OperationContextAWSOIDCConfiguration
OperationContextAWSOIDCConfiguration contains information about how to exchange an OIDC token for temporary AWS credentials in the form of an assume-role session. See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html for details on creating an appropriately-configured IAM role.
Properties
durationstring optionalDuration is the duration of the assume-role session.policyArnsarray[string] optionalPolicyARNs is an optional set of IAM policy ARNs that further restrict the assume-role session.roleArnstring requiredThe ARN of the role to assume using the OIDC token.sessionNamestring requiredThe name of the assume-role session, sent to AWS STS as RoleSessionName. Supports ${var} placeholders for ${organization.name}, ${project.name}, ${stack.name}, ${operation}, ${deployment.version}, and ${deployment.id}. Recommended: include ${deployment.version} so each run is traceable in AWS CloudTrail (for example, ‘pulumi-${deployment.version}’). AWS caps RoleSessionName at 64 characters; if a rendered template would exceed that, the name variables (organization, project, stack) are truncated to fit while ${operation}, ${deployment.version}, and ${deployment.id} are preserved.
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.