1. Docs
  2. Pulumi ESC
  3. Integrations
  4. Dynamic login credentials
  5. aws-login

aws-login

    The aws-login provider enables you to log in to your AWS account using OpenID Connect or by providing static credentials. The provider will return a set of credentials that can be used to access AWS resources or fetch secrets using the aws-secrets provider.

    Example

    values:
      aws:
        login:
          fn::open::aws-login:
            oidc:
              duration: 1h
              roleArn: arn:aws:iam::012345678912:role/role-abcd123
              sessionName: pulumi-esc
      environmentVariables:
        AWS_ACCESS_KEY_ID: ${aws.login.accessKeyId}
        AWS_SECRET_ACCESS_KEY: ${aws.login.secretAccessKey}
        AWS_SESSION_TOKEN: ${aws.login.sessionToken}
    

    Configuring OIDC

    To learn how to configure OpenID Connect (OIDC) between Pulumi Cloud and AWS, see the OpenID Connect integration documentation.

    Inputs

    PropertyTypeDescription
    oidcAWSLoginOIDC[Optional] - OIDC configuration to log in to AWS.
    staticAWSLoginStatic[Optional] - A static set of credentials to use to log in to AWS.

    AWSLoginOIDC

    PropertyTypeDescription
    roleArnstringThe ARN of the role to assume.
    sessionNamestringThe name of the role session.
    durationstring[Optional] - The duration of the role session. Defaults to 2 hours. Unless explicitly specified, AWS sets MaxDuration to 1 hour by default. You may need to configure your AWS role with a higher MaxDuration or set the duration here to 1 hour.
    policyArnsstring[][Optional] - ARNs for additional policies to apply to the role session.
    subjectAttributesstring[][Optional] - Subject attributes to be included in the OIDC token. For more information see the see the OpenID subject customization documentation

    AWSLoginStatic

    PropertyTypeDescription
    accessKeyIdstringThe AWS access key ID
    secretAccessKeystringThe AWS secret access key
    sessionTokenstring[Optional] - The AWS session token, if any.

    Outputs

    PropertyTypeDescription
    accessKeyIdstringThe AWS access key ID
    secretAccessKeystringThe AWS secret access key
    sessionTokenstring[Optional] - The AWS session token, if any.
      PulumiUP 2024. Watch On Demand.