aws-login
The aws-login
provider enables you to log in to your AWS account using OpenID Connect or by providing static credentials. The provider will return a set of credentials that can be used to access AWS resources or fetch secrets using the aws-secrets
provider.
Example
values:
aws:
login:
fn::open::aws-login:
oidc:
duration: 1h
roleArn: arn:aws:iam::012345678912:role/role-abcd123
sessionName: pulumi-esc
environmentVariables:
AWS_ACCESS_KEY_ID: ${aws.login.accessKeyId}
AWS_SECRET_ACCESS_KEY: ${aws.login.secretAccessKey}
AWS_SESSION_TOKEN: ${aws.login.sessionToken}
Configuring OIDC
To learn how to configure OpenID Connect (OIDC) between Pulumi Cloud and AWS, see the OpenID Connect integration documentation.
Inputs
Property | Type | Description |
---|---|---|
oidc | AWSLoginOIDC | [Optional] - OIDC configuration to log in to AWS. |
static | AWSLoginStatic | [Optional] - A static set of credentials to use to log in to AWS. |
AWSLoginOIDC
Property | Type | Description |
---|---|---|
roleArn | string | The ARN of the role to assume. |
sessionName | string | The name of the role session. |
duration | string | [Optional] - The duration of the role session. Defaults to 2 hours. Unless explicitly specified, AWS sets MaxDuration to 1 hour by default. You may need to configure your AWS role with a higher MaxDuration or set the duration here to 1 hour. |
policyArns | string[] | [Optional] - ARNs for additional policies to apply to the role session. |
subjectAttributes | string[] | [Optional] - Subject attributes to be included in the OIDC token. For more information see the see the OpenID subject customization documentation |
AWSLoginStatic
Property | Type | Description |
---|---|---|
accessKeyId | string | The AWS access key ID |
secretAccessKey | string | The AWS secret access key |
sessionToken | string | [Optional] - The AWS session token, if any. |
Outputs
Property | Type | Description |
---|---|---|
accessKeyId | string | The AWS access key ID |
secretAccessKey | string | The AWS secret access key |
sessionToken | string | [Optional] - The AWS session token, if any. |
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.