AccessKey
Provides an IAM access key. This is a set of credentials that allow API requests to be made as an IAM user.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var lbUser = new Aws.Iam.User("lbUser", new Aws.Iam.UserArgs
{
Path = "/system/",
});
var lbAccessKey = new Aws.Iam.AccessKey("lbAccessKey", new Aws.Iam.AccessKeyArgs
{
User = lbUser.Name,
PgpKey = "keybase:some_person_that_exists",
});
var lbRo = new Aws.Iam.UserPolicy("lbRo", new Aws.Iam.UserPolicyArgs
{
User = lbUser.Name,
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": [
""ec2:Describe*""
],
""Effect"": ""Allow"",
""Resource"": ""*""
}
]
}
",
});
this.Secret = lbAccessKey.EncryptedSecret;
}
[Output("secret")]
public Output<string> Secret { get; set; }
}
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
lbUser, err := iam.NewUser(ctx, "lbUser", &iam.UserArgs{
Path: pulumi.String("/system/"),
})
if err != nil {
return err
}
lbAccessKey, err := iam.NewAccessKey(ctx, "lbAccessKey", &iam.AccessKeyArgs{
User: lbUser.Name,
PgpKey: pulumi.String("keybase:some_person_that_exists"),
})
if err != nil {
return err
}
_, err = iam.NewUserPolicy(ctx, "lbRo", &iam.UserPolicyArgs{
User: lbUser.Name,
Policy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", " \"Version\": \"2012-10-17\",\n", " \"Statement\": [\n", " {\n", " \"Action\": [\n", " \"ec2:Describe*\"\n", " ],\n", " \"Effect\": \"Allow\",\n", " \"Resource\": \"*\"\n", " }\n", " ]\n", "}\n")),
})
if err != nil {
return err
}
ctx.Export("secret", lbAccessKey.EncryptedSecret)
return nil
})
}
import pulumi
import pulumi_aws as aws
lb_user = aws.iam.User("lbUser", path="/system/")
lb_access_key = aws.iam.AccessKey("lbAccessKey",
user=lb_user.name,
pgp_key="keybase:some_person_that_exists")
lb_ro = aws.iam.UserPolicy("lbRo",
user=lb_user.name,
policy="""{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
""")
pulumi.export("secret", lb_access_key.encrypted_secret)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const lbUser = new aws.iam.User("lbUser", {path: "/system/"});
const lbAccessKey = new aws.iam.AccessKey("lbAccessKey", {
user: lbUser.name,
pgpKey: "keybase:some_person_that_exists",
});
const lbRo = new aws.iam.UserPolicy("lbRo", {
user: lbUser.name,
policy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
`,
});
export const secret = lbAccessKey.encryptedSecret;
Create a AccessKey Resource
new AccessKey(name: string, args: AccessKeyArgs, opts?: CustomResourceOptions);
def AccessKey(resource_name: str, opts: Optional[ResourceOptions] = None, pgp_key: Optional[str] = None, status: Optional[str] = None, user: Optional[str] = None)
func NewAccessKey(ctx *Context, name string, args AccessKeyArgs, opts ...ResourceOption) (*AccessKey, error)
public AccessKey(string name, AccessKeyArgs args, CustomResourceOptions? opts = null)
- name string
- The unique name of the resource.
- args AccessKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- opts ResourceOptions
- A bag of options that control this resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccessKeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
AccessKey Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.
Inputs
The AccessKey resource accepts the following input properties:
- User string
The IAM user to associate with this access key.
- Pgp
Key string Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:some_person_that_exists
, for use in theencrypted_secret
output attribute.- Status string
The access key status to apply. Defaults to
Active
. Valid values areActive
andInactive
.
- User string
The IAM user to associate with this access key.
- Pgp
Key string Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:some_person_that_exists
, for use in theencrypted_secret
output attribute.- Status string
The access key status to apply. Defaults to
Active
. Valid values areActive
andInactive
.
- user string
The IAM user to associate with this access key.
- pgp
Key string Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:some_person_that_exists
, for use in theencrypted_secret
output attribute.- status string
The access key status to apply. Defaults to
Active
. Valid values areActive
andInactive
.
- user str
The IAM user to associate with this access key.
- pgp_
key str Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:some_person_that_exists
, for use in theencrypted_secret
output attribute.- status str
The access key status to apply. Defaults to
Active
. Valid values areActive
andInactive
.
Outputs
All input properties are implicitly available as output properties. Additionally, the AccessKey resource produces the following output properties:
- Encrypted
Secret string - Id string
- The provider-assigned unique ID for this managed resource.
- Key
Fingerprint string The fingerprint of the PGP key used to encrypt the secret
- Secret string
The secret access key. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a
pgp_key
instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.- Ses
Smtp stringPassword V4 The secret access key converted into an SES SMTP password by applying AWS’s documented Sigv4 conversion algorithm. As SigV4 is region specific, valid Provider regions are
ap-south-1
,ap-southeast-2
,eu-central-1
,eu-west-1
,us-east-1
andus-west-2
. See current AWS SES regions
- Encrypted
Secret string - Id string
- The provider-assigned unique ID for this managed resource.
- Key
Fingerprint string The fingerprint of the PGP key used to encrypt the secret
- Secret string
The secret access key. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a
pgp_key
instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.- Ses
Smtp stringPassword V4 The secret access key converted into an SES SMTP password by applying AWS’s documented Sigv4 conversion algorithm. As SigV4 is region specific, valid Provider regions are
ap-south-1
,ap-southeast-2
,eu-central-1
,eu-west-1
,us-east-1
andus-west-2
. See current AWS SES regions
- encrypted
Secret string - id string
- The provider-assigned unique ID for this managed resource.
- key
Fingerprint string The fingerprint of the PGP key used to encrypt the secret
- secret string
The secret access key. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a
pgp_key
instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.- ses
Smtp stringPassword V4 The secret access key converted into an SES SMTP password by applying AWS’s documented Sigv4 conversion algorithm. As SigV4 is region specific, valid Provider regions are
ap-south-1
,ap-southeast-2
,eu-central-1
,eu-west-1
,us-east-1
andus-west-2
. See current AWS SES regions
- encrypted_
secret str - id str
- The provider-assigned unique ID for this managed resource.
- key_
fingerprint str The fingerprint of the PGP key used to encrypt the secret
- secret str
The secret access key. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a
pgp_key
instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.- ses_
smtp_ strpassword_ v4 The secret access key converted into an SES SMTP password by applying AWS’s documented Sigv4 conversion algorithm. As SigV4 is region specific, valid Provider regions are
ap-south-1
,ap-southeast-2
,eu-central-1
,eu-west-1
,us-east-1
andus-west-2
. See current AWS SES regions
Look up an Existing AccessKey Resource
Get an existing AccessKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AccessKeyState, opts?: CustomResourceOptions): AccessKey
@staticmethod
def get(resource_name: str, id: str, opts: Optional[ResourceOptions] = None, encrypted_secret: Optional[str] = None, key_fingerprint: Optional[str] = None, pgp_key: Optional[str] = None, secret: Optional[str] = None, ses_smtp_password_v4: Optional[str] = None, status: Optional[str] = None, user: Optional[str] = None) -> AccessKey
func GetAccessKey(ctx *Context, name string, id IDInput, state *AccessKeyState, opts ...ResourceOption) (*AccessKey, error)
public static AccessKey Get(string name, Input<string> id, AccessKeyState? state, CustomResourceOptions? opts = null)
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Encrypted
Secret string - Key
Fingerprint string The fingerprint of the PGP key used to encrypt the secret
- Pgp
Key string Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:some_person_that_exists
, for use in theencrypted_secret
output attribute.- Secret string
The secret access key. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a
pgp_key
instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.- Ses
Smtp stringPassword V4 The secret access key converted into an SES SMTP password by applying AWS’s documented Sigv4 conversion algorithm. As SigV4 is region specific, valid Provider regions are
ap-south-1
,ap-southeast-2
,eu-central-1
,eu-west-1
,us-east-1
andus-west-2
. See current AWS SES regions- Status string
The access key status to apply. Defaults to
Active
. Valid values areActive
andInactive
.- User string
The IAM user to associate with this access key.
- Encrypted
Secret string - Key
Fingerprint string The fingerprint of the PGP key used to encrypt the secret
- Pgp
Key string Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:some_person_that_exists
, for use in theencrypted_secret
output attribute.- Secret string
The secret access key. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a
pgp_key
instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.- Ses
Smtp stringPassword V4 The secret access key converted into an SES SMTP password by applying AWS’s documented Sigv4 conversion algorithm. As SigV4 is region specific, valid Provider regions are
ap-south-1
,ap-southeast-2
,eu-central-1
,eu-west-1
,us-east-1
andus-west-2
. See current AWS SES regions- Status string
The access key status to apply. Defaults to
Active
. Valid values areActive
andInactive
.- User string
The IAM user to associate with this access key.
- encrypted
Secret string - key
Fingerprint string The fingerprint of the PGP key used to encrypt the secret
- pgp
Key string Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:some_person_that_exists
, for use in theencrypted_secret
output attribute.- secret string
The secret access key. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a
pgp_key
instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.- ses
Smtp stringPassword V4 The secret access key converted into an SES SMTP password by applying AWS’s documented Sigv4 conversion algorithm. As SigV4 is region specific, valid Provider regions are
ap-south-1
,ap-southeast-2
,eu-central-1
,eu-west-1
,us-east-1
andus-west-2
. See current AWS SES regions- status string
The access key status to apply. Defaults to
Active
. Valid values areActive
andInactive
.- user string
The IAM user to associate with this access key.
- encrypted_
secret str - key_
fingerprint str The fingerprint of the PGP key used to encrypt the secret
- pgp_
key str Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:some_person_that_exists
, for use in theencrypted_secret
output attribute.- secret str
The secret access key. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a
pgp_key
instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.- ses_
smtp_ strpassword_ v4 The secret access key converted into an SES SMTP password by applying AWS’s documented Sigv4 conversion algorithm. As SigV4 is region specific, valid Provider regions are
ap-south-1
,ap-southeast-2
,eu-central-1
,eu-west-1
,us-east-1
andus-west-2
. See current AWS SES regions- status str
The access key status to apply. Defaults to
Active
. Valid values areActive
andInactive
.- user str
The IAM user to associate with this access key.
Package Details
- Repository
- https://github.com/pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.