Docs
Packagesaws-login
The aws-login provider enables you to log in to your AWS account using OpenID Connect or by providing static credentials. The provider will return a set of credentials that can be used to access AWS resources or fetch secrets using the aws-secrets provider.
Example
aws:
login:
fn::open::aws-login:
oidc:
roleArn: arn:aws:iam::123456789:role/esc-oidc
sessionName: pulumi-environments-session
Configuring OIDC
To learn how to configure OpenID Connect (OIDC) between Pulumi Cloud and AWS, see the OpenID Connect integration documentation.
Inputs
| Property | Type | Description |
|---|---|---|
oidc | AWSLoginOIDC | [Optional] - OIDC configuration to log in to AWS. |
static | AWSLoginStatic | [Optional] - A static set of credentials to use to log in to AWS. |
AWSLoginOIDC
| Property | Type | Description |
|---|---|---|
roleArn | string | The ARN of the role to assume. |
sessionName | string | The name of the role session. |
duration | string | [Optional] - The duration of the role session. Defaults to 2 hours. Unless explicitly specified, AWS sets MaxDuration to 1 hour by default. You may need to configure your AWS role with a higher MaxDuration or set the duration here to 1 hour. |
policyArn | string[] | [Optional] - ARNs for additional policies to apply to the role session. |
AWSLoginStatic
| Property | Type | Description |
|---|---|---|
accessKeyId | string | The AWS access key ID |
secretAccessKey | string | The AWS secret access key |
sessionToken | string | [Optional] - The AWS session token, if any. |
Outputs
| Property | Type | Description |
|---|---|---|
accessKeyId | string | The AWS access key ID |
secretAccessKey | string | The AWS secret access key |
sessionToken | string | [Optional] - The AWS session token, if any. |
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.
