Module iam

new AccessKey(name: string, args: AccessKeyArgs, opts?: pulumi.CustomResourceOptions)

Create a AccessKey resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccessKeyState, opts?: pulumi.CustomResourceOptions): AccessKey

Get an existing AccessKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

getProvider(moduleMember: string): ProviderResource | undefined

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of AccessKey. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

public encryptedSecret: pulumi.Output<string>;

The encrypted secret, base64 encoded. > NOTE: The encrypted secret may be decrypted using the command line, for example: ... | base64 --decode | keybase pgp decrypt.

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

public keyFingerprint: pulumi.Output<string>;

The fingerprint of the PGP key used to encrypt the secret

public pgpKey: pulumi.Output<string | undefined>;

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists.

public secret: pulumi.Output<string>;

The secret access key. Note that this will be written to the state file. Please supply a pgpKey instead, which will prevent the secret from being stored in plain text

public sesSmtpPassword: pulumi.Output<string>;

The secret access key converted into an SES SMTP password by applying AWS’s documented conversion algorithm.

public status: pulumi.Output<string>;

The access key status to apply. Defaults to Active. Valid values are Active and Inactive.

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

public user: pulumi.Output<string>;

The IAM user to associate with this access key.

new AccountAlias(name: string, args: AccountAliasArgs, opts?: pulumi.CustomResourceOptions)

Create a AccountAlias resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccountAliasState, opts?: pulumi.CustomResourceOptions): AccountAlias

Get an existing AccountAlias resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

getProvider(moduleMember: string): ProviderResource | undefined

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of AccountAlias. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

public accountAlias: pulumi.Output<string>;

The account alias

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

new AccountPasswordPolicy(name: string, args?: AccountPasswordPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a AccountPasswordPolicy resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccountPasswordPolicyState, opts?: pulumi.CustomResourceOptions): AccountPasswordPolicy

Get an existing AccountPasswordPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

getProvider(moduleMember: string): ProviderResource | undefined

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of AccountPasswordPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

public allowUsersToChangePassword: pulumi.Output<boolean | undefined>;

Whether to allow users to change their own password

public expirePasswords: pulumi.Output<boolean>;

Indicates whether passwords in the account expire. Returns true if maxPasswordAge contains a value greater than 0. Returns false if it is 0 or not present.

public hardExpiry: pulumi.Output<boolean>;

Whether users are prevented from setting a new password after their password has expired (i.e. require administrator reset)

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

public maxPasswordAge: pulumi.Output<number>;

The number of days that an user password is valid.

public minimumPasswordLength: pulumi.Output<number | undefined>;

Minimum length to require for user passwords.

public passwordReusePrevention: pulumi.Output<number>;

The number of previous passwords that users are prevented from reusing.

public requireLowercaseCharacters: pulumi.Output<boolean>;

Whether to require lowercase characters for user passwords.

public requireNumbers: pulumi.Output<boolean>;

Whether to require numbers for user passwords.

public requireSymbols: pulumi.Output<boolean>;

Whether to require symbols for user passwords.

public requireUppercaseCharacters: pulumi.Output<boolean>;

Whether to require uppercase characters for user passwords.

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

new Group(name: string, args?: GroupArgs, opts?: pulumi.CustomResourceOptions)

Create a Group resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupState, opts?: pulumi.CustomResourceOptions): Group

Get an existing Group resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

getProvider(moduleMember: string): ProviderResource | undefined

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Group. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

public arn: pulumi.Output<string>;

The ARN assigned by AWS for this group.

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

public name: pulumi.Output<string>;

The group’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. Group names are not distinguished by case. For example, you cannot create groups named both “ADMINS” and “admins”.

public path: pulumi.Output<string | undefined>;

Path in which to create the group.

public uniqueId: pulumi.Output<string>;

The [unique ID][1] assigned by AWS.

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

new GroupMembership(name: string, args: GroupMembershipArgs, opts?: pulumi.CustomResourceOptions)

Create a GroupMembership resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupMembershipState, opts?: pulumi.CustomResourceOptions): GroupMembership

Get an existing GroupMembership resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

getProvider(moduleMember: string): ProviderResource | undefined

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of GroupMembership. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

public group: pulumi.Output<string>;

The IAM Group name to attach the list of users to

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

public name: pulumi.Output<string>;

The name to identify the Group Membership

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

public users: pulumi.Output<string[]>;

A list of IAM User names to associate with the Group

new GroupPolicy(name: string, args: GroupPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a GroupPolicy resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupPolicyState, opts?: pulumi.CustomResourceOptions): GroupPolicy

Get an existing GroupPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

getProvider(moduleMember: string): ProviderResource | undefined

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of GroupPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

public group: pulumi.Output<string>;

The IAM group to attach to the policy.

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

public name: pulumi.Output<string>;

The name of the policy. If omitted, this provider will assign a random, unique name.

public namePrefix: pulumi.Output<string | undefined>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

public policy: pulumi.Output<string>;

The policy document. This is a JSON formatted string.

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

new GroupPolicyAttachment(name: string, args: GroupPolicyAttachmentArgs, opts?: pulumi.CustomResourceOptions)

Create a GroupPolicyAttachment resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupPolicyAttachmentState, opts?: pulumi.CustomResourceOptions): GroupPolicyAttachment

Get an existing GroupPolicyAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

getProvider(moduleMember: string): ProviderResource | undefined

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of GroupPolicyAttachment. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

public group: pulumi.Output<Group>;

The group the policy should be applied to

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

public policyArn: pulumi.Output<ARN>;

The ARN of the policy you want to apply

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

new InstanceProfile(name: string, args?: InstanceProfileArgs, opts?: pulumi.CustomResourceOptions)

Create a InstanceProfile resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: InstanceProfileState, opts?: pulumi.CustomResourceOptions): InstanceProfile

Get an existing InstanceProfile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

getProvider(moduleMember: string): ProviderResource | undefined

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of InstanceProfile. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

public arn: pulumi.Output<string>;

The ARN assigned by AWS to the instance profile.

public createDate: pulumi.Output<string>;

The creation timestamp of the instance profile.

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

public name: pulumi.Output<string>;

The profile’s name. If omitted, this provider will assign a random, unique name.

public namePrefix: pulumi.Output<string | undefined>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

public path: pulumi.Output<string | undefined>;

Path in which to create the profile.

public role: pulumi.Output<string>;

The role name to include in the profile.

public roles: pulumi.Output<string[]>;

A list of role names to include in the profile. The current default is 1. If you see an error message similar to Cannot exceed quota for InstanceSessionsPerInstanceProfile: 1, then you must contact AWS support and ask for a limit increase.

public uniqueId: pulumi.Output<string>;

The [unique ID][1] assigned by AWS.

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

new OpenIdConnectProvider(name: string, args: OpenIdConnectProviderArgs, opts?: pulumi.CustomResourceOptions)

Create a OpenIdConnectProvider resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: OpenIdConnectProviderState, opts?: pulumi.CustomResourceOptions): OpenIdConnectProvider

Get an existing OpenIdConnectProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

getProvider(moduleMember: string): ProviderResource | undefined

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of OpenIdConnectProvider. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

public arn: pulumi.Output<string>;

The ARN assigned by AWS for this provider.

public clientIdLists: pulumi.Output<string[]>;

A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that’s sent as the clientId parameter on OAuth requests.)

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

public thumbprintLists: pulumi.Output<string[]>;

A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider’s server certificate(s).

public url: pulumi.Output<string>;

The URL of the identity provider. Corresponds to the iss claim.

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

new Policy(name: string, args: PolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a Policy resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PolicyState, opts?: pulumi.CustomResourceOptions): Policy

Get an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

getProvider(moduleMember: string): ProviderResource | undefined

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Policy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

public arn: pulumi.Output<string>;

The ARN assigned by AWS to this policy.

public description: pulumi.Output<string | undefined>;

Description of the IAM policy.

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

public name: pulumi.Output<string>;

The name of the policy. If omitted, this provider will assign a random, unique name.

public namePrefix: pulumi.Output<string | undefined>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

public path: pulumi.Output<string | undefined>;

Path in which to create the policy. See IAM Identifiers for more information.

public policy: pulumi.Output<string>;

The policy document. This is a JSON formatted string.

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

new PolicyAttachment(name: string, args: PolicyAttachmentArgs, opts?: pulumi.CustomResourceOptions)

Create a PolicyAttachment resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PolicyAttachmentState, opts?: pulumi.CustomResourceOptions): PolicyAttachment

Get an existing PolicyAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

getProvider(moduleMember: string): ProviderResource | undefined

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of PolicyAttachment. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

public groups: pulumi.Output<Group[] | undefined>;

The group(s) the policy should be applied to

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

public name: pulumi.Output<string>;

The name of the attachment. This cannot be an empty string.

public policyArn: pulumi.Output<ARN>;

The ARN of the policy you want to apply

public roles: pulumi.Output<Role[] | undefined>;

The role(s) the policy should be applied to

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

public users: pulumi.Output<User[] | undefined>;

The user(s) the policy should be applied to

new Role(name: string, args: RoleArgs, opts?: pulumi.CustomResourceOptions)

Create a Role resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RoleState, opts?: pulumi.CustomResourceOptions): Role

Get an existing Role resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

getProvider(moduleMember: string): ProviderResource | undefined

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of Role. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

public arn: pulumi.Output<string>;

The Amazon Resource Name (ARN) specifying the role.

public assumeRolePolicy: pulumi.Output<string>;

The policy that grants an entity permission to assume the role.

public createDate: pulumi.Output<string>;

The creation date of the IAM role.

public description: pulumi.Output<string | undefined>;

The description of the role.

public forceDetachPolicies: pulumi.Output<boolean | undefined>;

Specifies to force detaching any policies the role has before destroying it. Defaults to false.

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

public maxSessionDuration: pulumi.Output<number | undefined>;

The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.

public name: pulumi.Output<string>;

The name of the role. If omitted, this provider will assign a random, unique name.

public namePrefix: pulumi.Output<string | undefined>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

public path: pulumi.Output<string | undefined>;

The path to the role. See IAM Identifiers for more information.

public permissionsBoundary: pulumi.Output<string | undefined>;

The ARN of the policy that is used to set the permissions boundary for the role.

public tags: pulumi.Output<{[key: string]: any} | undefined>;

Key-value mapping of tags for the IAM role

public uniqueId: pulumi.Output<string>;

The stable and unique string identifying the role.

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

new RolePolicy(name: string, args: RolePolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a RolePolicy resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RolePolicyState, opts?: pulumi.CustomResourceOptions): RolePolicy

Get an existing RolePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

getProvider(moduleMember: string): ProviderResource | undefined

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of RolePolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

public name: pulumi.Output<string>;

The name of the role policy. If omitted, this provider will assign a random, unique name.

public namePrefix: pulumi.Output<string | undefined>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

public policy: pulumi.Output<string>;

The policy document. This is a JSON formatted string.

public role: pulumi.Output<string>;

The IAM role to attach to the policy.

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

new RolePolicyAttachment(name: string, args: RolePolicyAttachmentArgs, opts?: pulumi.CustomResourceOptions)

Create a RolePolicyAttachment resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RolePolicyAttachmentState, opts?: pulumi.CustomResourceOptions): RolePolicyAttachment

Get an existing RolePolicyAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

getProvider(moduleMember: string): ProviderResource | undefined

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of RolePolicyAttachment. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

public policyArn: pulumi.Output<ARN>;

The ARN of the policy you want to apply

public role: pulumi.Output<string>;

The role the policy should be applied to

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

new SamlProvider(name: string, args: SamlProviderArgs, opts?: pulumi.CustomResourceOptions)

Create a SamlProvider resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SamlProviderState, opts?: pulumi.CustomResourceOptions): SamlProvider

Get an existing SamlProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

getProvider(moduleMember: string): ProviderResource | undefined

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of SamlProvider. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

public arn: pulumi.Output<string>;

The ARN assigned by AWS for this provider.

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

public name: pulumi.Output<string>;

The name of the provider to create.

public samlMetadataDocument: pulumi.Output<string>;

An XML document generated by an identity provider that supports SAML 2.0.

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

public validUntil: pulumi.Output<string>;

The expiration date and time for the SAML provider in RFC1123 format, e.g. Mon, 02 Jan 2006 15:04:05 MST.

new ServerCertificate(name: string, args: ServerCertificateArgs, opts?: pulumi.CustomResourceOptions)

Create a ServerCertificate resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServerCertificateState, opts?: pulumi.CustomResourceOptions): ServerCertificate

Get an existing ServerCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

getProvider(moduleMember: string): ProviderResource | undefined

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of ServerCertificate. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

public arn: pulumi.Output<string>;

The Amazon Resource Name (ARN) specifying the server certificate.

public certificateBody: pulumi.Output<string>;

The contents of the public key certificate in PEM-encoded format.

public certificateChain: pulumi.Output<string | undefined>;

The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

public name: pulumi.Output<string>;

The name of the Server Certificate. Do not include the path in this value. If omitted, this provider will assign a random, unique name.

public namePrefix: pulumi.Output<string | undefined>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

public path: pulumi.Output<string | undefined>;

The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See [IAM Identifiers][1] for more details on IAM Paths.

public privateKey: pulumi.Output<string>;

The contents of the private key in PEM-encoded format.

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

new ServiceLinkedRole(name: string, args: ServiceLinkedRoleArgs, opts?: pulumi.CustomResourceOptions)

Create a ServiceLinkedRole resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServiceLinkedRoleState, opts?: pulumi.CustomResourceOptions): ServiceLinkedRole

Get an existing ServiceLinkedRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

getProvider(moduleMember: string): ProviderResource | undefined

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of ServiceLinkedRole. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

public arn: pulumi.Output<string>;

The Amazon Resource Name (ARN) specifying the role.

public awsServiceName: pulumi.Output<string>;

The AWS service to which this role is attached. You use a string similar to a URL but without the http:// in front. For example: elasticbeanstalk.amazonaws.com. To find the full list of services that support service-linked roles, check the docs.

public createDate: pulumi.Output<string>;

The creation date of the IAM role.

public customSuffix: pulumi.Output<string | undefined>;

Additional string appended to the role name. Not all AWS services support custom suffixes.

public description: pulumi.Output<string | undefined>;

The description of the role.

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

public name: pulumi.Output<string>;

The name of the role.

public path: pulumi.Output<string>;

The path of the role.

public uniqueId: pulumi.Output<string>;

The stable and unique string identifying the role.

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

new SshKey(name: string, args: SshKeyArgs, opts?: pulumi.CustomResourceOptions)

Create a SshKey resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SshKeyState, opts?: pulumi.CustomResourceOptions): SshKey

Get an existing SshKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

getProvider(moduleMember: string): ProviderResource | undefined

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of SshKey. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

public encoding: pulumi.Output<string>;

Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.

public fingerprint: pulumi.Output<string>;

The MD5 message digest of the SSH public key.

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

public publicKey: pulumi.Output<string>;

The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.

public sshPublicKeyId: pulumi.Output<string>;

The unique identifier for the SSH public key.

public status: pulumi.Output<string>;

The status to assign to the SSH public key. Active means the key can be used for authentication with an AWS CodeCommit repository. Inactive means the key cannot be used. Default is active.

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

public username: pulumi.Output<string>;

The name of the IAM user to associate the SSH public key with.

new User(name: string, args?: UserArgs, opts?: pulumi.CustomResourceOptions)

Create a User resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserState, opts?: pulumi.CustomResourceOptions): User

Get an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

getProvider(moduleMember: string): ProviderResource | undefined

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of User. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

public arn: pulumi.Output<string>;

The ARN assigned by AWS for this user.

public forceDestroy: pulumi.Output<boolean | undefined>;

When destroying this user, destroy even if it has non-this provider-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-this provider-managed access keys and login profile will fail to be destroyed.

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

public name: pulumi.Output<string>;

The user’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. User names are not distinguished by case. For example, you cannot create users named both “TESTUSER” and “testuser”.

public path: pulumi.Output<string | undefined>;

Path in which to create the user.

public permissionsBoundary: pulumi.Output<string | undefined>;

The ARN of the policy that is used to set the permissions boundary for the user.

public tags: pulumi.Output<{[key: string]: any} | undefined>;

Key-value mapping of tags for the IAM user

public uniqueId: pulumi.Output<string>;

The [unique ID][1] assigned by AWS.

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

new UserGroupMembership(name: string, args: UserGroupMembershipArgs, opts?: pulumi.CustomResourceOptions)

Create a UserGroupMembership resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserGroupMembershipState, opts?: pulumi.CustomResourceOptions): UserGroupMembership

Get an existing UserGroupMembership resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

getProvider(moduleMember: string): ProviderResource | undefined

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of UserGroupMembership. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

public groups: pulumi.Output<string[]>;

A list of [IAM Groups][1] to add the user to

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

public user: pulumi.Output<string>;

The name of the [IAM User][2] to add to groups

new UserLoginProfile(name: string, args: UserLoginProfileArgs, opts?: pulumi.CustomResourceOptions)

Create a UserLoginProfile resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserLoginProfileState, opts?: pulumi.CustomResourceOptions): UserLoginProfile

Get an existing UserLoginProfile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

getProvider(moduleMember: string): ProviderResource | undefined

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of UserLoginProfile. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

public encryptedPassword: pulumi.Output<string>;

The encrypted password, base64 encoded. Only available if password was handled on this provider resource creation, not import.

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

public keyFingerprint: pulumi.Output<string>;

The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.

public passwordLength: pulumi.Output<number | undefined>;

The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.

public passwordResetRequired: pulumi.Output<boolean | undefined>;

Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.

public pgpKey: pulumi.Output<string>;

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

public user: pulumi.Output<string>;

The IAM user’s name.

new UserPolicy(name: string, args: UserPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a UserPolicy resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserPolicyState, opts?: pulumi.CustomResourceOptions): UserPolicy

Get an existing UserPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

getProvider(moduleMember: string): ProviderResource | undefined

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of UserPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

public name: pulumi.Output<string>;

The name of the policy. If omitted, this provider will assign a random, unique name.

public namePrefix: pulumi.Output<string | undefined>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

public policy: pulumi.Output<string>;

The policy document. This is a JSON formatted string.

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

public user: pulumi.Output<string>;

IAM user to which to attach this policy.

new UserPolicyAttachment(name: string, args: UserPolicyAttachmentArgs, opts?: pulumi.CustomResourceOptions)

Create a UserPolicyAttachment resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserPolicyAttachmentState, opts?: pulumi.CustomResourceOptions): UserPolicyAttachment

Get an existing UserPolicyAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

getProvider(moduleMember: string): ProviderResource | undefined

public static isInstance(obj: any): boolean

Returns true if the given object is an instance of UserPolicyAttachment. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

public policyArn: pulumi.Output<ARN>;

The ARN of the policy you want to apply

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

public user: pulumi.Output<User>;

The user the policy should be applied to

AWS: Input<string> | Input<Input<string>[]>;

pgpKey?: pulumi.Input<string>;

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists.

status?: pulumi.Input<string>;

The access key status to apply. Defaults to Active. Valid values are Active and Inactive.

user: pulumi.Input<string>;

The IAM user to associate with this access key.

encryptedSecret?: pulumi.Input<string>;

The encrypted secret, base64 encoded. > NOTE: The encrypted secret may be decrypted using the command line, for example: ... | base64 --decode | keybase pgp decrypt.

keyFingerprint?: pulumi.Input<string>;

The fingerprint of the PGP key used to encrypt the secret

pgpKey?: pulumi.Input<string>;

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists.

secret?: pulumi.Input<string>;

The secret access key. Note that this will be written to the state file. Please supply a pgpKey instead, which will prevent the secret from being stored in plain text

sesSmtpPassword?: pulumi.Input<string>;

The secret access key converted into an SES SMTP password by applying AWS’s documented conversion algorithm.

status?: pulumi.Input<string>;

The access key status to apply. Defaults to Active. Valid values are Active and Inactive.

user?: pulumi.Input<string>;

The IAM user to associate with this access key.

accountAlias: pulumi.Input<string>;

The account alias

accountAlias?: pulumi.Input<string>;

The account alias

allowUsersToChangePassword?: pulumi.Input<boolean>;

Whether to allow users to change their own password

hardExpiry?: pulumi.Input<boolean>;

Whether users are prevented from setting a new password after their password has expired (i.e. require administrator reset)

maxPasswordAge?: pulumi.Input<number>;

The number of days that an user password is valid.

minimumPasswordLength?: pulumi.Input<number>;

Minimum length to require for user passwords.

passwordReusePrevention?: pulumi.Input<number>;

The number of previous passwords that users are prevented from reusing.

requireLowercaseCharacters?: pulumi.Input<boolean>;

Whether to require lowercase characters for user passwords.

requireNumbers?: pulumi.Input<boolean>;

Whether to require numbers for user passwords.

requireSymbols?: pulumi.Input<boolean>;

Whether to require symbols for user passwords.

requireUppercaseCharacters?: pulumi.Input<boolean>;

Whether to require uppercase characters for user passwords.

allowUsersToChangePassword?: pulumi.Input<boolean>;

Whether to allow users to change their own password

expirePasswords?: pulumi.Input<boolean>;

Indicates whether passwords in the account expire. Returns true if maxPasswordAge contains a value greater than 0. Returns false if it is 0 or not present.

hardExpiry?: pulumi.Input<boolean>;

Whether users are prevented from setting a new password after their password has expired (i.e. require administrator reset)

maxPasswordAge?: pulumi.Input<number>;

The number of days that an user password is valid.

minimumPasswordLength?: pulumi.Input<number>;

Minimum length to require for user passwords.

passwordReusePrevention?: pulumi.Input<number>;

The number of previous passwords that users are prevented from reusing.

requireLowercaseCharacters?: pulumi.Input<boolean>;

Whether to require lowercase characters for user passwords.

requireNumbers?: pulumi.Input<boolean>;

Whether to require numbers for user passwords.

requireSymbols?: pulumi.Input<boolean>;

Whether to require symbols for user passwords.

requireUppercaseCharacters?: pulumi.Input<boolean>;

Whether to require uppercase characters for user passwords.

Federated: Input<string> | Input<Input<string>[]>;

accountAlias: string;

The alias associated with the AWS account.

id: string;

id is the provider-assigned unique ID for this managed resource.

groupName: string;

The friendly IAM group name to match.

arn: string;

The Amazon Resource Name (ARN) specifying the group.

groupId: string;

The stable and unique string identifying the group.

groupName: string;

id: string;

id is the provider-assigned unique ID for this managed resource.

path: string;

The path to the group.

name: string;

The friendly IAM instance profile name to match.

arn: string;

The Amazon Resource Name (ARN) specifying the instance profile.

createDate: string;

The string representation of the date the instance profile was created.

id: string;

id is the provider-assigned unique ID for this managed resource.

name: string;

path: string;

The path to the instance profile.

roleArn: string;

The role arn associated with this instance profile.

roleId: string;

The role id associated with this instance profile.

roleName: string;

The role name associated with this instance profile.

arn: string;

ARN of the IAM policy.

overrideJson?: undefined | string;

An IAM policy document to import and override the current policy document. Statements with non-blank sids in the override document will overwrite statements with the same sid in the current document. Statements without an sid cannot be overwritten.

policyId?: undefined | string;

An ID for the policy document.

sourceJson?: undefined | string;

An IAM policy document to import as a base for the current policy document. Statements with non-blank sids in the current policy document will overwrite statements with the same sid in the source json. Statements without an sid cannot be overwritten.

statements?: {
    actions: string[];
    conditions: {
        test: string;
        values: string[];
        variable: string;
    }[];
    effect: undefined | string;
    notActions: string[];
    notPrincipals: {
        identifiers: string[];
        type: string;
    }[];
    notResources: string[];
    principals: {
        identifiers: string[];
        type: string;
    }[];
    resources: string[];
    sid: undefined | string;
}[];

A nested configuration block (described below) configuring one statement to be included in the policy document.

version?: undefined | string;

IAM policy document version. Valid values: 2008-10-17, 2012-10-17. Defaults to 2012-10-17. For more information, see the AWS IAM User Guide.

id: string;

id is the provider-assigned unique ID for this managed resource.

json: string;

The above arguments serialized as a standard JSON policy document.

overrideJson?: undefined | string;

policyId?: undefined | string;

sourceJson?: undefined | string;

statements?: {
    actions: string[];
    conditions: {
        test: string;
        values: string[];
        variable: string;
    }[];
    effect: undefined | string;
    notActions: string[];
    notPrincipals: {
        identifiers: string[];
        type: string;
    }[];
    notResources: string[];
    principals: {
        identifiers: string[];
        type: string;
    }[];
    resources: string[];
    sid: undefined | string;
}[];

version?: undefined | string;

arn: string;

The Amazon Resource Name (ARN) specifying the policy.

description: string;

The description of the policy.

id: string;

id is the provider-assigned unique ID for this managed resource.

name: string;

The name of the IAM policy.

path: string;

The path to the policy.

policy: string;

The policy document of the policy.

name: string;

The friendly IAM role name to match.

arn: string;

The Amazon Resource Name (ARN) specifying the role.

assumeRolePolicy: string;

The policy document associated with the role.

createDate: string;

Creation date of the role in RFC 3339 format.

description: string;

Description for the role.

id: string;

id is the provider-assigned unique ID for this managed resource.

maxSessionDuration: number;

Maximum session duration.

name: string;

path: string;

The path to the role.

permissionsBoundary: string;

The ARN of the policy that is used to set the permissions boundary for the role.

uniqueId: string;

The stable and unique string identifying the role.

latest?: undefined | false | true;

sort results by expiration date. returns the certificate with expiration date in furthest in the future.

name?: undefined | string;

exact name of the cert to lookup

namePrefix?: undefined | string;

prefix of cert to filter by

pathPrefix?: undefined | string;

prefix of path to filter by

arn: string;

certificateBody: string;

certificateChain: string;

expirationDate: string;

id: string;

id is the provider-assigned unique ID for this managed resource.

latest?: undefined | false | true;

name: string;

namePrefix?: undefined | string;

path: string;

pathPrefix?: undefined | string;

uploadDate: string;

userName: string;

The friendly IAM user name to match.

arn: string;

The Amazon Resource Name (ARN) assigned by AWS for this user.

id: string;

id is the provider-assigned unique ID for this managed resource.

path: string;

Path in which this user was created.

permissionsBoundary: string;

The ARN of the policy that is used to set the permissions boundary for the user.

userId: string;

The unique ID assigned by AWS for this user.

userName: string;

The name associated to this User

name?: pulumi.Input<string>;

The group’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. Group names are not distinguished by case. For example, you cannot create groups named both “ADMINS” and “admins”.

path?: pulumi.Input<string>;

Path in which to create the group.

group: pulumi.Input<string>;

The IAM Group name to attach the list of users to

name?: pulumi.Input<string>;

The name to identify the Group Membership

users: pulumi.Input<pulumi.Input<string>[]>;

A list of IAM User names to associate with the Group

group?: pulumi.Input<string>;

The IAM Group name to attach the list of users to

name?: pulumi.Input<string>;

The name to identify the Group Membership

users?: pulumi.Input<pulumi.Input<string>[]>;

A list of IAM User names to associate with the Group

group: pulumi.Input<string>;

The IAM group to attach to the policy.

name?: pulumi.Input<string>;

The name of the policy. If omitted, this provider will assign a random, unique name.

namePrefix?: pulumi.Input<string>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

policy: pulumi.Input<string | PolicyDocument>;

The policy document. This is a JSON formatted string.

group: pulumi.Input<Group>;

The group the policy should be applied to

policyArn: pulumi.Input<ARN>;

The ARN of the policy you want to apply

group?: pulumi.Input<Group>;

The group the policy should be applied to

policyArn?: pulumi.Input<ARN>;

The ARN of the policy you want to apply

group?: pulumi.Input<string>;

The IAM group to attach to the policy.

name?: pulumi.Input<string>;

The name of the policy. If omitted, this provider will assign a random, unique name.

namePrefix?: pulumi.Input<string>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

policy?: pulumi.Input<string | PolicyDocument>;

The policy document. This is a JSON formatted string.

arn?: pulumi.Input<string>;

The ARN assigned by AWS for this group.

name?: pulumi.Input<string>;

The group’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. Group names are not distinguished by case. For example, you cannot create groups named both “ADMINS” and “admins”.

path?: pulumi.Input<string>;

Path in which to create the group.

uniqueId?: pulumi.Input<string>;

The [unique ID][1] assigned by AWS.

name?: pulumi.Input<string>;

The profile’s name. If omitted, this provider will assign a random, unique name.

namePrefix?: pulumi.Input<string>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

path?: pulumi.Input<string>;

Path in which to create the profile.

role?: pulumi.Input<string | Role>;

The role name to include in the profile.

roles?: pulumi.Input<pulumi.Input<string | Role>[]>;

A list of role names to include in the profile. The current default is 1. If you see an error message similar to Cannot exceed quota for InstanceSessionsPerInstanceProfile: 1, then you must contact AWS support and ask for a limit increase.

arn?: pulumi.Input<string>;

The ARN assigned by AWS to the instance profile.

createDate?: pulumi.Input<string>;

The creation timestamp of the instance profile.