Module iam
This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the
pulumi/pulumi-awsrepo; however, if that doesn’t turn up anything, please consult the sourceterraform-providers/terraform-provider-awsrepo.
namespace ManagedPolicies
- AdministratorAccess
- AmazonAPIGatewayAdministrator
- AmazonAPIGatewayInvokeFullAccess
- AmazonAPIGatewayPushToCloudWatchLogs
- AmazonAppStreamFullAccess
- AmazonAppStreamReadOnlyAccess
- AmazonAppStreamServiceAccess
- AmazonAthenaFullAccess
- AmazonCloudDirectoryFullAccess
- AmazonCloudDirectoryReadOnlyAccess
- AmazonCognitoDeveloperAuthenticatedIdentities
- AmazonCognitoPowerUser
- AmazonCognitoReadOnly
- AmazonDMSCloudWatchLogsRole
- AmazonDMSRedshiftS3Role
- AmazonDMSVPCManagementRole
- AmazonDRSVPCManagement
- AmazonDynamoDBFullAccess
- AmazonDynamoDBFullAccesswithDataPipeline
- AmazonDynamoDBReadOnlyAccess
- AmazonEC2ContainerRegistryFullAccess
- AmazonEC2ContainerRegistryPowerUser
- AmazonEC2ContainerRegistryReadOnly
- AmazonEC2ContainerServiceAutoscaleRole
- AmazonEC2ContainerServiceforEC2Role
- AmazonEC2ContainerServiceFullAccess
- AmazonEC2ContainerServiceRole
- AmazonEC2FullAccess
- AmazonEC2ReadOnlyAccess
- AmazonEC2ReportsAccess
- AmazonEC2RoleforAWSCodeDeploy
- AmazonEC2RoleforDataPipelineRole
- AmazonEC2RoleforSSM
- AmazonEC2SpotFleetAutoscaleRole
- AmazonEC2SpotFleetRole
- AmazonElastiCacheFullAccess
- AmazonElastiCacheReadOnlyAccess
- AmazonElasticFileSystemFullAccess
- AmazonElasticFileSystemReadOnlyAccess
- AmazonElasticMapReduceforAutoScalingRole
- AmazonElasticMapReduceforEC2Role
- AmazonElasticMapReduceFullAccess
- AmazonElasticMapReduceReadOnlyAccess
- AmazonElasticMapReduceRole
- AmazonElasticTranscoderFullAccess
- AmazonElasticTranscoderJobsSubmitter
- AmazonElasticTranscoderReadOnlyAccess
- AmazonElasticTranscoderRole
- AmazonESFullAccess
- AmazonESReadOnlyAccess
- AmazonGlacierFullAccess
- AmazonGlacierReadOnlyAccess
- AmazonInspectorFullAccess
- AmazonInspectorReadOnlyAccess
- AmazonKinesisAnalyticsFullAccess
- AmazonKinesisAnalyticsReadOnly
- AmazonKinesisFirehoseFullAccess
- AmazonKinesisFirehoseReadOnlyAccess
- AmazonKinesisFullAccess
- AmazonKinesisReadOnlyAccess
- AmazonLexFullAccess
- AmazonLexReadOnly
- AmazonLexRunBotsOnly
- AmazonMachineLearningBatchPredictionsAccess
- AmazonMachineLearningCreateOnlyAccess
- AmazonMachineLearningFullAccess
- AmazonMachineLearningManageRealTimeEndpointOnlyAccess
- AmazonMachineLearningReadOnlyAccess
- AmazonMachineLearningRealTimePredictionOnlyAccess
- AmazonMachineLearningRoleforRedshiftDataSource
- AmazonMechanicalTurkFullAccess
- AmazonMechanicalTurkReadOnly
- AmazonMobileAnalyticsFinancialReportAccess
- AmazonMobileAnalyticsFullAccess
- AmazonMobileAnalyticsNonfinancialReportAccess
- AmazonMobileAnalyticsWriteOnlyAccess
- AmazonPollyFullAccess
- AmazonPollyReadOnlyAccess
- AmazonRDSDirectoryServiceAccess
- AmazonRDSEnhancedMonitoringRole
- AmazonRDSFullAccess
- AmazonRDSReadOnlyAccess
- AmazonRedshiftFullAccess
- AmazonRedshiftReadOnlyAccess
- AmazonRekognitionFullAccess
- AmazonRekognitionReadOnlyAccess
- AmazonRoute53DomainsFullAccess
- AmazonRoute53DomainsReadOnlyAccess
- AmazonRoute53FullAccess
- AmazonRoute53ReadOnlyAccess
- AmazonS3FullAccess
- AmazonS3ReadOnlyAccess
- AmazonSESFullAccess
- AmazonSESReadOnlyAccess
- AmazonSNSFullAccess
- AmazonSNSReadOnlyAccess
- AmazonSNSRole
- AmazonSQSFullAccess
- AmazonSQSReadOnlyAccess
- AmazonSSMAutomationRole
- AmazonSSMFullAccess
- AmazonSSMMaintenanceWindowRole
- AmazonSSMReadOnlyAccess
- AmazonVPCFullAccess
- AmazonVPCReadOnlyAccess
- AmazonWorkMailFullAccess
- AmazonWorkMailReadOnlyAccess
- AmazonWorkSpacesAdmin
- AmazonWorkSpacesApplicationManagerAdminAccess
- AmazonZocaloFullAccess
- AmazonZocaloReadOnlyAccess
- ApplicationAutoScalingForAmazonAppStreamAccess
- AutoScalingConsoleFullAccess
- AutoScalingConsoleReadOnlyAccess
- AutoScalingFullAccess
- AutoScalingNotificationAccessRole
- AutoScalingReadOnlyAccess
- AWSAccountActivityAccess
- AWSAccountUsageReportAccess
- AWSAgentlessDiscoveryService
- AWSApplicationDiscoveryAgentAccess
- AWSApplicationDiscoveryServiceFullAccess
- AWSBatchFullAccess
- AWSBatchServiceRole
- AWSCertificateManagerFullAccess
- AWSCertificateManagerReadOnly
- AWSCloudFormationReadOnlyAccess
- AWSCloudHSMFullAccess
- AWSCloudHSMReadOnlyAccess
- AWSCloudHSMRole
- AWSCloudTrailFullAccess
- AWSCloudTrailReadOnlyAccess
- AWSCodeBuildAdminAccess
- AWSCodeBuildDeveloperAccess
- AWSCodeBuildReadOnlyAccess
- AWSCodeCommitFullAccess
- AWSCodeCommitPowerUser
- AWSCodeCommitReadOnly
- AWSCodeDeployDeployerAccess
- AWSCodeDeployFullAccess
- AWSCodeDeployReadOnlyAccess
- AWSCodeDeployRole
- AWSCodePipelineApproverAccess
- AWSCodePipelineCustomActionAccess
- AWSCodePipelineFullAccess
- AWSCodePipelineReadOnlyAccess
- AWSCodeStarFullAccess
- AWSCodeStarServiceRole
- AWSConfigRole
- AWSConfigRulesExecutionRole
- AWSConfigUserAccess
- AWSConnector
- AWSDataPipeline_FullAccess
- AWSDataPipeline_PowerUser
- AWSDataPipelineRole
- AWSDeviceFarmFullAccess
- AWSDirectConnectFullAccess
- AWSDirectConnectReadOnlyAccess
- AWSDirectoryServiceFullAccess
- AWSDirectoryServiceReadOnlyAccess
- AWSElasticBeanstalkCustomPlatformforEC2Role
- AWSElasticBeanstalkEnhancedHealth
- AWSElasticBeanstalkFullAccess
- AWSElasticBeanstalkMulticontainerDocker
- AWSElasticBeanstalkReadOnlyAccess
- AWSElasticBeanstalkService
- AWSElasticBeanstalkWebTier
- AWSElasticBeanstalkWorkerTier
- AWSGreengrassFullAccess
- AWSGreengrassResourceAccessRolePolicy
- AWSHealthFullAccess
- AWSImportExportFullAccess
- AWSImportExportReadOnlyAccess
- AWSIoTConfigAccess
- AWSIoTConfigReadOnlyAccess
- AWSIoTDataAccess
- AWSIoTFullAccess
- AWSIoTLogging
- AWSIoTRuleActions
- AWSKeyManagementServicePowerUser
- AWSLambdaBasicExecutionRole
- AWSLambdaDynamoDBExecutionRole
- AWSLambdaENIManagementAccess
- AWSLambdaExecute
- AWSLambdaFullAccess
- AWSLambdaInvocationDynamoDB
- AWSLambdaKinesisExecutionRole
- AWSLambdaReadOnlyAccess
- AWSLambdaRole
- AWSLambdaVPCAccessExecutionRole
- AWSMarketplaceFullAccess
- AWSMarketplaceGetEntitlements
- AWSMarketplaceManageSubscriptions
- AWSMarketplaceMeteringFullAccess
- AWSMarketplaceReadonly
- AWSMobileHub_FullAccess
- AWSMobileHub_ReadOnly
- AWSMobileHub_ServiceUseOnly
- AWSOpsWorksCloudWatchLogs
- AWSOpsWorksCMInstanceProfileRole
- AWSOpsWorksCMServiceRole
- AWSOpsWorksFullAccess
- AWSOpsWorksInstanceRegistration
- AWSOpsWorksRegisterCLI
- AWSOpsWorksRole
- AWSQuicksightAthenaAccess
- AWSQuickSightDescribeRDS
- AWSQuickSightDescribeRedshift
- AWSQuickSightListIAM
- AWSStepFunctionsConsoleFullAccess
- AWSStepFunctionsFullAccess
- AWSStepFunctionsReadOnlyAccess
- AWSStorageGatewayFullAccess
- AWSStorageGatewayReadOnlyAccess
- AWSSupportAccess
- AWSWAFFullAccess
- AWSWAFReadOnlyAccess
- AWSXrayFullAccess
- AWSXrayReadOnlyAccess
- AWSXrayWriteOnlyAccess
- Billing
- CloudFrontFullAccess
- CloudFrontReadOnlyAccess
- CloudSearchFullAccess
- CloudSearchReadOnlyAccess
- CloudWatchActionsEC2Access
- CloudWatchEventsBuiltInTargetExecutionAccess
- CloudWatchEventsFullAccess
- CloudWatchEventsInvocationAccess
- CloudWatchEventsReadOnlyAccess
- CloudWatchFullAccess
- CloudWatchLogsFullAccess
- CloudWatchLogsReadOnlyAccess
- CloudWatchReadOnlyAccess
- DatabaseAdministrator
- DataScientist
- IAMFullAccess
- IAMReadOnlyAccess
- IAMSelfManageServiceSpecificCredentials
- IAMUserChangePassword
- IAMUserSSHKeys
- NetworkAdministrator
- PowerUserAccess
- RDSCloudHsmAuthorizationRole
- ReadOnlyAccess
- ResourceGroupsandTagEditorFullAccess
- ResourceGroupsandTagEditorReadOnlyAccess
- SecurityAudit
- ServerMigrationConnector
- ServerMigrationServiceRole
- ServiceCatalogAdminFullAccess
- ServiceCatalogAdminReadOnlyAccess
- ServiceCatalogEndUserAccess
- ServiceCatalogEndUserFullAccess
- SimpleWorkflowFullAccess
- SupportUser
- SystemAdministrator
- ViewOnlyAccess
- VMImportExportRoleForAWSConnector
namespace Principals
- AcmServicePrincipal
- ApiGatewayPrincipal
- AthenaPrincipal
- AutoscalingPrincipal
- CloudDirectoryPrincipal
- CloudformationPrincipal
- CloudfrontPrincipal
- CloudSearchPrincipal
- CloudtrailPrincipal
- CodeBuildPrincipal
- CodeCommitPrincipal
- CodeDeployPrincipal
- CodePipelinePrincipal
- ConfigPrincipal
- DataPipelinePrincipal
- DirectConnectPrincipal
- DirectoryServicesPrincipal
- DynamoDbPrincipal
- Ec2Principal
- EcrPrincipal
- EcsPrincipal
- EdgeLambdaPrincipal
- ElasticachePrincipal
- ElasticBeanstalkPrincipal
- ElasticFileSystemPrincipal
- ElasticLoadBalancingPrincipal
- ElasticMapReducePrincipal
- EventsPrincipal
- HealthPrincipal
- IamPrincipal
- InspectorPrincipal
- KinesisPrincipal
- KmsPrincipal
- LambdaPrincipal
- LightsailPrincipal
- LogsPrincipal
- MonitoringPrincipal
- OpsworksPrincipal
- OrganizationsPrincipal
- RdsPrincipal
- RedshiftPrincipal
- Route53Principal
- S3Principal
- ServiceCatalogPrincipal
- SesPrincipal
- SigninPrincipal
- SnsPrincipal
- SqsPrincipal
- SsmPrincipal
- StorageGatewayPrincipal
- StsPrincipal
- SupportPrincipal
- VmiePrincipal
- VpcFlowLogsPrincipal
- WafPrincipal
- WorkDocsPrincipal
- WorkspacesPrincipal
Resources
- AccessKey
- AccountAlias
- AccountPasswordPolicy
- Group
- GroupMembership
- GroupPolicy
- GroupPolicyAttachment
- InstanceProfile
- OpenIdConnectProvider
- Policy
- PolicyAttachment
- Role
- RolePolicy
- RolePolicyAttachment
- SamlProvider
- ServerCertificate
- ServiceLinkedRole
- SshKey
- User
- UserGroupMembership
- UserLoginProfile
- UserPolicy
- UserPolicyAttachment
Data Sources
- getAccountAlias
- getGroup
- getInstanceProfile
- getPolicy
- getPolicyDocument
- getRole
- getServerCertificate
- getUser
Others
- AccessKeyArgs
- AccessKeyState
- AccountAliasArgs
- AccountAliasState
- AccountPasswordPolicyArgs
- AccountPasswordPolicyState
- AcmServicePrincipal
- AdministratorAccess
- AmazonAPIGatewayAdministrator
- AmazonAPIGatewayInvokeFullAccess
- AmazonAPIGatewayPushToCloudWatchLogs
- AmazonAppStreamFullAccess
- AmazonAppStreamReadOnlyAccess
- AmazonAppStreamServiceAccess
- AmazonAthenaFullAccess
- AmazonCloudDirectoryFullAccess
- AmazonCloudDirectoryReadOnlyAccess
- AmazonCognitoDeveloperAuthenticatedIdentities
- AmazonCognitoPowerUser
- AmazonCognitoReadOnly
- AmazonDMSCloudWatchLogsRole
- AmazonDMSRedshiftS3Role
- AmazonDMSVPCManagementRole
- AmazonDRSVPCManagement
- AmazonDynamoDBFullAccess
- AmazonDynamoDBFullAccesswithDataPipeline
- AmazonDynamoDBReadOnlyAccess
- AmazonEC2ContainerRegistryFullAccess
- AmazonEC2ContainerRegistryPowerUser
- AmazonEC2ContainerRegistryReadOnly
- AmazonEC2ContainerServiceAutoscaleRole
- AmazonEC2ContainerServiceforEC2Role
- AmazonEC2ContainerServiceFullAccess
- AmazonEC2ContainerServiceRole
- AmazonEC2FullAccess
- AmazonEC2ReadOnlyAccess
- AmazonEC2ReportsAccess
- AmazonEC2RoleforAWSCodeDeploy
- AmazonEC2RoleforDataPipelineRole
- AmazonEC2RoleforSSM
- AmazonEC2SpotFleetAutoscaleRole
- AmazonEC2SpotFleetRole
- AmazonElastiCacheFullAccess
- AmazonElastiCacheReadOnlyAccess
- AmazonElasticFileSystemFullAccess
- AmazonElasticFileSystemReadOnlyAccess
- AmazonElasticMapReduceforAutoScalingRole
- AmazonElasticMapReduceforEC2Role
- AmazonElasticMapReduceFullAccess
- AmazonElasticMapReduceReadOnlyAccess
- AmazonElasticMapReduceRole
- AmazonElasticTranscoderFullAccess
- AmazonElasticTranscoderJobsSubmitter
- AmazonElasticTranscoderReadOnlyAccess
- AmazonElasticTranscoderRole
- AmazonESFullAccess
- AmazonESReadOnlyAccess
- AmazonGlacierFullAccess
- AmazonGlacierReadOnlyAccess
- AmazonInspectorFullAccess
- AmazonInspectorReadOnlyAccess
- AmazonKinesisAnalyticsFullAccess
- AmazonKinesisAnalyticsReadOnly
- AmazonKinesisFirehoseFullAccess
- AmazonKinesisFirehoseReadOnlyAccess
- AmazonKinesisFullAccess
- AmazonKinesisReadOnlyAccess
- AmazonLexFullAccess
- AmazonLexReadOnly
- AmazonLexRunBotsOnly
- AmazonMachineLearningBatchPredictionsAccess
- AmazonMachineLearningCreateOnlyAccess
- AmazonMachineLearningFullAccess
- AmazonMachineLearningManageRealTimeEndpointOnlyAccess
- AmazonMachineLearningReadOnlyAccess
- AmazonMachineLearningRealTimePredictionOnlyAccess
- AmazonMachineLearningRoleforRedshiftDataSource
- AmazonMechanicalTurkFullAccess
- AmazonMechanicalTurkReadOnly
- AmazonMobileAnalyticsFinancialReportAccess
- AmazonMobileAnalyticsFullAccess
- AmazonMobileAnalyticsNonfinancialReportAccess
- AmazonMobileAnalyticsWriteOnlyAccess
- AmazonPollyFullAccess
- AmazonPollyReadOnlyAccess
- AmazonRDSDirectoryServiceAccess
- AmazonRDSEnhancedMonitoringRole
- AmazonRDSFullAccess
- AmazonRDSReadOnlyAccess
- AmazonRedshiftFullAccess
- AmazonRedshiftReadOnlyAccess
- AmazonRekognitionFullAccess
- AmazonRekognitionReadOnlyAccess
- AmazonRoute53DomainsFullAccess
- AmazonRoute53DomainsReadOnlyAccess
- AmazonRoute53FullAccess
- AmazonRoute53ReadOnlyAccess
- AmazonS3FullAccess
- AmazonS3ReadOnlyAccess
- AmazonSESFullAccess
- AmazonSESReadOnlyAccess
- AmazonSNSFullAccess
- AmazonSNSReadOnlyAccess
- AmazonSNSRole
- AmazonSQSFullAccess
- AmazonSQSReadOnlyAccess
- AmazonSSMAutomationRole
- AmazonSSMFullAccess
- AmazonSSMMaintenanceWindowRole
- AmazonSSMReadOnlyAccess
- AmazonVPCFullAccess
- AmazonVPCReadOnlyAccess
- AmazonWorkMailFullAccess
- AmazonWorkMailReadOnlyAccess
- AmazonWorkSpacesAdmin
- AmazonWorkSpacesApplicationManagerAdminAccess
- AmazonZocaloFullAccess
- AmazonZocaloReadOnlyAccess
- ApiGatewayPrincipal
- ApplicationAutoScalingForAmazonAppStreamAccess
- assumeRolePolicyForPrincipal
- AthenaPrincipal
- AutoScalingConsoleFullAccess
- AutoScalingConsoleReadOnlyAccess
- AutoScalingFullAccess
- AutoScalingNotificationAccessRole
- AutoscalingPrincipal
- AutoScalingReadOnlyAccess
- AWSAccountActivityAccess
- AWSAccountUsageReportAccess
- AWSAgentlessDiscoveryService
- AWSApplicationDiscoveryAgentAccess
- AWSApplicationDiscoveryServiceFullAccess
- AWSBatchFullAccess
- AWSBatchServiceRole
- AWSCertificateManagerFullAccess
- AWSCertificateManagerReadOnly
- AWSCloudFormationReadOnlyAccess
- AWSCloudHSMFullAccess
- AWSCloudHSMReadOnlyAccess
- AWSCloudHSMRole
- AWSCloudTrailFullAccess
- AWSCloudTrailReadOnlyAccess
- AWSCodeBuildAdminAccess
- AWSCodeBuildDeveloperAccess
- AWSCodeBuildReadOnlyAccess
- AWSCodeCommitFullAccess
- AWSCodeCommitPowerUser
- AWSCodeCommitReadOnly
- AWSCodeDeployDeployerAccess
- AWSCodeDeployFullAccess
- AWSCodeDeployReadOnlyAccess
- AWSCodeDeployRole
- AWSCodePipelineApproverAccess
- AWSCodePipelineCustomActionAccess
- AWSCodePipelineFullAccess
- AWSCodePipelineReadOnlyAccess
- AWSCodeStarFullAccess
- AWSCodeStarServiceRole
- AWSConfigRole
- AWSConfigRulesExecutionRole
- AWSConfigUserAccess
- AWSConnector
- AWSDataPipeline_FullAccess
- AWSDataPipeline_PowerUser
- AWSDataPipelineRole
- AWSDeviceFarmFullAccess
- AWSDirectConnectFullAccess
- AWSDirectConnectReadOnlyAccess
- AWSDirectoryServiceFullAccess
- AWSDirectoryServiceReadOnlyAccess
- AWSElasticBeanstalkCustomPlatformforEC2Role
- AWSElasticBeanstalkEnhancedHealth
- AWSElasticBeanstalkFullAccess
- AWSElasticBeanstalkMulticontainerDocker
- AWSElasticBeanstalkReadOnlyAccess
- AWSElasticBeanstalkService
- AWSElasticBeanstalkWebTier
- AWSElasticBeanstalkWorkerTier
- AWSGreengrassFullAccess
- AWSGreengrassResourceAccessRolePolicy
- AWSHealthFullAccess
- AWSImportExportFullAccess
- AWSImportExportReadOnlyAccess
- AWSIoTConfigAccess
- AWSIoTConfigReadOnlyAccess
- AWSIoTDataAccess
- AWSIoTFullAccess
- AWSIoTLogging
- AWSIoTRuleActions
- AWSKeyManagementServicePowerUser
- AWSLambdaBasicExecutionRole
- AWSLambdaDynamoDBExecutionRole
- AWSLambdaENIManagementAccess
- AWSLambdaExecute
- AWSLambdaFullAccess
- AWSLambdaInvocationDynamoDB
- AWSLambdaKinesisExecutionRole
- AWSLambdaReadOnlyAccess
- AWSLambdaRole
- AWSLambdaVPCAccessExecutionRole
- AWSMarketplaceFullAccess
- AWSMarketplaceGetEntitlements
- AWSMarketplaceManageSubscriptions
- AWSMarketplaceMeteringFullAccess
- AWSMarketplaceReadonly
- AWSMobileHub_FullAccess
- AWSMobileHub_ReadOnly
- AWSMobileHub_ServiceUseOnly
- AWSOpsWorksCloudWatchLogs
- AWSOpsWorksCMInstanceProfileRole
- AWSOpsWorksCMServiceRole
- AWSOpsWorksFullAccess
- AWSOpsWorksInstanceRegistration
- AWSOpsWorksRegisterCLI
- AWSOpsWorksRole
- AWSPrincipal
- AWSQuicksightAthenaAccess
- AWSQuickSightDescribeRDS
- AWSQuickSightDescribeRedshift
- AWSQuickSightListIAM
- AWSStepFunctionsConsoleFullAccess
- AWSStepFunctionsFullAccess
- AWSStepFunctionsReadOnlyAccess
- AWSStorageGatewayFullAccess
- AWSStorageGatewayReadOnlyAccess
- AWSSupportAccess
- AWSWAFFullAccess
- AWSWAFReadOnlyAccess
- AWSXrayFullAccess
- AWSXrayReadOnlyAccess
- AWSXrayWriteOnlyAccess
- Billing
- CloudDirectoryPrincipal
- CloudformationPrincipal
- CloudFrontFullAccess
- CloudfrontPrincipal
- CloudFrontReadOnlyAccess
- CloudSearchFullAccess
- CloudSearchPrincipal
- CloudSearchReadOnlyAccess
- CloudtrailPrincipal
- CloudWatchActionsEC2Access
- CloudWatchEventsBuiltInTargetExecutionAccess
- CloudWatchEventsFullAccess
- CloudWatchEventsInvocationAccess
- CloudWatchEventsReadOnlyAccess
- CloudWatchFullAccess
- CloudWatchLogsFullAccess
- CloudWatchLogsReadOnlyAccess
- CloudWatchReadOnlyAccess
- CodeCommitPrincipal
- CodeDeployPrincipal
- CodePipelinePrincipal
- ConditionArguments
- Conditions
- ConfigPrincipal
- DatabaseAdministrator
- DataPipelinePrincipal
- DataScientist
- DirectConnectPrincipal
- DirectoryServicesPrincipal
- DynamoDbPrincipal
- Ec2Principal
- EcrPrincipal
- EcsPrincipal
- EdgeLambdaPrincipal
- ElasticachePrincipal
- ElasticBeanstalkPrincipal
- ElasticFileSystemPrincipal
- ElasticLoadBalancingPrincipal
- ElasticMapReducePrincipal
- EventsPrincipal
- FederatedPrincipal
- GetAccountAliasResult
- GetGroupArgs
- GetGroupResult
- GetInstanceProfileArgs
- GetInstanceProfileResult
- GetPolicyArgs
- GetPolicyDocumentArgs
- GetPolicyDocumentResult
- GetPolicyResult
- GetRoleArgs
- GetRoleResult
- GetServerCertificateArgs
- GetServerCertificateResult
- GetUserArgs
- GetUserResult
- GroupArgs
- GroupMembershipArgs
- GroupMembershipState
- GroupPolicyArgs
- GroupPolicyAttachmentArgs
- GroupPolicyAttachmentState
- GroupPolicyState
- GroupState
- HealthPrincipal
- IAMFullAccess
- IamPrincipal
- IAMReadOnlyAccess
- IAMSelfManageServiceSpecificCredentials
- IAMUserChangePassword
- IAMUserSSHKeys
- InspectorPrincipal
- InstanceProfileArgs
- InstanceProfileState
- KinesisPrincipal
- KmsPrincipal
- LambdaPrincipal
- LightsailPrincipal
- LogsPrincipal
- MonitoringPrincipal
- NetworkAdministrator
- OpenIdConnectProviderArgs
- OpenIdConnectProviderState
- OpsworksPrincipal
- OrganizationsPrincipal
- PolicyArgs
- PolicyAttachmentArgs
- PolicyAttachmentState
- PolicyDocument
- PolicyState
- PolicyStatement
- PowerUserAccess
- Principal
- RDSCloudHsmAuthorizationRole
- RdsPrincipal
- ReadOnlyAccess
- RedshiftPrincipal
- ResourceGroupsandTagEditorFullAccess
- ResourceGroupsandTagEditorReadOnlyAccess
- RoleArgs
- RolePolicyArgs
- RolePolicyAttachmentArgs
- RolePolicyAttachmentState
- RolePolicyState
- RoleState
- Route53Principal
- S3Principal
- SamlProviderArgs
- SamlProviderState
- SecurityAudit
- ServerCertificateArgs
- ServerCertificateState
- ServerMigrationConnector
- ServerMigrationServiceRole
- ServiceCatalogAdminFullAccess
- ServiceCatalogAdminReadOnlyAccess
- ServiceCatalogEndUserAccess
- ServiceCatalogEndUserFullAccess
- ServiceCatalogPrincipal
- ServiceLinkedRoleArgs
- ServiceLinkedRoleState
- ServicePrincipal
- SesPrincipal
- SigninPrincipal
- SimpleWorkflowFullAccess
- SnsPrincipal
- SqsPrincipal
- SshKeyArgs
- SshKeyState
- SsmPrincipal
- StorageGatewayPrincipal
- StsPrincipal
- SupportPrincipal
- SupportUser
- SystemAdministrator
- UserArgs
- UserGroupMembershipArgs
- UserGroupMembershipState
- UserLoginProfileArgs
- UserLoginProfileState
- UserPolicyArgs
- UserPolicyAttachmentArgs
- UserPolicyAttachmentState
- UserPolicyState
- UserState
- ViewOnlyAccess
- VmiePrincipal
- VMImportExportRoleForAWSConnector
- VpcFlowLogsPrincipal
- WafPrincipal
- WorkDocsPrincipal
- WorkspacesPrincipal
namespace ManagedPolicies
const AdministratorAccess
const AdministratorAccess: ARN = "arn:aws:iam::aws:policy/AdministratorAccess";const AmazonAPIGatewayAdministrator
const AmazonAPIGatewayAdministrator: ARN = "arn:aws:iam::aws:policy/AmazonAPIGatewayAdministrator";const AmazonAPIGatewayInvokeFullAccess
const AmazonAPIGatewayInvokeFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess";const AmazonAPIGatewayPushToCloudWatchLogs
const AmazonAPIGatewayPushToCloudWatchLogs: ARN = "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs";const AmazonAppStreamFullAccess
const AmazonAppStreamFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonAppStreamFullAccess";const AmazonAppStreamReadOnlyAccess
const AmazonAppStreamReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonAppStreamReadOnlyAccess";const AmazonAppStreamServiceAccess
const AmazonAppStreamServiceAccess: ARN = "arn:aws:iam::aws:policy/service-role/AmazonAppStreamServiceAccess";const AmazonAthenaFullAccess
const AmazonAthenaFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonAthenaFullAccess";const AmazonCloudDirectoryFullAccess
const AmazonCloudDirectoryFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonCloudDirectoryFullAccess";const AmazonCloudDirectoryReadOnlyAccess
const AmazonCloudDirectoryReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonCloudDirectoryReadOnlyAccess";const AmazonCognitoDeveloperAuthenticatedIdentities
const AmazonCognitoDeveloperAuthenticatedIdentities: ARN = "arn:aws:iam::aws:policy/AmazonCognitoDeveloperAuthenticatedIdentities";const AmazonCognitoPowerUser
const AmazonCognitoPowerUser: ARN = "arn:aws:iam::aws:policy/AmazonCognitoPowerUser";const AmazonCognitoReadOnly
const AmazonCognitoReadOnly: ARN = "arn:aws:iam::aws:policy/AmazonCognitoReadOnly";const AmazonDMSCloudWatchLogsRole
const AmazonDMSCloudWatchLogsRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole";const AmazonDMSRedshiftS3Role
const AmazonDMSRedshiftS3Role: ARN = "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role";const AmazonDMSVPCManagementRole
const AmazonDMSVPCManagementRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole";const AmazonDRSVPCManagement
const AmazonDRSVPCManagement: ARN = "arn:aws:iam::aws:policy/AmazonDRSVPCManagement";const AmazonDynamoDBFullAccess
const AmazonDynamoDBFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess";const AmazonDynamoDBFullAccesswithDataPipeline
const AmazonDynamoDBFullAccesswithDataPipeline: ARN = "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccesswithDataPipeline";const AmazonDynamoDBReadOnlyAccess
const AmazonDynamoDBReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess";const AmazonEC2ContainerRegistryFullAccess
const AmazonEC2ContainerRegistryFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess";const AmazonEC2ContainerRegistryPowerUser
const AmazonEC2ContainerRegistryPowerUser: ARN = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPowerUser";const AmazonEC2ContainerRegistryReadOnly
const AmazonEC2ContainerRegistryReadOnly: ARN = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly";const AmazonEC2ContainerServiceAutoscaleRole
const AmazonEC2ContainerServiceAutoscaleRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceAutoscaleRole";const AmazonEC2ContainerServiceforEC2Role
const AmazonEC2ContainerServiceforEC2Role: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role";const AmazonEC2ContainerServiceFullAccess
const AmazonEC2ContainerServiceFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonEC2ContainerServiceFullAccess";const AmazonEC2ContainerServiceRole
const AmazonEC2ContainerServiceRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole";const AmazonEC2FullAccess
const AmazonEC2FullAccess: ARN = "arn:aws:iam::aws:policy/AmazonEC2FullAccess";const AmazonEC2ReadOnlyAccess
const AmazonEC2ReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess";const AmazonEC2ReportsAccess
const AmazonEC2ReportsAccess: ARN = "arn:aws:iam::aws:policy/AmazonEC2ReportsAccess";const AmazonEC2RoleforAWSCodeDeploy
const AmazonEC2RoleforAWSCodeDeploy: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeploy";const AmazonEC2RoleforDataPipelineRole
const AmazonEC2RoleforDataPipelineRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforDataPipelineRole";const AmazonEC2RoleforSSM
const AmazonEC2RoleforSSM: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM";const AmazonEC2SpotFleetAutoscaleRole
const AmazonEC2SpotFleetAutoscaleRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetAutoscaleRole";const AmazonEC2SpotFleetRole
const AmazonEC2SpotFleetRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetRole";const AmazonElastiCacheFullAccess
const AmazonElastiCacheFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonElastiCacheFullAccess";const AmazonElastiCacheReadOnlyAccess
const AmazonElastiCacheReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess";const AmazonElasticFileSystemFullAccess
const AmazonElasticFileSystemFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess";const AmazonElasticFileSystemReadOnlyAccess
const AmazonElasticFileSystemReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonElasticFileSystemReadOnlyAccess";const AmazonElasticMapReduceforAutoScalingRole
const AmazonElasticMapReduceforAutoScalingRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforAutoScalingRole";const AmazonElasticMapReduceforEC2Role
const AmazonElasticMapReduceforEC2Role: ARN = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role";const AmazonElasticMapReduceFullAccess
const AmazonElasticMapReduceFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonElasticMapReduceFullAccess";const AmazonElasticMapReduceReadOnlyAccess
const AmazonElasticMapReduceReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonElasticMapReduceReadOnlyAccess";const AmazonElasticMapReduceRole
const AmazonElasticMapReduceRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole";const AmazonElasticTranscoderFullAccess
const AmazonElasticTranscoderFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonElasticTranscoderFullAccess";const AmazonElasticTranscoderJobsSubmitter
const AmazonElasticTranscoderJobsSubmitter: ARN = "arn:aws:iam::aws:policy/AmazonElasticTranscoderJobsSubmitter";const AmazonElasticTranscoderReadOnlyAccess
const AmazonElasticTranscoderReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonElasticTranscoderReadOnlyAccess";const AmazonElasticTranscoderRole
const AmazonElasticTranscoderRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonElasticTranscoderRole";const AmazonESFullAccess
const AmazonESFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonESFullAccess";const AmazonESReadOnlyAccess
const AmazonESReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonESReadOnlyAccess";const AmazonGlacierFullAccess
const AmazonGlacierFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonGlacierFullAccess";const AmazonGlacierReadOnlyAccess
const AmazonGlacierReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonGlacierReadOnlyAccess";const AmazonInspectorFullAccess
const AmazonInspectorFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonInspectorFullAccess";const AmazonInspectorReadOnlyAccess
const AmazonInspectorReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonInspectorReadOnlyAccess";const AmazonKinesisAnalyticsFullAccess
const AmazonKinesisAnalyticsFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonKinesisAnalyticsFullAccess";const AmazonKinesisAnalyticsReadOnly
const AmazonKinesisAnalyticsReadOnly: ARN = "arn:aws:iam::aws:policy/AmazonKinesisAnalyticsReadOnly";const AmazonKinesisFirehoseFullAccess
const AmazonKinesisFirehoseFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonKinesisFirehoseFullAccess";const AmazonKinesisFirehoseReadOnlyAccess
const AmazonKinesisFirehoseReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonKinesisFirehoseReadOnlyAccess";const AmazonKinesisFullAccess
const AmazonKinesisFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonKinesisFullAccess";const AmazonKinesisReadOnlyAccess
const AmazonKinesisReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonKinesisReadOnlyAccess";const AmazonLexFullAccess
const AmazonLexFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonLexFullAccess";const AmazonLexReadOnly
const AmazonLexReadOnly: ARN = "arn:aws:iam::aws:policy/AmazonLexReadOnly";const AmazonLexRunBotsOnly
const AmazonLexRunBotsOnly: ARN = "arn:aws:iam::aws:policy/AmazonLexRunBotsOnly";const AmazonMachineLearningBatchPredictionsAccess
const AmazonMachineLearningBatchPredictionsAccess: ARN = "arn:aws:iam::aws:policy/AmazonMachineLearningBatchPredictionsAccess";const AmazonMachineLearningCreateOnlyAccess
const AmazonMachineLearningCreateOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonMachineLearningCreateOnlyAccess";const AmazonMachineLearningFullAccess
const AmazonMachineLearningFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonMachineLearningFullAccess";const AmazonMachineLearningManageRealTimeEndpointOnlyAccess
const AmazonMachineLearningManageRealTimeEndpointOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonMachineLearningManageRealTimeEndpointOnlyAccess";const AmazonMachineLearningReadOnlyAccess
const AmazonMachineLearningReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonMachineLearningReadOnlyAccess";const AmazonMachineLearningRealTimePredictionOnlyAccess
const AmazonMachineLearningRealTimePredictionOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonMachineLearningRealTimePredictionOnlyAccess";const AmazonMachineLearningRoleforRedshiftDataSource
const AmazonMachineLearningRoleforRedshiftDataSource: ARN = "arn:aws:iam::aws:policy/service-role/AmazonMachineLearningRoleforRedshiftDataSource";const AmazonMechanicalTurkFullAccess
const AmazonMechanicalTurkFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonMechanicalTurkFullAccess";const AmazonMechanicalTurkReadOnly
const AmazonMechanicalTurkReadOnly: ARN = "arn:aws:iam::aws:policy/AmazonMechanicalTurkReadOnly";const AmazonMobileAnalyticsFinancialReportAccess
const AmazonMobileAnalyticsFinancialReportAccess: ARN = "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFinancialReportAccess";const AmazonMobileAnalyticsFullAccess
const AmazonMobileAnalyticsFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFullAccess";const AmazonMobileAnalyticsNonfinancialReportAccess
const AmazonMobileAnalyticsNonfinancialReportAccess: ARN = "arn:aws:iam::aws:policy/AmazonMobileAnalyticsNon-financialReportAccess";const AmazonMobileAnalyticsWriteOnlyAccess
const AmazonMobileAnalyticsWriteOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonMobileAnalyticsWriteOnlyAccess";const AmazonPollyFullAccess
const AmazonPollyFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonPollyFullAccess";const AmazonPollyReadOnlyAccess
const AmazonPollyReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonPollyReadOnlyAccess";const AmazonRDSDirectoryServiceAccess
const AmazonRDSDirectoryServiceAccess: ARN = "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess";const AmazonRDSEnhancedMonitoringRole
const AmazonRDSEnhancedMonitoringRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole";const AmazonRDSFullAccess
const AmazonRDSFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonRDSFullAccess";const AmazonRDSReadOnlyAccess
const AmazonRDSReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonRDSReadOnlyAccess";const AmazonRedshiftFullAccess
const AmazonRedshiftFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonRedshiftFullAccess";const AmazonRedshiftReadOnlyAccess
const AmazonRedshiftReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonRedshiftReadOnlyAccess";const AmazonRekognitionFullAccess
const AmazonRekognitionFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonRekognitionFullAccess";const AmazonRekognitionReadOnlyAccess
const AmazonRekognitionReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonRekognitionReadOnlyAccess";const AmazonRoute53DomainsFullAccess
const AmazonRoute53DomainsFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonRoute53DomainsFullAccess";const AmazonRoute53DomainsReadOnlyAccess
const AmazonRoute53DomainsReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonRoute53DomainsReadOnlyAccess";const AmazonRoute53FullAccess
const AmazonRoute53FullAccess: ARN = "arn:aws:iam::aws:policy/AmazonRoute53FullAccess";const AmazonRoute53ReadOnlyAccess
const AmazonRoute53ReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonRoute53ReadOnlyAccess";const AmazonS3FullAccess
const AmazonS3FullAccess: ARN = "arn:aws:iam::aws:policy/AmazonS3FullAccess";const AmazonS3ReadOnlyAccess
const AmazonS3ReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess";const AmazonSESFullAccess
const AmazonSESFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonSESFullAccess";const AmazonSESReadOnlyAccess
const AmazonSESReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonSESReadOnlyAccess";const AmazonSNSFullAccess
const AmazonSNSFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonSNSFullAccess";const AmazonSNSReadOnlyAccess
const AmazonSNSReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonSNSReadOnlyAccess";const AmazonSNSRole
const AmazonSNSRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonSNSRole";const AmazonSQSFullAccess
const AmazonSQSFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonSQSFullAccess";const AmazonSQSReadOnlyAccess
const AmazonSQSReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonSQSReadOnlyAccess";const AmazonSSMAutomationRole
const AmazonSSMAutomationRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonSSMAutomationRole";const AmazonSSMFullAccess
const AmazonSSMFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonSSMFullAccess";const AmazonSSMMaintenanceWindowRole
const AmazonSSMMaintenanceWindowRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonSSMMaintenanceWindowRole";const AmazonSSMReadOnlyAccess
const AmazonSSMReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess";const AmazonVPCFullAccess
const AmazonVPCFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonVPCFullAccess";const AmazonVPCReadOnlyAccess
const AmazonVPCReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonVPCReadOnlyAccess";const AmazonWorkMailFullAccess
const AmazonWorkMailFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonWorkMailFullAccess";const AmazonWorkMailReadOnlyAccess
const AmazonWorkMailReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonWorkMailReadOnlyAccess";const AmazonWorkSpacesAdmin
const AmazonWorkSpacesAdmin: ARN = "arn:aws:iam::aws:policy/AmazonWorkSpacesAdmin";const AmazonWorkSpacesApplicationManagerAdminAccess
const AmazonWorkSpacesApplicationManagerAdminAccess: ARN = "arn:aws:iam::aws:policy/AmazonWorkSpacesApplicationManagerAdminAccess";const AmazonZocaloFullAccess
const AmazonZocaloFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonZocaloFullAccess";const AmazonZocaloReadOnlyAccess
const AmazonZocaloReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonZocaloReadOnlyAccess";const ApplicationAutoScalingForAmazonAppStreamAccess
const ApplicationAutoScalingForAmazonAppStreamAccess: ARN = "arn:aws:iam::aws:policy/service-role/ApplicationAutoScalingForAmazonAppStreamAccess";const AutoScalingConsoleFullAccess
const AutoScalingConsoleFullAccess: ARN = "arn:aws:iam::aws:policy/AutoScalingConsoleFullAccess";const AutoScalingConsoleReadOnlyAccess
const AutoScalingConsoleReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AutoScalingConsoleReadOnlyAccess";const AutoScalingFullAccess
const AutoScalingFullAccess: ARN = "arn:aws:iam::aws:policy/AutoScalingFullAccess";const AutoScalingNotificationAccessRole
const AutoScalingNotificationAccessRole: ARN = "arn:aws:iam::aws:policy/service-role/AutoScalingNotificationAccessRole";const AutoScalingReadOnlyAccess
const AutoScalingReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AutoScalingReadOnlyAccess";const AWSAccountActivityAccess
const AWSAccountActivityAccess: ARN = "arn:aws:iam::aws:policy/AWSAccountActivityAccess";const AWSAccountUsageReportAccess
const AWSAccountUsageReportAccess: ARN = "arn:aws:iam::aws:policy/AWSAccountUsageReportAccess";const AWSAgentlessDiscoveryService
const AWSAgentlessDiscoveryService: ARN = "arn:aws:iam::aws:policy/AWSAgentlessDiscoveryService";const AWSApplicationDiscoveryAgentAccess
const AWSApplicationDiscoveryAgentAccess: ARN = "arn:aws:iam::aws:policy/AWSApplicationDiscoveryAgentAccess";const AWSApplicationDiscoveryServiceFullAccess
const AWSApplicationDiscoveryServiceFullAccess: ARN = "arn:aws:iam::aws:policy/AWSApplicationDiscoveryServiceFullAccess";const AWSBatchFullAccess
const AWSBatchFullAccess: ARN = "arn:aws:iam::aws:policy/AWSBatchFullAccess";const AWSBatchServiceRole
const AWSBatchServiceRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole";const AWSCertificateManagerFullAccess
const AWSCertificateManagerFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCertificateManagerFullAccess";const AWSCertificateManagerReadOnly
const AWSCertificateManagerReadOnly: ARN = "arn:aws:iam::aws:policy/AWSCertificateManagerReadOnly";const AWSCloudFormationReadOnlyAccess
const AWSCloudFormationReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSCloudFormationReadOnlyAccess";const AWSCloudHSMFullAccess
const AWSCloudHSMFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCloudHSMFullAccess";const AWSCloudHSMReadOnlyAccess
const AWSCloudHSMReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSCloudHSMReadOnlyAccess";const AWSCloudHSMRole
const AWSCloudHSMRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSCloudHSMRole";const AWSCloudTrailFullAccess
const AWSCloudTrailFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCloudTrailFullAccess";const AWSCloudTrailReadOnlyAccess
const AWSCloudTrailReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSCloudTrailReadOnlyAccess";const AWSCodeBuildAdminAccess
const AWSCodeBuildAdminAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess";const AWSCodeBuildDeveloperAccess
const AWSCodeBuildDeveloperAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess";const AWSCodeBuildReadOnlyAccess
const AWSCodeBuildReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeBuildReadOnlyAccess";const AWSCodeCommitFullAccess
const AWSCodeCommitFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeCommitFullAccess";const AWSCodeCommitPowerUser
const AWSCodeCommitPowerUser: ARN = "arn:aws:iam::aws:policy/AWSCodeCommitPowerUser";const AWSCodeCommitReadOnly
const AWSCodeCommitReadOnly: ARN = "arn:aws:iam::aws:policy/AWSCodeCommitReadOnly";const AWSCodeDeployDeployerAccess
const AWSCodeDeployDeployerAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess";const AWSCodeDeployFullAccess
const AWSCodeDeployFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeDeployFullAccess";const AWSCodeDeployReadOnlyAccess
const AWSCodeDeployReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeDeployReadOnlyAccess";const AWSCodeDeployRole
const AWSCodeDeployRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole";const AWSCodePipelineApproverAccess
const AWSCodePipelineApproverAccess: ARN = "arn:aws:iam::aws:policy/AWSCodePipelineApproverAccess";const AWSCodePipelineCustomActionAccess
const AWSCodePipelineCustomActionAccess: ARN = "arn:aws:iam::aws:policy/AWSCodePipelineCustomActionAccess";const AWSCodePipelineFullAccess
const AWSCodePipelineFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCodePipelineFullAccess";const AWSCodePipelineReadOnlyAccess
const AWSCodePipelineReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSCodePipelineReadOnlyAccess";const AWSCodeStarFullAccess
const AWSCodeStarFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeStarFullAccess";const AWSCodeStarServiceRole
const AWSCodeStarServiceRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSCodeStarServiceRole";const AWSConfigRole
const AWSConfigRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSConfigRole";const AWSConfigRulesExecutionRole
const AWSConfigRulesExecutionRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSConfigRulesExecutionRole";const AWSConfigUserAccess
const AWSConfigUserAccess: ARN = "arn:aws:iam::aws:policy/AWSConfigUserAccess";const AWSConnector
const AWSConnector: ARN = "arn:aws:iam::aws:policy/AWSConnector";const AWSDataPipeline_FullAccess
const AWSDataPipeline_FullAccess: ARN = "arn:aws:iam::aws:policy/AWSDataPipeline_FullAccess";const AWSDataPipeline_PowerUser
const AWSDataPipeline_PowerUser: ARN = "arn:aws:iam::aws:policy/AWSDataPipeline_PowerUser";const AWSDataPipelineRole
const AWSDataPipelineRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSDataPipelineRole";const AWSDeviceFarmFullAccess
const AWSDeviceFarmFullAccess: ARN = "arn:aws:iam::aws:policy/AWSDeviceFarmFullAccess";const AWSDirectConnectFullAccess
const AWSDirectConnectFullAccess: ARN = "arn:aws:iam::aws:policy/AWSDirectConnectFullAccess";const AWSDirectConnectReadOnlyAccess
const AWSDirectConnectReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSDirectConnectReadOnlyAccess";const AWSDirectoryServiceFullAccess
const AWSDirectoryServiceFullAccess: ARN = "arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess";const AWSDirectoryServiceReadOnlyAccess
const AWSDirectoryServiceReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSDirectoryServiceReadOnlyAccess";const AWSElasticBeanstalkCustomPlatformforEC2Role
const AWSElasticBeanstalkCustomPlatformforEC2Role: ARN = "arn:aws:iam::aws:policy/AWSElasticBeanstalkCustomPlatformforEC2Role";const AWSElasticBeanstalkEnhancedHealth
const AWSElasticBeanstalkEnhancedHealth: ARN = "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkEnhancedHealth";const AWSElasticBeanstalkFullAccess
const AWSElasticBeanstalkFullAccess: ARN = "arn:aws:iam::aws:policy/AWSElasticBeanstalkFullAccess";const AWSElasticBeanstalkMulticontainerDocker
const AWSElasticBeanstalkMulticontainerDocker: ARN = "arn:aws:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker";const AWSElasticBeanstalkReadOnlyAccess
const AWSElasticBeanstalkReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSElasticBeanstalkReadOnlyAccess";const AWSElasticBeanstalkService
const AWSElasticBeanstalkService: ARN = "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkService";const AWSElasticBeanstalkWebTier
const AWSElasticBeanstalkWebTier: ARN = "arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier";const AWSElasticBeanstalkWorkerTier
const AWSElasticBeanstalkWorkerTier: ARN = "arn:aws:iam::aws:policy/AWSElasticBeanstalkWorkerTier";const AWSGreengrassFullAccess
const AWSGreengrassFullAccess: ARN = "arn:aws:iam::aws:policy/AWSGreengrassFullAccess";const AWSGreengrassResourceAccessRolePolicy
const AWSGreengrassResourceAccessRolePolicy: ARN = "arn:aws:iam::aws:policy/service-role/AWSGreengrassResourceAccessRolePolicy";const AWSHealthFullAccess
const AWSHealthFullAccess: ARN = "arn:aws:iam::aws:policy/AWSHealthFullAccess";const AWSImportExportFullAccess
const AWSImportExportFullAccess: ARN = "arn:aws:iam::aws:policy/AWSImportExportFullAccess";const AWSImportExportReadOnlyAccess
const AWSImportExportReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSImportExportReadOnlyAccess";const AWSIoTConfigAccess
const AWSIoTConfigAccess: ARN = "arn:aws:iam::aws:policy/AWSIoTConfigAccess";const AWSIoTConfigReadOnlyAccess
const AWSIoTConfigReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSIoTConfigReadOnlyAccess";const AWSIoTDataAccess
const AWSIoTDataAccess: ARN = "arn:aws:iam::aws:policy/AWSIoTDataAccess";const AWSIoTFullAccess
const AWSIoTFullAccess: ARN = "arn:aws:iam::aws:policy/AWSIoTFullAccess";const AWSIoTLogging
const AWSIoTLogging: ARN = "arn:aws:iam::aws:policy/service-role/AWSIoTLogging";const AWSIoTRuleActions
const AWSIoTRuleActions: ARN = "arn:aws:iam::aws:policy/service-role/AWSIoTRuleActions";const AWSKeyManagementServicePowerUser
const AWSKeyManagementServicePowerUser: ARN = "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser";const AWSLambdaBasicExecutionRole
const AWSLambdaBasicExecutionRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole";const AWSLambdaDynamoDBExecutionRole
const AWSLambdaDynamoDBExecutionRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole";const AWSLambdaENIManagementAccess
const AWSLambdaENIManagementAccess: ARN = "arn:aws:iam::aws:policy/service-role/AWSLambdaENIManagementAccess";const AWSLambdaExecute
const AWSLambdaExecute: ARN = "arn:aws:iam::aws:policy/AWSLambdaExecute";const AWSLambdaFullAccess
const AWSLambdaFullAccess: ARN = "arn:aws:iam::aws:policy/AWSLambdaFullAccess";const AWSLambdaInvocationDynamoDB
const AWSLambdaInvocationDynamoDB: ARN = "arn:aws:iam::aws:policy/AWSLambdaInvocation-DynamoDB";const AWSLambdaKinesisExecutionRole
const AWSLambdaKinesisExecutionRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSLambdaKinesisExecutionRole";const AWSLambdaReadOnlyAccess
const AWSLambdaReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSLambdaReadOnlyAccess";const AWSLambdaRole
const AWSLambdaRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSLambdaRole";const AWSLambdaVPCAccessExecutionRole
const AWSLambdaVPCAccessExecutionRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole";const AWSMarketplaceFullAccess
const AWSMarketplaceFullAccess: ARN = "arn:aws:iam::aws:policy/AWSMarketplaceFullAccess";const AWSMarketplaceGetEntitlements
const AWSMarketplaceGetEntitlements: ARN = "arn:aws:iam::aws:policy/AWSMarketplaceGetEntitlements";const AWSMarketplaceManageSubscriptions
const AWSMarketplaceManageSubscriptions: ARN = "arn:aws:iam::aws:policy/AWSMarketplaceManageSubscriptions";const AWSMarketplaceMeteringFullAccess
const AWSMarketplaceMeteringFullAccess: ARN = "arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess";const AWSMarketplaceReadonly
const AWSMarketplaceReadonly: ARN = "arn:aws:iam::aws:policy/AWSMarketplaceRead-only";const AWSMobileHub_FullAccess
const AWSMobileHub_FullAccess: ARN = "arn:aws:iam::aws:policy/AWSMobileHub_FullAccess";const AWSMobileHub_ReadOnly
const AWSMobileHub_ReadOnly: ARN = "arn:aws:iam::aws:policy/AWSMobileHub_ReadOnly";const AWSMobileHub_ServiceUseOnly
const AWSMobileHub_ServiceUseOnly: ARN = "arn:aws:iam::aws:policy/service-role/AWSMobileHub_ServiceUseOnly";const AWSOpsWorksCloudWatchLogs
const AWSOpsWorksCloudWatchLogs: ARN = "arn:aws:iam::aws:policy/AWSOpsWorksCloudWatchLogs";const AWSOpsWorksCMInstanceProfileRole
const AWSOpsWorksCMInstanceProfileRole: ARN = "arn:aws:iam::aws:policy/AWSOpsWorksCMInstanceProfileRole";const AWSOpsWorksCMServiceRole
const AWSOpsWorksCMServiceRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSOpsWorksCMServiceRole";const AWSOpsWorksFullAccess
const AWSOpsWorksFullAccess: ARN = "arn:aws:iam::aws:policy/AWSOpsWorksFullAccess";const AWSOpsWorksInstanceRegistration
const AWSOpsWorksInstanceRegistration: ARN = "arn:aws:iam::aws:policy/AWSOpsWorksInstanceRegistration";const AWSOpsWorksRegisterCLI
const AWSOpsWorksRegisterCLI: ARN = "arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI";const AWSOpsWorksRole
const AWSOpsWorksRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSOpsWorksRole";const AWSQuicksightAthenaAccess
const AWSQuicksightAthenaAccess: ARN = "arn:aws:iam::aws:policy/service-role/AWSQuicksightAthenaAccess";const AWSQuickSightDescribeRDS
const AWSQuickSightDescribeRDS: ARN = "arn:aws:iam::aws:policy/service-role/AWSQuickSightDescribeRDS";const AWSQuickSightDescribeRedshift
const AWSQuickSightDescribeRedshift: ARN = "arn:aws:iam::aws:policy/service-role/AWSQuickSightDescribeRedshift";const AWSQuickSightListIAM
const AWSQuickSightListIAM: ARN = "arn:aws:iam::aws:policy/service-role/AWSQuickSightListIAM";const AWSStepFunctionsConsoleFullAccess
const AWSStepFunctionsConsoleFullAccess: ARN = "arn:aws:iam::aws:policy/AWSStepFunctionsConsoleFullAccess";const AWSStepFunctionsFullAccess
const AWSStepFunctionsFullAccess: ARN = "arn:aws:iam::aws:policy/AWSStepFunctionsFullAccess";const AWSStepFunctionsReadOnlyAccess
const AWSStepFunctionsReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSStepFunctionsReadOnlyAccess";const AWSStorageGatewayFullAccess
const AWSStorageGatewayFullAccess: ARN = "arn:aws:iam::aws:policy/AWSStorageGatewayFullAccess";const AWSStorageGatewayReadOnlyAccess
const AWSStorageGatewayReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSStorageGatewayReadOnlyAccess";const AWSSupportAccess
const AWSSupportAccess: ARN = "arn:aws:iam::aws:policy/AWSSupportAccess";const AWSWAFFullAccess
const AWSWAFFullAccess: ARN = "arn:aws:iam::aws:policy/AWSWAFFullAccess";const AWSWAFReadOnlyAccess
const AWSWAFReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSWAFReadOnlyAccess";const AWSXrayFullAccess
const AWSXrayFullAccess: ARN = "arn:aws:iam::aws:policy/AWSXrayFullAccess";const AWSXrayReadOnlyAccess
const AWSXrayReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSXrayReadOnlyAccess";const AWSXrayWriteOnlyAccess
const AWSXrayWriteOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess";const Billing
const Billing: ARN = "arn:aws:iam::aws:policy/job-function/Billing";const CloudFrontFullAccess
const CloudFrontFullAccess: ARN = "arn:aws:iam::aws:policy/CloudFrontFullAccess";const CloudFrontReadOnlyAccess
const CloudFrontReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/CloudFrontReadOnlyAccess";const CloudSearchFullAccess
const CloudSearchFullAccess: ARN = "arn:aws:iam::aws:policy/CloudSearchFullAccess";const CloudSearchReadOnlyAccess
const CloudSearchReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/CloudSearchReadOnlyAccess";const CloudWatchActionsEC2Access
const CloudWatchActionsEC2Access: ARN = "arn:aws:iam::aws:policy/CloudWatchActionsEC2Access";const CloudWatchEventsBuiltInTargetExecutionAccess
const CloudWatchEventsBuiltInTargetExecutionAccess: ARN = "arn:aws:iam::aws:policy/service-role/CloudWatchEventsBuiltInTargetExecutionAccess";const CloudWatchEventsFullAccess
const CloudWatchEventsFullAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchEventsFullAccess";const CloudWatchEventsInvocationAccess
const CloudWatchEventsInvocationAccess: ARN = "arn:aws:iam::aws:policy/service-role/CloudWatchEventsInvocationAccess";const CloudWatchEventsReadOnlyAccess
const CloudWatchEventsReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchEventsReadOnlyAccess";const CloudWatchFullAccess
const CloudWatchFullAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchFullAccess";const CloudWatchLogsFullAccess
const CloudWatchLogsFullAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess";const CloudWatchLogsReadOnlyAccess
const CloudWatchLogsReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess";const CloudWatchReadOnlyAccess
const CloudWatchReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess";const DatabaseAdministrator
const DatabaseAdministrator: ARN = "arn:aws:iam::aws:policy/job-function/DatabaseAdministrator";const DataScientist
const DataScientist: ARN = "arn:aws:iam::aws:policy/job-function/DataScientist";const IAMFullAccess
const IAMFullAccess: ARN = "arn:aws:iam::aws:policy/IAMFullAccess";const IAMReadOnlyAccess
const IAMReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/IAMReadOnlyAccess";const IAMSelfManageServiceSpecificCredentials
const IAMSelfManageServiceSpecificCredentials: ARN = "arn:aws:iam::aws:policy/IAMSelfManageServiceSpecificCredentials";const IAMUserChangePassword
const IAMUserChangePassword: ARN = "arn:aws:iam::aws:policy/IAMUserChangePassword";const IAMUserSSHKeys
const IAMUserSSHKeys: ARN = "arn:aws:iam::aws:policy/IAMUserSSHKeys";const NetworkAdministrator
const NetworkAdministrator: ARN = "arn:aws:iam::aws:policy/job-function/NetworkAdministrator";const PowerUserAccess
const PowerUserAccess: ARN = "arn:aws:iam::aws:policy/PowerUserAccess";const RDSCloudHsmAuthorizationRole
const RDSCloudHsmAuthorizationRole: ARN = "arn:aws:iam::aws:policy/service-role/RDSCloudHsmAuthorizationRole";const ReadOnlyAccess
const ReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/ReadOnlyAccess";const ResourceGroupsandTagEditorFullAccess
const ResourceGroupsandTagEditorFullAccess: ARN = "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorFullAccess";const ResourceGroupsandTagEditorReadOnlyAccess
const ResourceGroupsandTagEditorReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorReadOnlyAccess";const SecurityAudit
const SecurityAudit: ARN = "arn:aws:iam::aws:policy/SecurityAudit";const ServerMigrationConnector
const ServerMigrationConnector: ARN = "arn:aws:iam::aws:policy/ServerMigrationConnector";const ServerMigrationServiceRole
const ServerMigrationServiceRole: ARN = "arn:aws:iam::aws:policy/service-role/ServerMigrationServiceRole";const ServiceCatalogAdminFullAccess
const ServiceCatalogAdminFullAccess: ARN = "arn:aws:iam::aws:policy/ServiceCatalogAdminFullAccess";const ServiceCatalogAdminReadOnlyAccess
const ServiceCatalogAdminReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/ServiceCatalogAdminReadOnlyAccess";const ServiceCatalogEndUserAccess
const ServiceCatalogEndUserAccess: ARN = "arn:aws:iam::aws:policy/ServiceCatalogEndUserAccess";const ServiceCatalogEndUserFullAccess
const ServiceCatalogEndUserFullAccess: ARN = "arn:aws:iam::aws:policy/ServiceCatalogEndUserFullAccess";const SimpleWorkflowFullAccess
const SimpleWorkflowFullAccess: ARN = "arn:aws:iam::aws:policy/SimpleWorkflowFullAccess";const SupportUser
const SupportUser: ARN = "arn:aws:iam::aws:policy/job-function/SupportUser";const SystemAdministrator
const SystemAdministrator: ARN = "arn:aws:iam::aws:policy/job-function/SystemAdministrator";const ViewOnlyAccess
const ViewOnlyAccess: ARN = "arn:aws:iam::aws:policy/job-function/ViewOnlyAccess";const VMImportExportRoleForAWSConnector
const VMImportExportRoleForAWSConnector: ARN = "arn:aws:iam::aws:policy/service-role/VMImportExportRoleForAWSConnector";namespace Principals
const AcmServicePrincipal
Service Principal for Amazon Certificate Managerlet Service
let Service: string = "acm.amazonaws.com";const ApiGatewayPrincipal
Service Principal for API Gatewaylet Service
let Service: string = "apigateway.amazonaws.com";const AthenaPrincipal
Service Principal for Athenalet Service
let Service: string = "athena.amazonaws.com";const AutoscalingPrincipal
Service Principal for Autoscalinglet Service
let Service: string = "autoscaling.amazonaws.com";const CloudDirectoryPrincipal
Service Principal for Cloud Directorylet Service
let Service: string = "clouddirectory.amazonaws.com";const CloudformationPrincipal
Service Principal for Cloudformationlet Service
let Service: string = "cloudformation.amazonaws.com";const CloudfrontPrincipal
Service Principal for Cloudfrontlet Service
let Service: string = "cloudfront.amazonaws.com";const CloudSearchPrincipal
Service Principal for Cloud Searchlet Service
let Service: string = "cloudsearch.amazonaws.com";const CloudtrailPrincipal
Service Principal for Cloudtraillet Service
let Service: string = "cloudtrail.amazonaws.com";const CodeBuildPrincipal
Service Principal for CodeBuildlet Service
let Service: string = "codebuild.amazonaws.com";const CodeCommitPrincipal
Service Principal for CodeCommitlet Service
let Service: string = "codecommit.amazonaws.com";const CodeDeployPrincipal
Service Principal for CodeDeploylet Service
let Service: string = "codedeploy.amazonaws.com";const CodePipelinePrincipal
Service Principal for CodePipelinelet Service
let Service: string = "codepipeline.amazonaws.com";const ConfigPrincipal
Service Principal for EC2 Config Servicelet Service
let Service: string = "config.amazonaws.com";const DataPipelinePrincipal
Service Principal for Data Pipelinelet Service
let Service: string = "datapipeline.amazonaws.com";const DirectConnectPrincipal
Service Principal for DirectConnectlet Service
let Service: string = "directconnect.amazonaws.com";const DirectoryServicesPrincipal
Service Principal for Directory Serviceslet Service
let Service: string = "ds.amazonaws.com";const DynamoDbPrincipal
Service Principal for DynamoDBlet Service
let Service: string = "dynamodb.amazonaws.com";const Ec2Principal
Service Principal for EC2let Service
let Service: string = "ec2.amazonaws.com";const EcrPrincipal
Service Principal for Elastic Container Registrylet Service
let Service: string = "ecr.amazonaws.com";const EcsPrincipal
Service Principal for Elastic Container Servicelet Service
let Service: string = "ecs.amazonaws.com";const EdgeLambdaPrincipal
Service Principal for Edge Lambdalet Service
let Service: string = "edgelambda.amazonaws.com";const ElasticachePrincipal
Service Principal for Elasticachelet Service
let Service: string = "elasticache.amazonaws.com";const ElasticBeanstalkPrincipal
Service Principal for Elastic Beanstalklet Service
let Service: string = "elasticbeanstalk.amazonaws.com";const ElasticFileSystemPrincipal
Service Principal for Elastic File Systemlet Service
let Service: string = "elasticfilesystem.amazonaws.com";const ElasticLoadBalancingPrincipal
Service Principal for Elastic Load Balancinglet Service
let Service: string = "elasticloadbalancing.amazonaws.com";const ElasticMapReducePrincipal
Service Principal for Elastic MapReducelet Service
let Service: string = "elasticmapreduce.amazonaws.com";const EventsPrincipal
Service Principal for Eventslet Service
let Service: string = "events.amazonaws.com";const HealthPrincipal
Service Principal for Healthlet Service
let Service: string = "health.amazonaws.com";const IamPrincipal
Service Principal for IAMlet Service
let Service: string = "iam.amazonaws.com";const InspectorPrincipal
Service Principal for AWS Inspectorlet Service
let Service: string = "inspector.amazonaws.com";const KinesisPrincipal
Service Principal for Kinesislet Service
let Service: string = "kinesis.amazonaws.com";const KmsPrincipal
Service Principal for Key Mangaement Servicelet Service
let Service: string = "kms.amazonaws.com";const LambdaPrincipal
Service Principal for Lambdalet Service
let Service: string = "lambda.amazonaws.com";const LightsailPrincipal
Service Principal for Lightsaillet Service
let Service: string = "lightsail.amazonaws.com";const LogsPrincipal
Service Principal for Cloudwatch Logslet Service
let Service: string = "logs.amazonaws.com";const MonitoringPrincipal
Service Principal for Cloudwatch Monitoringlet Service
let Service: string = "monitoring.amazonaws.com";const OpsworksPrincipal
Service Principal for Opsworkslet Service
let Service: string = "opsworks.amazonaws.com";const OrganizationsPrincipal
Service Principal for Organizationslet Service
let Service: string = "organizations.amazonaws.com";const RdsPrincipal
Service Principal for Relational Database Servicelet Service
let Service: string = "rds.amazonaws.com";const RedshiftPrincipal
Service Principal for Redshiftlet Service
let Service: string = "redshift.amazonaws.com";const Route53Principal
Service Principal for Route 53let Service
let Service: string = "route53.amazonaws.com";const S3Principal
Service Principal for S3let Service
let Service: string = "s3.amazonaws.com";const ServiceCatalogPrincipal
Service Principal for Service Cataloglet Service
let Service: string = "servicecatalog.amazonaws.com";const SesPrincipal
Service Principal for Simple Email Servicelet Service
let Service: string = "ses.amazonaws.com";const SigninPrincipal
Service Principal for Signin Servicelet Service
let Service: string = "signin.amazonaws.com";const SnsPrincipal
Service Principal for Simple Notification Servicelet Service
let Service: string = "sns.amazonaws.com";const SqsPrincipal
Service Principal for Simple Queue Servicelet Service
let Service: string = "sqs.amazonaws.com";const SsmPrincipal
Service Principal for Systems Managerlet Service
let Service: string = "ssm.amazonaws.com";const StorageGatewayPrincipal
Service Principal for Storage Gatewaylet Service
let Service: string = "storagegateway.amazonaws.com";const StsPrincipal
Service Principal for Security Token Servicelet Service
let Service: string = "sts.amazonaws.com";const SupportPrincipal
Service Principal for AWS Supportlet Service
let Service: string = "support.amazonaws.com";const VmiePrincipal
Service Principal for VM Import/Exportlet Service
let Service: string = "vmie.amazonaws.com";const VpcFlowLogsPrincipal
Service Principal for VPC Flow Logslet Service
let Service: string = "vpc-flow-logs.amazonaws.com";const WafPrincipal
Service Principal for Web Application Firewalllet Service
let Service: string = "waf.amazonaws.com";const WorkDocsPrincipal
Service Principal for WorkDocslet Service
let Service: string = "workdocs.amazonaws.com";const WorkspacesPrincipal
Service Principal for Workspaceslet Service
let Service: string = "workspaces.amazonaws.com";Resources
Resource AccessKey
class AccessKey extends CustomResourceProvides an IAM access key. This is a set of credentials that allow API requests to be made as an IAM user.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const lbUser = new aws.iam.User("lb", {
path: "/system/",
});
const lbAccessKey = new aws.iam.AccessKey("lb", {
pgpKey: "keybase:some_person_that_exists",
user: lbUser.name,
});
const lbRo = new aws.iam.UserPolicy("lbRo", {
policy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
`,
user: lbUser.name,
});
export const secret = lbAccessKey.encryptedSecret;This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/iam_access_key.html.markdown.
constructor
new AccessKey(name: string, args: AccessKeyArgs, opts?: pulumi.CustomResourceOptions)Create a AccessKey resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccessKeyState, opts?: pulumi.CustomResourceOptions): AccessKeyGet an existing AccessKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is AccessKeyReturns true if the given object is an instance of AccessKey. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property encryptedSecret
public encryptedSecret: pulumi.Output<string>;The encrypted secret, base64 encoded, if pgpKey was specified.
> NOTE: The encrypted secret may be decrypted using the command line,
for example: ... | base64 --decode | keybase pgp decrypt.
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property keyFingerprint
public keyFingerprint: pulumi.Output<string>;The fingerprint of the PGP key used to encrypt the secret
property pgpKey
public pgpKey: pulumi.Output<string | undefined>;Either a base-64 encoded PGP public key, or a
keybase username in the form keybase:some_person_that_exists, for use
in the encryptedSecret output attribute.
property secret
public secret: pulumi.Output<string>;The secret access key. Note that this will be written
to the state file. If you use this, please protect your backend state file
judiciously. Alternatively, you may supply a pgpKey instead, which will
prevent the secret from being stored in plaintext, at the cost of preventing
the use of the secret key in automation.
property sesSmtpPassword
public sesSmtpPassword: pulumi.Output<string>;The secret access key converted into an SES SMTP password by applying AWS’s documented conversion algorithm.
property status
public status: pulumi.Output<string>;The access key status to apply. Defaults to Active.
Valid values are Active and Inactive.
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property user
public user: pulumi.Output<string>;The IAM user to associate with this access key.
Resource AccountAlias
class AccountAlias extends CustomResourceNote: There is only a single account alias per AWS account.
Manages the account alias for the AWS Account.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const alias = new aws.iam.AccountAlias("alias", {
accountAlias: "my-account-alias",
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/iam_account_alias.html.markdown.
constructor
new AccountAlias(name: string, args: AccountAliasArgs, opts?: pulumi.CustomResourceOptions)Create a AccountAlias resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccountAliasState, opts?: pulumi.CustomResourceOptions): AccountAliasGet an existing AccountAlias resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is AccountAliasReturns true if the given object is an instance of AccountAlias. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property accountAlias
public accountAlias: pulumi.Output<string>;The account alias
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource AccountPasswordPolicy
class AccountPasswordPolicy extends CustomResourceNote: There is only a single policy allowed per AWS account. An existing policy will be lost when using this resource as an effect of this limitation.
Manages Password Policy for the AWS Account. See more about Account Password Policy in the official AWS docs.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const strict = new aws.iam.AccountPasswordPolicy("strict", {
allowUsersToChangePassword: true,
minimumPasswordLength: 8,
requireLowercaseCharacters: true,
requireNumbers: true,
requireSymbols: true,
requireUppercaseCharacters: true,
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/iam_account_password_policy.html.markdown.
constructor
new AccountPasswordPolicy(name: string, args?: AccountPasswordPolicyArgs, opts?: pulumi.CustomResourceOptions)Create a AccountPasswordPolicy resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccountPasswordPolicyState, opts?: pulumi.CustomResourceOptions): AccountPasswordPolicyGet an existing AccountPasswordPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is AccountPasswordPolicyReturns true if the given object is an instance of AccountPasswordPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property allowUsersToChangePassword
public allowUsersToChangePassword: pulumi.Output<boolean | undefined>;Whether to allow users to change their own password
property expirePasswords
public expirePasswords: pulumi.Output<boolean>;Indicates whether passwords in the account expire.
Returns true if maxPasswordAge contains a value greater than 0.
Returns false if it is 0 or not present.
property hardExpiry
public hardExpiry: pulumi.Output<boolean>;Whether users are prevented from setting a new password after their password has expired (i.e. require administrator reset)
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property maxPasswordAge
public maxPasswordAge: pulumi.Output<number>;The number of days that an user password is valid.
property minimumPasswordLength
public minimumPasswordLength: pulumi.Output<number | undefined>;Minimum length to require for user passwords.
property passwordReusePrevention
public passwordReusePrevention: pulumi.Output<number>;The number of previous passwords that users are prevented from reusing.
property requireLowercaseCharacters
public requireLowercaseCharacters: pulumi.Output<boolean>;Whether to require lowercase characters for user passwords.
property requireNumbers
public requireNumbers: pulumi.Output<boolean>;Whether to require numbers for user passwords.
property requireSymbols
public requireSymbols: pulumi.Output<boolean>;Whether to require symbols for user passwords.
property requireUppercaseCharacters
public requireUppercaseCharacters: pulumi.Output<boolean>;Whether to require uppercase characters for user passwords.
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource Group
class Group extends CustomResourceProvides an IAM group.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const developers = new aws.iam.Group("developers", {
path: "/users/",
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/iam_group.html.markdown.
constructor
new Group(name: string, args?: GroupArgs, opts?: pulumi.CustomResourceOptions)Create a Group resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupState, opts?: pulumi.CustomResourceOptions): GroupGet an existing Group resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is GroupReturns true if the given object is an instance of Group. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property arn
public arn: pulumi.Output<string>;The ARN assigned by AWS for this group.
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property name
public name: pulumi.Output<string>;The group’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. Group names are not distinguished by case. For example, you cannot create groups named both “ADMINS” and “admins”.
property path
public path: pulumi.Output<string | undefined>;Path in which to create the group.
property uniqueId
public uniqueId: pulumi.Output<string>;The [unique ID][1] assigned by AWS.
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource GroupMembership
class GroupMembership extends CustomResourceWARNING: Multiple aws.iam.GroupMembership resources with the same group name will produce inconsistent behavior!
Provides a top level resource to manage IAM Group membership for IAM Users. For more information on managing IAM Groups or IAM Users, see [IAM Groups][1] or [IAM Users][2]
Note:
aws.iam.GroupMembershipwill conflict with itself if used more than once with the same group. To non-exclusively manage the users in a group, see the [aws.iam.UserGroupMembershipresource][3].
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const group = new aws.iam.Group("group", {});
const userOne = new aws.iam.User("userOne", {});
const userTwo = new aws.iam.User("userTwo", {});
const team = new aws.iam.GroupMembership("team", {
group: group.name,
users: [
userOne.name,
userTwo.name,
],
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/iam_group_membership.html.markdown.
constructor
new GroupMembership(name: string, args: GroupMembershipArgs, opts?: pulumi.CustomResourceOptions)Create a GroupMembership resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupMembershipState, opts?: pulumi.CustomResourceOptions): GroupMembershipGet an existing GroupMembership resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is GroupMembershipReturns true if the given object is an instance of GroupMembership. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property group
public group: pulumi.Output<string>;The IAM Group name to attach the list of users to
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property name
public name: pulumi.Output<string>;The name to identify the Group Membership
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property users
public users: pulumi.Output<string[]>;A list of IAM User names to associate with the Group
Resource GroupPolicy
class GroupPolicy extends CustomResourceProvides an IAM policy attached to a group.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const myDevelopers = new aws.iam.Group("myDevelopers", {
path: "/users/",
});
const myDeveloperPolicy = new aws.iam.GroupPolicy("myDeveloperPolicy", {
group: myDevelopers.id,
policy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
`,
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/iam_group_policy.html.markdown.
constructor
new GroupPolicy(name: string, args: GroupPolicyArgs, opts?: pulumi.CustomResourceOptions)Create a GroupPolicy resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupPolicyState, opts?: pulumi.CustomResourceOptions): GroupPolicyGet an existing GroupPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is GroupPolicyReturns true if the given object is an instance of GroupPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property group
public group: pulumi.Output<string>;The IAM group to attach to the policy.
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property name
public name: pulumi.Output<string>;The name of the policy. If omitted, this provider will assign a random, unique name.
property namePrefix
public namePrefix: pulumi.Output<string | undefined>;Creates a unique name beginning with the specified
prefix. Conflicts with name.
property policy
public policy: pulumi.Output<string>;property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource GroupPolicyAttachment
class GroupPolicyAttachment extends CustomResourceAttaches a Managed IAM Policy to an IAM group
NOTE: The usage of this resource conflicts with the
aws.iam.PolicyAttachmentresource and will permanently show a difference if both are defined.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const group = new aws.iam.Group("group", {});
const policy = new aws.iam.Policy("policy", {
description: "A test policy",
policy: "", // insert policy here
});
const testAttach = new aws.iam.GroupPolicyAttachment("test-attach", {
group: group.name,
policyArn: policy.arn,
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/iam_group_policy_attachment.html.markdown.
constructor
new GroupPolicyAttachment(name: string, args: GroupPolicyAttachmentArgs, opts?: pulumi.CustomResourceOptions)Create a GroupPolicyAttachment resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupPolicyAttachmentState, opts?: pulumi.CustomResourceOptions): GroupPolicyAttachmentGet an existing GroupPolicyAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is GroupPolicyAttachmentReturns true if the given object is an instance of GroupPolicyAttachment. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property group
public group: pulumi.Output<string>;The group the policy should be applied to
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property policyArn
public policyArn: pulumi.Output<ARN>;The ARN of the policy you want to apply
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource InstanceProfile
class InstanceProfile extends CustomResourceProvides an IAM instance profile.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const role = new aws.iam.Role("role", {
assumeRolePolicy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
`,
path: "/",
});
const testProfile = new aws.iam.InstanceProfile("testProfile", {
role: role.name,
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/iam_instance_profile.html.markdown.
constructor
new InstanceProfile(name: string, args?: InstanceProfileArgs, opts?: pulumi.CustomResourceOptions)Create a InstanceProfile resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: InstanceProfileState, opts?: pulumi.CustomResourceOptions): InstanceProfileGet an existing InstanceProfile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is InstanceProfileReturns true if the given object is an instance of InstanceProfile. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property arn
public arn: pulumi.Output<string>;The ARN assigned by AWS to the instance profile.
property createDate
public createDate: pulumi.Output<string>;The creation timestamp of the instance profile.
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property name
public name: pulumi.Output<string>;The profile’s name. If omitted, this provider will assign a random, unique name.
property namePrefix
public namePrefix: pulumi.Output<string | undefined>;Creates a unique name beginning with the specified prefix. Conflicts with name.
property path
public path: pulumi.Output<string | undefined>;Path in which to create the profile.
property role
public role: pulumi.Output<string>;The role name to include in the profile.
property roles
public roles: pulumi.Output<string[]>;A list of role names to include in the profile. The current default is 1. If you see an error message similar to Cannot exceed quota for InstanceSessionsPerInstanceProfile: 1, then you must contact AWS support and ask for a limit increase.
property uniqueId
public uniqueId: pulumi.Output<string>;The [unique ID][1] assigned by AWS.
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource OpenIdConnectProvider
class OpenIdConnectProvider extends CustomResourceProvides an IAM OpenID Connect provider.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const defaultOpenIdConnectProvider = new aws.iam.OpenIdConnectProvider("default", {
clientIdLists: ["266362248691-342342xasdasdasda-apps.googleusercontent.com"],
thumbprintLists: [],
url: "https://accounts.google.com",
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/iam_openid_connect_provider.html.markdown.
constructor
new OpenIdConnectProvider(name: string, args: OpenIdConnectProviderArgs, opts?: pulumi.CustomResourceOptions)Create a OpenIdConnectProvider resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: OpenIdConnectProviderState, opts?: pulumi.CustomResourceOptions): OpenIdConnectProviderGet an existing OpenIdConnectProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is OpenIdConnectProviderReturns true if the given object is an instance of OpenIdConnectProvider. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property arn
public arn: pulumi.Output<string>;The ARN assigned by AWS for this provider.
property clientIdLists
public clientIdLists: pulumi.Output<string[]>;A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that’s sent as the clientId parameter on OAuth requests.)
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property thumbprintLists
public thumbprintLists: pulumi.Output<string[]>;A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider’s server certificate(s).
property url
public url: pulumi.Output<string>;The URL of the identity provider. Corresponds to the iss claim.
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource Policy
class Policy extends CustomResourceProvides an IAM policy.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const policy = new aws.iam.Policy("policy", {
description: "My test policy",
path: "/",
policy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
`,
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/iam_policy.html.markdown.
constructor
new Policy(name: string, args: PolicyArgs, opts?: pulumi.CustomResourceOptions)Create a Policy resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PolicyState, opts?: pulumi.CustomResourceOptions): PolicyGet an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is PolicyReturns true if the given object is an instance of Policy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property arn
public arn: pulumi.Output<string>;The ARN assigned by AWS to this policy.
property description
public description: pulumi.Output<string | undefined>;Description of the IAM policy.
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property name
public name: pulumi.Output<string>;The name of the policy. If omitted, this provider will assign a random, unique name.
property namePrefix
public namePrefix: pulumi.Output<string | undefined>;Creates a unique name beginning with the specified prefix. Conflicts with name.
property path
public path: pulumi.Output<string | undefined>;Path in which to create the policy. See IAM Identifiers for more information.
property policy
public policy: pulumi.Output<string>;property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource PolicyAttachment
class PolicyAttachment extends CustomResourceAttaches a Managed IAM Policy to user(s), role(s), and/or group(s)
!> WARNING: The aws.iam.PolicyAttachment resource creates exclusive attachments of IAM policies. Across the entire AWS account, all of the users/roles/groups to which a single policy is attached must be declared by a single aws.iam.PolicyAttachment resource. This means that even any users/roles/groups that have the attached policy via any other mechanism (including other resources managed by this provider) will have that attached policy revoked by this resource. Consider aws.iam.RolePolicyAttachment, aws.iam.UserPolicyAttachment, or aws.iam.GroupPolicyAttachment instead. These resources do not enforce exclusive attachment of an IAM policy.
NOTE: The usage of this resource conflicts with the
aws.iam.GroupPolicyAttachment,aws.iam.RolePolicyAttachment, andaws.iam.UserPolicyAttachmentresources and will permanently show a difference if both are defined.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const user = new aws.iam.User("user", {});
const role = new aws.iam.Role("role", {
assumeRolePolicy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
`,
});
const group = new aws.iam.Group("group", {});
const policy = new aws.iam.Policy("policy", {
description: "A test policy",
policy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
`,
});
const testAttach = new aws.iam.PolicyAttachment("test-attach", {
groups: [group.name],
policyArn: policy.arn,
roles: [role.name],
users: [user.name],
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/iam_policy_attachment.html.markdown.
constructor
new PolicyAttachment(name: string, args: PolicyAttachmentArgs, opts?: pulumi.CustomResourceOptions)Create a PolicyAttachment resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PolicyAttachmentState, opts?: pulumi.CustomResourceOptions): PolicyAttachmentGet an existing PolicyAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is PolicyAttachmentReturns true if the given object is an instance of PolicyAttachment. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property groups
public groups: pulumi.Output<string[] | undefined>;The group(s) the policy should be applied to
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property name
public name: pulumi.Output<string>;The name of the attachment. This cannot be an empty string.
property policyArn
public policyArn: pulumi.Output<ARN>;The ARN of the policy you want to apply
property roles
public roles: pulumi.Output<string[] | undefined>;The role(s) the policy should be applied to
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property users
public users: pulumi.Output<string[] | undefined>;The user(s) the policy should be applied to
Resource Role
class Role extends CustomResourceProvides an IAM role.
NOTE: If policies are attached to the role via the
aws.iam.PolicyAttachmentresource and you are modifying the rolenameorpath, theforceDetachPoliciesargument must be set totrueand applied before attempting the operation otherwise you will encounter aDeleteConflicterror. Theaws.iam.RolePolicyAttachmentresource (recommended) does not have this requirement.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const testRole = new aws.iam.Role("testRole", {
assumeRolePolicy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
`,
tags: {
"tag-key": "tag-value",
},
});Example of Using Data Source for Assume Role Policy
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const instanceAssumeRolePolicy = aws.iam.getPolicyDocument({
statements: [{
actions: ["sts:AssumeRole"],
principals: [{
identifiers: ["ec2.amazonaws.com"],
type: "Service",
}],
}],
});
const instance = new aws.iam.Role("instance", {
assumeRolePolicy: instance_assume_role_policy.json,
path: "/system/",
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/iam_role.html.markdown.
constructor
new Role(name: string, args: RoleArgs, opts?: pulumi.CustomResourceOptions)Create a Role resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RoleState, opts?: pulumi.CustomResourceOptions): RoleGet an existing Role resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is RoleReturns true if the given object is an instance of Role. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property arn
public arn: pulumi.Output<string>;The Amazon Resource Name (ARN) specifying the role.
property assumeRolePolicy
public assumeRolePolicy: pulumi.Output<string>;The policy that grants an entity permission to assume the role.
property createDate
public createDate: pulumi.Output<string>;The creation date of the IAM role.
property description
public description: pulumi.Output<string | undefined>;The description of the role.
property forceDetachPolicies
public forceDetachPolicies: pulumi.Output<boolean | undefined>;Specifies to force detaching any policies the role has before destroying it. Defaults to false.
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property maxSessionDuration
public maxSessionDuration: pulumi.Output<number | undefined>;The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
property name
public name: pulumi.Output<string>;The name of the role. If omitted, this provider will assign a random, unique name.
property namePrefix
public namePrefix: pulumi.Output<string | undefined>;Creates a unique name beginning with the specified prefix. Conflicts with name.
property path
public path: pulumi.Output<string | undefined>;The path to the role. See IAM Identifiers for more information.
property permissionsBoundary
public permissionsBoundary: pulumi.Output<string | undefined>;The ARN of the policy that is used to set the permissions boundary for the role.
property tags
public tags: pulumi.Output<{[key: string]: any} | undefined>;Key-value mapping of tags for the IAM role
property uniqueId
public uniqueId: pulumi.Output<string>;The stable and unique string identifying the role.
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource RolePolicy
class RolePolicy extends CustomResourceProvides an IAM role policy.
This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/iam_role_policy.html.markdown.
constructor
new RolePolicy(name: string, args: RolePolicyArgs, opts?: pulumi.CustomResourceOptions)Create a RolePolicy resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RolePolicyState, opts?: pulumi.CustomResourceOptions): RolePolicyGet an existing RolePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is RolePolicyReturns true if the given object is an instance of RolePolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property name
public name: pulumi.Output<string>;The name of the role policy. If omitted, this provider will assign a random, unique name.
property namePrefix
public namePrefix: pulumi.Output<string | undefined>;Creates a unique name beginning with the specified
prefix. Conflicts with name.
property policy
public policy: pulumi.Output<string>;property role
public role: pulumi.Output<string>;The IAM role to attach to the policy.
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource RolePolicyAttachment
class RolePolicyAttachment extends CustomResourceAttaches a Managed IAM Policy to an IAM role
NOTE: The usage of this resource conflicts with the
aws.iam.PolicyAttachmentresource and will permanently show a difference if both are defined.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const role = new aws.iam.Role("role", {
assumeRolePolicy: ` {
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
`,
});
const policy = new aws.iam.Policy("policy", {
description: "A test policy",
policy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
`,
});
const testAttach = new aws.iam.RolePolicyAttachment("test-attach", {
policyArn: policy.arn,
role: role.name,
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/iam_role_policy_attachment.html.markdown.
constructor
new RolePolicyAttachment(name: string, args: RolePolicyAttachmentArgs, opts?: pulumi.CustomResourceOptions)Create a RolePolicyAttachment resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RolePolicyAttachmentState, opts?: pulumi.CustomResourceOptions): RolePolicyAttachmentGet an existing RolePolicyAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is RolePolicyAttachmentReturns true if the given object is an instance of RolePolicyAttachment. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property policyArn
public policyArn: pulumi.Output<ARN>;The ARN of the policy you want to apply
property role
public role: pulumi.Output<string>;The role the policy should be applied to
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource SamlProvider
class SamlProvider extends CustomResourceProvides an IAM SAML provider.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as fs from "fs";
const defaultSamlProvider = new aws.iam.SamlProvider("default", {
samlMetadataDocument: fs.readFileSync("saml-metadata.xml", "utf-8"),
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/iam_saml_provider.html.markdown.
constructor
new SamlProvider(name: string, args: SamlProviderArgs, opts?: pulumi.CustomResourceOptions)Create a SamlProvider resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SamlProviderState, opts?: pulumi.CustomResourceOptions): SamlProviderGet an existing SamlProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is SamlProviderReturns true if the given object is an instance of SamlProvider. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property arn
public arn: pulumi.Output<string>;The ARN assigned by AWS for this provider.
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property name
public name: pulumi.Output<string>;The name of the provider to create.
property samlMetadataDocument
public samlMetadataDocument: pulumi.Output<string>;An XML document generated by an identity provider that supports SAML 2.0.
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property validUntil
public validUntil: pulumi.Output<string>;The expiration date and time for the SAML provider in RFC1123 format, e.g. Mon, 02 Jan 2006 15:04:05 MST.
Resource ServerCertificate
class ServerCertificate extends CustomResourceProvides an IAM Server Certificate resource to upload Server Certificates. Certs uploaded to IAM can easily work with other AWS services such as:
- AWS Elastic Beanstalk
- Elastic Load Balancing
- CloudFront
- AWS OpsWorks
For information about server certificates in IAM, see [Managing Server Certificates][2] in AWS Documentation.
Note: All arguments including the private key will be stored in the raw state as plain-text. Read more about sensitive data in state.
Example Usage
Using certs on file:
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as fs from "fs";
const testCert = new aws.iam.ServerCertificate("testCert", {
certificateBody: fs.readFileSync("self-ca-cert.pem", "utf-8"),
privateKey: fs.readFileSync("test-key.pem", "utf-8"),
});Example with cert in-line:
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const testCertAlt = new aws.iam.ServerCertificate("testCertAlt", {
certificateBody: `-----BEGIN CERTIFICATE-----
[......] # cert contents
-----END CERTIFICATE-----
`,
privateKey: `-----BEGIN RSA PRIVATE KEY-----
[......] # cert contents
-----END RSA PRIVATE KEY-----
`,
});Use in combination with an AWS ELB resource:
Some properties of an IAM Server Certificates cannot be updated while they are
in use. In order for this provider to effectively manage a Certificate in this situation, it is
recommended you utilize the namePrefix attribute and enable the
createBeforeDestroy [lifecycle block][lifecycle]. This will allow this provider
to create a new, updated aws.iam.ServerCertificate resource and replace it in
dependant resources before attempting to destroy the old version.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as fs from "fs";
const testCert = new aws.iam.ServerCertificate("testCert", {
certificateBody: fs.readFileSync("self-ca-cert.pem", "utf-8"),
namePrefix: "example-cert",
privateKey: fs.readFileSync("test-key.pem", "utf-8"),
});
const ourapp = new aws.elb.LoadBalancer("ourapp", {
availabilityZones: ["us-west-2a"],
crossZoneLoadBalancing: true,
listeners: [{
instancePort: 8000,
instanceProtocol: "http",
lbPort: 443,
lbProtocol: "https",
sslCertificateId: testCert.arn,
}],
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/iam_server_certificate.html.markdown.
constructor
new ServerCertificate(name: string, args: ServerCertificateArgs, opts?: pulumi.CustomResourceOptions)Create a ServerCertificate resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServerCertificateState, opts?: pulumi.CustomResourceOptions): ServerCertificateGet an existing ServerCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is ServerCertificateReturns true if the given object is an instance of ServerCertificate. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property arn
public arn: pulumi.Output<string>;The Amazon Resource Name (ARN) specifying the server certificate.
property certificateBody
public certificateBody: pulumi.Output<string>;The contents of the public key certificate in PEM-encoded format.
property certificateChain
public certificateChain: pulumi.Output<string | undefined>;The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property name
public name: pulumi.Output<string>;The name of the Server Certificate. Do not include the path in this value. If omitted, this provider will assign a random, unique name.
property namePrefix
public namePrefix: pulumi.Output<string | undefined>;Creates a unique name beginning with the specified
prefix. Conflicts with name.
property path
public path: pulumi.Output<string | undefined>;The IAM path for the server certificate. If it is not
included, it defaults to a slash (/). If this certificate is for use with
AWS CloudFront, the path must be in format /cloudfront/your_path_here.
See [IAM Identifiers][1] for more details on IAM Paths.
property privateKey
public privateKey: pulumi.Output<string>;The contents of the private key in PEM-encoded format.
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource ServiceLinkedRole
class ServiceLinkedRole extends CustomResourceProvides an IAM service-linked role.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const elasticbeanstalk = new aws.iam.ServiceLinkedRole("elasticbeanstalk", {
awsServiceName: "elasticbeanstalk.amazonaws.com",
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/iam_service_linked_role.html.markdown.
constructor
new ServiceLinkedRole(name: string, args: ServiceLinkedRoleArgs, opts?: pulumi.CustomResourceOptions)Create a ServiceLinkedRole resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServiceLinkedRoleState, opts?: pulumi.CustomResourceOptions): ServiceLinkedRoleGet an existing ServiceLinkedRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is ServiceLinkedRoleReturns true if the given object is an instance of ServiceLinkedRole. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property arn
public arn: pulumi.Output<string>;The Amazon Resource Name (ARN) specifying the role.
property awsServiceName
public awsServiceName: pulumi.Output<string>;The AWS service to which this role is attached. You use a string similar to a URL but without the http:// in front. For example: elasticbeanstalk.amazonaws.com. To find the full list of services that support service-linked roles, check the docs.
property createDate
public createDate: pulumi.Output<string>;The creation date of the IAM role.
property customSuffix
public customSuffix: pulumi.Output<string | undefined>;Additional string appended to the role name. Not all AWS services support custom suffixes.
property description
public description: pulumi.Output<string | undefined>;The description of the role.
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property name
public name: pulumi.Output<string>;The name of the role.
property path
public path: pulumi.Output<string>;The path of the role.
property uniqueId
public uniqueId: pulumi.Output<string>;The stable and unique string identifying the role.
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource SshKey
class SshKey extends CustomResourceUploads an SSH public key and associates it with the specified IAM user.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const userUser = new aws.iam.User("user", {
path: "/",
});
const userSshKey = new aws.iam.SshKey("user", {
encoding: "SSH",
publicKey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 mytest@mydomain.com",
username: userUser.name,
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/iam_user_ssh_key.html.markdown.
constructor
new SshKey(name: string, args: SshKeyArgs, opts?: pulumi.CustomResourceOptions)Create a SshKey resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SshKeyState, opts?: pulumi.CustomResourceOptions): SshKeyGet an existing SshKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is SshKeyReturns true if the given object is an instance of SshKey. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property encoding
public encoding: pulumi.Output<string>;Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.
property fingerprint
public fingerprint: pulumi.Output<string>;The MD5 message digest of the SSH public key.
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property publicKey
public publicKey: pulumi.Output<string>;The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
property sshPublicKeyId
public sshPublicKeyId: pulumi.Output<string>;The unique identifier for the SSH public key.
property status
public status: pulumi.Output<string>;The status to assign to the SSH public key. Active means the key can be used for authentication with an AWS CodeCommit repository. Inactive means the key cannot be used. Default is active.
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property username
public username: pulumi.Output<string>;The name of the IAM user to associate the SSH public key with.
Resource User
class User extends CustomResourceProvides an IAM user.
NOTE: If policies are attached to the user via the
aws.iam.PolicyAttachmentresource and you are modifying the usernameorpath, theforceDestroyargument must be set totrueand applied before attempting the operation otherwise you will encounter aDeleteConflicterror. Theaws.iam.UserPolicyAttachmentresource (recommended) does not have this requirement.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const lbUser = new aws.iam.User("lb", {
path: "/system/",
tags: {
"tag-key": "tag-value",
},
});
const lbAccessKey = new aws.iam.AccessKey("lb", {
user: lbUser.name,
});
const lbRo = new aws.iam.UserPolicy("lbRo", {
policy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
`,
user: lbUser.name,
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/iam_user.html.markdown.
constructor
new User(name: string, args?: UserArgs, opts?: pulumi.CustomResourceOptions)Create a User resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserState, opts?: pulumi.CustomResourceOptions): UserGet an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is UserReturns true if the given object is an instance of User. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property arn
public arn: pulumi.Output<string>;The ARN assigned by AWS for this user.
property forceDestroy
public forceDestroy: pulumi.Output<boolean | undefined>;When destroying this user, destroy even if it
has non-this provider-managed IAM access keys, login profile or MFA devices. Without forceDestroy
a user with non-this provider-managed access keys and login profile will fail to be destroyed.
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property name
public name: pulumi.Output<string>;The user’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. User names are not distinguished by case. For example, you cannot create users named both “TESTUSER” and “testuser”.
property path
public path: pulumi.Output<string | undefined>;Path in which to create the user.
property permissionsBoundary
public permissionsBoundary: pulumi.Output<string | undefined>;The ARN of the policy that is used to set the permissions boundary for the user.
property tags
public tags: pulumi.Output<{[key: string]: any} | undefined>;Key-value mapping of tags for the IAM user
property uniqueId
public uniqueId: pulumi.Output<string>;The [unique ID][1] assigned by AWS.
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource UserGroupMembership
class UserGroupMembership extends CustomResourceProvides a resource for adding an [IAM User][2] to [IAM Groups][1]. This resource can be used multiple times with the same user for non-overlapping groups.
To exclusively manage the users in a group, see the
[aws.iam.GroupMembership resource][3].
Example usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const user1 = new aws.iam.User("user1", {});
const group1 = new aws.iam.Group("group1", {});
const group2 = new aws.iam.Group("group2", {});
const example1 = new aws.iam.UserGroupMembership("example1", {
groups: [
group1.name,
group2.name,
],
user: user1.name,
});
const group3 = new aws.iam.Group("group3", {});
const example2 = new aws.iam.UserGroupMembership("example2", {
groups: [group3.name],
user: user1.name,
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/iam_user_group_membership.html.markdown.
constructor
new UserGroupMembership(name: string, args: UserGroupMembershipArgs, opts?: pulumi.CustomResourceOptions)Create a UserGroupMembership resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserGroupMembershipState, opts?: pulumi.CustomResourceOptions): UserGroupMembershipGet an existing UserGroupMembership resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is UserGroupMembershipReturns true if the given object is an instance of UserGroupMembership. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property groups
public groups: pulumi.Output<string[]>;A list of [IAM Groups][1] to add the user to
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property user
public user: pulumi.Output<string>;The name of the [IAM User][2] to add to groups
Resource UserLoginProfile
class UserLoginProfile extends CustomResourceManages an IAM User Login Profile with limited support for password creation during this provider resource creation. Uses PGP to encrypt the password for safe transport to the user. PGP keys can be obtained from Keybase.
To reset an IAM User login password via this provider, you can use delete and recreate this resource or change any of the arguments.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleUser = new aws.iam.User("example", {
forceDestroy: true,
path: "/",
});
const exampleUserLoginProfile = new aws.iam.UserLoginProfile("example", {
pgpKey: "keybase:some_person_that_exists",
user: exampleUser.name,
});
export const password = exampleUserLoginProfile.encryptedPassword;This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/iam_user_login_profile.html.markdown.
constructor
new UserLoginProfile(name: string, args: UserLoginProfileArgs, opts?: pulumi.CustomResourceOptions)Create a UserLoginProfile resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserLoginProfileState, opts?: pulumi.CustomResourceOptions): UserLoginProfileGet an existing UserLoginProfile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is UserLoginProfileReturns true if the given object is an instance of UserLoginProfile. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property encryptedPassword
public encryptedPassword: pulumi.Output<string>;The encrypted password, base64 encoded. Only available if password was handled on this provider resource creation, not import.
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property keyFingerprint
public keyFingerprint: pulumi.Output<string>;The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.
property passwordLength
public passwordLength: pulumi.Output<number | undefined>;The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.
property passwordResetRequired
public passwordResetRequired: pulumi.Output<boolean | undefined>;Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.
property pgpKey
public pgpKey: pulumi.Output<string>;Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property user
public user: pulumi.Output<string>;The IAM user’s name.
Resource UserPolicy
class UserPolicy extends CustomResourceProvides an IAM policy attached to a user.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const lbUser = new aws.iam.User("lb", {
path: "/system/",
});
const lbRo = new aws.iam.UserPolicy("lbRo", {
policy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
`,
user: lbUser.name,
});
const lbAccessKey = new aws.iam.AccessKey("lb", {
user: lbUser.name,
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/iam_user_policy.html.markdown.
constructor
new UserPolicy(name: string, args: UserPolicyArgs, opts?: pulumi.CustomResourceOptions)Create a UserPolicy resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserPolicyState, opts?: pulumi.CustomResourceOptions): UserPolicyGet an existing UserPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is UserPolicyReturns true if the given object is an instance of UserPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property name
public name: pulumi.Output<string>;The name of the policy. If omitted, this provider will assign a random, unique name.
property namePrefix
public namePrefix: pulumi.Output<string | undefined>;Creates a unique name beginning with the specified prefix. Conflicts with name.
property policy
public policy: pulumi.Output<string>;property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property user
public user: pulumi.Output<string>;IAM user to which to attach this policy.
Resource UserPolicyAttachment
class UserPolicyAttachment extends CustomResourceAttaches a Managed IAM Policy to an IAM user
NOTE: The usage of this resource conflicts with the
aws.iam.PolicyAttachmentresource and will permanently show a difference if both are defined.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const user = new aws.iam.User("user", {});
const policy = new aws.iam.Policy("policy", {
description: "A test policy",
policy: "", // insert policy here
});
const testAttach = new aws.iam.UserPolicyAttachment("test-attach", {
policyArn: policy.arn,
user: user.name,
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/r/iam_user_policy_attachment.html.markdown.
constructor
new UserPolicyAttachment(name: string, args: UserPolicyAttachmentArgs, opts?: pulumi.CustomResourceOptions)Create a UserPolicyAttachment resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserPolicyAttachmentState, opts?: pulumi.CustomResourceOptions): UserPolicyAttachmentGet an existing UserPolicyAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is UserPolicyAttachmentReturns true if the given object is an instance of UserPolicyAttachment. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property policyArn
public policyArn: pulumi.Output<ARN>;The ARN of the policy you want to apply
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property user
public user: pulumi.Output<string>;The user the policy should be applied to
Data Sources
Data Source getAccountAlias
getAccountAlias(opts?: pulumi.InvokeOptions): Promise<GetAccountAliasResult> & GetAccountAliasResultThe IAM Account Alias data source allows access to the account alias for the effective account in which this provider is working.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const current = aws.iam.getAccountAlias();
export const accountId = current.accountAlias;This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/d/iam_account_alias.html.markdown.
Data Source getGroup
getGroup(args: GetGroupArgs, opts?: pulumi.InvokeOptions): Promise<GetGroupResult> & GetGroupResultThis data source can be used to fetch information about a specific IAM group. By using this data source, you can reference IAM group properties without having to hard code ARNs as input.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.iam.getGroup({
groupName: "anExampleGroupName",
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/d/iam_group.html.markdown.
Data Source getInstanceProfile
getInstanceProfile(args: GetInstanceProfileArgs, opts?: pulumi.InvokeOptions): Promise<GetInstanceProfileResult> & GetInstanceProfileResultThis data source can be used to fetch information about a specific IAM instance profile. By using this data source, you can reference IAM instance profile properties without having to hard code ARNs as input.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.iam.getInstanceProfile({
name: "anExampleInstanceProfileName",
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/d/iam_instance_profile.html.markdown.
Data Source getPolicy
getPolicy(args: GetPolicyArgs, opts?: pulumi.InvokeOptions): Promise<GetPolicyResult> & GetPolicyResultThis data source can be used to fetch information about a specific IAM policy.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.iam.getPolicy({
arn: "arn:aws:iam::123456789012:policy/UsersManageOwnCredentials",
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/d/iam_policy.html.markdown.
Data Source getPolicyDocument
getPolicyDocument(args?: GetPolicyDocumentArgs, opts?: pulumi.InvokeOptions): Promise<GetPolicyDocumentResult> & GetPolicyDocumentResultThis content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/d/iam_policy_document.html.markdown.
Data Source getRole
getRole(args: GetRoleArgs, opts?: pulumi.InvokeOptions): Promise<GetRoleResult> & GetRoleResultThis data source can be used to fetch information about a specific IAM role. By using this data source, you can reference IAM role properties without having to hard code ARNs as input.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.iam.getRole({
name: "anExampleRoleName",
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/d/iam_role.html.markdown.
Data Source getServerCertificate
getServerCertificate(args?: GetServerCertificateArgs, opts?: pulumi.InvokeOptions): Promise<GetServerCertificateResult> & GetServerCertificateResultUse this data source to lookup information about IAM Server Certificates.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const myDomain = aws.iam.getServerCertificate({
latest: true,
namePrefix: "my-domain.org",
});
const elb = new aws.elb.LoadBalancer("elb", {
listeners: [{
instancePort: 8000,
instanceProtocol: "https",
lbPort: 443,
lbProtocol: "https",
sslCertificateId: my_domain.arn,
}],
});Import
The import function will read in certificate body, certificate chain (if it exists), id, name, path, and arn. It will not retrieve the private key which is not available through the AWS API.
This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/d/iam_server_certificate.html.markdown.
Data Source getUser
getUser(args: GetUserArgs, opts?: pulumi.InvokeOptions): Promise<GetUserResult> & GetUserResultThis data source can be used to fetch information about a specific IAM user. By using this data source, you can reference IAM user properties without having to hard code ARNs or unique IDs as input.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.iam.getUser({
userName: "anExampleUserName",
});This content is derived from https://github.com/terraform-providers/terraform-provider-aws/blob/master/website/docs/d/iam_user.html.markdown.
Others
interface AccessKeyArgs
interface AccessKeyArgsThe set of arguments for constructing a AccessKey resource.
property pgpKey
pgpKey?: pulumi.Input<string>;Either a base-64 encoded PGP public key, or a
keybase username in the form keybase:some_person_that_exists, for use
in the encryptedSecret output attribute.
property status
status?: pulumi.Input<string>;The access key status to apply. Defaults to Active.
Valid values are Active and Inactive.
property user
user: pulumi.Input<string>;The IAM user to associate with this access key.
interface AccessKeyState
interface AccessKeyStateInput properties used for looking up and filtering AccessKey resources.
property encryptedSecret
encryptedSecret?: pulumi.Input<string>;The encrypted secret, base64 encoded, if pgpKey was specified.
> NOTE: The encrypted secret may be decrypted using the command line,
for example: ... | base64 --decode | keybase pgp decrypt.
property keyFingerprint
keyFingerprint?: pulumi.Input<string>;The fingerprint of the PGP key used to encrypt the secret
property pgpKey
pgpKey?: pulumi.Input<string>;Either a base-64 encoded PGP public key, or a
keybase username in the form keybase:some_person_that_exists, for use
in the encryptedSecret output attribute.
property secret
secret?: pulumi.Input<string>;The secret access key. Note that this will be written
to the state file. If you use this, please protect your backend state file
judiciously. Alternatively, you may supply a pgpKey instead, which will
prevent the secret from being stored in plaintext, at the cost of preventing
the use of the secret key in automation.
property sesSmtpPassword
sesSmtpPassword?: pulumi.Input<string>;The secret access key converted into an SES SMTP password by applying AWS’s documented conversion algorithm.
property status
status?: pulumi.Input<string>;The access key status to apply. Defaults to Active.
Valid values are Active and Inactive.
property user
user?: pulumi.Input<string>;The IAM user to associate with this access key.
interface AccountAliasArgs
interface AccountAliasArgsThe set of arguments for constructing a AccountAlias resource.
property accountAlias
accountAlias: pulumi.Input<string>;The account alias
interface AccountAliasState
interface AccountAliasStateInput properties used for looking up and filtering AccountAlias resources.
property accountAlias
accountAlias?: pulumi.Input<string>;The account alias
interface AccountPasswordPolicyArgs
interface AccountPasswordPolicyArgsThe set of arguments for constructing a AccountPasswordPolicy resource.
property allowUsersToChangePassword
allowUsersToChangePassword?: pulumi.Input<boolean>;Whether to allow users to change their own password
property hardExpiry
hardExpiry?: pulumi.Input<boolean>;Whether users are prevented from setting a new password after their password has expired (i.e. require administrator reset)
property maxPasswordAge
maxPasswordAge?: pulumi.Input<number>;The number of days that an user password is valid.
property minimumPasswordLength
minimumPasswordLength?: pulumi.Input<number>;Minimum length to require for user passwords.
property passwordReusePrevention
passwordReusePrevention?: pulumi.Input<number>;The number of previous passwords that users are prevented from reusing.
property requireLowercaseCharacters
requireLowercaseCharacters?: pulumi.Input<boolean>;Whether to require lowercase characters for user passwords.
property requireNumbers
requireNumbers?: pulumi.Input<boolean>;Whether to require numbers for user passwords.
property requireSymbols
requireSymbols?: pulumi.Input<boolean>;Whether to require symbols for user passwords.
property requireUppercaseCharacters
requireUppercaseCharacters?: pulumi.Input<boolean>;Whether to require uppercase characters for user passwords.
interface AccountPasswordPolicyState
interface AccountPasswordPolicyStateInput properties used for looking up and filtering AccountPasswordPolicy resources.
property allowUsersToChangePassword
allowUsersToChangePassword?: pulumi.Input<boolean>;Whether to allow users to change their own password
property expirePasswords
expirePasswords?: pulumi.Input<boolean>;Indicates whether passwords in the account expire.
Returns true if maxPasswordAge contains a value greater than 0.
Returns false if it is 0 or not present.
property hardExpiry
hardExpiry?: pulumi.Input<boolean>;Whether users are prevented from setting a new password after their password has expired (i.e. require administrator reset)
property maxPasswordAge
maxPasswordAge?: pulumi.Input<number>;The number of days that an user password is valid.
property minimumPasswordLength
minimumPasswordLength?: pulumi.Input<number>;Minimum length to require for user passwords.
property passwordReusePrevention
passwordReusePrevention?: pulumi.Input<number>;The number of previous passwords that users are prevented from reusing.
property requireLowercaseCharacters
requireLowercaseCharacters?: pulumi.Input<boolean>;Whether to require lowercase characters for user passwords.
property requireNumbers
requireNumbers?: pulumi.Input<boolean>;Whether to require numbers for user passwords.
property requireSymbols
requireSymbols?: pulumi.Input<boolean>;Whether to require symbols for user passwords.
property requireUppercaseCharacters
requireUppercaseCharacters?: pulumi.Input<boolean>;Whether to require uppercase characters for user passwords.
const AcmServicePrincipal
let Service
let Service: string = "acm.amazonaws.com";const AdministratorAccess
const AdministratorAccess: ARN = "arn:aws:iam::aws:policy/AdministratorAccess";const AmazonAPIGatewayAdministrator
const AmazonAPIGatewayAdministrator: ARN = "arn:aws:iam::aws:policy/AmazonAPIGatewayAdministrator";const AmazonAPIGatewayInvokeFullAccess
const AmazonAPIGatewayInvokeFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess";const AmazonAPIGatewayPushToCloudWatchLogs
const AmazonAPIGatewayPushToCloudWatchLogs: ARN = "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs";const AmazonAppStreamFullAccess
const AmazonAppStreamFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonAppStreamFullAccess";const AmazonAppStreamReadOnlyAccess
const AmazonAppStreamReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonAppStreamReadOnlyAccess";const AmazonAppStreamServiceAccess
const AmazonAppStreamServiceAccess: ARN = "arn:aws:iam::aws:policy/service-role/AmazonAppStreamServiceAccess";const AmazonAthenaFullAccess
const AmazonAthenaFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonAthenaFullAccess";const AmazonCloudDirectoryFullAccess
const AmazonCloudDirectoryFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonCloudDirectoryFullAccess";const AmazonCloudDirectoryReadOnlyAccess
const AmazonCloudDirectoryReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonCloudDirectoryReadOnlyAccess";const AmazonCognitoDeveloperAuthenticatedIdentities
const AmazonCognitoDeveloperAuthenticatedIdentities: ARN = "arn:aws:iam::aws:policy/AmazonCognitoDeveloperAuthenticatedIdentities";const AmazonCognitoPowerUser
const AmazonCognitoPowerUser: ARN = "arn:aws:iam::aws:policy/AmazonCognitoPowerUser";const AmazonCognitoReadOnly
const AmazonCognitoReadOnly: ARN = "arn:aws:iam::aws:policy/AmazonCognitoReadOnly";const AmazonDMSCloudWatchLogsRole
const AmazonDMSCloudWatchLogsRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole";const AmazonDMSRedshiftS3Role
const AmazonDMSRedshiftS3Role: ARN = "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role";const AmazonDMSVPCManagementRole
const AmazonDMSVPCManagementRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole";const AmazonDRSVPCManagement
const AmazonDRSVPCManagement: ARN = "arn:aws:iam::aws:policy/AmazonDRSVPCManagement";const AmazonDynamoDBFullAccess
const AmazonDynamoDBFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess";const AmazonDynamoDBFullAccesswithDataPipeline
const AmazonDynamoDBFullAccesswithDataPipeline: ARN = "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccesswithDataPipeline";const AmazonDynamoDBReadOnlyAccess
const AmazonDynamoDBReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess";const AmazonEC2ContainerRegistryFullAccess
const AmazonEC2ContainerRegistryFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess";const AmazonEC2ContainerRegistryPowerUser
const AmazonEC2ContainerRegistryPowerUser: ARN = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPowerUser";const AmazonEC2ContainerRegistryReadOnly
const AmazonEC2ContainerRegistryReadOnly: ARN = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly";const AmazonEC2ContainerServiceAutoscaleRole
const AmazonEC2ContainerServiceAutoscaleRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceAutoscaleRole";const AmazonEC2ContainerServiceforEC2Role
const AmazonEC2ContainerServiceforEC2Role: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role";const AmazonEC2ContainerServiceFullAccess
const AmazonEC2ContainerServiceFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonEC2ContainerServiceFullAccess";const AmazonEC2ContainerServiceRole
const AmazonEC2ContainerServiceRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole";const AmazonEC2FullAccess
const AmazonEC2FullAccess: ARN = "arn:aws:iam::aws:policy/AmazonEC2FullAccess";const AmazonEC2ReadOnlyAccess
const AmazonEC2ReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess";const AmazonEC2ReportsAccess
const AmazonEC2ReportsAccess: ARN = "arn:aws:iam::aws:policy/AmazonEC2ReportsAccess";const AmazonEC2RoleforAWSCodeDeploy
const AmazonEC2RoleforAWSCodeDeploy: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeploy";const AmazonEC2RoleforDataPipelineRole
const AmazonEC2RoleforDataPipelineRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforDataPipelineRole";const AmazonEC2RoleforSSM
const AmazonEC2RoleforSSM: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM";const AmazonEC2SpotFleetAutoscaleRole
const AmazonEC2SpotFleetAutoscaleRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetAutoscaleRole";const AmazonEC2SpotFleetRole
const AmazonEC2SpotFleetRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetRole";const AmazonElastiCacheFullAccess
const AmazonElastiCacheFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonElastiCacheFullAccess";const AmazonElastiCacheReadOnlyAccess
const AmazonElastiCacheReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess";const AmazonElasticFileSystemFullAccess
const AmazonElasticFileSystemFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess";const AmazonElasticFileSystemReadOnlyAccess
const AmazonElasticFileSystemReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonElasticFileSystemReadOnlyAccess";const AmazonElasticMapReduceforAutoScalingRole
const AmazonElasticMapReduceforAutoScalingRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforAutoScalingRole";const AmazonElasticMapReduceforEC2Role
const AmazonElasticMapReduceforEC2Role: ARN = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role";const AmazonElasticMapReduceFullAccess
const AmazonElasticMapReduceFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonElasticMapReduceFullAccess";const AmazonElasticMapReduceReadOnlyAccess
const AmazonElasticMapReduceReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonElasticMapReduceReadOnlyAccess";const AmazonElasticMapReduceRole
const AmazonElasticMapReduceRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole";const AmazonElasticTranscoderFullAccess
const AmazonElasticTranscoderFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonElasticTranscoderFullAccess";const AmazonElasticTranscoderJobsSubmitter
const AmazonElasticTranscoderJobsSubmitter: ARN = "arn:aws:iam::aws:policy/AmazonElasticTranscoderJobsSubmitter";const AmazonElasticTranscoderReadOnlyAccess
const AmazonElasticTranscoderReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonElasticTranscoderReadOnlyAccess";const AmazonElasticTranscoderRole
const AmazonElasticTranscoderRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonElasticTranscoderRole";const AmazonESFullAccess
const AmazonESFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonESFullAccess";const AmazonESReadOnlyAccess
const AmazonESReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonESReadOnlyAccess";const AmazonGlacierFullAccess
const AmazonGlacierFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonGlacierFullAccess";const AmazonGlacierReadOnlyAccess
const AmazonGlacierReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonGlacierReadOnlyAccess";const AmazonInspectorFullAccess
const AmazonInspectorFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonInspectorFullAccess";const AmazonInspectorReadOnlyAccess
const AmazonInspectorReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonInspectorReadOnlyAccess";const AmazonKinesisAnalyticsFullAccess
const AmazonKinesisAnalyticsFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonKinesisAnalyticsFullAccess";const AmazonKinesisAnalyticsReadOnly
const AmazonKinesisAnalyticsReadOnly: ARN = "arn:aws:iam::aws:policy/AmazonKinesisAnalyticsReadOnly";const AmazonKinesisFirehoseFullAccess
const AmazonKinesisFirehoseFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonKinesisFirehoseFullAccess";const AmazonKinesisFirehoseReadOnlyAccess
const AmazonKinesisFirehoseReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonKinesisFirehoseReadOnlyAccess";const AmazonKinesisFullAccess
const AmazonKinesisFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonKinesisFullAccess";const AmazonKinesisReadOnlyAccess
const AmazonKinesisReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonKinesisReadOnlyAccess";const AmazonLexFullAccess
const AmazonLexFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonLexFullAccess";const AmazonLexReadOnly
const AmazonLexReadOnly: ARN = "arn:aws:iam::aws:policy/AmazonLexReadOnly";const AmazonLexRunBotsOnly
const AmazonLexRunBotsOnly: ARN = "arn:aws:iam::aws:policy/AmazonLexRunBotsOnly";const AmazonMachineLearningBatchPredictionsAccess
const AmazonMachineLearningBatchPredictionsAccess: ARN = "arn:aws:iam::aws:policy/AmazonMachineLearningBatchPredictionsAccess";const AmazonMachineLearningCreateOnlyAccess
const AmazonMachineLearningCreateOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonMachineLearningCreateOnlyAccess";const AmazonMachineLearningFullAccess
const AmazonMachineLearningFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonMachineLearningFullAccess";const AmazonMachineLearningManageRealTimeEndpointOnlyAccess
const AmazonMachineLearningManageRealTimeEndpointOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonMachineLearningManageRealTimeEndpointOnlyAccess";const AmazonMachineLearningReadOnlyAccess
const AmazonMachineLearningReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonMachineLearningReadOnlyAccess";const AmazonMachineLearningRealTimePredictionOnlyAccess
const AmazonMachineLearningRealTimePredictionOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonMachineLearningRealTimePredictionOnlyAccess";const AmazonMachineLearningRoleforRedshiftDataSource
const AmazonMachineLearningRoleforRedshiftDataSource: ARN = "arn:aws:iam::aws:policy/service-role/AmazonMachineLearningRoleforRedshiftDataSource";const AmazonMechanicalTurkFullAccess
const AmazonMechanicalTurkFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonMechanicalTurkFullAccess";const AmazonMechanicalTurkReadOnly
const AmazonMechanicalTurkReadOnly: ARN = "arn:aws:iam::aws:policy/AmazonMechanicalTurkReadOnly";const AmazonMobileAnalyticsFinancialReportAccess
const AmazonMobileAnalyticsFinancialReportAccess: ARN = "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFinancialReportAccess";const AmazonMobileAnalyticsFullAccess
const AmazonMobileAnalyticsFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFullAccess";const AmazonMobileAnalyticsNonfinancialReportAccess
const AmazonMobileAnalyticsNonfinancialReportAccess: ARN = "arn:aws:iam::aws:policy/AmazonMobileAnalyticsNon-financialReportAccess";const AmazonMobileAnalyticsWriteOnlyAccess
const AmazonMobileAnalyticsWriteOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonMobileAnalyticsWriteOnlyAccess";const AmazonPollyFullAccess
const AmazonPollyFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonPollyFullAccess";const AmazonPollyReadOnlyAccess
const AmazonPollyReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonPollyReadOnlyAccess";const AmazonRDSDirectoryServiceAccess
const AmazonRDSDirectoryServiceAccess: ARN = "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess";const AmazonRDSEnhancedMonitoringRole
const AmazonRDSEnhancedMonitoringRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole";const AmazonRDSFullAccess
const AmazonRDSFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonRDSFullAccess";const AmazonRDSReadOnlyAccess
const AmazonRDSReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonRDSReadOnlyAccess";const AmazonRedshiftFullAccess
const AmazonRedshiftFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonRedshiftFullAccess";const AmazonRedshiftReadOnlyAccess
const AmazonRedshiftReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonRedshiftReadOnlyAccess";const AmazonRekognitionFullAccess
const AmazonRekognitionFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonRekognitionFullAccess";const AmazonRekognitionReadOnlyAccess
const AmazonRekognitionReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonRekognitionReadOnlyAccess";const AmazonRoute53DomainsFullAccess
const AmazonRoute53DomainsFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonRoute53DomainsFullAccess";const AmazonRoute53DomainsReadOnlyAccess
const AmazonRoute53DomainsReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonRoute53DomainsReadOnlyAccess";const AmazonRoute53FullAccess
const AmazonRoute53FullAccess: ARN = "arn:aws:iam::aws:policy/AmazonRoute53FullAccess";const AmazonRoute53ReadOnlyAccess
const AmazonRoute53ReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonRoute53ReadOnlyAccess";const AmazonS3FullAccess
const AmazonS3FullAccess: ARN = "arn:aws:iam::aws:policy/AmazonS3FullAccess";const AmazonS3ReadOnlyAccess
const AmazonS3ReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess";const AmazonSESFullAccess
const AmazonSESFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonSESFullAccess";const AmazonSESReadOnlyAccess
const AmazonSESReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonSESReadOnlyAccess";const AmazonSNSFullAccess
const AmazonSNSFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonSNSFullAccess";const AmazonSNSReadOnlyAccess
const AmazonSNSReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonSNSReadOnlyAccess";const AmazonSNSRole
const AmazonSNSRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonSNSRole";const AmazonSQSFullAccess
const AmazonSQSFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonSQSFullAccess";const AmazonSQSReadOnlyAccess
const AmazonSQSReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonSQSReadOnlyAccess";const AmazonSSMAutomationRole
const AmazonSSMAutomationRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonSSMAutomationRole";const AmazonSSMFullAccess
const AmazonSSMFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonSSMFullAccess";const AmazonSSMMaintenanceWindowRole
const AmazonSSMMaintenanceWindowRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonSSMMaintenanceWindowRole";const AmazonSSMReadOnlyAccess
const AmazonSSMReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess";const AmazonVPCFullAccess
const AmazonVPCFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonVPCFullAccess";const AmazonVPCReadOnlyAccess
const AmazonVPCReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonVPCReadOnlyAccess";const AmazonWorkMailFullAccess
const AmazonWorkMailFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonWorkMailFullAccess";const AmazonWorkMailReadOnlyAccess
const AmazonWorkMailReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonWorkMailReadOnlyAccess";const AmazonWorkSpacesAdmin
const AmazonWorkSpacesAdmin: ARN = "arn:aws:iam::aws:policy/AmazonWorkSpacesAdmin";const AmazonWorkSpacesApplicationManagerAdminAccess
const AmazonWorkSpacesApplicationManagerAdminAccess: ARN = "arn:aws:iam::aws:policy/AmazonWorkSpacesApplicationManagerAdminAccess";const AmazonZocaloFullAccess
const AmazonZocaloFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonZocaloFullAccess";const AmazonZocaloReadOnlyAccess
const AmazonZocaloReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonZocaloReadOnlyAccess";const ApiGatewayPrincipal
let Service
let Service: string = "apigateway.amazonaws.com";const ApplicationAutoScalingForAmazonAppStreamAccess
const ApplicationAutoScalingForAmazonAppStreamAccess: ARN = "arn:aws:iam::aws:policy/service-role/ApplicationAutoScalingForAmazonAppStreamAccess";function assumeRolePolicyForPrincipal
assumeRolePolicyForPrincipal(principal: Principal): PolicyDocumentassumeRolePolicyForPrincipal returns a well-formed policy document which can be
used to control which principals may assume an IAM Role, by granting the sts:AssumeRole
action to those principals.
const AthenaPrincipal
let Service
let Service: string = "athena.amazonaws.com";const AutoScalingConsoleFullAccess
const AutoScalingConsoleFullAccess: ARN = "arn:aws:iam::aws:policy/AutoScalingConsoleFullAccess";const AutoScalingConsoleReadOnlyAccess
const AutoScalingConsoleReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AutoScalingConsoleReadOnlyAccess";const AutoScalingFullAccess
const AutoScalingFullAccess: ARN = "arn:aws:iam::aws:policy/AutoScalingFullAccess";const AutoScalingNotificationAccessRole
const AutoScalingNotificationAccessRole: ARN = "arn:aws:iam::aws:policy/service-role/AutoScalingNotificationAccessRole";const AutoscalingPrincipal
let Service
let Service: string = "autoscaling.amazonaws.com";const AutoScalingReadOnlyAccess
const AutoScalingReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AutoScalingReadOnlyAccess";const AWSAccountActivityAccess
const AWSAccountActivityAccess: ARN = "arn:aws:iam::aws:policy/AWSAccountActivityAccess";const AWSAccountUsageReportAccess
const AWSAccountUsageReportAccess: ARN = "arn:aws:iam::aws:policy/AWSAccountUsageReportAccess";const AWSAgentlessDiscoveryService
const AWSAgentlessDiscoveryService: ARN = "arn:aws:iam::aws:policy/AWSAgentlessDiscoveryService";const AWSApplicationDiscoveryAgentAccess
const AWSApplicationDiscoveryAgentAccess: ARN = "arn:aws:iam::aws:policy/AWSApplicationDiscoveryAgentAccess";const AWSApplicationDiscoveryServiceFullAccess
const AWSApplicationDiscoveryServiceFullAccess: ARN = "arn:aws:iam::aws:policy/AWSApplicationDiscoveryServiceFullAccess";const AWSBatchFullAccess
const AWSBatchFullAccess: ARN = "arn:aws:iam::aws:policy/AWSBatchFullAccess";const AWSBatchServiceRole
const AWSBatchServiceRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole";const AWSCertificateManagerFullAccess
const AWSCertificateManagerFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCertificateManagerFullAccess";const AWSCertificateManagerReadOnly
const AWSCertificateManagerReadOnly: ARN = "arn:aws:iam::aws:policy/AWSCertificateManagerReadOnly";const AWSCloudFormationReadOnlyAccess
const AWSCloudFormationReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSCloudFormationReadOnlyAccess";const AWSCloudHSMFullAccess
const AWSCloudHSMFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCloudHSMFullAccess";const AWSCloudHSMReadOnlyAccess
const AWSCloudHSMReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSCloudHSMReadOnlyAccess";const AWSCloudHSMRole
const AWSCloudHSMRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSCloudHSMRole";const AWSCloudTrailFullAccess
const AWSCloudTrailFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCloudTrailFullAccess";const AWSCloudTrailReadOnlyAccess
const AWSCloudTrailReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSCloudTrailReadOnlyAccess";const AWSCodeBuildAdminAccess
const AWSCodeBuildAdminAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess";const AWSCodeBuildDeveloperAccess
const AWSCodeBuildDeveloperAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess";const AWSCodeBuildReadOnlyAccess
const AWSCodeBuildReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeBuildReadOnlyAccess";const AWSCodeCommitFullAccess
const AWSCodeCommitFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeCommitFullAccess";const AWSCodeCommitPowerUser
const AWSCodeCommitPowerUser: ARN = "arn:aws:iam::aws:policy/AWSCodeCommitPowerUser";const AWSCodeCommitReadOnly
const AWSCodeCommitReadOnly: ARN = "arn:aws:iam::aws:policy/AWSCodeCommitReadOnly";const AWSCodeDeployDeployerAccess
const AWSCodeDeployDeployerAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess";const AWSCodeDeployFullAccess
const AWSCodeDeployFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeDeployFullAccess";const AWSCodeDeployReadOnlyAccess
const AWSCodeDeployReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeDeployReadOnlyAccess";const AWSCodeDeployRole
const AWSCodeDeployRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole";const AWSCodePipelineApproverAccess
const AWSCodePipelineApproverAccess: ARN = "arn:aws:iam::aws:policy/AWSCodePipelineApproverAccess";const AWSCodePipelineCustomActionAccess
const AWSCodePipelineCustomActionAccess: ARN = "arn:aws:iam::aws:policy/AWSCodePipelineCustomActionAccess";const AWSCodePipelineFullAccess
const AWSCodePipelineFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCodePipelineFullAccess";const AWSCodePipelineReadOnlyAccess
const AWSCodePipelineReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSCodePipelineReadOnlyAccess";const AWSCodeStarFullAccess
const AWSCodeStarFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeStarFullAccess";const AWSCodeStarServiceRole
const AWSCodeStarServiceRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSCodeStarServiceRole";const AWSConfigRole
const AWSConfigRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSConfigRole";const AWSConfigRulesExecutionRole
const AWSConfigRulesExecutionRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSConfigRulesExecutionRole";const AWSConfigUserAccess
const AWSConfigUserAccess: ARN = "arn:aws:iam::aws:policy/AWSConfigUserAccess";const AWSConnector
const AWSConnector: ARN = "arn:aws:iam::aws:policy/AWSConnector";const AWSDataPipeline_FullAccess
const AWSDataPipeline_FullAccess: ARN = "arn:aws:iam::aws:policy/AWSDataPipeline_FullAccess";const AWSDataPipeline_PowerUser
const AWSDataPipeline_PowerUser: ARN = "arn:aws:iam::aws:policy/AWSDataPipeline_PowerUser";const AWSDataPipelineRole
const AWSDataPipelineRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSDataPipelineRole";const AWSDeviceFarmFullAccess
const AWSDeviceFarmFullAccess: ARN = "arn:aws:iam::aws:policy/AWSDeviceFarmFullAccess";const AWSDirectConnectFullAccess
const AWSDirectConnectFullAccess: ARN = "arn:aws:iam::aws:policy/AWSDirectConnectFullAccess";const AWSDirectConnectReadOnlyAccess
const AWSDirectConnectReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSDirectConnectReadOnlyAccess";const AWSDirectoryServiceFullAccess
const AWSDirectoryServiceFullAccess: ARN = "arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess";const AWSDirectoryServiceReadOnlyAccess
const AWSDirectoryServiceReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSDirectoryServiceReadOnlyAccess";const AWSElasticBeanstalkCustomPlatformforEC2Role
const AWSElasticBeanstalkCustomPlatformforEC2Role: ARN = "arn:aws:iam::aws:policy/AWSElasticBeanstalkCustomPlatformforEC2Role";const AWSElasticBeanstalkEnhancedHealth
const AWSElasticBeanstalkEnhancedHealth: ARN = "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkEnhancedHealth";const AWSElasticBeanstalkFullAccess
const AWSElasticBeanstalkFullAccess: ARN = "arn:aws:iam::aws:policy/AWSElasticBeanstalkFullAccess";const AWSElasticBeanstalkMulticontainerDocker
const AWSElasticBeanstalkMulticontainerDocker: ARN = "arn:aws:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker";const AWSElasticBeanstalkReadOnlyAccess
const AWSElasticBeanstalkReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSElasticBeanstalkReadOnlyAccess";const AWSElasticBeanstalkService
const AWSElasticBeanstalkService: ARN = "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkService";const AWSElasticBeanstalkWebTier
const AWSElasticBeanstalkWebTier: ARN = "arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier";const AWSElasticBeanstalkWorkerTier
const AWSElasticBeanstalkWorkerTier: ARN = "arn:aws:iam::aws:policy/AWSElasticBeanstalkWorkerTier";const AWSGreengrassFullAccess
const AWSGreengrassFullAccess: ARN = "arn:aws:iam::aws:policy/AWSGreengrassFullAccess";const AWSGreengrassResourceAccessRolePolicy
const AWSGreengrassResourceAccessRolePolicy: ARN = "arn:aws:iam::aws:policy/service-role/AWSGreengrassResourceAccessRolePolicy";const AWSHealthFullAccess
const AWSHealthFullAccess: ARN = "arn:aws:iam::aws:policy/AWSHealthFullAccess";const AWSImportExportFullAccess
const AWSImportExportFullAccess: ARN = "arn:aws:iam::aws:policy/AWSImportExportFullAccess";const AWSImportExportReadOnlyAccess
const AWSImportExportReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSImportExportReadOnlyAccess";const AWSIoTConfigAccess
const AWSIoTConfigAccess: ARN = "arn:aws:iam::aws:policy/AWSIoTConfigAccess";const AWSIoTConfigReadOnlyAccess
const AWSIoTConfigReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSIoTConfigReadOnlyAccess";const AWSIoTDataAccess
const AWSIoTDataAccess: ARN = "arn:aws:iam::aws:policy/AWSIoTDataAccess";const AWSIoTFullAccess
const AWSIoTFullAccess: ARN = "arn:aws:iam::aws:policy/AWSIoTFullAccess";const AWSIoTLogging
const AWSIoTLogging: ARN = "arn:aws:iam::aws:policy/service-role/AWSIoTLogging";const AWSIoTRuleActions
const AWSIoTRuleActions: ARN = "arn:aws:iam::aws:policy/service-role/AWSIoTRuleActions";const AWSKeyManagementServicePowerUser
const AWSKeyManagementServicePowerUser: ARN = "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser";const AWSLambdaBasicExecutionRole
const AWSLambdaBasicExecutionRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole";const AWSLambdaDynamoDBExecutionRole
const AWSLambdaDynamoDBExecutionRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole";const AWSLambdaENIManagementAccess
const AWSLambdaENIManagementAccess: ARN = "arn:aws:iam::aws:policy/service-role/AWSLambdaENIManagementAccess";const AWSLambdaExecute
const AWSLambdaExecute: ARN = "arn:aws:iam::aws:policy/AWSLambdaExecute";const AWSLambdaFullAccess
const AWSLambdaFullAccess: ARN = "arn:aws:iam::aws:policy/AWSLambdaFullAccess";const AWSLambdaInvocationDynamoDB
const AWSLambdaInvocationDynamoDB: ARN = "arn:aws:iam::aws:policy/AWSLambdaInvocation-DynamoDB";const AWSLambdaKinesisExecutionRole
const AWSLambdaKinesisExecutionRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSLambdaKinesisExecutionRole";const AWSLambdaReadOnlyAccess
const AWSLambdaReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSLambdaReadOnlyAccess";const AWSLambdaRole
const AWSLambdaRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSLambdaRole";const AWSLambdaVPCAccessExecutionRole
const AWSLambdaVPCAccessExecutionRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole";const AWSMarketplaceFullAccess
const AWSMarketplaceFullAccess: ARN = "arn:aws:iam::aws:policy/AWSMarketplaceFullAccess";const AWSMarketplaceGetEntitlements
const AWSMarketplaceGetEntitlements: ARN = "arn:aws:iam::aws:policy/AWSMarketplaceGetEntitlements";const AWSMarketplaceManageSubscriptions
const AWSMarketplaceManageSubscriptions: ARN = "arn:aws:iam::aws:policy/AWSMarketplaceManageSubscriptions";const AWSMarketplaceMeteringFullAccess
const AWSMarketplaceMeteringFullAccess: ARN = "arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess";const AWSMarketplaceReadonly
const AWSMarketplaceReadonly: ARN = "arn:aws:iam::aws:policy/AWSMarketplaceRead-only";const AWSMobileHub_FullAccess
const AWSMobileHub_FullAccess: ARN = "arn:aws:iam::aws:policy/AWSMobileHub_FullAccess";const AWSMobileHub_ReadOnly
const AWSMobileHub_ReadOnly: ARN = "arn:aws:iam::aws:policy/AWSMobileHub_ReadOnly";const AWSMobileHub_ServiceUseOnly
const AWSMobileHub_ServiceUseOnly: ARN = "arn:aws:iam::aws:policy/service-role/AWSMobileHub_ServiceUseOnly";const AWSOpsWorksCloudWatchLogs
const AWSOpsWorksCloudWatchLogs: ARN = "arn:aws:iam::aws:policy/AWSOpsWorksCloudWatchLogs";const AWSOpsWorksCMInstanceProfileRole
const AWSOpsWorksCMInstanceProfileRole: ARN = "arn:aws:iam::aws:policy/AWSOpsWorksCMInstanceProfileRole";const AWSOpsWorksCMServiceRole
const AWSOpsWorksCMServiceRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSOpsWorksCMServiceRole";const AWSOpsWorksFullAccess
const AWSOpsWorksFullAccess: ARN = "arn:aws:iam::aws:policy/AWSOpsWorksFullAccess";const AWSOpsWorksInstanceRegistration
const AWSOpsWorksInstanceRegistration: ARN = "arn:aws:iam::aws:policy/AWSOpsWorksInstanceRegistration";const AWSOpsWorksRegisterCLI
const AWSOpsWorksRegisterCLI: ARN = "arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI";const AWSOpsWorksRole
const AWSOpsWorksRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSOpsWorksRole";interface AWSPrincipal
interface AWSPrincipalWhen you use an AWS account identifier as the principal in a policy, the permissions in the policy statement can be granted to all identities contained in that account. This includes IAM users and roles in that account. When you specify an AWS account, you can use the account ARN (arn:aws:iam::AWS-account-ID:root), or a shortened form that consists of the AWS: prefix followed by the account ID.
property AWS
AWS: Input<string> | Input<Input<string>[]>;const AWSQuicksightAthenaAccess
const AWSQuicksightAthenaAccess: ARN = "arn:aws:iam::aws:policy/service-role/AWSQuicksightAthenaAccess";const AWSQuickSightDescribeRDS
const AWSQuickSightDescribeRDS: ARN = "arn:aws:iam::aws:policy/service-role/AWSQuickSightDescribeRDS";const AWSQuickSightDescribeRedshift
const AWSQuickSightDescribeRedshift: ARN = "arn:aws:iam::aws:policy/service-role/AWSQuickSightDescribeRedshift";const AWSQuickSightListIAM
const AWSQuickSightListIAM: ARN = "arn:aws:iam::aws:policy/service-role/AWSQuickSightListIAM";const AWSStepFunctionsConsoleFullAccess
const AWSStepFunctionsConsoleFullAccess: ARN = "arn:aws:iam::aws:policy/AWSStepFunctionsConsoleFullAccess";const AWSStepFunctionsFullAccess
const AWSStepFunctionsFullAccess: ARN = "arn:aws:iam::aws:policy/AWSStepFunctionsFullAccess";const AWSStepFunctionsReadOnlyAccess
const AWSStepFunctionsReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSStepFunctionsReadOnlyAccess";const AWSStorageGatewayFullAccess
const AWSStorageGatewayFullAccess: ARN = "arn:aws:iam::aws:policy/AWSStorageGatewayFullAccess";const AWSStorageGatewayReadOnlyAccess
const AWSStorageGatewayReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSStorageGatewayReadOnlyAccess";const AWSSupportAccess
const AWSSupportAccess: ARN = "arn:aws:iam::aws:policy/AWSSupportAccess";const AWSWAFFullAccess
const AWSWAFFullAccess: ARN = "arn:aws:iam::aws:policy/AWSWAFFullAccess";const AWSWAFReadOnlyAccess
const AWSWAFReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSWAFReadOnlyAccess";const AWSXrayFullAccess
const AWSXrayFullAccess: ARN = "arn:aws:iam::aws:policy/AWSXrayFullAccess";const AWSXrayReadOnlyAccess
const AWSXrayReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSXrayReadOnlyAccess";const AWSXrayWriteOnlyAccess
const AWSXrayWriteOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess";const Billing
const Billing: ARN = "arn:aws:iam::aws:policy/job-function/Billing";const CloudDirectoryPrincipal
let Service
let Service: string = "clouddirectory.amazonaws.com";const CloudformationPrincipal
let Service
let Service: string = "cloudformation.amazonaws.com";const CloudFrontFullAccess
const CloudFrontFullAccess: ARN = "arn:aws:iam::aws:policy/CloudFrontFullAccess";const CloudfrontPrincipal
let Service
let Service: string = "cloudfront.amazonaws.com";const CloudFrontReadOnlyAccess
const CloudFrontReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/CloudFrontReadOnlyAccess";const CloudSearchFullAccess
const CloudSearchFullAccess: ARN = "arn:aws:iam::aws:policy/CloudSearchFullAccess";const CloudSearchPrincipal
let Service
let Service: string = "cloudsearch.amazonaws.com";const CloudSearchReadOnlyAccess
const CloudSearchReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/CloudSearchReadOnlyAccess";const CloudtrailPrincipal
let Service
let Service: string = "cloudtrail.amazonaws.com";const CloudWatchActionsEC2Access
const CloudWatchActionsEC2Access: ARN = "arn:aws:iam::aws:policy/CloudWatchActionsEC2Access";const CloudWatchEventsBuiltInTargetExecutionAccess
const CloudWatchEventsBuiltInTargetExecutionAccess: ARN = "arn:aws:iam::aws:policy/service-role/CloudWatchEventsBuiltInTargetExecutionAccess";const CloudWatchEventsFullAccess
const CloudWatchEventsFullAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchEventsFullAccess";const CloudWatchEventsInvocationAccess
const CloudWatchEventsInvocationAccess: ARN = "arn:aws:iam::aws:policy/service-role/CloudWatchEventsInvocationAccess";const CloudWatchEventsReadOnlyAccess
const CloudWatchEventsReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchEventsReadOnlyAccess";const CloudWatchFullAccess
const CloudWatchFullAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchFullAccess";const CloudWatchLogsFullAccess
const CloudWatchLogsFullAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess";const CloudWatchLogsReadOnlyAccess
const CloudWatchLogsReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess";const CloudWatchReadOnlyAccess
const CloudWatchReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess";const CodeCommitPrincipal
let Service
let Service: string = "codecommit.amazonaws.com";const CodeDeployPrincipal
let Service
let Service: string = "codedeploy.amazonaws.com";const CodePipelinePrincipal
let Service
let Service: string = "codepipeline.amazonaws.com";interface ConditionArguments
interface ConditionArgumentsinterface Conditions
interface ConditionsThe Condition element (or Condition block) lets you specify conditions for when a policy is in effect. The Condition element is optional. In the Condition element, you build expressions in which you use condition operators (equal, less than, etc.) to match the condition in the policy against values in the request. Condition values can include date, time, the IP address of the requester, the ARN of the request source, the user name, user ID, and the user agent of the requester. Some services let you specify additional values in conditions; for example, Amazon S3 lets you write a condition using the s3:VersionId key, which is unique to that service.
const ConfigPrincipal
Principals instead
Service Principal for EC2 Config Service
let Service
let Service: string = "config.amazonaws.com";const DatabaseAdministrator
const DatabaseAdministrator: ARN = "arn:aws:iam::aws:policy/job-function/DatabaseAdministrator";const DataPipelinePrincipal
let Service
let Service: string = "datapipeline.amazonaws.com";const DataScientist
const DataScientist: ARN = "arn:aws:iam::aws:policy/job-function/DataScientist";const DirectConnectPrincipal
let Service
let Service: string = "directconnect.amazonaws.com";const DirectoryServicesPrincipal
let Service
let Service: string = "ds.amazonaws.com";const DynamoDbPrincipal
let Service
let Service: string = "dynamodb.amazonaws.com";const Ec2Principal
let Service
let Service: string = "ec2.amazonaws.com";const EcrPrincipal
let Service
let Service: string = "ecr.amazonaws.com";const EcsPrincipal
let Service
let Service: string = "ecs.amazonaws.com";const EdgeLambdaPrincipal
let Service
let Service: string = "edgelambda.amazonaws.com";const ElasticachePrincipal
let Service
let Service: string = "elasticache.amazonaws.com";const ElasticBeanstalkPrincipal
let Service
let Service: string = "elasticbeanstalk.amazonaws.com";const ElasticFileSystemPrincipal
let Service
let Service: string = "elasticfilesystem.amazonaws.com";const ElasticLoadBalancingPrincipal
let Service
let Service: string = "elasticloadbalancing.amazonaws.com";const ElasticMapReducePrincipal
let Service
let Service: string = "elasticmapreduce.amazonaws.com";const EventsPrincipal
let Service
let Service: string = "events.amazonaws.com";interface FederatedPrincipal
interface FederatedPrincipalproperty Federated
Federated: Input<string> | Input<Input<string>[]>;interface GetAccountAliasResult
interface GetAccountAliasResultA collection of values returned by getAccountAlias.
property accountAlias
accountAlias: string;The alias associated with the AWS account.
property id
id: string;id is the provider-assigned unique ID for this managed resource.
interface GetGroupArgs
interface GetGroupArgsA collection of arguments for invoking getGroup.
property groupName
groupName: string;The friendly IAM group name to match.
interface GetGroupResult
interface GetGroupResultA collection of values returned by getGroup.
property arn
arn: string;The Amazon Resource Name (ARN) specifying the iam user.
property groupId
groupId: string;The stable and unique string identifying the group.
property groupName
groupName: string;property id
id: string;id is the provider-assigned unique ID for this managed resource.
property path
path: string;The path to the iam user.
property users
users: GetGroupUser[];List of objects containing group member information. See supported fields below.
interface GetInstanceProfileArgs
interface GetInstanceProfileArgsA collection of arguments for invoking getInstanceProfile.
property name
name: string;The friendly IAM instance profile name to match.
interface GetInstanceProfileResult
interface GetInstanceProfileResultA collection of values returned by getInstanceProfile.
property arn
arn: string;The Amazon Resource Name (ARN) specifying the instance profile.
property createDate
createDate: string;The string representation of the date the instance profile was created.
property id
id: string;id is the provider-assigned unique ID for this managed resource.
property name
name: string;property path
path: string;The path to the instance profile.
property roleArn
roleArn: string;The role arn associated with this instance profile.
property roleId
roleId: string;The role id associated with this instance profile.
property roleName
roleName: string;The role name associated with this instance profile.
interface GetPolicyArgs
interface GetPolicyArgsA collection of arguments for invoking getPolicy.
property arn
arn: string;ARN of the IAM policy.
interface GetPolicyDocumentArgs
interface GetPolicyDocumentArgsA collection of arguments for invoking getPolicyDocument.
property overrideJson
overrideJson?: undefined | string;An IAM policy document to import and override the
current policy document. Statements with non-blank sids in the override
document will overwrite statements with the same sid in the current document.
Statements without an sid cannot be overwritten.
property policyId
policyId?: undefined | string;An ID for the policy document.
property sourceJson
sourceJson?: undefined | string;An IAM policy document to import as a base for the
current policy document. Statements with non-blank sids in the current
policy document will overwrite statements with the same sid in the source
json. Statements without an sid cannot be overwritten.
property statements
statements?: GetPolicyDocumentStatement[];A nested configuration block (described below) configuring one statement to be included in the policy document.
property version
version?: undefined | string;IAM policy document version. Valid values: 2008-10-17, 2012-10-17. Defaults to 2012-10-17. For more information, see the AWS IAM User Guide.
interface GetPolicyDocumentResult
interface GetPolicyDocumentResultA collection of values returned by getPolicyDocument.
property id
id: string;id is the provider-assigned unique ID for this managed resource.
property json
json: string;The above arguments serialized as a standard JSON policy document.
property overrideJson
overrideJson?: undefined | string;property policyId
policyId?: undefined | string;property sourceJson
sourceJson?: undefined | string;property statements
statements?: GetPolicyDocumentStatement[];property version
version?: undefined | string;interface GetPolicyResult
interface GetPolicyResultA collection of values returned by getPolicy.
property arn
arn: string;The Amazon Resource Name (ARN) specifying the policy.
property description
description: string;The description of the policy.
property id
id: string;id is the provider-assigned unique ID for this managed resource.
property name
name: string;The name of the IAM policy.
property path
path: string;The path to the policy.
property policy
policy: string;The policy document of the policy.
interface GetRoleArgs
interface GetRoleArgsA collection of arguments for invoking getRole.
property name
name: string;The friendly IAM role name to match.
interface GetRoleResult
interface GetRoleResultA collection of values returned by getRole.
property arn
arn: string;The Amazon Resource Name (ARN) specifying the role.
property assumeRolePolicy
assumeRolePolicy: string;The policy document associated with the role.
property createDate
createDate: string;Creation date of the role in RFC 3339 format.
property description
description: string;Description for the role.
property id
id: string;id is the provider-assigned unique ID for this managed resource.
property maxSessionDuration
maxSessionDuration: number;Maximum session duration.
property name
name: string;property path
path: string;The path to the role.
property permissionsBoundary
permissionsBoundary: string;The ARN of the policy that is used to set the permissions boundary for the role.
property uniqueId
uniqueId: string;The stable and unique string identifying the role.
interface GetServerCertificateArgs
interface GetServerCertificateArgsA collection of arguments for invoking getServerCertificate.
property latest
latest?: undefined | false | true;sort results by expiration date. returns the certificate with expiration date in furthest in the future.
property name
name?: undefined | string;exact name of the cert to lookup
property namePrefix
namePrefix?: undefined | string;prefix of cert to filter by
property pathPrefix
pathPrefix?: undefined | string;prefix of path to filter by
interface GetServerCertificateResult
interface GetServerCertificateResultA collection of values returned by getServerCertificate.
property arn
arn: string;property certificateBody
certificateBody: string;property certificateChain
certificateChain: string;property expirationDate
expirationDate: string;property id
id: string;id is the provider-assigned unique ID for this managed resource.
property latest
latest?: undefined | false | true;property name
name: string;property namePrefix
namePrefix?: undefined | string;property path
path: string;property pathPrefix
pathPrefix?: undefined | string;property uploadDate
uploadDate: string;interface GetUserArgs
interface GetUserArgsA collection of arguments for invoking getUser.
property userName
userName: string;The friendly IAM user name to match.
interface GetUserResult
interface GetUserResultA collection of values returned by getUser.
property arn
arn: string;The Amazon Resource Name (ARN) assigned by AWS for this user.
property id
id: string;id is the provider-assigned unique ID for this managed resource.
property path
path: string;Path in which this user was created.
property permissionsBoundary
permissionsBoundary: string;The ARN of the policy that is used to set the permissions boundary for the user.
property userId
userId: string;The unique ID assigned by AWS for this user.
property userName
userName: string;The name associated to this User
interface GroupArgs
interface GroupArgsThe set of arguments for constructing a Group resource.
property name
name?: pulumi.Input<string>;The group’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. Group names are not distinguished by case. For example, you cannot create groups named both “ADMINS” and “admins”.
property path
path?: pulumi.Input<string>;Path in which to create the group.
interface GroupMembershipArgs
interface GroupMembershipArgsThe set of arguments for constructing a GroupMembership resource.
property group
group: pulumi.Input<string>;The IAM Group name to attach the list of users to
property name
name?: pulumi.Input<string>;The name to identify the Group Membership
property users
users: pulumi.Input<pulumi.Input<string>[]>;A list of IAM User names to associate with the Group
interface GroupMembershipState
interface GroupMembershipStateInput properties used for looking up and filtering GroupMembership resources.
property group
group?: pulumi.Input<string>;The IAM Group name to attach the list of users to
property name
name?: pulumi.Input<string>;The name to identify the Group Membership
property users
users?: pulumi.Input<pulumi.Input<string>[]>;A list of IAM User names to associate with the Group
interface GroupPolicyArgs
interface GroupPolicyArgsThe set of arguments for constructing a GroupPolicy resource.
property group
group: pulumi.Input<string>;The IAM group to attach to the policy.
property name
name?: pulumi.Input<string>;The name of the policy. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;Creates a unique name beginning with the specified
prefix. Conflicts with name.
property policy
policy: pulumi.Input<string | PolicyDocument>;interface GroupPolicyAttachmentArgs
interface GroupPolicyAttachmentArgsThe set of arguments for constructing a GroupPolicyAttachment resource.
property group
group: pulumi.Input<string | Group>;The group the policy should be applied to
property policyArn
policyArn: pulumi.Input<ARN>;The ARN of the policy you want to apply
interface GroupPolicyAttachmentState
interface GroupPolicyAttachmentStateInput properties used for looking up and filtering GroupPolicyAttachment resources.
property group
group?: pulumi.Input<string | Group>;The group the policy should be applied to
property policyArn
policyArn?: pulumi.Input<ARN>;The ARN of the policy you want to apply
interface GroupPolicyState
interface GroupPolicyStateInput properties used for looking up and filtering GroupPolicy resources.
property group
group?: pulumi.Input<string>;The IAM group to attach to the policy.
property name
name?: pulumi.Input<string>;The name of the policy. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;Creates a unique name beginning with the specified
prefix. Conflicts with name.
property policy
policy?: pulumi.Input<string | PolicyDocument>;interface GroupState
interface GroupStateInput properties used for looking up and filtering Group resources.
property arn
arn?: pulumi.Input<string>;The ARN assigned by AWS for this group.
property name
name?: pulumi.Input<string>;The group’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. Group names are not distinguished by case. For example, you cannot create groups named both “ADMINS” and “admins”.
property path
path?: pulumi.Input<string>;Path in which to create the group.
property uniqueId
uniqueId?: pulumi.Input<string>;The [unique ID][1] assigned by AWS.
const HealthPrincipal
Principals instead
Service Principal for Health
let Service
let Service: string = "health.amazonaws.com";const IAMFullAccess
const IAMFullAccess: ARN = "arn:aws:iam::aws:policy/IAMFullAccess";const IamPrincipal
let Service
let Service: string = "iam.amazonaws.com";const IAMReadOnlyAccess
const IAMReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/IAMReadOnlyAccess";const IAMSelfManageServiceSpecificCredentials
const IAMSelfManageServiceSpecificCredentials: ARN = "arn:aws:iam::aws:policy/IAMSelfManageServiceSpecificCredentials";const IAMUserChangePassword
const IAMUserChangePassword: ARN = "arn:aws:iam::aws:policy/IAMUserChangePassword";const IAMUserSSHKeys
const IAMUserSSHKeys: ARN = "arn:aws:iam::aws:policy/IAMUserSSHKeys";const InspectorPrincipal
let Service
let Service: string = "inspector.amazonaws.com";interface InstanceProfileArgs
interface InstanceProfileArgsThe set of arguments for constructing a InstanceProfile resource.
property name
name?: pulumi.Input<string>;The profile’s name. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;Creates a unique name beginning with the specified prefix. Conflicts with name.
property path
path?: pulumi.Input<string>;Path in which to create the profile.
property role
role?: pulumi.Input<string | Role>;The role name to include in the profile.
property roles
roles?: pulumi.Input<pulumi.Input<string | Role>[]>;A list of role names to include in the profile. The current default is 1. If you see an error message similar to Cannot exceed quota for InstanceSessionsPerInstanceProfile: 1, then you must contact AWS support and ask for a limit increase.
interface InstanceProfileState
interface InstanceProfileStateInput properties used for looking up and filtering InstanceProfile resources.
property arn
arn?: pulumi.Input<string>;The ARN assigned by AWS to the instance profile.
property createDate
createDate?: pulumi.Input<string>;The creation timestamp of the instance profile.
property name
name?: pulumi.Input<string>;The profile’s name. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;Creates a unique name beginning with the specified prefix. Conflicts with name.
property path
path?: pulumi.Input<string>;Path in which to create the profile.
property role
role?: pulumi.Input<string | Role>;The role name to include in the profile.
property roles
roles?: pulumi.Input<pulumi.Input<string | Role>[]>;A list of role names to include in the profile. The current default is 1. If you see an error message similar to Cannot exceed quota for InstanceSessionsPerInstanceProfile: 1, then you must contact AWS support and ask for a limit increase.
property uniqueId
uniqueId?: pulumi.Input<string>;The [unique ID][1] assigned by AWS.
const KinesisPrincipal
Principals instead
Service Principal for Kinesis
let Service
let Service: string = "kinesis.amazonaws.com";const KmsPrincipal
let Service
let Service: string = "kms.amazonaws.com";const LambdaPrincipal
let Service
let Service: string = "lambda.amazonaws.com";const LightsailPrincipal
let Service
let Service: string = "lightsail.amazonaws.com";const LogsPrincipal
let Service
let Service: string = "logs.amazonaws.com";const MonitoringPrincipal
let Service
let Service: string = "monitoring.amazonaws.com";const NetworkAdministrator
const NetworkAdministrator: ARN = "arn:aws:iam::aws:policy/job-function/NetworkAdministrator";interface OpenIdConnectProviderArgs
interface OpenIdConnectProviderArgsThe set of arguments for constructing a OpenIdConnectProvider resource.
property clientIdLists
clientIdLists: pulumi.Input<pulumi.Input<string>[]>;A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that’s sent as the clientId parameter on OAuth requests.)
property thumbprintLists
thumbprintLists: pulumi.Input<pulumi.Input<string>[]>;A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider’s server certificate(s).
property url
url: pulumi.Input<string>;The URL of the identity provider. Corresponds to the iss claim.
interface OpenIdConnectProviderState
interface OpenIdConnectProviderStateInput properties used for looking up and filtering OpenIdConnectProvider resources.
property arn
arn?: pulumi.Input<string>;The ARN assigned by AWS for this provider.
property clientIdLists
clientIdLists?: pulumi.Input<pulumi.Input<string>[]>;A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that’s sent as the clientId parameter on OAuth requests.)
property thumbprintLists
thumbprintLists?: pulumi.Input<pulumi.Input<string>[]>;A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider’s server certificate(s).
property url
url?: pulumi.Input<string>;The URL of the identity provider. Corresponds to the iss claim.
const OpsworksPrincipal
Principals instead
Service Principal for Opsworks
let Service
let Service: string = "opsworks.amazonaws.com";const OrganizationsPrincipal
let Service
let Service: string = "organizations.amazonaws.com";interface PolicyArgs
interface PolicyArgsThe set of arguments for constructing a Policy resource.
property description
description?: pulumi.Input<string>;Description of the IAM policy.
property name
name?: pulumi.Input<string>;The name of the policy. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;Creates a unique name beginning with the specified prefix. Conflicts with name.
property path
path?: pulumi.Input<string>;Path in which to create the policy. See IAM Identifiers for more information.
property policy
policy: pulumi.Input<string | PolicyDocument>;interface PolicyAttachmentArgs
interface PolicyAttachmentArgsThe set of arguments for constructing a PolicyAttachment resource.
property groups
groups?: pulumi.Input<pulumi.Input<string | Group>[]>;The group(s) the policy should be applied to
property name
name?: pulumi.Input<string>;The name of the attachment. This cannot be an empty string.
property policyArn
policyArn: pulumi.Input<ARN>;The ARN of the policy you want to apply
property roles
roles?: pulumi.Input<pulumi.Input<string | Role>[]>;The role(s) the policy should be applied to
property users
users?: pulumi.Input<pulumi.Input<string | User>[]>;The user(s) the policy should be applied to
interface PolicyAttachmentState
interface PolicyAttachmentStateInput properties used for looking up and filtering PolicyAttachment resources.
property groups
groups?: pulumi.Input<pulumi.Input<string | Group>[]>;The group(s) the policy should be applied to
property name
name?: pulumi.Input<string>;The name of the attachment. This cannot be an empty string.
property policyArn
policyArn?: pulumi.Input<ARN>;The ARN of the policy you want to apply
property roles
roles?: pulumi.Input<pulumi.Input<string | Role>[]>;The role(s) the policy should be applied to
property users
users?: pulumi.Input<pulumi.Input<string | User>[]>;The user(s) the policy should be applied to
interface PolicyDocument
interface PolicyDocumentYou manage access in AWS by creating policies and attaching them to IAM identities or AWS resources. A policy is an object in AWS that, when associated with an entity or resource, defines their permissions. AWS evaluates these policies when a principal, such as a user, makes a request. Permissions in the policies determine whether the request is allowed or denied.
IAM policies define permissions for an action regardless of the method that you use to perform the operation. For
example, if a policy allows the GetUser action, then a user with that policy can get user information from the
AWS Management Console, the AWS CLI, or the AWS API. When you create an IAM user, you can set up the user to
allow console or programmatic access. The IAM user can sign in to the console using a user name and password.
Or they can use access keys to work with the CLI or API.
Most policies are stored in AWS as JSON documents. Identity-based policies, policies used to set boundaries, or AWS STS boundary policies are JSON policy documents that you attach to a user or role. Resource-based policies are JSON policy documents that you attach to a resource. SCPs are JSON policy documents with restricted syntax that you attach to an AWS Organizations organizational unit (OU). ACLs are also attached to a resource, but you must use a different syntax.
A JSON policy document includes these elements:
- Optional policywide information at the top of the document
- One or more individual statements
Each statement includes information about a single permission. If a policy includes multiple statements, AWS applies a logical OR across the statements when evaluating them. If multiple policies apply to a request, AWS applies a logical OR across all of those policies when evaluating them.
For more details about IAM policies, please refer to the AWS documentation online: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
property Id
Id?: Input<string>;property Statement
Statement: Input<Input<PolicyStatement>[]>;property Version
Version: Input<"2008-10-17" | "2012-10-17">;interface PolicyState
interface PolicyStateInput properties used for looking up and filtering Policy resources.
property arn
arn?: pulumi.Input<string>;The ARN assigned by AWS to this policy.
property description
description?: pulumi.Input<string>;Description of the IAM policy.
property name
name?: pulumi.Input<string>;The name of the policy. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;Creates a unique name beginning with the specified prefix. Conflicts with name.
property path
path?: pulumi.Input<string>;Path in which to create the policy. See IAM Identifiers for more information.
property policy
policy?: pulumi.Input<string | PolicyDocument>;interface PolicyStatement
interface PolicyStatementThe Statement element is the main element for a policy. This element is required. It can include multiple elements (see the subsequent sections in this page). The Statement element contains an array of individual statements.
property Action
Action?: Input<string> | Input<Input<string>[]>;property Condition
Condition?: Input<Conditions>;property Effect
Effect: Input<"Allow" | "Deny">;property NotAction
NotAction?: Input<string> | Input<Input<string>[]>;property NotPrincipal
NotPrincipal?: Input<Principal>;property NotResource
NotResource?: Input<string> | Input<Input<string>[]>;property Principal
Principal?: Input<Principal>;property Resource
Resource?: Input<string> | Input<Input<string>[]>;property Sid
Sid?: Input<string>;const PowerUserAccess
const PowerUserAccess: ARN = "arn:aws:iam::aws:policy/PowerUserAccess";type Principal
type Principal = "*" | AWSPrincipal | ServicePrincipal | FederatedPrincipal;Use the Principal element to specify the user (IAM user, federated user, or assumed-role user), AWS account, AWS service, or other principal entity that is allowed or denied access to a resource. You use the Principal element in the trust policies for IAM roles and in resource-based policies—that is, in policies that you embed directly in a resource. For example, you can embed such policies in an Amazon S3 bucket, an Amazon Glacier vault, an Amazon SNS topic, an Amazon SQS queue, or an AWS KMS customer master key (CMK).
Use the Principal element in these ways:
- In IAM roles, use the Principal element in the role's trust policy to specify who can assume the role. For
cross-account access, you must specify the 12-digit identifier of the trusted account.
Note: After you create the role, you can change the account to "*" to allow everyone to assume the role. If
you do this, we strongly recommend that you limit who can access the role through other means, such as a
Condition element that limits access to only certain IP addresses. Do not leave your role accessible to
everyone!
- In resource-based policies, use the Principal element to specify the accounts or users who are allowed to
access the resource.
Do not use the Principal element in policies that you attach to IAM users and groups. Similarly, you do not specify a principal in the permission policy for an IAM role. In those cases, the principal is implicitly the user that the policy is attached to (for IAM users) or the user who assumes the role (for role access policies). When the policy is attached to an IAM group, the principal is the IAM user in that group who is making the request.
const RDSCloudHsmAuthorizationRole
ManagedPolicies instead
const RDSCloudHsmAuthorizationRole: ARN = "arn:aws:iam::aws:policy/service-role/RDSCloudHsmAuthorizationRole";const RdsPrincipal
Principals instead
Service Principal for Relational Database Service
let Service
let Service: string = "rds.amazonaws.com";const ReadOnlyAccess
const ReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/ReadOnlyAccess";const RedshiftPrincipal
let Service
let Service: string = "redshift.amazonaws.com";const ResourceGroupsandTagEditorFullAccess
const ResourceGroupsandTagEditorFullAccess: ARN = "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorFullAccess";const ResourceGroupsandTagEditorReadOnlyAccess
const ResourceGroupsandTagEditorReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorReadOnlyAccess";interface RoleArgs
interface RoleArgsThe set of arguments for constructing a Role resource.
property assumeRolePolicy
assumeRolePolicy: pulumi.Input<string | PolicyDocument>;The policy that grants an entity permission to assume the role.
property description
description?: pulumi.Input<string>;The description of the role.
property forceDetachPolicies
forceDetachPolicies?: pulumi.Input<boolean>;Specifies to force detaching any policies the role has before destroying it. Defaults to false.
property maxSessionDuration
maxSessionDuration?: pulumi.Input<number>;The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
property name
name?: pulumi.Input<string>;The name of the role. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;Creates a unique name beginning with the specified prefix. Conflicts with name.
property path
path?: pulumi.Input<string>;The path to the role. See IAM Identifiers for more information.
property permissionsBoundary
permissionsBoundary?: pulumi.Input<string>;The ARN of the policy that is used to set the permissions boundary for the role.
property tags
tags?: pulumi.Input<{[key: string]: any}>;Key-value mapping of tags for the IAM role
interface RolePolicyArgs
interface RolePolicyArgsThe set of arguments for constructing a RolePolicy resource.
property name
name?: pulumi.Input<string>;The name of the role policy. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;Creates a unique name beginning with the specified
prefix. Conflicts with name.
property policy
policy: pulumi.Input<string | PolicyDocument>;property role
role: pulumi.Input<string | Role>;The IAM role to attach to the policy.
interface RolePolicyAttachmentArgs
interface RolePolicyAttachmentArgsThe set of arguments for constructing a RolePolicyAttachment resource.
property policyArn
policyArn: pulumi.Input<ARN>;The ARN of the policy you want to apply
property role
role: pulumi.Input<string | Role>;The role the policy should be applied to
interface RolePolicyAttachmentState
interface RolePolicyAttachmentStateInput properties used for looking up and filtering RolePolicyAttachment resources.
property policyArn
policyArn?: pulumi.Input<ARN>;The ARN of the policy you want to apply
property role
role?: pulumi.Input<string | Role>;The role the policy should be applied to
interface RolePolicyState
interface RolePolicyStateInput properties used for looking up and filtering RolePolicy resources.
property name
name?: pulumi.Input<string>;The name of the role policy. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;Creates a unique name beginning with the specified
prefix. Conflicts with name.
property policy
policy?: pulumi.Input<string | PolicyDocument>;property role
role?: pulumi.Input<string | Role>;The IAM role to attach to the policy.
interface RoleState
interface RoleStateInput properties used for looking up and filtering Role resources.
property arn
arn?: pulumi.Input<string>;The Amazon Resource Name (ARN) specifying the role.
property assumeRolePolicy
assumeRolePolicy?: pulumi.Input<string | PolicyDocument>;The policy that grants an entity permission to assume the role.
property createDate
createDate?: pulumi.Input<string>;The creation date of the IAM role.
property description
description?: pulumi.Input<string>;The description of the role.
property forceDetachPolicies
forceDetachPolicies?: pulumi.Input<boolean>;Specifies to force detaching any policies the role has before destroying it. Defaults to false.
property maxSessionDuration
maxSessionDuration?: pulumi.Input<number>;The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
property name
name?: pulumi.Input<string>;The name of the role. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;Creates a unique name beginning with the specified prefix. Conflicts with name.
property path
path?: pulumi.Input<string>;The path to the role. See IAM Identifiers for more information.
property permissionsBoundary
permissionsBoundary?: pulumi.Input<string>;The ARN of the policy that is used to set the permissions boundary for the role.
property tags
tags?: pulumi.Input<{[key: string]: any}>;Key-value mapping of tags for the IAM role
property uniqueId
uniqueId?: pulumi.Input<string>;The stable and unique string identifying the role.
const Route53Principal
Principals instead
Service Principal for Route 53
let Service
let Service: string = "route53.amazonaws.com";const S3Principal
let Service
let Service: string = "s3.amazonaws.com";interface SamlProviderArgs
interface SamlProviderArgsThe set of arguments for constructing a SamlProvider resource.
property name
name?: pulumi.Input<string>;The name of the provider to create.
property samlMetadataDocument
samlMetadataDocument: pulumi.Input<string>;An XML document generated by an identity provider that supports SAML 2.0.
interface SamlProviderState
interface SamlProviderStateInput properties used for looking up and filtering SamlProvider resources.
property arn
arn?: pulumi.Input<string>;The ARN assigned by AWS for this provider.
property name
name?: pulumi.Input<string>;The name of the provider to create.
property samlMetadataDocument
samlMetadataDocument?: pulumi.Input<string>;An XML document generated by an identity provider that supports SAML 2.0.
property validUntil
validUntil?: pulumi.Input<string>;The expiration date and time for the SAML provider in RFC1123 format, e.g. Mon, 02 Jan 2006 15:04:05 MST.
const SecurityAudit
ManagedPolicies instead
const SecurityAudit: ARN = "arn:aws:iam::aws:policy/SecurityAudit";interface ServerCertificateArgs
interface ServerCertificateArgsThe set of arguments for constructing a ServerCertificate resource.
property arn
arn?: pulumi.Input<string>;The Amazon Resource Name (ARN) specifying the server certificate.
property certificateBody
certificateBody: pulumi.Input<string>;The contents of the public key certificate in PEM-encoded format.
property certificateChain
certificateChain?: pulumi.Input<string>;The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
property name
name?: pulumi.Input<string>;The name of the Server Certificate. Do not include the path in this value. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;Creates a unique name beginning with the specified
prefix. Conflicts with name.
property path
path?: pulumi.Input<string>;The IAM path for the server certificate. If it is not
included, it defaults to a slash (/). If this certificate is for use with
AWS CloudFront, the path must be in format /cloudfront/your_path_here.
See [IAM Identifiers][1] for more details on IAM Paths.
property privateKey
privateKey: pulumi.Input<string>;The contents of the private key in PEM-encoded format.
interface ServerCertificateState
interface ServerCertificateStateInput properties used for looking up and filtering ServerCertificate resources.
property arn
arn?: pulumi.Input<string>;The Amazon Resource Name (ARN) specifying the server certificate.
property certificateBody
certificateBody?: pulumi.Input<string>;The contents of the public key certificate in PEM-encoded format.
property certificateChain
certificateChain?: pulumi.Input<string>;The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
property name
name?: pulumi.Input<string>;The name of the Server Certificate. Do not include the path in this value. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;Creates a unique name beginning with the specified
prefix. Conflicts with name.
property path
path?: pulumi.Input<string>;The IAM path for the server certificate. If it is not
included, it defaults to a slash (/). If this certificate is for use with
AWS CloudFront, the path must be in format /cloudfront/your_path_here.
See [IAM Identifiers][1] for more details on IAM Paths.
property privateKey
privateKey?: pulumi.Input<string>;The contents of the private key in PEM-encoded format.
const ServerMigrationConnector
ManagedPolicies instead
const ServerMigrationConnector: ARN = "arn:aws:iam::aws:policy/ServerMigrationConnector";const ServerMigrationServiceRole
ManagedPolicies instead
const ServerMigrationServiceRole: ARN = "arn:aws:iam::aws:policy/service-role/ServerMigrationServiceRole";const ServiceCatalogAdminFullAccess
ManagedPolicies instead
const ServiceCatalogAdminFullAccess: ARN = "arn:aws:iam::aws:policy/ServiceCatalogAdminFullAccess";const ServiceCatalogAdminReadOnlyAccess
ManagedPolicies instead
const ServiceCatalogAdminReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/ServiceCatalogAdminReadOnlyAccess";const ServiceCatalogEndUserAccess
ManagedPolicies instead
const ServiceCatalogEndUserAccess: ARN = "arn:aws:iam::aws:policy/ServiceCatalogEndUserAccess";const ServiceCatalogEndUserFullAccess
ManagedPolicies instead
const ServiceCatalogEndUserFullAccess: ARN = "arn:aws:iam::aws:policy/ServiceCatalogEndUserFullAccess";const ServiceCatalogPrincipal
Principals instead
Service Principal for Service Catalog
let Service
let Service: string = "servicecatalog.amazonaws.com";interface ServiceLinkedRoleArgs
interface ServiceLinkedRoleArgsThe set of arguments for constructing a ServiceLinkedRole resource.
property awsServiceName
awsServiceName: pulumi.Input<string>;The AWS service to which this role is attached. You use a string similar to a URL but without the http:// in front. For example: elasticbeanstalk.amazonaws.com. To find the full list of services that support service-linked roles, check the docs.
property customSuffix
customSuffix?: pulumi.Input<string>;Additional string appended to the role name. Not all AWS services support custom suffixes.
property description
description?: pulumi.Input<string>;The description of the role.
interface ServiceLinkedRoleState
interface ServiceLinkedRoleStateInput properties used for looking up and filtering ServiceLinkedRole resources.
property arn
arn?: pulumi.Input<string>;The Amazon Resource Name (ARN) specifying the role.
property awsServiceName
awsServiceName?: pulumi.Input<string>;The AWS service to which this role is attached. You use a string similar to a URL but without the http:// in front. For example: elasticbeanstalk.amazonaws.com. To find the full list of services that support service-linked roles, check the docs.
property createDate
createDate?: pulumi.Input<string>;The creation date of the IAM role.
property customSuffix
customSuffix?: pulumi.Input<string>;Additional string appended to the role name. Not all AWS services support custom suffixes.
property description
description?: pulumi.Input<string>;The description of the role.
property name
name?: pulumi.Input<string>;The name of the role.
property path
path?: pulumi.Input<string>;The path of the role.
property uniqueId
uniqueId?: pulumi.Input<string>;The stable and unique string identifying the role.
interface ServicePrincipal
interface ServicePrincipalIAM roles that can be assumed by an AWS service are called service roles. Service roles must include a trust policy.
Trust policies are resource-based policies that are attached to a role that define which principals can assume the
role. Some service role have predefined trust policies. However, in some cases, you must specify the service
principal in the trust policy. A service principal is an identifier that is used to grant permissions to a service.
The identifier includes the long version of a service name, e.g. long_service_name.amazonaws.com. The service
principal is defined by the service. To learn the service principal for a service, see the documentation for that
service.
property Service
Service: Input<string> | Input<Input<string>[]>;const SesPrincipal
let Service
let Service: string = "ses.amazonaws.com";const SigninPrincipal
let Service
let Service: string = "signin.amazonaws.com";const SimpleWorkflowFullAccess
const SimpleWorkflowFullAccess: ARN = "arn:aws:iam::aws:policy/SimpleWorkflowFullAccess";const SnsPrincipal
let Service
let Service: string = "sns.amazonaws.com";const SqsPrincipal
let Service
let Service: string = "sqs.amazonaws.com";interface SshKeyArgs
interface SshKeyArgsThe set of arguments for constructing a SshKey resource.
property encoding
encoding: pulumi.Input<string>;Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.
property publicKey
publicKey: pulumi.Input<string>;The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
property status
status?: pulumi.Input<string>;The status to assign to the SSH public key. Active means the key can be used for authentication with an AWS CodeCommit repository. Inactive means the key cannot be used. Default is active.
property username
username: pulumi.Input<string>;The name of the IAM user to associate the SSH public key with.
interface SshKeyState
interface SshKeyStateInput properties used for looking up and filtering SshKey resources.
property encoding
encoding?: pulumi.Input<string>;Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.
property fingerprint
fingerprint?: pulumi.Input<string>;The MD5 message digest of the SSH public key.
property publicKey
publicKey?: pulumi.Input<string>;The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
property sshPublicKeyId
sshPublicKeyId?: pulumi.Input<string>;The unique identifier for the SSH public key.
property status
status?: pulumi.Input<string>;The status to assign to the SSH public key. Active means the key can be used for authentication with an AWS CodeCommit repository. Inactive means the key cannot be used. Default is active.
property username
username?: pulumi.Input<string>;The name of the IAM user to associate the SSH public key with.
const SsmPrincipal
Principals instead
Service Principal for Systems Manager
let Service
let Service: string = "ssm.amazonaws.com";const StorageGatewayPrincipal
let Service
let Service: string = "storagegateway.amazonaws.com";const StsPrincipal
let Service
let Service: string = "sts.amazonaws.com";const SupportPrincipal
let Service
let Service: string = "support.amazonaws.com";const SupportUser
const SupportUser: ARN = "arn:aws:iam::aws:policy/job-function/SupportUser";const SystemAdministrator
const SystemAdministrator: ARN = "arn:aws:iam::aws:policy/job-function/SystemAdministrator";interface UserArgs
interface UserArgsThe set of arguments for constructing a User resource.
property forceDestroy
forceDestroy?: pulumi.Input<boolean>;When destroying this user, destroy even if it
has non-this provider-managed IAM access keys, login profile or MFA devices. Without forceDestroy
a user with non-this provider-managed access keys and login profile will fail to be destroyed.
property name
name?: pulumi.Input<string>;The user’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. User names are not distinguished by case. For example, you cannot create users named both “TESTUSER” and “testuser”.
property path
path?: pulumi.Input<string>;Path in which to create the user.
property permissionsBoundary
permissionsBoundary?: pulumi.Input<string>;The ARN of the policy that is used to set the permissions boundary for the user.
property tags
tags?: pulumi.Input<{[key: string]: any}>;Key-value mapping of tags for the IAM user
interface UserGroupMembershipArgs
interface UserGroupMembershipArgsThe set of arguments for constructing a UserGroupMembership resource.
property groups
groups: pulumi.Input<pulumi.Input<string>[]>;A list of [IAM Groups][1] to add the user to
property user
user: pulumi.Input<string>;The name of the [IAM User][2] to add to groups
interface UserGroupMembershipState
interface UserGroupMembershipStateInput properties used for looking up and filtering UserGroupMembership resources.
property groups
groups?: pulumi.Input<pulumi.Input<string>[]>;A list of [IAM Groups][1] to add the user to
property user
user?: pulumi.Input<string>;The name of the [IAM User][2] to add to groups
interface UserLoginProfileArgs
interface UserLoginProfileArgsThe set of arguments for constructing a UserLoginProfile resource.
property passwordLength
passwordLength?: pulumi.Input<number>;The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.
property passwordResetRequired
passwordResetRequired?: pulumi.Input<boolean>;Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.
property pgpKey
pgpKey: pulumi.Input<string>;Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.
property user
user: pulumi.Input<string>;The IAM user’s name.
interface UserLoginProfileState
interface UserLoginProfileStateInput properties used for looking up and filtering UserLoginProfile resources.
property encryptedPassword
encryptedPassword?: pulumi.Input<string>;The encrypted password, base64 encoded. Only available if password was handled on this provider resource creation, not import.
property keyFingerprint
keyFingerprint?: pulumi.Input<string>;The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.
property passwordLength
passwordLength?: pulumi.Input<number>;The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.
property passwordResetRequired
passwordResetRequired?: pulumi.Input<boolean>;Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.
property pgpKey
pgpKey?: pulumi.Input<string>;Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.
property user
user?: pulumi.Input<string>;The IAM user’s name.
interface UserPolicyArgs
interface UserPolicyArgsThe set of arguments for constructing a UserPolicy resource.
property name
name?: pulumi.Input<string>;The name of the policy. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;Creates a unique name beginning with the specified prefix. Conflicts with name.
property policy
policy: pulumi.Input<string | PolicyDocument>;property user
user: pulumi.Input<string>;IAM user to which to attach this policy.
interface UserPolicyAttachmentArgs
interface UserPolicyAttachmentArgsThe set of arguments for constructing a UserPolicyAttachment resource.
property policyArn
policyArn: pulumi.Input<ARN>;The ARN of the policy you want to apply
property user
user: pulumi.Input<string | User>;The user the policy should be applied to
interface UserPolicyAttachmentState
interface UserPolicyAttachmentStateInput properties used for looking up and filtering UserPolicyAttachment resources.
property policyArn
policyArn?: pulumi.Input<ARN>;The ARN of the policy you want to apply
property user
user?: pulumi.Input<string | User>;The user the policy should be applied to
interface UserPolicyState
interface UserPolicyStateInput properties used for looking up and filtering UserPolicy resources.
property name
name?: pulumi.Input<string>;The name of the policy. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;Creates a unique name beginning with the specified prefix. Conflicts with name.
property policy
policy?: pulumi.Input<string | PolicyDocument>;property user
user?: pulumi.Input<string>;IAM user to which to attach this policy.
interface UserState
interface UserStateInput properties used for looking up and filtering User resources.
property arn
arn?: pulumi.Input<string>;The ARN assigned by AWS for this user.
property forceDestroy
forceDestroy?: pulumi.Input<boolean>;When destroying this user, destroy even if it
has non-this provider-managed IAM access keys, login profile or MFA devices. Without forceDestroy
a user with non-this provider-managed access keys and login profile will fail to be destroyed.
property name
name?: pulumi.Input<string>;