential type. With `iamUser`, the policy document
	// will be attached to the IAM user generated and augment the permissions the IAM
	// user has. With `assumedRole` and `federationToken`, the policy document will
	// act as a filter on what the credentials can do, similar to `policyArns`.
	PolicyDocument pulumi.StringPtrInput
	// Specifies the ARNs of the AWS roles this Vault role
	// is allowed to assume. Required when `credentialType` is `assumedRole` and
	// prohibited otherwise.
	RoleArns pulumi.StringArrayInput
	// A map of strings representing key/value pairs to be set
	// during assume role creds creation. Valid only when `credentialType` is set to
	// `assumedRole`.
	SessionTags pulumi.StringMapInput
	// The path for the user name. Valid only when
	// `credentialType` is `iamUser`. Default is `/`.
	UserPath pulumi.StringPtrInput
}

The set of arguments for constructing a SecretBackendRole resource.

func (SecretBackendRoleArgs) ElementType 

func (SecretBackendRoleArgs) ElementType() reflect.Type

type SecretBackendRoleArray 

type SecretBackendRoleArray []SecretBackendRoleInput

func (SecretBackendRoleArray) ElementType 

func (SecretBackendRoleArray) ElementType() reflect.Type

func (SecretBackendRoleArray) ToSecretBackendRoleArrayOutput 

func (i SecretBackendRoleArray) ToSecretBackendRoleArrayOutput() SecretBackendRoleArrayOutput

func (SecretBackendRoleArray) ToSecretBackendRoleArrayOutputWithContext 

func (i SecretBackendRoleArray) ToSecretBackendRoleArrayOutputWithContext(ctx context.Context) SecretBackendRoleArrayOutput

type SecretBackendRoleArrayInput 

type SecretBackendRoleArrayInput interface {
	pulumi.Input

	ToSecretBackendRoleArrayOutput() SecretBackendRoleArrayOutput
	ToSecretBackendRoleArrayOutputWithContext(context.Context) SecretBackendRoleArrayOutput
}

SecretBackendRoleArrayInput is an input type that accepts SecretBackendRoleArray and SecretBackendRoleArrayOutput values. You can construct a concrete instance of `SecretBackendRoleArrayInput` via: 

SecretBackendRoleArray{ SecretBackendRoleArgs{...} }

type SecretBackendRoleArrayOutput 

type SecretBackendRoleArrayOutput struct{ *pulumi.OutputState }

func (SecretBackendRoleArrayOutput) ElementType 

func (SecretBackendRoleArrayOutput) ElementType() reflect.Type

func (SecretBackendRoleArrayOutput) Index 

func (o SecretBackendRoleArrayOutput) Index(i pulumi.IntInput) SecretBackendRoleOutput

func (SecretBackendRoleArrayOutput) ToSecretBackendRoleArrayOutput 

func (o SecretBackendRoleArrayOutput) ToSecretBackendRoleArrayOutput() SecretBackendRoleArrayOutput

func (SecretBackendRoleArrayOutput) ToSecretBackendRoleArrayOutputWithContext 

func (o SecretBackendRoleArrayOutput) ToSecretBackendRoleArrayOutputWithContext(ctx context.Context) SecretBackendRoleArrayOutput

type SecretBackendRoleInput 

type SecretBackendRoleInput interface {
	pulumi.Input

	ToSecretBackendRoleOutput() SecretBackendRoleOutput
	ToSecretBackendRoleOutputWithContext(ctx context.Context) SecretBackendRoleOutput
}

type SecretBackendRoleMap 

type SecretBackendRoleMap map[string]SecretBackendRoleInput

func (SecretBackendRoleMap) ElementType 

func (SecretBackendRoleMap) ElementType() reflect.Type

func (SecretBackendRoleMap) ToSecretBackendRoleMapOutput 

func (i SecretBackendRoleMap) ToSecretBackendRoleMapOutput() SecretBackendRoleMapOutput

func (SecretBackendRoleMap) ToSecretBackendRoleMapOutputWithContext 

func (i SecretBackendRoleMap) ToSecretBackendRoleMapOutputWithContext(ctx context.Context) SecretBackendRoleMapOutput

type SecretBackendRoleMapInput 

type SecretBackendRoleMapInput interface {
	pulumi.Input

	ToSecretBackendRoleMapOutput() SecretBackendRoleMapOutput
	ToSecretBackendRoleMapOutputWithContext(context.Context) SecretBackendRoleMapOutput
}

SecretBackendRoleMapInput is an input type that accepts SecretBackendRoleMap and SecretBackendRoleMapOutput values. You can construct a concrete instance of `SecretBackendRoleMapInput` via: 

SecretBackendRoleMap{ "key": SecretBackendRoleArgs{...} }

type SecretBackendRoleMapOutput 

type SecretBackendRoleMapOutput struct{ *pulumi.OutputState }

func (SecretBackendRoleMapOutput) ElementType 

func (SecretBackendRoleMapOutput) ElementType() reflect.Type

func (SecretBackendRoleMapOutput) MapIndex 

func (o SecretBackendRoleMapOutput) MapIndex(k pulumi.StringInput) SecretBackendRoleOutput

func (SecretBackendRoleMapOutput) ToSecretBackendRoleMapOutput 

func (o SecretBackendRoleMapOutput) ToSecretBackendRoleMapOutput() SecretBackendRoleMapOutput

func (SecretBackendRoleMapOutput) ToSecretBackendRoleMapOutputWithContext 

func (o SecretBackendRoleMapOutput) ToSecretBackendRoleMapOutputWithContext(ctx context.Context) SecretBackendRoleMapOutput

type SecretBackendRoleOutput 

type SecretBackendRoleOutput struct{ *pulumi.OutputState }

func (SecretBackendRoleOutput) Backend 

func (o SecretBackendRoleOutput) Backend() pulumi.StringOutput

The path the AWS secret backend is mounted at, with no leading or trailing `/`s.

func (SecretBackendRoleOutput) CredentialType 

func (o SecretBackendRoleOutput) CredentialType() pulumi.StringOutput

Specifies the type of credential to be used when retrieving credentials from the role. Must be one of `iamUser`, `assumedRole`, or `federationToken`.

func (SecretBackendRoleOutput) DefaultStsTtl 

func (o SecretBackendRoleOutput) DefaultStsTtl() pulumi.IntOutput

The default TTL in seconds for STS credentials. When a TTL is not specified when STS credentials are requested, and a default TTL is specified on the role, then this default TTL will be used. Valid only when `credentialType` is one of `assumedRole` or `federationToken`.

func (SecretBackendRoleOutput) ElementType 

func (SecretBackendRoleOutput) ElementType() reflect.Type

func (SecretBackendRoleOutput) ExternalId added in v6.3.0 

func (o SecretBackendRoleOutput) ExternalId() pulumi.StringPtrOutput

External ID to set for assume role creds. Valid only when `credentialType` is set to `assumedRole`.

func (SecretBackendRoleOutput) IamGroups 

func (o SecretBackendRoleOutput) IamGroups() pulumi.StringArrayOutput

A list of IAM group names. IAM users generated against this vault role will be added to these IAM Groups. For a credential type of `assumedRole` or `federationToken`, the policies sent to the corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the policies from each group in `iamGroups` combined with the `policyDocument` and `policyArns` parameters.

func (SecretBackendRoleOutput) IamTags added in v6.2.0 

func (o SecretBackendRoleOutput) IamTags() pulumi.StringMapOutput

A map of strings representing key/value pairs to be used as tags for any IAM user that is created by this role.

func (SecretBackendRoleOutput) MaxStsTtl 

func (o SecretBackendRoleOutput) MaxStsTtl() pulumi.IntOutput

The max allowed TTL in seconds for STS credentials (credentials TTL are capped to `maxStsTtl`). Valid only when `credentialType` is one of `assumedRole` or `federationToken`.

func (SecretBackendRoleOutput) Name 

func (o SecretBackendRoleOutput) Name() pulumi.StringOutput

The name to identify this role within the backend. Must be unique within the backend.

func (SecretBackendRoleOutput) Namespace 

func (o SecretBackendRoleOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (SecretBackendRoleOutput) PermissionsBoundaryArn 

func (o SecretBackendRoleOutput) PermissionsBoundaryArn() pulumi.StringPtrOutput

The ARN of the AWS Permissions Boundary to attach to IAM users created in the role. Valid only when `credentialType` is `iamUser`. If not specified, then no permissions boundary policy will be attached.

func (SecretBackendRoleOutput) PolicyArns 

func (o SecretBackendRoleOutput) PolicyArns() pulumi.StringArrayOutput

Specifies a list of AWS managed policy ARNs. The behavior depends on the credential type. With `iamUser`, the policies will be attached to IAM users when they are requested. With `assumedRole` and `federationToken`, the policy ARNs will act as a filter on what the credentials can do, similar to `policyDocument`. When `credentialType` is `iamUser` or `federationToken`, at least one of `policyDocument` or `policyArns` must be specified.

func (SecretBackendRoleOutput) PolicyDocument 

func (o SecretBackendRoleOutput) PolicyDocument() pulumi.StringPtrOutput

The IAM policy document for the role. The behavior depends on the credential type. With `iamUser`, the policy document will be attached to the IAM user generated and augment the permissions the IAM user has. With `assumedRole` and `federationToken`, the policy document will act as a filter on what the credentials can do, similar to `policyArns`.

func (SecretBackendRoleOutput) RoleArns 

func (o SecretBackendRoleOutput) RoleArns() pulumi.StringArrayOutput

Specifies the ARNs of the AWS roles this Vault role is allowed to assume. Required when `credentialType` is `assumedRole` and prohibited otherwise.

func (SecretBackendRoleOutput) SessionTags added in v6.3.0 

func (o SecretBackendRoleOutput) SessionTags() pulumi.StringMapOutput

A map of strings representing key/value pairs to be set during assume role creds creation. Valid only when `credentialType` is set to `assumedRole`.

func (SecretBackendRoleOutput) ToSecretBackendRoleOutput 

func (o SecretBackendRoleOutput) ToSecretBackendRoleOutput() SecretBackendRoleOutput

func (SecretBackendRoleOutput) ToSecretBackendRoleOutputWithContext 

func (o SecretBackendRoleOutput) ToSecretBackendRoleOutputWithContext(ctx context.Context) SecretBackendRoleOutput

func (SecretBackendRoleOutput) UserPath 

func (o SecretBackendRoleOutput) UserPath() pulumi.StringPtrOutput

The path for the user name. Valid only when `credentialType` is `iamUser`. Default is `/`.

type SecretBackendRoleState 

type SecretBackendRoleState struct {
	// The path the AWS secret backend is mounted at,
	// with no leading or trailing `/`s.
	Backend pulumi.StringPtrInput
	// Specifies the type of credential to be used when
	// retrieving credentials from the role. Must be one of `iamUser`, `assumedRole`, or
	// `federationToken`.
	CredentialType pulumi.StringPtrInput
	// The default TTL in seconds for STS credentials.
	// When a TTL is not specified when STS credentials are requested,
	// and a default TTL is specified on the role,
	// then this default TTL will be used. Valid only when `credentialType` is one of
	// `assumedRole` or `federationToken`.
	DefaultStsTtl pulumi.IntPtrInput
	// External ID to set for assume role creds.
	// Valid only when `credentialType` is set to `assumedRole`.
	ExternalId pulumi.StringPtrInput
	// A list of IAM group names. IAM users generated
	// against this vault role will be added to these IAM Groups. For a credential
	// type of `assumedRole` or `federationToken`, the policies sent to the
	// corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
	// policies from each group in `iamGroups` combined with the `policyDocument`
	// and `policyArns` parameters.
	IamGroups pulumi.StringArrayInput
	// A map of strings representing key/value pairs
	// to be used as tags for any IAM user that is created by this role.
	IamTags pulumi.StringMapInput
	// The max allowed TTL in seconds for STS credentials
	// (credentials TTL are capped to `maxStsTtl`). Valid only when `credentialType` is
	// one of `assumedRole` or `federationToken`.
	MaxStsTtl pulumi.IntPtrInput
	// The name to identify this role within the backend.
	// Must be unique within the backend.
	Name pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The ARN of the AWS Permissions
	// Boundary to attach to IAM users created in the role. Valid only when
	// `credentialType` is `iamUser`. If not specified, then no permissions boundary
	// policy will be attached.
	PermissionsBoundaryArn pulumi.StringPtrInput
	// Specifies a list of AWS managed policy ARNs. The
	// behavior depends on the credential type. With `iamUser`, the policies will be
	// attached to IAM users when they are requested. With `assumedRole` and
	// `federationToken`, the policy ARNs will act as a filter on what the credentials
	// can do, similar to `policyDocument`. When `credentialType` is `iamUser` or
	// `federationToken`, at least one of `policyDocument` or `policyArns` must
	// be specified.
	PolicyArns pulumi.StringArrayInput
	// The IAM policy document for the role. The
	// behavior depends on the credential type. With `iamUser`, the policy document
	// will be attached to the IAM user generated and augment the permissions the IAM
	// user has. With `assumedRole` and `federationToken`, the policy document will
	// act as a filter on what the credentials can do, similar to `policyArns`.
	PolicyDocument pulumi.StringPtrInput
	// Specifies the ARNs of the AWS roles this Vault role
	// is allowed to assume. Required when `credentialType` is `assumedRole` and
	// prohibited otherwise.
	RoleArns pulumi.StringArrayInput
	// A map of strings representing key/value pairs to be set
	// during assume role creds creation. Valid only when `credentialType` is set to
	// `assumedRole`.
	SessionTags pulumi.StringMapInput
	// The path for the user name. Valid only when
	// `credentialType` is `iamUser`. Default is `/`.
	UserPath pulumi.StringPtrInput
}

func (SecretBackendRoleState) ElementType 

func (SecretBackendRoleState) ElementType() reflect.Type

type SecretBackendState 

type SecretBackendState struct {
	// The AWS Access Key ID this backend should use to
	// issue new credentials. Vault uses the official AWS SDK to authenticate, and thus can also use standard AWS environment credentials, shared file credentials or IAM role/ECS task credentials.
	AccessKey pulumi.StringPtrInput
	// The default TTL for credentials
	// issued by this backend.
	DefaultLeaseTtlSeconds pulumi.IntPtrInput
	// A human-friendly description for this backend.
	Description pulumi.StringPtrInput
	// If set, opts out of mount migration on path updates.
	// See here for more info on [Mount Migration](https://www.vaultproject.io/docs/concepts/mount-migration)
	DisableRemount pulumi.BoolPtrInput
	// Specifies a custom HTTP IAM endpoint to use.
	IamEndpoint pulumi.StringPtrInput
	// The audience claim value. Requires Vault 1.16+.
	IdentityTokenAudience pulumi.StringPtrInput
	// The key to use for signing identity tokens. Requires Vault 1.16+.
	IdentityTokenKey pulumi.StringPtrInput
	// The TTL of generated identity tokens in seconds. Requires Vault 1.16+.
	IdentityTokenTtl pulumi.IntPtrInput
	// Specifies whether the secrets mount will be marked as local. Local mounts are not replicated to performance replicas.
	Local pulumi.BoolPtrInput
	// The maximum TTL that can be requested
	// for credentials issued by this backend.
	MaxLeaseTtlSeconds pulumi.IntPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `aws`.
	Path pulumi.StringPtrInput
	// The AWS region to make API calls against. Defaults to us-east-1.
	Region pulumi.StringPtrInput
	// Role ARN to assume for plugin identity token federation. Requires Vault 1.16+.
	RoleArn pulumi.StringPtrInput
	// The AWS Secret Access Key to use when generating new credentials.
	SecretKey pulumi.StringPtrInput
	// Specifies a custom HTTP STS endpoint to use.
	StsEndpoint pulumi.StringPtrInput
	// Ordered list of `stsEndpoint`s to try if the defined one fails. Requires Vault 1.19+
	StsFallbackEndpoints pulumi.StringArrayInput
	// Ordered list of `stsRegion`s matching the fallback endpoints. Should correspond in order with those endpoints. Requires Vault 1.19+
	StsFallbackRegions pulumi.StringArrayInput
	// Specifies the region of the STS endpoint. Should be included if `stsEndpoint` is supplied. Requires Vault 1.19+
	StsRegion pulumi.StringPtrInput
	// Template describing how dynamic usernames are generated. The username template is used to generate both IAM usernames (capped at 64 characters) and STS usernames (capped at 32 characters). If no template is provided the field defaults to the template:
	UsernameTemplate pulumi.StringPtrInput
}

func (SecretBackendState) ElementType 

func (SecretBackendState) ElementType() reflect.Type

type SecretBackendStaticRole 

type SecretBackendStaticRole struct {
	pulumi.CustomResourceState

	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `aws`
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// The name to identify this role within the backend.
	// Must be unique within the backend.
	Name pulumi.StringOutput `pulumi:"name"`
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrOutput `pulumi:"namespace"`
	// How often Vault should rotate the password of the user entry.
	RotationPeriod pulumi.IntOutput `pulumi:"rotationPeriod"`
	// The username of the existing AWS IAM to manage password rotation for.
	Username pulumi.StringOutput `pulumi:"username"`
}

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/aws"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		aws, err := aws.NewSecretBackend(ctx, "aws", &aws.SecretBackendArgs{
			Path:        pulumi.String("my-aws"),
			Description: pulumi.String("Obtain AWS credentials."),
		})
		if err != nil {
			return err
		}
		_, err = aws.NewSecretBackendStaticRole(ctx, "role", &aws.SecretBackendStaticRoleArgs{
			Backend:        aws.Path,
			Name:           pulumi.String("test"),
			Username:       pulumi.String("my-test-user"),
			RotationPeriod: pulumi.Int(3600),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

AWS secret backend static role can be imported using the full path to the role of the form: `<mount_path>/static-roles/<role_name>` e.g.

```sh $ pulumi import vault:aws/secretBackendStaticRole:SecretBackendStaticRole role aws/static-roles/example-role ```

func GetSecretBackendStaticRole 

func GetSecretBackendStaticRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretBackendStaticRoleState, opts ...pulumi.ResourceOption) (*SecretBackendStaticRole, error)

GetSecretBackendStaticRole gets an existing SecretBackendStaticRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretBackendStaticRole 

func NewSecretBackendStaticRole(ctx *pulumi.Context,
	name string, args *SecretBackendStaticRoleArgs, opts ...pulumi.ResourceOption) (*SecretBackendStaticRole, error)

NewSecretBackendStaticRole registers a new resource with the given unique name, arguments, and options.

func (*SecretBackendStaticRole) ElementType 

func (*SecretBackendStaticRole) ElementType() reflect.Type

func (*SecretBackendStaticRole) ToSecretBackendStaticRoleOutput 

func (i *SecretBackendStaticRole) ToSecretBackendStaticRoleOutput() SecretBackendStaticRoleOutput

func (*SecretBackendStaticRole) ToSecretBackendStaticRoleOutputWithContext 

func (i *SecretBackendStaticRole) ToSecretBackendStaticRoleOutputWithContext(ctx context.Context) SecretBackendStaticRoleOutput

type SecretBackendStaticRoleArgs 

type SecretBackendStaticRoleArgs struct {
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `aws`
	Backend pulumi.StringPtrInput
	// The name to identify this role within the backend.
	// Must be unique within the backend.
	Name pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// How often Vault should rotate the password of the user entry.
	RotationPeriod pulumi.IntInput
	// The username of the existing AWS IAM to manage password rotation for.
	Username pulumi.StringInput
}

The set of arguments for constructing a SecretBackendStaticRole resource.

func (SecretBackendStaticRoleArgs) ElementType 

func (SecretBackendStaticRoleArgs) ElementType() reflect.Type

type SecretBackendStaticRoleArray 

type SecretBackendStaticRoleArray []SecretBackendStaticRoleInput

func (SecretBackendStaticRoleArray) ElementType 

func (SecretBackendStaticRoleArray) ElementType() reflect.Type

func (SecretBackendStaticRoleArray) ToSecretBackendStaticRoleArrayOutput 

func (i SecretBackendStaticRoleArray) ToSecretBackendStaticRoleArrayOutput() SecretBackendStaticRoleArrayOutput

func (SecretBackendStaticRoleArray) ToSecretBackendStaticRoleArrayOutputWithContext 

func (i SecretBackendStaticRoleArray) ToSecretBackendStaticRoleArrayOutputWithContext(ctx context.Context) SecretBackendStaticRoleArrayOutput

type SecretBackendStaticRoleArrayInput 

type SecretBackendStaticRoleArrayInput interface {
	pulumi.Input

	ToSecretBackendStaticRoleArrayOutput() SecretBackendStaticRoleArrayOutput
	ToSecretBackendStaticRoleArrayOutputWithContext(context.Context) SecretBackendStaticRoleArrayOutput
}

SecretBackendStaticRoleArrayInput is an input type that accepts SecretBackendStaticRoleArray and SecretBackendStaticRoleArrayOutput values. You can construct a concrete instance of `SecretBackendStaticRoleArrayInput` via: 

SecretBackendStaticRoleArray{ SecretBackendStaticRoleArgs{...} }

type SecretBackendStaticRoleArrayOutput 

type SecretBackendStaticRoleArrayOutput struct{ *pulumi.OutputState }

func (SecretBackendStaticRoleArrayOutput) ElementType 

func (SecretBackendStaticRoleArrayOutput) ElementType() reflect.Type

func (SecretBackendStaticRoleArrayOutput) Index 

func (o SecretBackendStaticRoleArrayOutput) Index(i pulumi.IntInput) SecretBackendStaticRoleOutput

func (SecretBackendStaticRoleArrayOutput) ToSecretBackendStaticRoleArrayOutput 

func (o SecretBackendStaticRoleArrayOutput) ToSecretBackendStaticRoleArrayOutput() SecretBackendStaticRoleArrayOutput

func (SecretBackendStaticRoleArrayOutput) ToSecretBackendStaticRoleArrayOutputWithContext 

func (o SecretBackendStaticRoleArrayOutput) ToSecretBackendStaticRoleArrayOutputWithContext(ctx context.Context) SecretBackendStaticRoleArrayOutput

type SecretBackendStaticRoleInput 

type SecretBackendStaticRoleInput interface {
	pulumi.Input

	ToSecretBackendStaticRoleOutput() SecretBackendStaticRoleOutput
	ToSecretBackendStaticRoleOutputWithContext(ctx context.Context) SecretBackendStaticRoleOutput
}

type SecretBackendStaticRoleMap 

type SecretBackendStaticRoleMap map[string]SecretBackendStaticRoleInput

func (SecretBackendStaticRoleMap) ElementType 

func (SecretBackendStaticRoleMap) ElementType() reflect.Type

func (SecretBackendStaticRoleMap) ToSecretBackendStaticRoleMapOutput 

func (i SecretBackendStaticRoleMap) ToSecretBackendStaticRoleMapOutput() SecretBackendStaticRoleMapOutput

func (SecretBackendStaticRoleMap) ToSecretBackendStaticRoleMapOutputWithContext 

func (i SecretBackendStaticRoleMap) ToSecretBackendStaticRoleMapOutputWithContext(ctx context.Context) SecretBackendStaticRoleMapOutput

type SecretBackendStaticRoleMapInput 

type SecretBackendStaticRoleMapInput interface {
	pulumi.Input

	ToSecretBackendStaticRoleMapOutput() SecretBackendStaticRoleMapOutput
	ToSecretBackendStaticRoleMapOutputWithContext(context.Context) SecretBackendStaticRoleMapOutput
}

SecretBackendStaticRoleMapInput is an input type that accepts SecretBackendStaticRoleMap and SecretBackendStaticRoleMapOutput values. You can construct a concrete instance of `SecretBackendStaticRoleMapInput` via: 

SecretBackendStaticRoleMap{ "key": SecretBackendStaticRoleArgs{...} }

type SecretBackendStaticRoleMapOutput 

type SecretBackendStaticRoleMapOutput struct{ *pulumi.OutputState }

func (SecretBackendStaticRoleMapOutput) ElementType 

func (SecretBackendStaticRoleMapOutput) ElementType() reflect.Type

func (SecretBackendStaticRoleMapOutput) MapIndex 

func (o SecretBackendStaticRoleMapOutput) MapIndex(k pulumi.StringInput) SecretBackendStaticRoleOutput

func (SecretBackendStaticRoleMapOutput) ToSecretBackendStaticRoleMapOutput 

func (o SecretBackendStaticRoleMapOutput) ToSecretBackendStaticRoleMapOutput() SecretBackendStaticRoleMapOutput

func (SecretBackendStaticRoleMapOutput) ToSecretBackendStaticRoleMapOutputWithContext 

func (o SecretBackendStaticRoleMapOutput) ToSecretBackendStaticRoleMapOutputWithContext(ctx context.Context) SecretBackendStaticRoleMapOutput

type SecretBackendStaticRoleOutput 

type SecretBackendStaticRoleOutput struct{ *pulumi.OutputState }

func (SecretBackendStaticRoleOutput) Backend 

func (o SecretBackendStaticRoleOutput) Backend() pulumi.StringPtrOutput

The unique path this backend should be mounted at. Must not begin or end with a `/`. Defaults to `aws`

func (SecretBackendStaticRoleOutput) ElementType 

func (SecretBackendStaticRoleOutput) ElementType() reflect.Type

func (SecretBackendStaticRoleOutput) Name 

func (o SecretBackendStaticRoleOutput) Name() pulumi.StringOutput

The name to identify this role within the backend. Must be unique within the backend.

func (SecretBackendStaticRoleOutput) Namespace 

func (o SecretBackendStaticRoleOutput) Namespace() pulumi.StringPtrOutput

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace). *Available only for Vault Enterprise*.

func (SecretBackendStaticRoleOutput) RotationPeriod 

func (o SecretBackendStaticRoleOutput) RotationPeriod() pulumi.IntOutput

How often Vault should rotate the password of the user entry.

func (SecretBackendStaticRoleOutput) ToSecretBackendStaticRoleOutput 

func (o SecretBackendStaticRoleOutput) ToSecretBackendStaticRoleOutput() SecretBackendStaticRoleOutput

func (SecretBackendStaticRoleOutput) ToSecretBackendStaticRoleOutputWithContext 

func (o SecretBackendStaticRoleOutput) ToSecretBackendStaticRoleOutputWithContext(ctx context.Context) SecretBackendStaticRoleOutput

func (SecretBackendStaticRoleOutput) Username 

func (o SecretBackendStaticRoleOutput) Username() pulumi.StringOutput

The username of the existing AWS IAM to manage password rotation for.

type SecretBackendStaticRoleState 

type SecretBackendStaticRoleState struct {
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `aws`
	Backend pulumi.StringPtrInput
	// The name to identify this role within the backend.
	// Must be unique within the backend.
	Name pulumi.StringPtrInput
	// The namespace to provision the resource in.
	// The value should not contain leading or trailing forward slashes.
	// The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
	// *Available only for Vault Enterprise*.
	Namespace pulumi.StringPtrInput
	// How often Vault should rotate the password of the user entry.
	RotationPeriod pulumi.IntPtrInput
	// The username of the existing AWS IAM to manage password rotation for.
	Username pulumi.StringPtrInput
}

func (SecretBackendStaticRoleState) ElementType 

func (SecretBackendStaticRoleState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.