Module iam
This page documents the language specification for the aws package. If you're looking for help working with the inputs, outputs, or functions of aws resources in a Pulumi program, please see the resource documentation for examples and API reference.
namespace ManagedPolicies
- AdministratorAccess
- AmazonAPIGatewayAdministrator
- AmazonAPIGatewayInvokeFullAccess
- AmazonAPIGatewayPushToCloudWatchLogs
- AmazonAppStreamFullAccess
- AmazonAppStreamReadOnlyAccess
- AmazonAppStreamServiceAccess
- AmazonAthenaFullAccess
- AmazonCloudDirectoryFullAccess
- AmazonCloudDirectoryReadOnlyAccess
- AmazonCognitoDeveloperAuthenticatedIdentities
- AmazonCognitoPowerUser
- AmazonCognitoReadOnly
- AmazonDMSCloudWatchLogsRole
- AmazonDMSRedshiftS3Role
- AmazonDMSVPCManagementRole
- AmazonDRSVPCManagement
- AmazonDynamoDBFullAccess
- AmazonDynamoDBFullAccesswithDataPipeline
- AmazonDynamoDBReadOnlyAccess
- AmazonEC2ContainerRegistryFullAccess
- AmazonEC2ContainerRegistryPowerUser
- AmazonEC2ContainerRegistryReadOnly
- AmazonEC2ContainerServiceAutoscaleRole
- AmazonEC2ContainerServiceforEC2Role
- AmazonEC2ContainerServiceFullAccess
- AmazonEC2ContainerServiceRole
- AmazonEC2FullAccess
- AmazonEC2ReadOnlyAccess
- AmazonEC2ReportsAccess
- AmazonEC2RoleforAWSCodeDeploy
- AmazonEC2RoleforDataPipelineRole
- AmazonEC2RoleforSSM
- AmazonEC2SpotFleetAutoscaleRole
- AmazonEC2SpotFleetRole
- AmazonEC2SpotFleetTaggingRole
- AmazonElastiCacheFullAccess
- AmazonElastiCacheReadOnlyAccess
- AmazonElasticFileSystemFullAccess
- AmazonElasticFileSystemReadOnlyAccess
- AmazonElasticMapReduceforAutoScalingRole
- AmazonElasticMapReduceforEC2Role
- AmazonElasticMapReduceFullAccess
- AmazonElasticMapReduceReadOnlyAccess
- AmazonElasticMapReduceRole
- AmazonElasticTranscoderFullAccess
- AmazonElasticTranscoderJobsSubmitter
- AmazonElasticTranscoderReadOnlyAccess
- AmazonElasticTranscoderRole
- AmazonESFullAccess
- AmazonESReadOnlyAccess
- AmazonGlacierFullAccess
- AmazonGlacierReadOnlyAccess
- AmazonInspectorFullAccess
- AmazonInspectorReadOnlyAccess
- AmazonKinesisAnalyticsFullAccess
- AmazonKinesisAnalyticsReadOnly
- AmazonKinesisFirehoseFullAccess
- AmazonKinesisFirehoseReadOnlyAccess
- AmazonKinesisFullAccess
- AmazonKinesisReadOnlyAccess
- AmazonLexFullAccess
- AmazonLexReadOnly
- AmazonLexRunBotsOnly
- AmazonMachineLearningBatchPredictionsAccess
- AmazonMachineLearningCreateOnlyAccess
- AmazonMachineLearningFullAccess
- AmazonMachineLearningManageRealTimeEndpointOnlyAccess
- AmazonMachineLearningReadOnlyAccess
- AmazonMachineLearningRealTimePredictionOnlyAccess
- AmazonMachineLearningRoleforRedshiftDataSource
- AmazonMechanicalTurkFullAccess
- AmazonMechanicalTurkReadOnly
- AmazonMobileAnalyticsFinancialReportAccess
- AmazonMobileAnalyticsFullAccess
- AmazonMobileAnalyticsNonfinancialReportAccess
- AmazonMobileAnalyticsWriteOnlyAccess
- AmazonPollyFullAccess
- AmazonPollyReadOnlyAccess
- AmazonRDSDataFullAccess
- AmazonRDSDirectoryServiceAccess
- AmazonRDSEnhancedMonitoringRole
- AmazonRDSFullAccess
- AmazonRDSReadOnlyAccess
- AmazonRedshiftFullAccess
- AmazonRedshiftReadOnlyAccess
- AmazonRekognitionFullAccess
- AmazonRekognitionReadOnlyAccess
- AmazonRoute53DomainsFullAccess
- AmazonRoute53DomainsReadOnlyAccess
- AmazonRoute53FullAccess
- AmazonRoute53ReadOnlyAccess
- AmazonS3FullAccess
- AmazonS3ReadOnlyAccess
- AmazonSESFullAccess
- AmazonSESReadOnlyAccess
- AmazonSNSFullAccess
- AmazonSNSReadOnlyAccess
- AmazonSNSRole
- AmazonSQSFullAccess
- AmazonSQSReadOnlyAccess
- AmazonSSMAutomationRole
- AmazonSSMFullAccess
- AmazonSSMMaintenanceWindowRole
- AmazonSSMManagedInstanceCore
- AmazonSSMReadOnlyAccess
- AmazonVPCFullAccess
- AmazonVPCReadOnlyAccess
- AmazonWorkMailFullAccess
- AmazonWorkMailReadOnlyAccess
- AmazonWorkSpacesAdmin
- AmazonWorkSpacesApplicationManagerAdminAccess
- AmazonZocaloFullAccess
- AmazonZocaloReadOnlyAccess
- ApplicationAutoScalingForAmazonAppStreamAccess
- AutoScalingConsoleFullAccess
- AutoScalingConsoleReadOnlyAccess
- AutoScalingFullAccess
- AutoScalingNotificationAccessRole
- AutoScalingReadOnlyAccess
- AWSAccountActivityAccess
- AWSAccountUsageReportAccess
- AWSAgentlessDiscoveryService
- AWSApplicationDiscoveryAgentAccess
- AWSApplicationDiscoveryServiceFullAccess
- AWSBatchFullAccess
- AWSBatchServiceRole
- AWSCertificateManagerFullAccess
- AWSCertificateManagerReadOnly
- AWSCloudFormationReadOnlyAccess
- AWSCloudHSMFullAccess
- AWSCloudHSMReadOnlyAccess
- AWSCloudHSMRole
- AWSCloudTrailFullAccess
- AWSCloudTrailReadOnlyAccess
- AWSCodeBuildAdminAccess
- AWSCodeBuildDeveloperAccess
- AWSCodeBuildReadOnlyAccess
- AWSCodeCommitFullAccess
- AWSCodeCommitPowerUser
- AWSCodeCommitReadOnly
- AWSCodeDeployDeployerAccess
- AWSCodeDeployFullAccess
- AWSCodeDeployReadOnlyAccess
- AWSCodeDeployRole
- AWSCodeDeployRoleForECS
- AWSCodePipelineApproverAccess
- AWSCodePipelineCustomActionAccess
- AWSCodePipelineFullAccess
- AWSCodePipelineReadOnlyAccess
- AWSCodeStarFullAccess
- AWSCodeStarServiceRole
- AWSConfigRole
- AWSConfigRulesExecutionRole
- AWSConfigUserAccess
- AWSConnector
- AWSDataPipeline_FullAccess
- AWSDataPipeline_PowerUser
- AWSDataPipelineRole
- AWSDeviceFarmFullAccess
- AWSDirectConnectFullAccess
- AWSDirectConnectReadOnlyAccess
- AWSDirectoryServiceFullAccess
- AWSDirectoryServiceReadOnlyAccess
- AWSElasticBeanstalkCustomPlatformforEC2Role
- AWSElasticBeanstalkEnhancedHealth
- AWSElasticBeanstalkFullAccess
- AWSElasticBeanstalkMulticontainerDocker
- AWSElasticBeanstalkReadOnlyAccess
- AWSElasticBeanstalkService
- AWSElasticBeanstalkWebTier
- AWSElasticBeanstalkWorkerTier
- AWSGreengrassFullAccess
- AWSGreengrassResourceAccessRolePolicy
- AWSHealthFullAccess
- AWSImportExportFullAccess
- AWSImportExportReadOnlyAccess
- AWSIoTConfigAccess
- AWSIoTConfigReadOnlyAccess
- AWSIoTDataAccess
- AWSIoTFullAccess
- AWSIoTLogging
- AWSIoTRuleActions
- AWSKeyManagementServicePowerUser
- AWSLambdaBasicExecutionRole
- AWSLambdaDynamoDBExecutionRole
- AWSLambdaENIManagementAccess
- AWSLambdaExecute
- AWSLambdaFullAccess
- AWSLambdaInvocationDynamoDB
- AWSLambdaKinesisExecutionRole
- AWSLambdaReadOnlyAccess
- AWSLambdaRole
- AWSLambdaVPCAccessExecutionRole
- AWSMarketplaceFullAccess
- AWSMarketplaceGetEntitlements
- AWSMarketplaceManageSubscriptions
- AWSMarketplaceMeteringFullAccess
- AWSMarketplaceReadonly
- AWSMobileHub_FullAccess
- AWSMobileHub_ReadOnly
- AWSMobileHub_ServiceUseOnly
- AWSOpsWorksCloudWatchLogs
- AWSOpsWorksCMInstanceProfileRole
- AWSOpsWorksCMServiceRole
- AWSOpsWorksFullAccess
- AWSOpsWorksInstanceRegistration
- AWSOpsWorksRegisterCLI
- AWSOpsWorksRole
- AWSQuicksightAthenaAccess
- AWSQuickSightDescribeRDS
- AWSQuickSightDescribeRedshift
- AWSQuickSightListIAM
- AWSStepFunctionsConsoleFullAccess
- AWSStepFunctionsFullAccess
- AWSStepFunctionsReadOnlyAccess
- AWSStorageGatewayFullAccess
- AWSStorageGatewayReadOnlyAccess
- AWSSupportAccess
- AWSWAFFullAccess
- AWSWAFReadOnlyAccess
- AWSXRayDaemonWriteAccess
- AWSXrayFullAccess
- AWSXrayReadOnlyAccess
- AWSXrayWriteOnlyAccess
- Billing
- CloudFrontFullAccess
- CloudFrontReadOnlyAccess
- CloudSearchFullAccess
- CloudSearchReadOnlyAccess
- CloudWatchActionsEC2Access
- CloudWatchEventsBuiltInTargetExecutionAccess
- CloudWatchEventsFullAccess
- CloudWatchEventsInvocationAccess
- CloudWatchEventsReadOnlyAccess
- CloudWatchFullAccess
- CloudWatchLogsFullAccess
- CloudWatchLogsReadOnlyAccess
- CloudWatchReadOnlyAccess
- DatabaseAdministrator
- DataScientist
- IAMFullAccess
- IAMReadOnlyAccess
- IAMSelfManageServiceSpecificCredentials
- IAMUserChangePassword
- IAMUserSSHKeys
- NetworkAdministrator
- PowerUserAccess
- RDSCloudHsmAuthorizationRole
- ReadOnlyAccess
- ResourceGroupsandTagEditorFullAccess
- ResourceGroupsandTagEditorReadOnlyAccess
- SecurityAudit
- ServerMigrationConnector
- ServerMigrationServiceRole
- ServiceCatalogAdminFullAccess
- ServiceCatalogAdminReadOnlyAccess
- ServiceCatalogEndUserAccess
- ServiceCatalogEndUserFullAccess
- SimpleWorkflowFullAccess
- SupportUser
- SystemAdministrator
- ViewOnlyAccess
- VMImportExportRoleForAWSConnector
namespace Principals
- AcmServicePrincipal
- ApiGatewayPrincipal
- AthenaPrincipal
- AutoscalingPrincipal
- BatchPrincipal
- CloudDirectoryPrincipal
- CloudformationPrincipal
- CloudfrontPrincipal
- CloudSearchPrincipal
- CloudtrailPrincipal
- CodeBuildPrincipal
- CodeCommitPrincipal
- CodeDeployPrincipal
- CodePipelinePrincipal
- ConfigPrincipal
- DataPipelinePrincipal
- DirectConnectPrincipal
- DirectoryServicesPrincipal
- DynamoDbPrincipal
- Ec2Principal
- EcrPrincipal
- EcsPrincipal
- EcsTasksPrincipal
- EdgeLambdaPrincipal
- ElasticachePrincipal
- ElasticBeanstalkPrincipal
- ElasticFileSystemPrincipal
- ElasticLoadBalancingPrincipal
- ElasticMapReducePrincipal
- EventsPrincipal
- HealthPrincipal
- IamPrincipal
- InspectorPrincipal
- KinesisPrincipal
- KmsPrincipal
- LambdaPrincipal
- LightsailPrincipal
- LogsPrincipal
- MonitoringPrincipal
- OpsworksPrincipal
- OrganizationsPrincipal
- RdsPrincipal
- RedshiftPrincipal
- Route53Principal
- S3Principal
- ServiceCatalogPrincipal
- SesPrincipal
- SigninPrincipal
- SnsPrincipal
- SpotFleetPrincipal
- SqsPrincipal
- SsmPrincipal
- StorageGatewayPrincipal
- StsPrincipal
- SupportPrincipal
- VmiePrincipal
- VpcFlowLogsPrincipal
- WafPrincipal
- WorkDocsPrincipal
- WorkspacesPrincipal
Resources
- AccessKey
- AccountAlias
- AccountPasswordPolicy
- Group
- GroupMembership
- GroupPolicy
- GroupPolicyAttachment
- InstanceProfile
- OpenIdConnectProvider
- Policy
- PolicyAttachment
- Role
- RolePolicy
- RolePolicyAttachment
- SamlProvider
- ServerCertificate
- ServiceLinkedRole
- SshKey
- User
- UserGroupMembership
- UserLoginProfile
- UserPolicy
- UserPolicyAttachment
Functions
- getAccountAlias
- getGroup
- getInstanceProfile
- getPolicy
- getPolicyDocument
- getRole
- getServerCertificate
- getUser
Others
- AccessKeyArgs
- AccessKeyState
- AccountAliasArgs
- AccountAliasState
- AccountPasswordPolicyArgs
- AccountPasswordPolicyState
- assumeRolePolicyForPrincipal
- AWSPrincipal
- ConditionArguments
- Conditions
- FederatedPrincipal
- GetAccountAliasResult
- GetGroupArgs
- GetGroupResult
- GetInstanceProfileArgs
- GetInstanceProfileResult
- GetPolicyArgs
- GetPolicyDocumentArgs
- GetPolicyDocumentResult
- GetPolicyResult
- GetRoleArgs
- GetRoleResult
- GetServerCertificateArgs
- GetServerCertificateResult
- GetUserArgs
- GetUserResult
- GroupArgs
- GroupMembershipArgs
- GroupMembershipState
- GroupPolicyArgs
- GroupPolicyAttachmentArgs
- GroupPolicyAttachmentState
- GroupPolicyState
- GroupState
- InstanceProfileArgs
- InstanceProfileState
- OpenIdConnectProviderArgs
- OpenIdConnectProviderState
- PolicyArgs
- PolicyAttachmentArgs
- PolicyAttachmentState
- PolicyDocument
- PolicyState
- PolicyStatement
- Principal
- RoleArgs
- RolePolicyArgs
- RolePolicyAttachmentArgs
- RolePolicyAttachmentState
- RolePolicyState
- RoleState
- SamlProviderArgs
- SamlProviderState
- ServerCertificateArgs
- ServerCertificateState
- ServiceLinkedRoleArgs
- ServiceLinkedRoleState
- ServicePrincipal
- SshKeyArgs
- SshKeyState
- UserArgs
- UserGroupMembershipArgs
- UserGroupMembershipState
- UserLoginProfileArgs
- UserLoginProfileState
- UserPolicyArgs
- UserPolicyAttachmentArgs
- UserPolicyAttachmentState
- UserPolicyState
- UserState
namespace ManagedPolicies
const AdministratorAccess
const AdministratorAccess: ARN = "arn:aws:iam::aws:policy/AdministratorAccess";
Use ManagedPolicy.AdministratorAccess instead.
const AmazonAPIGatewayAdministrator
const AmazonAPIGatewayAdministrator: ARN = "arn:aws:iam::aws:policy/AmazonAPIGatewayAdministrator";
Use ManagedPolicy.AmazonAPIGatewayAdministrator instead.
const AmazonAPIGatewayInvokeFullAccess
const AmazonAPIGatewayInvokeFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess";
Use ManagedPolicy.AmazonAPIGatewayInvokeFullAccess instead.
const AmazonAPIGatewayPushToCloudWatchLogs
const AmazonAPIGatewayPushToCloudWatchLogs: ARN = "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs";
Use ManagedPolicy.AmazonAPIGatewayPushToCloudWatchLogs instead.
const AmazonAppStreamFullAccess
const AmazonAppStreamFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonAppStreamFullAccess";
Use ManagedPolicy.AmazonAppStreamFullAccess instead.
const AmazonAppStreamReadOnlyAccess
const AmazonAppStreamReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonAppStreamReadOnlyAccess";
Use ManagedPolicy.AmazonAppStreamReadOnlyAccess instead.
const AmazonAppStreamServiceAccess
const AmazonAppStreamServiceAccess: ARN = "arn:aws:iam::aws:policy/service-role/AmazonAppStreamServiceAccess";
Use ManagedPolicy.AmazonAppStreamServiceAccess instead.
const AmazonAthenaFullAccess
const AmazonAthenaFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonAthenaFullAccess";
Use ManagedPolicy.AmazonAthenaFullAccess instead.
const AmazonCloudDirectoryFullAccess
const AmazonCloudDirectoryFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonCloudDirectoryFullAccess";
Use ManagedPolicy.AmazonCloudDirectoryFullAccess instead.
const AmazonCloudDirectoryReadOnlyAccess
const AmazonCloudDirectoryReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonCloudDirectoryReadOnlyAccess";
Use ManagedPolicy.AmazonCloudDirectoryReadOnlyAccess instead.
const AmazonCognitoDeveloperAuthenticatedIdentities
const AmazonCognitoDeveloperAuthenticatedIdentities: ARN = "arn:aws:iam::aws:policy/AmazonCognitoDeveloperAuthenticatedIdentities";
Use ManagedPolicy.AmazonCognitoDeveloperAuthenticatedIdentities instead.
const AmazonCognitoPowerUser
const AmazonCognitoPowerUser: ARN = "arn:aws:iam::aws:policy/AmazonCognitoPowerUser";
Use ManagedPolicy.AmazonCognitoPowerUser instead.
const AmazonCognitoReadOnly
const AmazonCognitoReadOnly: ARN = "arn:aws:iam::aws:policy/AmazonCognitoReadOnly";
Use ManagedPolicy.AmazonCognitoReadOnly instead.
const AmazonDMSCloudWatchLogsRole
const AmazonDMSCloudWatchLogsRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole";
Use ManagedPolicy.AmazonDMSCloudWatchLogsRole instead.
const AmazonDMSRedshiftS3Role
const AmazonDMSRedshiftS3Role: ARN = "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role";
Use ManagedPolicy.AmazonDMSRedshiftS3Role instead.
const AmazonDMSVPCManagementRole
const AmazonDMSVPCManagementRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole";
Use ManagedPolicy.AmazonDMSVPCManagementRole instead.
const AmazonDRSVPCManagement
const AmazonDRSVPCManagement: ARN = "arn:aws:iam::aws:policy/AmazonDRSVPCManagement";
Use ManagedPolicy.AmazonDRSVPCManagement instead.
const AmazonDynamoDBFullAccess
const AmazonDynamoDBFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess";
Use ManagedPolicy.AmazonDynamoDBFullAccess instead.
const AmazonDynamoDBFullAccesswithDataPipeline
const AmazonDynamoDBFullAccesswithDataPipeline: ARN = "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccesswithDataPipeline";
Use ManagedPolicy.AmazonDynamoDBFullAccesswithDataPipeline instead.
const AmazonDynamoDBReadOnlyAccess
const AmazonDynamoDBReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess";
Use ManagedPolicy.AmazonDynamoDBReadOnlyAccess instead.
const AmazonEC2ContainerRegistryFullAccess
const AmazonEC2ContainerRegistryFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess";
Use ManagedPolicy.AmazonEC2ContainerRegistryFullAccess instead.
const AmazonEC2ContainerRegistryPowerUser
const AmazonEC2ContainerRegistryPowerUser: ARN = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPowerUser";
Use ManagedPolicy.AmazonEC2ContainerRegistryPowerUser instead.
const AmazonEC2ContainerRegistryReadOnly
const AmazonEC2ContainerRegistryReadOnly: ARN = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly";
Use ManagedPolicy.AmazonEC2ContainerRegistryReadOnly instead.
const AmazonEC2ContainerServiceAutoscaleRole
const AmazonEC2ContainerServiceAutoscaleRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceAutoscaleRole";
Use ManagedPolicy.AmazonEC2ContainerServiceAutoscaleRole instead.
const AmazonEC2ContainerServiceforEC2Role
const AmazonEC2ContainerServiceforEC2Role: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role";
Use ManagedPolicy.AmazonEC2ContainerServiceforEC2Role instead.
const AmazonEC2ContainerServiceFullAccess
const AmazonEC2ContainerServiceFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonEC2ContainerServiceFullAccess";
Use ManagedPolicy.AmazonEC2ContainerServiceFullAccess instead.
const AmazonEC2ContainerServiceRole
const AmazonEC2ContainerServiceRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole";
Use ManagedPolicy.AmazonEC2ContainerServiceRole instead.
const AmazonEC2FullAccess
const AmazonEC2FullAccess: ARN = "arn:aws:iam::aws:policy/AmazonEC2FullAccess";
Use ManagedPolicy.AmazonEC2FullAccess instead.
const AmazonEC2ReadOnlyAccess
const AmazonEC2ReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess";
Use ManagedPolicy.AmazonEC2ReadOnlyAccess instead.
const AmazonEC2ReportsAccess
const AmazonEC2ReportsAccess: ARN = "arn:aws:iam::aws:policy/AmazonEC2ReportsAccess";
Use ManagedPolicy.AmazonEC2ReportsAccess instead.
const AmazonEC2RoleforAWSCodeDeploy
const AmazonEC2RoleforAWSCodeDeploy: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeploy";
Use ManagedPolicy.AmazonEC2RoleforAWSCodeDeploy instead.
const AmazonEC2RoleforDataPipelineRole
const AmazonEC2RoleforDataPipelineRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforDataPipelineRole";
Use ManagedPolicy.AmazonEC2RoleforDataPipelineRole instead.
const AmazonEC2RoleforSSM
const AmazonEC2RoleforSSM: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM";
Use ManagedPolicy.AmazonEC2RoleforSSM instead.
const AmazonEC2SpotFleetAutoscaleRole
const AmazonEC2SpotFleetAutoscaleRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetAutoscaleRole";
Use ManagedPolicy.AmazonEC2SpotFleetAutoscaleRole instead.
const AmazonEC2SpotFleetRole
const AmazonEC2SpotFleetRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetRole";
Use ManagedPolicy.AmazonEC2SpotFleetRole instead.
const AmazonEC2SpotFleetTaggingRole
const AmazonEC2SpotFleetTaggingRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole";
Use ManagedPolicy.AmazonEC2SpotFleetTaggingRole instead.
const AmazonElastiCacheFullAccess
const AmazonElastiCacheFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonElastiCacheFullAccess";
Use ManagedPolicy.AmazonElastiCacheFullAccess instead.
const AmazonElastiCacheReadOnlyAccess
const AmazonElastiCacheReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess";
Use ManagedPolicy.AmazonElastiCacheReadOnlyAccess instead.
const AmazonElasticFileSystemFullAccess
const AmazonElasticFileSystemFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess";
Use ManagedPolicy.AmazonElasticFileSystemFullAccess instead.
const AmazonElasticFileSystemReadOnlyAccess
const AmazonElasticFileSystemReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonElasticFileSystemReadOnlyAccess";
Use ManagedPolicy.AmazonElasticFileSystemReadOnlyAccess instead.
const AmazonElasticMapReduceforAutoScalingRole
const AmazonElasticMapReduceforAutoScalingRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforAutoScalingRole";
Use ManagedPolicy.AmazonElasticMapReduceforAutoScalingRole instead.
const AmazonElasticMapReduceforEC2Role
const AmazonElasticMapReduceforEC2Role: ARN = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role";
Use ManagedPolicy.AmazonElasticMapReduceforEC2Role instead.
const AmazonElasticMapReduceFullAccess
const AmazonElasticMapReduceFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonElasticMapReduceFullAccess";
Use ManagedPolicy.AmazonElasticMapReduceFullAccess instead.
const AmazonElasticMapReduceReadOnlyAccess
const AmazonElasticMapReduceReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonElasticMapReduceReadOnlyAccess";
Use ManagedPolicy.AmazonElasticMapReduceReadOnlyAccess instead.
const AmazonElasticMapReduceRole
const AmazonElasticMapReduceRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole";
Use ManagedPolicy.AmazonElasticMapReduceRole instead.
const AmazonElasticTranscoderFullAccess
const AmazonElasticTranscoderFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonElasticTranscoderFullAccess";
Use ManagedPolicy.AmazonElasticTranscoderFullAccess instead.
const AmazonElasticTranscoderJobsSubmitter
const AmazonElasticTranscoderJobsSubmitter: ARN = "arn:aws:iam::aws:policy/AmazonElasticTranscoderJobsSubmitter";
Use ManagedPolicy.AmazonElasticTranscoderJobsSubmitter instead.
const AmazonElasticTranscoderReadOnlyAccess
const AmazonElasticTranscoderReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonElasticTranscoderReadOnlyAccess";
Use ManagedPolicy.AmazonElasticTranscoderReadOnlyAccess instead.
const AmazonElasticTranscoderRole
const AmazonElasticTranscoderRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonElasticTranscoderRole";
Use ManagedPolicy.AmazonElasticTranscoderRole instead.
const AmazonESFullAccess
const AmazonESFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonESFullAccess";
Use ManagedPolicy.AmazonESFullAccess instead.
const AmazonESReadOnlyAccess
const AmazonESReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonESReadOnlyAccess";
Use ManagedPolicy.AmazonESReadOnlyAccess instead.
const AmazonGlacierFullAccess
const AmazonGlacierFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonGlacierFullAccess";
Use ManagedPolicy.AmazonGlacierFullAccess instead.
const AmazonGlacierReadOnlyAccess
const AmazonGlacierReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonGlacierReadOnlyAccess";
Use ManagedPolicy.AmazonGlacierReadOnlyAccess instead.
const AmazonInspectorFullAccess
const AmazonInspectorFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonInspectorFullAccess";
Use ManagedPolicy.AmazonInspectorFullAccess instead.
const AmazonInspectorReadOnlyAccess
const AmazonInspectorReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonInspectorReadOnlyAccess";
Use ManagedPolicy.AmazonInspectorReadOnlyAccess instead.
const AmazonKinesisAnalyticsFullAccess
const AmazonKinesisAnalyticsFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonKinesisAnalyticsFullAccess";
Use ManagedPolicy.AmazonKinesisAnalyticsFullAccess instead.
const AmazonKinesisAnalyticsReadOnly
const AmazonKinesisAnalyticsReadOnly: ARN = "arn:aws:iam::aws:policy/AmazonKinesisAnalyticsReadOnly";
Use ManagedPolicy.AmazonKinesisAnalyticsReadOnly instead.
const AmazonKinesisFirehoseFullAccess
const AmazonKinesisFirehoseFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonKinesisFirehoseFullAccess";
Use ManagedPolicy.AmazonKinesisFirehoseFullAccess instead.
const AmazonKinesisFirehoseReadOnlyAccess
const AmazonKinesisFirehoseReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonKinesisFirehoseReadOnlyAccess";
Use ManagedPolicy.AmazonKinesisFirehoseReadOnlyAccess instead.
const AmazonKinesisFullAccess
const AmazonKinesisFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonKinesisFullAccess";
Use ManagedPolicy.AmazonKinesisFullAccess instead.
const AmazonKinesisReadOnlyAccess
const AmazonKinesisReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonKinesisReadOnlyAccess";
Use ManagedPolicy.AmazonKinesisReadOnlyAccess instead.
const AmazonLexFullAccess
const AmazonLexFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonLexFullAccess";
Use ManagedPolicy.AmazonLexFullAccess instead.
const AmazonLexReadOnly
const AmazonLexReadOnly: ARN = "arn:aws:iam::aws:policy/AmazonLexReadOnly";
Use ManagedPolicy.AmazonLexReadOnly instead.
const AmazonLexRunBotsOnly
const AmazonLexRunBotsOnly: ARN = "arn:aws:iam::aws:policy/AmazonLexRunBotsOnly";
Use ManagedPolicy.AmazonLexRunBotsOnly instead.
const AmazonMachineLearningBatchPredictionsAccess
const AmazonMachineLearningBatchPredictionsAccess: ARN = "arn:aws:iam::aws:policy/AmazonMachineLearningBatchPredictionsAccess";
Use ManagedPolicy.AmazonMachineLearningBatchPredictionsAccess instead.
const AmazonMachineLearningCreateOnlyAccess
const AmazonMachineLearningCreateOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonMachineLearningCreateOnlyAccess";
Use ManagedPolicy.AmazonMachineLearningCreateOnlyAccess instead.
const AmazonMachineLearningFullAccess
const AmazonMachineLearningFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonMachineLearningFullAccess";
Use ManagedPolicy.AmazonMachineLearningFullAccess instead.
const AmazonMachineLearningManageRealTimeEndpointOnlyAccess
const AmazonMachineLearningManageRealTimeEndpointOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonMachineLearningManageRealTimeEndpointOnlyAccess";
Use ManagedPolicy.AmazonMachineLearningManageRealTimeEndpointOnlyAccess instead.
const AmazonMachineLearningReadOnlyAccess
const AmazonMachineLearningReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonMachineLearningReadOnlyAccess";
Use ManagedPolicy.AmazonMachineLearningReadOnlyAccess instead.
const AmazonMachineLearningRealTimePredictionOnlyAccess
const AmazonMachineLearningRealTimePredictionOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonMachineLearningRealTimePredictionOnlyAccess";
Use ManagedPolicy.AmazonMachineLearningRealTimePredictionOnlyAccess instead.
const AmazonMachineLearningRoleforRedshiftDataSource
const AmazonMachineLearningRoleforRedshiftDataSource: ARN = "arn:aws:iam::aws:policy/service-role/AmazonMachineLearningRoleforRedshiftDataSource";
Use ManagedPolicy.AmazonMachineLearningRoleforRedshiftDataSource instead.
const AmazonMechanicalTurkFullAccess
const AmazonMechanicalTurkFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonMechanicalTurkFullAccess";
Use ManagedPolicy.AmazonMechanicalTurkFullAccess instead.
const AmazonMechanicalTurkReadOnly
const AmazonMechanicalTurkReadOnly: ARN = "arn:aws:iam::aws:policy/AmazonMechanicalTurkReadOnly";
Use ManagedPolicy.AmazonMechanicalTurkReadOnly instead.
const AmazonMobileAnalyticsFinancialReportAccess
const AmazonMobileAnalyticsFinancialReportAccess: ARN = "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFinancialReportAccess";
Use ManagedPolicy.AmazonMobileAnalyticsFinancialReportAccess instead.
const AmazonMobileAnalyticsFullAccess
const AmazonMobileAnalyticsFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFullAccess";
Use ManagedPolicy.AmazonMobileAnalyticsFullAccess instead.
const AmazonMobileAnalyticsNonfinancialReportAccess
const AmazonMobileAnalyticsNonfinancialReportAccess: ARN = "arn:aws:iam::aws:policy/AmazonMobileAnalyticsNon-financialReportAccess";
Use ManagedPolicy.AmazonMobileAnalyticsNonfinancialReportAccess instead.
const AmazonMobileAnalyticsWriteOnlyAccess
const AmazonMobileAnalyticsWriteOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonMobileAnalyticsWriteOnlyAccess";
Use ManagedPolicy.AmazonMobileAnalyticsWriteOnlyAccess instead.
const AmazonPollyFullAccess
const AmazonPollyFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonPollyFullAccess";
Use ManagedPolicy.AmazonPollyFullAccess instead.
const AmazonPollyReadOnlyAccess
const AmazonPollyReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonPollyReadOnlyAccess";
Use ManagedPolicy.AmazonPollyReadOnlyAccess instead.
const AmazonRDSDataFullAccess
const AmazonRDSDataFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonRDSDataFullAccess";
Use ManagedPolicy.AmazonRDSDataFullAccess instead.
const AmazonRDSDirectoryServiceAccess
const AmazonRDSDirectoryServiceAccess: ARN = "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess";
Use ManagedPolicy.AmazonRDSDirectoryServiceAccess instead.
const AmazonRDSEnhancedMonitoringRole
const AmazonRDSEnhancedMonitoringRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole";
Use ManagedPolicy.AmazonRDSEnhancedMonitoringRole instead.
const AmazonRDSFullAccess
const AmazonRDSFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonRDSFullAccess";
Use ManagedPolicy.AmazonRDSFullAccess instead.
const AmazonRDSReadOnlyAccess
const AmazonRDSReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonRDSReadOnlyAccess";
Use ManagedPolicy.AmazonRDSReadOnlyAccess instead.
const AmazonRedshiftFullAccess
const AmazonRedshiftFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonRedshiftFullAccess";
Use ManagedPolicy.AmazonRedshiftFullAccess instead.
const AmazonRedshiftReadOnlyAccess
const AmazonRedshiftReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonRedshiftReadOnlyAccess";
Use ManagedPolicy.AmazonRedshiftReadOnlyAccess instead.
const AmazonRekognitionFullAccess
const AmazonRekognitionFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonRekognitionFullAccess";
Use ManagedPolicy.AmazonRekognitionFullAccess instead.
const AmazonRekognitionReadOnlyAccess
const AmazonRekognitionReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonRekognitionReadOnlyAccess";
Use ManagedPolicy.AmazonRekognitionReadOnlyAccess instead.
const AmazonRoute53DomainsFullAccess
const AmazonRoute53DomainsFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonRoute53DomainsFullAccess";
Use ManagedPolicy.AmazonRoute53DomainsFullAccess instead.
const AmazonRoute53DomainsReadOnlyAccess
const AmazonRoute53DomainsReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonRoute53DomainsReadOnlyAccess";
Use ManagedPolicy.AmazonRoute53DomainsReadOnlyAccess instead.
const AmazonRoute53FullAccess
const AmazonRoute53FullAccess: ARN = "arn:aws:iam::aws:policy/AmazonRoute53FullAccess";
Use ManagedPolicy.AmazonRoute53FullAccess instead.
const AmazonRoute53ReadOnlyAccess
const AmazonRoute53ReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonRoute53ReadOnlyAccess";
Use ManagedPolicy.AmazonRoute53ReadOnlyAccess instead.
const AmazonS3FullAccess
const AmazonS3FullAccess: ARN = "arn:aws:iam::aws:policy/AmazonS3FullAccess";
Use ManagedPolicy.AmazonS3FullAccess instead.
const AmazonS3ReadOnlyAccess
const AmazonS3ReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess";
Use ManagedPolicy.AmazonS3ReadOnlyAccess instead.
const AmazonSESFullAccess
const AmazonSESFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonSESFullAccess";
Use ManagedPolicy.AmazonSESFullAccess instead.
const AmazonSESReadOnlyAccess
const AmazonSESReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonSESReadOnlyAccess";
Use ManagedPolicy.AmazonSESReadOnlyAccess instead.
const AmazonSNSFullAccess
const AmazonSNSFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonSNSFullAccess";
Use ManagedPolicy.AmazonSNSFullAccess instead.
const AmazonSNSReadOnlyAccess
const AmazonSNSReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonSNSReadOnlyAccess";
Use ManagedPolicy.AmazonSNSReadOnlyAccess instead.
const AmazonSNSRole
const AmazonSNSRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonSNSRole";
Use ManagedPolicy.AmazonSNSRole instead.
const AmazonSQSFullAccess
const AmazonSQSFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonSQSFullAccess";
Use ManagedPolicy.AmazonSQSFullAccess instead.
const AmazonSQSReadOnlyAccess
const AmazonSQSReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonSQSReadOnlyAccess";
Use ManagedPolicy.AmazonSQSReadOnlyAccess instead.
const AmazonSSMAutomationRole
const AmazonSSMAutomationRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonSSMAutomationRole";
Use ManagedPolicy.AmazonSSMAutomationRole instead.
const AmazonSSMFullAccess
const AmazonSSMFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonSSMFullAccess";
Use ManagedPolicy.AmazonSSMFullAccess instead.
const AmazonSSMMaintenanceWindowRole
const AmazonSSMMaintenanceWindowRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonSSMMaintenanceWindowRole";
Use ManagedPolicy.AmazonSSMMaintenanceWindowRole instead.
const AmazonSSMManagedInstanceCore
const AmazonSSMManagedInstanceCore: ARN = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore";
Use ManagedPolicy.AmazonSSMManagedInstanceCore instead.
const AmazonSSMReadOnlyAccess
const AmazonSSMReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess";
Use ManagedPolicy.AmazonSSMReadOnlyAccess instead.
const AmazonVPCFullAccess
const AmazonVPCFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonVPCFullAccess";
Use ManagedPolicy.AmazonVPCFullAccess instead.
const AmazonVPCReadOnlyAccess
const AmazonVPCReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonVPCReadOnlyAccess";
Use ManagedPolicy.AmazonVPCReadOnlyAccess instead.
const AmazonWorkMailFullAccess
const AmazonWorkMailFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonWorkMailFullAccess";
Use ManagedPolicy.AmazonWorkMailFullAccess instead.
const AmazonWorkMailReadOnlyAccess
const AmazonWorkMailReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonWorkMailReadOnlyAccess";
Use ManagedPolicy.AmazonWorkMailReadOnlyAccess instead.
const AmazonWorkSpacesAdmin
const AmazonWorkSpacesAdmin: ARN = "arn:aws:iam::aws:policy/AmazonWorkSpacesAdmin";
Use ManagedPolicy.AmazonWorkSpacesAdmin instead.
const AmazonWorkSpacesApplicationManagerAdminAccess
const AmazonWorkSpacesApplicationManagerAdminAccess: ARN = "arn:aws:iam::aws:policy/AmazonWorkSpacesApplicationManagerAdminAccess";
Use ManagedPolicy.AmazonWorkSpacesApplicationManagerAdminAccess instead.
const AmazonZocaloFullAccess
const AmazonZocaloFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonZocaloFullAccess";
Use ManagedPolicy.AmazonZocaloFullAccess instead.
const AmazonZocaloReadOnlyAccess
const AmazonZocaloReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonZocaloReadOnlyAccess";
Use ManagedPolicy.AmazonZocaloReadOnlyAccess instead.
const ApplicationAutoScalingForAmazonAppStreamAccess
const ApplicationAutoScalingForAmazonAppStreamAccess: ARN = "arn:aws:iam::aws:policy/service-role/ApplicationAutoScalingForAmazonAppStreamAccess";
Use ManagedPolicy.ApplicationAutoScalingForAmazonAppStreamAccess instead.
const AutoScalingConsoleFullAccess
const AutoScalingConsoleFullAccess: ARN = "arn:aws:iam::aws:policy/AutoScalingConsoleFullAccess";
Use ManagedPolicy.AutoScalingConsoleFullAccess instead.
const AutoScalingConsoleReadOnlyAccess
const AutoScalingConsoleReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AutoScalingConsoleReadOnlyAccess";
Use ManagedPolicy.AutoScalingConsoleReadOnlyAccess instead.
const AutoScalingFullAccess
const AutoScalingFullAccess: ARN = "arn:aws:iam::aws:policy/AutoScalingFullAccess";
Use ManagedPolicy.AutoScalingFullAccess instead.
const AutoScalingNotificationAccessRole
const AutoScalingNotificationAccessRole: ARN = "arn:aws:iam::aws:policy/service-role/AutoScalingNotificationAccessRole";
Use ManagedPolicy.AutoScalingNotificationAccessRole instead.
const AutoScalingReadOnlyAccess
const AutoScalingReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AutoScalingReadOnlyAccess";
Use ManagedPolicy.AutoScalingReadOnlyAccess instead.
const AWSAccountActivityAccess
const AWSAccountActivityAccess: ARN = "arn:aws:iam::aws:policy/AWSAccountActivityAccess";
Use ManagedPolicy.AWSAccountActivityAccess instead.
const AWSAccountUsageReportAccess
const AWSAccountUsageReportAccess: ARN = "arn:aws:iam::aws:policy/AWSAccountUsageReportAccess";
Use ManagedPolicy.AWSAccountUsageReportAccess instead.
const AWSAgentlessDiscoveryService
const AWSAgentlessDiscoveryService: ARN = "arn:aws:iam::aws:policy/AWSAgentlessDiscoveryService";
Use ManagedPolicy.AWSAgentlessDiscoveryService instead.
const AWSApplicationDiscoveryAgentAccess
const AWSApplicationDiscoveryAgentAccess: ARN = "arn:aws:iam::aws:policy/AWSApplicationDiscoveryAgentAccess";
Use ManagedPolicy.AWSApplicationDiscoveryAgentAccess instead.
const AWSApplicationDiscoveryServiceFullAccess
const AWSApplicationDiscoveryServiceFullAccess: ARN = "arn:aws:iam::aws:policy/AWSApplicationDiscoveryServiceFullAccess";
Use ManagedPolicy.AWSApplicationDiscoveryServiceFullAccess instead.
const AWSBatchFullAccess
const AWSBatchFullAccess: ARN = "arn:aws:iam::aws:policy/AWSBatchFullAccess";
Use ManagedPolicy.AWSBatchFullAccess instead.
const AWSBatchServiceRole
const AWSBatchServiceRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole";
Use ManagedPolicy.AWSBatchServiceRole instead.
const AWSCertificateManagerFullAccess
const AWSCertificateManagerFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCertificateManagerFullAccess";
Use ManagedPolicy.AWSCertificateManagerFullAccess instead.
const AWSCertificateManagerReadOnly
const AWSCertificateManagerReadOnly: ARN = "arn:aws:iam::aws:policy/AWSCertificateManagerReadOnly";
Use ManagedPolicy.AWSCertificateManagerReadOnly instead.
const AWSCloudFormationReadOnlyAccess
const AWSCloudFormationReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSCloudFormationReadOnlyAccess";
Use ManagedPolicy.AWSCloudFormationReadOnlyAccess instead.
const AWSCloudHSMFullAccess
const AWSCloudHSMFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCloudHSMFullAccess";
Use ManagedPolicy.AWSCloudHSMFullAccess instead.
const AWSCloudHSMReadOnlyAccess
const AWSCloudHSMReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSCloudHSMReadOnlyAccess";
Use ManagedPolicy.AWSCloudHSMReadOnlyAccess instead.
const AWSCloudHSMRole
const AWSCloudHSMRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSCloudHSMRole";
Use ManagedPolicy.AWSCloudHSMRole instead.
const AWSCloudTrailFullAccess
const AWSCloudTrailFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCloudTrailFullAccess";
Use ManagedPolicy.AWSCloudTrailFullAccess instead.
const AWSCloudTrailReadOnlyAccess
const AWSCloudTrailReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSCloudTrailReadOnlyAccess";
Use ManagedPolicy.AWSCloudTrailReadOnlyAccess instead.
const AWSCodeBuildAdminAccess
const AWSCodeBuildAdminAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess";
Use ManagedPolicy.AWSCodeBuildAdminAccess instead.
const AWSCodeBuildDeveloperAccess
const AWSCodeBuildDeveloperAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess";
Use ManagedPolicy.AWSCodeBuildDeveloperAccess instead.
const AWSCodeBuildReadOnlyAccess
const AWSCodeBuildReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeBuildReadOnlyAccess";
Use ManagedPolicy.AWSCodeBuildReadOnlyAccess instead.
const AWSCodeCommitFullAccess
const AWSCodeCommitFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeCommitFullAccess";
Use ManagedPolicy.AWSCodeCommitFullAccess instead.
const AWSCodeCommitPowerUser
const AWSCodeCommitPowerUser: ARN = "arn:aws:iam::aws:policy/AWSCodeCommitPowerUser";
Use ManagedPolicy.AWSCodeCommitPowerUser instead.
const AWSCodeCommitReadOnly
const AWSCodeCommitReadOnly: ARN = "arn:aws:iam::aws:policy/AWSCodeCommitReadOnly";
Use ManagedPolicy.AWSCodeCommitReadOnly instead.
const AWSCodeDeployDeployerAccess
const AWSCodeDeployDeployerAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess";
Use ManagedPolicy.AWSCodeDeployDeployerAccess instead.
const AWSCodeDeployFullAccess
const AWSCodeDeployFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeDeployFullAccess";
Use ManagedPolicy.AWSCodeDeployFullAccess instead.
const AWSCodeDeployReadOnlyAccess
const AWSCodeDeployReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeDeployReadOnlyAccess";
Use ManagedPolicy.AWSCodeDeployReadOnlyAccess instead.
const AWSCodeDeployRole
const AWSCodeDeployRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole";
Use ManagedPolicy.AWSCodeDeployRole instead.
const AWSCodeDeployRoleForECS
const AWSCodeDeployRoleForECS: ARN = "arn:aws:iam::aws:policy/AWSCodeDeployRoleForECS";
Use ManagedPolicy.AWSCodeDeployRoleForECS instead.
const AWSCodePipelineApproverAccess
const AWSCodePipelineApproverAccess: ARN = "arn:aws:iam::aws:policy/AWSCodePipelineApproverAccess";
Use ManagedPolicy.AWSCodePipelineApproverAccess instead.
const AWSCodePipelineCustomActionAccess
const AWSCodePipelineCustomActionAccess: ARN = "arn:aws:iam::aws:policy/AWSCodePipelineCustomActionAccess";
Use ManagedPolicy.AWSCodePipelineCustomActionAccess instead.
const AWSCodePipelineFullAccess
const AWSCodePipelineFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCodePipelineFullAccess";
Use ManagedPolicy.AWSCodePipelineFullAccess instead.
const AWSCodePipelineReadOnlyAccess
const AWSCodePipelineReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSCodePipelineReadOnlyAccess";
Use ManagedPolicy.AWSCodePipelineReadOnlyAccess instead.
const AWSCodeStarFullAccess
const AWSCodeStarFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeStarFullAccess";
Use ManagedPolicy.AWSCodeStarFullAccess instead.
const AWSCodeStarServiceRole
const AWSCodeStarServiceRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSCodeStarServiceRole";
Use ManagedPolicy.AWSCodeStarServiceRole instead.
const AWSConfigRole
const AWSConfigRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSConfigRole";
Use ManagedPolicy.AWSConfigRole instead.
const AWSConfigRulesExecutionRole
const AWSConfigRulesExecutionRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSConfigRulesExecutionRole";
Use ManagedPolicy.AWSConfigRulesExecutionRole instead.
const AWSConfigUserAccess
const AWSConfigUserAccess: ARN = "arn:aws:iam::aws:policy/AWSConfigUserAccess";
Use ManagedPolicy.AWSConfigUserAccess instead.
const AWSConnector
const AWSConnector: ARN = "arn:aws:iam::aws:policy/AWSConnector";
Use ManagedPolicy. AWSConnector instead.
const AWSDataPipeline_FullAccess
const AWSDataPipeline_FullAccess: ARN = "arn:aws:iam::aws:policy/AWSDataPipeline_FullAccess";
Use ManagedPolicy.AWSDataPipeline_FullAccess instead.
const AWSDataPipeline_PowerUser
const AWSDataPipeline_PowerUser: ARN = "arn:aws:iam::aws:policy/AWSDataPipeline_PowerUser";
Use ManagedPolicy.AWSDataPipeline_PowerUser instead.
const AWSDataPipelineRole
const AWSDataPipelineRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSDataPipelineRole";
Use ManagedPolicy.AWSDataPipelineRole instead.
const AWSDeviceFarmFullAccess
const AWSDeviceFarmFullAccess: ARN = "arn:aws:iam::aws:policy/AWSDeviceFarmFullAccess";
Use ManagedPolicy.AWSDeviceFarmFullAccess instead.
const AWSDirectConnectFullAccess
const AWSDirectConnectFullAccess: ARN = "arn:aws:iam::aws:policy/AWSDirectConnectFullAccess";
Use ManagedPolicy.AWSDirectConnectFullAccess instead.
const AWSDirectConnectReadOnlyAccess
const AWSDirectConnectReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSDirectConnectReadOnlyAccess";
Use ManagedPolicy.AWSDirectConnectReadOnlyAccess instead.
const AWSDirectoryServiceFullAccess
const AWSDirectoryServiceFullAccess: ARN = "arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess";
Use ManagedPolicy.AWSDirectoryServiceFullAccess instead.
const AWSDirectoryServiceReadOnlyAccess
const AWSDirectoryServiceReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSDirectoryServiceReadOnlyAccess";
Use ManagedPolicy.AWSDirectoryServiceReadOnlyAccess instead.
const AWSElasticBeanstalkCustomPlatformforEC2Role
const AWSElasticBeanstalkCustomPlatformforEC2Role: ARN = "arn:aws:iam::aws:policy/AWSElasticBeanstalkCustomPlatformforEC2Role";
Use ManagedPolicy.AWSElasticBeanstalkCustomPlatformforEC2Role instead.
const AWSElasticBeanstalkEnhancedHealth
const AWSElasticBeanstalkEnhancedHealth: ARN = "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkEnhancedHealth";
Use ManagedPolicy.AWSElasticBeanstalkEnhancedHealth instead.
const AWSElasticBeanstalkFullAccess
const AWSElasticBeanstalkFullAccess: ARN = "arn:aws:iam::aws:policy/AWSElasticBeanstalkFullAccess";
Use ManagedPolicy.AWSElasticBeanstalkFullAccess instead.
const AWSElasticBeanstalkMulticontainerDocker
const AWSElasticBeanstalkMulticontainerDocker: ARN = "arn:aws:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker";
Use ManagedPolicy.AWSElasticBeanstalkMulticontainerDocker instead.
const AWSElasticBeanstalkReadOnlyAccess
const AWSElasticBeanstalkReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSElasticBeanstalkReadOnlyAccess";
Use ManagedPolicy.AWSElasticBeanstalkReadOnlyAccess instead.
const AWSElasticBeanstalkService
const AWSElasticBeanstalkService: ARN = "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkService";
Use ManagedPolicy.AWSElasticBeanstalkService instead.
const AWSElasticBeanstalkWebTier
const AWSElasticBeanstalkWebTier: ARN = "arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier";
Use ManagedPolicy.AWSElasticBeanstalkWebTier instead.
const AWSElasticBeanstalkWorkerTier
const AWSElasticBeanstalkWorkerTier: ARN = "arn:aws:iam::aws:policy/AWSElasticBeanstalkWorkerTier";
Use ManagedPolicy.AWSElasticBeanstalkWorkerTier instead.
const AWSGreengrassFullAccess
const AWSGreengrassFullAccess: ARN = "arn:aws:iam::aws:policy/AWSGreengrassFullAccess";
Use ManagedPolicy.AWSGreengrassFullAccess instead.
const AWSGreengrassResourceAccessRolePolicy
const AWSGreengrassResourceAccessRolePolicy: ARN = "arn:aws:iam::aws:policy/service-role/AWSGreengrassResourceAccessRolePolicy";
Use ManagedPolicy.AWSGreengrassResourceAccessRolePolicy instead.
const AWSHealthFullAccess
const AWSHealthFullAccess: ARN = "arn:aws:iam::aws:policy/AWSHealthFullAccess";
Use ManagedPolicy.AWSHealthFullAccess instead.
const AWSImportExportFullAccess
const AWSImportExportFullAccess: ARN = "arn:aws:iam::aws:policy/AWSImportExportFullAccess";
Use ManagedPolicy.AWSImportExportFullAccess instead.
const AWSImportExportReadOnlyAccess
const AWSImportExportReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSImportExportReadOnlyAccess";
Use ManagedPolicy.AWSImportExportReadOnlyAccess instead.
const AWSIoTConfigAccess
const AWSIoTConfigAccess: ARN = "arn:aws:iam::aws:policy/AWSIoTConfigAccess";
Use ManagedPolicy.AWSIoTConfigAccess instead.
const AWSIoTConfigReadOnlyAccess
const AWSIoTConfigReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSIoTConfigReadOnlyAccess";
Use ManagedPolicy.AWSIoTConfigReadOnlyAccess instead.
const AWSIoTDataAccess
const AWSIoTDataAccess: ARN = "arn:aws:iam::aws:policy/AWSIoTDataAccess";
Use ManagedPolicy.AWSIoTDataAccess instead.
const AWSIoTFullAccess
const AWSIoTFullAccess: ARN = "arn:aws:iam::aws:policy/AWSIoTFullAccess";
Use ManagedPolicy.AWSIoTFullAccess instead.
const AWSIoTLogging
const AWSIoTLogging: ARN = "arn:aws:iam::aws:policy/service-role/AWSIoTLogging";
Use ManagedPolicy.AWSIoTLogging instead.
const AWSIoTRuleActions
const AWSIoTRuleActions: ARN = "arn:aws:iam::aws:policy/service-role/AWSIoTRuleActions";
Use ManagedPolicy.AWSIoTRuleActions instead.
const AWSKeyManagementServicePowerUser
const AWSKeyManagementServicePowerUser: ARN = "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser";
Use ManagedPolicy.AWSKeyManagementServicePowerUser instead.
const AWSLambdaBasicExecutionRole
const AWSLambdaBasicExecutionRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole";
Use ManagedPolicy.AWSLambdaBasicExecutionRole instead.
const AWSLambdaDynamoDBExecutionRole
const AWSLambdaDynamoDBExecutionRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole";
Use ManagedPolicy.AWSLambdaDynamoDBExecutionRole instead.
const AWSLambdaENIManagementAccess
const AWSLambdaENIManagementAccess: ARN = "arn:aws:iam::aws:policy/service-role/AWSLambdaENIManagementAccess";
Use ManagedPolicy.AWSLambdaENIManagementAccess instead.
const AWSLambdaExecute
const AWSLambdaExecute: ARN = "arn:aws:iam::aws:policy/AWSLambdaExecute";
Use ManagedPolicy.AWSLambdaExecute instead.
const AWSLambdaFullAccess
const AWSLambdaFullAccess: ARN = "arn:aws:iam::aws:policy/AWSLambdaFullAccess";
Use ManagedPolicy.AWSLambdaFullAccess instead.
const AWSLambdaInvocationDynamoDB
const AWSLambdaInvocationDynamoDB: ARN = "arn:aws:iam::aws:policy/AWSLambdaInvocation-DynamoDB";
Use ManagedPolicy.AWSLambdaInvocationDynamoDB instead.
const AWSLambdaKinesisExecutionRole
const AWSLambdaKinesisExecutionRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSLambdaKinesisExecutionRole";
Use ManagedPolicy.AWSLambdaKinesisExecutionRole instead.
const AWSLambdaReadOnlyAccess
const AWSLambdaReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSLambdaReadOnlyAccess";
Use ManagedPolicy.AWSLambdaReadOnlyAccess instead.
const AWSLambdaRole
const AWSLambdaRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSLambdaRole";
Use ManagedPolicy.AWSLambdaRole instead.
const AWSLambdaVPCAccessExecutionRole
const AWSLambdaVPCAccessExecutionRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole";
Use ManagedPolicy.AWSLambdaVPCAccessExecutionRole instead.
const AWSMarketplaceFullAccess
const AWSMarketplaceFullAccess: ARN = "arn:aws:iam::aws:policy/AWSMarketplaceFullAccess";
Use ManagedPolicy.AWSMarketplaceFullAccess instead.
const AWSMarketplaceGetEntitlements
const AWSMarketplaceGetEntitlements: ARN = "arn:aws:iam::aws:policy/AWSMarketplaceGetEntitlements";
Use ManagedPolicy.AWSMarketplaceGetEntitlements instead.
const AWSMarketplaceManageSubscriptions
const AWSMarketplaceManageSubscriptions: ARN = "arn:aws:iam::aws:policy/AWSMarketplaceManageSubscriptions";
Use ManagedPolicy.AWSMarketplaceManageSubscriptions instead.
const AWSMarketplaceMeteringFullAccess
const AWSMarketplaceMeteringFullAccess: ARN = "arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess";
Use ManagedPolicy.AWSMarketplaceMeteringFullAccess instead.
const AWSMarketplaceReadonly
const AWSMarketplaceReadonly: ARN = "arn:aws:iam::aws:policy/AWSMarketplaceRead-only";
Use ManagedPolicy.AWSMarketplaceReadonly instead.
const AWSMobileHub_FullAccess
const AWSMobileHub_FullAccess: ARN = "arn:aws:iam::aws:policy/AWSMobileHub_FullAccess";
Use ManagedPolicy.AWSMobileHub_FullAccess instead.
const AWSMobileHub_ReadOnly
const AWSMobileHub_ReadOnly: ARN = "arn:aws:iam::aws:policy/AWSMobileHub_ReadOnly";
Use ManagedPolicy.AWSMobileHub_ReadOnly instead.
const AWSMobileHub_ServiceUseOnly
const AWSMobileHub_ServiceUseOnly: ARN = "arn:aws:iam::aws:policy/service-role/AWSMobileHub_ServiceUseOnly";
Use ManagedPolicy.AWSMobileHub_ServiceUseOnly instead.
const AWSOpsWorksCloudWatchLogs
const AWSOpsWorksCloudWatchLogs: ARN = "arn:aws:iam::aws:policy/AWSOpsWorksCloudWatchLogs";
Use ManagedPolicy.AWSOpsWorksCloudWatchLogs instead.
const AWSOpsWorksCMInstanceProfileRole
const AWSOpsWorksCMInstanceProfileRole: ARN = "arn:aws:iam::aws:policy/AWSOpsWorksCMInstanceProfileRole";
Use ManagedPolicy.AWSOpsWorksCMInstanceProfileRole instead.
const AWSOpsWorksCMServiceRole
const AWSOpsWorksCMServiceRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSOpsWorksCMServiceRole";
Use ManagedPolicy.AWSOpsWorksCMServiceRole instead.
const AWSOpsWorksFullAccess
const AWSOpsWorksFullAccess: ARN = "arn:aws:iam::aws:policy/AWSOpsWorksFullAccess";
Use ManagedPolicy.AWSOpsWorksFullAccess instead.
const AWSOpsWorksInstanceRegistration
const AWSOpsWorksInstanceRegistration: ARN = "arn:aws:iam::aws:policy/AWSOpsWorksInstanceRegistration";
Use ManagedPolicy.AWSOpsWorksInstanceRegistration instead.
const AWSOpsWorksRegisterCLI
const AWSOpsWorksRegisterCLI: ARN = "arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI";
Use ManagedPolicy.AWSOpsWorksRegisterCLI instead.
const AWSOpsWorksRole
const AWSOpsWorksRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSOpsWorksRole";
Use ManagedPolicy.AWSOpsWorksRole instead.
const AWSQuicksightAthenaAccess
const AWSQuicksightAthenaAccess: ARN = "arn:aws:iam::aws:policy/service-role/AWSQuicksightAthenaAccess";
Use ManagedPolicy.AWSQuicksightAthenaAccess instead.
const AWSQuickSightDescribeRDS
const AWSQuickSightDescribeRDS: ARN = "arn:aws:iam::aws:policy/service-role/AWSQuickSightDescribeRDS";
Use ManagedPolicy.AWSQuickSightDescribeRDS instead.
const AWSQuickSightDescribeRedshift
const AWSQuickSightDescribeRedshift: ARN = "arn:aws:iam::aws:policy/service-role/AWSQuickSightDescribeRedshift";
Use ManagedPolicy.AWSQuickSightDescribeRedshift instead.
const AWSQuickSightListIAM
const AWSQuickSightListIAM: ARN = "arn:aws:iam::aws:policy/service-role/AWSQuickSightListIAM";
Use ManagedPolicy.AWSQuickSightListIAM instead.
const AWSStepFunctionsConsoleFullAccess
const AWSStepFunctionsConsoleFullAccess: ARN = "arn:aws:iam::aws:policy/AWSStepFunctionsConsoleFullAccess";
Use ManagedPolicy.AWSStepFunctionsConsoleFullAccess instead.
const AWSStepFunctionsFullAccess
const AWSStepFunctionsFullAccess: ARN = "arn:aws:iam::aws:policy/AWSStepFunctionsFullAccess";
Use ManagedPolicy.AWSStepFunctionsFullAccess instead.
const AWSStepFunctionsReadOnlyAccess
const AWSStepFunctionsReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSStepFunctionsReadOnlyAccess";
Use ManagedPolicy.AWSStepFunctionsReadOnlyAccess instead.
const AWSStorageGatewayFullAccess
const AWSStorageGatewayFullAccess: ARN = "arn:aws:iam::aws:policy/AWSStorageGatewayFullAccess";
Use ManagedPolicy.AWSStorageGatewayFullAccess instead.
const AWSStorageGatewayReadOnlyAccess
const AWSStorageGatewayReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSStorageGatewayReadOnlyAccess";
Use ManagedPolicy.AWSStorageGatewayReadOnlyAccess instead.
const AWSSupportAccess
const AWSSupportAccess: ARN = "arn:aws:iam::aws:policy/AWSSupportAccess";
Use ManagedPolicy.AWSSupportAccess instead.
const AWSWAFFullAccess
const AWSWAFFullAccess: ARN = "arn:aws:iam::aws:policy/AWSWAFFullAccess";
Use ManagedPolicy.AWSWAFFullAccess instead.
const AWSWAFReadOnlyAccess
const AWSWAFReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSWAFReadOnlyAccess";
Use ManagedPolicy.AWSWAFReadOnlyAccess instead.
const AWSXRayDaemonWriteAccess
const AWSXRayDaemonWriteAccess: ARN = "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess";
Use ManagedPolicy.AWSXRayDaemonWriteAccess instead.
const AWSXrayFullAccess
const AWSXrayFullAccess: ARN = "arn:aws:iam::aws:policy/AWSXrayFullAccess";
Use ManagedPolicy.AWSXrayFullAccess instead.
const AWSXrayReadOnlyAccess
const AWSXrayReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSXrayReadOnlyAccess";
Use ManagedPolicy.AWSXrayReadOnlyAccess instead.
const AWSXrayWriteOnlyAccess
const AWSXrayWriteOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess";
Use ManagedPolicy.AWSXrayWriteOnlyAccess instead.
const Billing
const Billing: ARN = "arn:aws:iam::aws:policy/job-function/Billing";
Use ManagedPolicy. Billing instead.
const CloudFrontFullAccess
const CloudFrontFullAccess: ARN = "arn:aws:iam::aws:policy/CloudFrontFullAccess";
Use ManagedPolicy.CloudFrontFullAccess instead.
const CloudFrontReadOnlyAccess
const CloudFrontReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/CloudFrontReadOnlyAccess";
Use ManagedPolicy.CloudFrontReadOnlyAccess instead.
const CloudSearchFullAccess
const CloudSearchFullAccess: ARN = "arn:aws:iam::aws:policy/CloudSearchFullAccess";
Use ManagedPolicy.CloudSearchFullAccess instead.
const CloudSearchReadOnlyAccess
const CloudSearchReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/CloudSearchReadOnlyAccess";
Use ManagedPolicy.CloudSearchReadOnlyAccess instead.
const CloudWatchActionsEC2Access
const CloudWatchActionsEC2Access: ARN = "arn:aws:iam::aws:policy/CloudWatchActionsEC2Access";
Use ManagedPolicy.CloudWatchActionsEC2Access instead.
const CloudWatchEventsBuiltInTargetExecutionAccess
const CloudWatchEventsBuiltInTargetExecutionAccess: ARN = "arn:aws:iam::aws:policy/service-role/CloudWatchEventsBuiltInTargetExecutionAccess";
Use ManagedPolicy.CloudWatchEventsBuiltInTargetExecutionAccess instead.
const CloudWatchEventsFullAccess
const CloudWatchEventsFullAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchEventsFullAccess";
Use ManagedPolicy.CloudWatchEventsFullAccess instead.
const CloudWatchEventsInvocationAccess
const CloudWatchEventsInvocationAccess: ARN = "arn:aws:iam::aws:policy/service-role/CloudWatchEventsInvocationAccess";
Use ManagedPolicy.CloudWatchEventsInvocationAccess instead.
const CloudWatchEventsReadOnlyAccess
const CloudWatchEventsReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchEventsReadOnlyAccess";
Use ManagedPolicy.CloudWatchEventsReadOnlyAccess instead.
const CloudWatchFullAccess
const CloudWatchFullAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchFullAccess";
Use ManagedPolicy.CloudWatchFullAccess instead.
const CloudWatchLogsFullAccess
const CloudWatchLogsFullAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess";
Use ManagedPolicy.CloudWatchLogsFullAccess instead.
const CloudWatchLogsReadOnlyAccess
const CloudWatchLogsReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess";
Use ManagedPolicy.CloudWatchLogsReadOnlyAccess instead.
const CloudWatchReadOnlyAccess
const CloudWatchReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess";
Use ManagedPolicy.CloudWatchReadOnlyAccess instead.
const DatabaseAdministrator
const DatabaseAdministrator: ARN = "arn:aws:iam::aws:policy/job-function/DatabaseAdministrator";
Use ManagedPolicy.DatabaseAdministrator instead.
const DataScientist
const DataScientist: ARN = "arn:aws:iam::aws:policy/job-function/DataScientist";
Use ManagedPolicy.DataScientist instead.
const IAMFullAccess
const IAMFullAccess: ARN = "arn:aws:iam::aws:policy/IAMFullAccess";
Use ManagedPolicy.IAMFullAccess instead.
const IAMReadOnlyAccess
const IAMReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/IAMReadOnlyAccess";
Use ManagedPolicy.IAMReadOnlyAccess instead.
const IAMSelfManageServiceSpecificCredentials
const IAMSelfManageServiceSpecificCredentials: ARN = "arn:aws:iam::aws:policy/IAMSelfManageServiceSpecificCredentials";
Use ManagedPolicy.IAMSelfManageServiceSpecificCredentials instead.
const IAMUserChangePassword
const IAMUserChangePassword: ARN = "arn:aws:iam::aws:policy/IAMUserChangePassword";
Use ManagedPolicy.IAMUserChangePassword instead.
const IAMUserSSHKeys
const IAMUserSSHKeys: ARN = "arn:aws:iam::aws:policy/IAMUserSSHKeys";
Use ManagedPolicy.IAMUserSSHKeys instead.
const NetworkAdministrator
const NetworkAdministrator: ARN = "arn:aws:iam::aws:policy/job-function/NetworkAdministrator";
Use ManagedPolicy.NetworkAdministrator instead.
const PowerUserAccess
const PowerUserAccess: ARN = "arn:aws:iam::aws:policy/PowerUserAccess";
Use ManagedPolicy.PowerUserAccess instead.
const RDSCloudHsmAuthorizationRole
const RDSCloudHsmAuthorizationRole: ARN = "arn:aws:iam::aws:policy/service-role/RDSCloudHsmAuthorizationRole";
Use ManagedPolicy.RDSCloudHsmAuthorizationRole instead.
const ReadOnlyAccess
const ReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/ReadOnlyAccess";
Use ManagedPolicy.ReadOnlyAccess instead.
const ResourceGroupsandTagEditorFullAccess
const ResourceGroupsandTagEditorFullAccess: ARN = "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorFullAccess";
Use ManagedPolicy.ResourceGroupsandTagEditorFullAccess instead.
const ResourceGroupsandTagEditorReadOnlyAccess
const ResourceGroupsandTagEditorReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorReadOnlyAccess";
Use ManagedPolicy.ResourceGroupsandTagEditorReadOnlyAccess instead.
const SecurityAudit
const SecurityAudit: ARN = "arn:aws:iam::aws:policy/SecurityAudit";
Use ManagedPolicy.SecurityAudit instead.
const ServerMigrationConnector
const ServerMigrationConnector: ARN = "arn:aws:iam::aws:policy/ServerMigrationConnector";
Use ManagedPolicy.ServerMigrationConnector instead.
const ServerMigrationServiceRole
const ServerMigrationServiceRole: ARN = "arn:aws:iam::aws:policy/service-role/ServerMigrationServiceRole";
Use ManagedPolicy.ServerMigrationServiceRole instead.
const ServiceCatalogAdminFullAccess
const ServiceCatalogAdminFullAccess: ARN = "arn:aws:iam::aws:policy/ServiceCatalogAdminFullAccess";
Use ManagedPolicy.ServiceCatalogAdminFullAccess instead.
const ServiceCatalogAdminReadOnlyAccess
const ServiceCatalogAdminReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/ServiceCatalogAdminReadOnlyAccess";
Use ManagedPolicy.ServiceCatalogAdminReadOnlyAccess instead.
const ServiceCatalogEndUserAccess
const ServiceCatalogEndUserAccess: ARN = "arn:aws:iam::aws:policy/ServiceCatalogEndUserAccess";
Use ManagedPolicy.ServiceCatalogEndUserAccess instead.
const ServiceCatalogEndUserFullAccess
const ServiceCatalogEndUserFullAccess: ARN = "arn:aws:iam::aws:policy/ServiceCatalogEndUserFullAccess";
Use ManagedPolicy.ServiceCatalogEndUserFullAccess instead.
const SimpleWorkflowFullAccess
const SimpleWorkflowFullAccess: ARN = "arn:aws:iam::aws:policy/SimpleWorkflowFullAccess";
Use ManagedPolicy.SimpleWorkflowFullAccess instead.
const SupportUser
const SupportUser: ARN = "arn:aws:iam::aws:policy/job-function/SupportUser";
Use ManagedPolicy. SupportUser instead.
const SystemAdministrator
const SystemAdministrator: ARN = "arn:aws:iam::aws:policy/job-function/SystemAdministrator";
Use ManagedPolicy.SystemAdministrator instead.
const ViewOnlyAccess
const ViewOnlyAccess: ARN = "arn:aws:iam::aws:policy/job-function/ViewOnlyAccess";
Use ManagedPolicy.ViewOnlyAccess instead.
const VMImportExportRoleForAWSConnector
const VMImportExportRoleForAWSConnector: ARN = "arn:aws:iam::aws:policy/service-role/VMImportExportRoleForAWSConnector";
Use ManagedPolicy.VMImportExportRoleForAWSConnector instead.
namespace Principals
const AcmServicePrincipal
Service Principal for Amazon Certificate Manager
let Service
let Service: string = "acm.amazonaws.com";
const ApiGatewayPrincipal
Service Principal for API Gatewaylet Service
let Service: string = "apigateway.amazonaws.com";
const AthenaPrincipal
Service Principal for Athenalet Service
let Service: string = "athena.amazonaws.com";
const AutoscalingPrincipal
Service Principal for Autoscalinglet Service
let Service: string = "autoscaling.amazonaws.com";
const BatchPrincipal
Service Principal for Batchlet Service
let Service: string = "batch.amazonaws.com";
const CloudDirectoryPrincipal
Service Principal for Cloud Directorylet Service
let Service: string = "clouddirectory.amazonaws.com";
const CloudformationPrincipal
Service Principal for Cloudformationlet Service
let Service: string = "cloudformation.amazonaws.com";
const CloudfrontPrincipal
Service Principal for Cloudfrontlet Service
let Service: string = "cloudfront.amazonaws.com";
const CloudSearchPrincipal
Service Principal for Cloud Searchlet Service
let Service: string = "cloudsearch.amazonaws.com";
const CloudtrailPrincipal
Service Principal for Cloudtraillet Service
let Service: string = "cloudtrail.amazonaws.com";
const CodeBuildPrincipal
Service Principal for CodeBuildlet Service
let Service: string = "codebuild.amazonaws.com";
const CodeCommitPrincipal
Service Principal for CodeCommitlet Service
let Service: string = "codecommit.amazonaws.com";
const CodeDeployPrincipal
Service Principal for CodeDeploylet Service
let Service: string = "codedeploy.amazonaws.com";
const CodePipelinePrincipal
Service Principal for CodePipelinelet Service
let Service: string = "codepipeline.amazonaws.com";
const ConfigPrincipal
Service Principal for EC2 Config Servicelet Service
let Service: string = "config.amazonaws.com";
const DataPipelinePrincipal
Service Principal for Data Pipelinelet Service
let Service: string = "datapipeline.amazonaws.com";
const DirectConnectPrincipal
Service Principal for DirectConnectlet Service
let Service: string = "directconnect.amazonaws.com";
const DirectoryServicesPrincipal
Service Principal for Directory Serviceslet Service
let Service: string = "ds.amazonaws.com";
const DynamoDbPrincipal
Service Principal for DynamoDBlet Service
let Service: string = "dynamodb.amazonaws.com";
const Ec2Principal
Service Principal for EC2let Service
let Service: string = "ec2.amazonaws.com";
const EcrPrincipal
Service Principal for Elastic Container Registrylet Service
let Service: string = "ecr.amazonaws.com";
const EcsPrincipal
Service Principal for Elastic Container Servicelet Service
let Service: string = "ecs.amazonaws.com";
const EcsTasksPrincipal
Service Principal for Elastic Container Service Tasks Usage: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.htmllet Service
let Service: string = "ecs-tasks.amazonaws.com";
const EdgeLambdaPrincipal
Service Principal for Edge Lambdalet Service
let Service: string = "edgelambda.amazonaws.com";
const ElasticachePrincipal
Service Principal for Elasticachelet Service
let Service: string = "elasticache.amazonaws.com";
const ElasticBeanstalkPrincipal
Service Principal for Elastic Beanstalklet Service
let Service: string = "elasticbeanstalk.amazonaws.com";
const ElasticFileSystemPrincipal
Service Principal for Elastic File Systemlet Service
let Service: string = "elasticfilesystem.amazonaws.com";
const ElasticLoadBalancingPrincipal
Service Principal for Elastic Load Balancinglet Service
let Service: string = "elasticloadbalancing.amazonaws.com";
const ElasticMapReducePrincipal
Service Principal for Elastic MapReducelet Service
let Service: string = "elasticmapreduce.amazonaws.com";
const EventsPrincipal
Service Principal for Eventslet Service
let Service: string = "events.amazonaws.com";
const HealthPrincipal
Service Principal for Healthlet Service
let Service: string = "health.amazonaws.com";
const IamPrincipal
Service Principal for IAMlet Service
let Service: string = "iam.amazonaws.com";
const InspectorPrincipal
Service Principal for AWS Inspectorlet Service
let Service: string = "inspector.amazonaws.com";
const KinesisPrincipal
Service Principal for Kinesislet Service
let Service: string = "kinesis.amazonaws.com";
const KmsPrincipal
Service Principal for Key Mangaement Servicelet Service
let Service: string = "kms.amazonaws.com";
const LambdaPrincipal
Service Principal for Lambdalet Service
let Service: string = "lambda.amazonaws.com";
const LightsailPrincipal
Service Principal for Lightsaillet Service
let Service: string = "lightsail.amazonaws.com";
const LogsPrincipal
Service Principal for Cloudwatch Logslet Service
let Service: string = "logs.amazonaws.com";
const MonitoringPrincipal
Service Principal for Cloudwatch Monitoringlet Service
let Service: string = "monitoring.amazonaws.com";
const OpsworksPrincipal
Service Principal for Opsworkslet Service
let Service: string = "opsworks.amazonaws.com";
const OrganizationsPrincipal
Service Principal for Organizationslet Service
let Service: string = "organizations.amazonaws.com";
const RdsPrincipal
Service Principal for Relational Database Servicelet Service
let Service: string = "rds.amazonaws.com";
const RedshiftPrincipal
Service Principal for Redshiftlet Service
let Service: string = "redshift.amazonaws.com";
const Route53Principal
Service Principal for Route 53let Service
let Service: string = "route53.amazonaws.com";
const S3Principal
Service Principal for S3let Service
let Service: string = "s3.amazonaws.com";
const ServiceCatalogPrincipal
Service Principal for Service Cataloglet Service
let Service: string = "servicecatalog.amazonaws.com";
const SesPrincipal
Service Principal for Simple Email Servicelet Service
let Service: string = "ses.amazonaws.com";
const SigninPrincipal
Service Principal for Signin Servicelet Service
let Service: string = "signin.amazonaws.com";
const SnsPrincipal
Service Principal for Simple Notification Servicelet Service
let Service: string = "sns.amazonaws.com";
const SpotFleetPrincipal
Service Principal for Spot Fleetlet Service
let Service: string = "spotfleet.amazonaws.com";
const SqsPrincipal
Service Principal for Simple Queue Servicelet Service
let Service: string = "sqs.amazonaws.com";
const SsmPrincipal
Service Principal for Systems Managerlet Service
let Service: string = "ssm.amazonaws.com";
const StorageGatewayPrincipal
Service Principal for Storage Gatewaylet Service
let Service: string = "storagegateway.amazonaws.com";
const StsPrincipal
Service Principal for Security Token Servicelet Service
let Service: string = "sts.amazonaws.com";
const SupportPrincipal
Service Principal for AWS Supportlet Service
let Service: string = "support.amazonaws.com";
const VmiePrincipal
Service Principal for VM Import/Exportlet Service
let Service: string = "vmie.amazonaws.com";
const VpcFlowLogsPrincipal
Service Principal for VPC Flow Logslet Service
let Service: string = "vpc-flow-logs.amazonaws.com";
const WafPrincipal
Service Principal for Web Application Firewalllet Service
let Service: string = "waf.amazonaws.com";
const WorkDocsPrincipal
Service Principal for WorkDocslet Service
let Service: string = "workdocs.amazonaws.com";
const WorkspacesPrincipal
Service Principal for Workspaceslet Service
let Service: string = "workspaces.amazonaws.com";
Resources
Resource AccessKey
class AccessKey extends CustomResource
Provides an IAM access key. This is a set of credentials that allow API requests to be made as an IAM user.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const lbUser = new aws.iam.User("lbUser", {path: "/system/"});
const lbAccessKey = new aws.iam.AccessKey("lbAccessKey", {
user: lbUser.name,
pgpKey: "keybase:some_person_that_exists",
});
const lbRo = new aws.iam.UserPolicy("lbRo", {
user: lbUser.name,
policy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
`,
});
export const secret = lbAccessKey.encryptedSecret;
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const testUser = new aws.iam.User("testUser", {path: "/test/"});
const testAccessKey = new aws.iam.AccessKey("testAccessKey", {user: testUser.name});
export const awsIamSmtpPasswordV4 = testAccessKey.sesSmtpPasswordV4;
constructor
new AccessKey(name: string, args: AccessKeyArgs, opts?: pulumi.CustomResourceOptions)
Create a AccessKey resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccessKeyState, opts?: pulumi.CustomResourceOptions): AccessKey
Get an existing AccessKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method isInstance
public static isInstance(obj: any): obj is AccessKey
Returns true if the given object is an instance of AccessKey. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property encryptedSecret
public encryptedSecret: pulumi.Output<string>;
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property keyFingerprint
public keyFingerprint: pulumi.Output<string>;
The fingerprint of the PGP key used to encrypt the secret
property pgpKey
public pgpKey: pulumi.Output<string | undefined>;
Either a base-64 encoded PGP public key, or a
keybase username in the form keybase:some_person_that_exists
, for use
in the encryptedSecret
output attribute.
property secret
public secret: pulumi.Output<string>;
The secret access key. Note that this will be written
to the state file. If you use this, please protect your backend state file
judiciously. Alternatively, you may supply a pgpKey
instead, which will
prevent the secret from being stored in plaintext, at the cost of preventing
the use of the secret key in automation.
property sesSmtpPasswordV4
public sesSmtpPasswordV4: pulumi.Output<string>;
The secret access key converted into an SES SMTP
password by applying AWS’s documented Sigv4 conversion
algorithm.
As SigV4 is region specific, valid Provider regions are ap-south-1
, ap-southeast-2
, eu-central-1
, eu-west-1
, us-east-1
and us-west-2
. See current AWS SES regions
property status
public status: pulumi.Output<string>;
The access key status to apply. Defaults to Active
.
Valid values are Active
and Inactive
.
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property user
public user: pulumi.Output<string>;
The IAM user to associate with this access key.
Resource AccountAlias
class AccountAlias extends CustomResource
Note: There is only a single account alias per AWS account.
Manages the account alias for the AWS Account.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const alias = new aws.iam.AccountAlias("alias", {
accountAlias: "my-account-alias",
});
Import
The current Account Alias can be imported using the account_alias
, e.g.
$ pulumi import aws:iam/accountAlias:AccountAlias alias my-account-alias
constructor
new AccountAlias(name: string, args: AccountAliasArgs, opts?: pulumi.CustomResourceOptions)
Create a AccountAlias resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccountAliasState, opts?: pulumi.CustomResourceOptions): AccountAlias
Get an existing AccountAlias resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method isInstance
public static isInstance(obj: any): obj is AccountAlias
Returns true if the given object is an instance of AccountAlias. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property accountAlias
public accountAlias: pulumi.Output<string>;
The account alias
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource AccountPasswordPolicy
class AccountPasswordPolicy extends CustomResource
Note: There is only a single policy allowed per AWS account. An existing policy will be lost when using this resource as an effect of this limitation.
Manages Password Policy for the AWS Account. See more about Account Password Policy in the official AWS docs.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const strict = new aws.iam.AccountPasswordPolicy("strict", {
allowUsersToChangePassword: true,
minimumPasswordLength: 8,
requireLowercaseCharacters: true,
requireNumbers: true,
requireSymbols: true,
requireUppercaseCharacters: true,
});
Import
IAM Account Password Policy can be imported using the word iam-account-password-policy
, e.g.
$ pulumi import aws:iam/accountPasswordPolicy:AccountPasswordPolicy strict iam-account-password-policy
constructor
new AccountPasswordPolicy(name: string, args?: AccountPasswordPolicyArgs, opts?: pulumi.CustomResourceOptions)
Create a AccountPasswordPolicy resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccountPasswordPolicyState, opts?: pulumi.CustomResourceOptions): AccountPasswordPolicy
Get an existing AccountPasswordPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method isInstance
public static isInstance(obj: any): obj is AccountPasswordPolicy
Returns true if the given object is an instance of AccountPasswordPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property allowUsersToChangePassword
public allowUsersToChangePassword: pulumi.Output<boolean | undefined>;
Whether to allow users to change their own password
property expirePasswords
public expirePasswords: pulumi.Output<boolean>;
Indicates whether passwords in the account expire. Returns true
if maxPasswordAge
contains a value greater than 0
. Returns false
if it is 0
or not present.
property hardExpiry
public hardExpiry: pulumi.Output<boolean>;
Whether users are prevented from setting a new password after their password has expired (i.e. require administrator reset)
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property maxPasswordAge
public maxPasswordAge: pulumi.Output<number>;
The number of days that an user password is valid.
property minimumPasswordLength
public minimumPasswordLength: pulumi.Output<number | undefined>;
Minimum length to require for user passwords.
property passwordReusePrevention
public passwordReusePrevention: pulumi.Output<number>;
The number of previous passwords that users are prevented from reusing.
property requireLowercaseCharacters
public requireLowercaseCharacters: pulumi.Output<boolean>;
Whether to require lowercase characters for user passwords.
property requireNumbers
public requireNumbers: pulumi.Output<boolean>;
Whether to require numbers for user passwords.
property requireSymbols
public requireSymbols: pulumi.Output<boolean>;
Whether to require symbols for user passwords.
property requireUppercaseCharacters
public requireUppercaseCharacters: pulumi.Output<boolean>;
Whether to require uppercase characters for user passwords.
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource Group
class Group extends CustomResource
Provides an IAM group.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const developers = new aws.iam.Group("developers", {
path: "/users/",
});
Import
IAM Groups can be imported using the name
, e.g.
$ pulumi import aws:iam/group:Group developers developers
constructor
new Group(name: string, args?: GroupArgs, opts?: pulumi.CustomResourceOptions)
Create a Group resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupState, opts?: pulumi.CustomResourceOptions): Group
Get an existing Group resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method isInstance
public static isInstance(obj: any): obj is Group
Returns true if the given object is an instance of Group. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property arn
public arn: pulumi.Output<string>;
The ARN assigned by AWS for this group.
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property name
public name: pulumi.Output<string>;
The group’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.
. Group names are not distinguished by case. For example, you cannot create groups named both “ADMINS” and “admins”.
property path
public path: pulumi.Output<string | undefined>;
Path in which to create the group.
property uniqueId
public uniqueId: pulumi.Output<string>;
The [unique ID][1] assigned by AWS.
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource GroupMembership
class GroupMembership extends CustomResource
WARNING: Multiple aws.iam.GroupMembership resources with the same group name will produce inconsistent behavior!
Provides a top level resource to manage IAM Group membership for IAM Users. For more information on managing IAM Groups or IAM Users, see IAM Groups or IAM Users
Note:
aws.iam.GroupMembership
will conflict with itself if used more than once with the same group. To non-exclusively manage the users in a group, see the [aws.iam.UserGroupMembership
resource][3].
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const group = new aws.iam.Group("group", {});
const userOne = new aws.iam.User("userOne", {});
const userTwo = new aws.iam.User("userTwo", {});
const team = new aws.iam.GroupMembership("team", {
users: [
userOne.name,
userTwo.name,
],
group: group.name,
});
constructor
new GroupMembership(name: string, args: GroupMembershipArgs, opts?: pulumi.CustomResourceOptions)
Create a GroupMembership resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupMembershipState, opts?: pulumi.CustomResourceOptions): GroupMembership
Get an existing GroupMembership resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method isInstance
public static isInstance(obj: any): obj is GroupMembership
Returns true if the given object is an instance of GroupMembership. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property group
public group: pulumi.Output<string>;
The IAM Group name to attach the list of users
to
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property name
public name: pulumi.Output<string>;
The name to identify the Group Membership
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property users
public users: pulumi.Output<string[]>;
A list of IAM User names to associate with the Group
Resource GroupPolicy
class GroupPolicy extends CustomResource
Provides an IAM policy attached to a group.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const myDevelopers = new aws.iam.Group("myDevelopers", {path: "/users/"});
const myDeveloperPolicy = new aws.iam.GroupPolicy("myDeveloperPolicy", {
group: myDevelopers.name,
policy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
`,
});
Import
IAM Group Policies can be imported using the group_name:group_policy_name
, e.g.
$ pulumi import aws:iam/groupPolicy:GroupPolicy mypolicy group_of_mypolicy_name:mypolicy_name
constructor
new GroupPolicy(name: string, args: GroupPolicyArgs, opts?: pulumi.CustomResourceOptions)
Create a GroupPolicy resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupPolicyState, opts?: pulumi.CustomResourceOptions): GroupPolicy
Get an existing GroupPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method isInstance
public static isInstance(obj: any): obj is GroupPolicy
Returns true if the given object is an instance of GroupPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property group
public group: pulumi.Output<string>;
The IAM group to attach to the policy.
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property name
public name: pulumi.Output<string>;
The name of the policy. If omitted, this provider will assign a random, unique name.
property namePrefix
public namePrefix: pulumi.Output<string | undefined>;
Creates a unique name beginning with the specified
prefix. Conflicts with name
.
property policy
public policy: pulumi.Output<string>;
The policy document. This is a JSON formatted string.
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource GroupPolicyAttachment
class GroupPolicyAttachment extends CustomResource
Attaches a Managed IAM Policy to an IAM group
NOTE: The usage of this resource conflicts with the
aws.iam.PolicyAttachment
resource and will permanently show a difference if both are defined.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const group = new aws.iam.Group("group", {});
const policy = new aws.iam.Policy("policy", {
description: "A test policy",
policy: "{ ... policy JSON ... }",
});
const test_attach = new aws.iam.GroupPolicyAttachment("test-attach", {
group: group.name,
policyArn: policy.arn,
});
Import
IAM group policy attachments can be imported using the group name and policy arn separated by /
.
$ pulumi import aws:iam/groupPolicyAttachment:GroupPolicyAttachment test-attach test-group/arn:aws:iam::xxxxxxxxxxxx:policy/test-policy
constructor
new GroupPolicyAttachment(name: string, args: GroupPolicyAttachmentArgs, opts?: pulumi.CustomResourceOptions)
Create a GroupPolicyAttachment resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupPolicyAttachmentState, opts?: pulumi.CustomResourceOptions): GroupPolicyAttachment
Get an existing GroupPolicyAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method isInstance
public static isInstance(obj: any): obj is GroupPolicyAttachment
Returns true if the given object is an instance of GroupPolicyAttachment. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property group
public group: pulumi.Output<string>;
The group the policy should be applied to
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property policyArn
public policyArn: pulumi.Output<ARN>;
The ARN of the policy you want to apply
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource InstanceProfile
class InstanceProfile extends CustomResource
Provides an IAM instance profile.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const role = new aws.iam.Role("role", {
path: "/",
assumeRolePolicy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
`,
});
const testProfile = new aws.iam.InstanceProfile("testProfile", {role: role.name});
Import
Instance Profiles can be imported using the name
, e.g.
$ pulumi import aws:iam/instanceProfile:InstanceProfile test_profile app-instance-profile-1
constructor
new InstanceProfile(name: string, args?: InstanceProfileArgs, opts?: pulumi.CustomResourceOptions)
Create a InstanceProfile resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: InstanceProfileState, opts?: pulumi.CustomResourceOptions): InstanceProfile
Get an existing InstanceProfile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method isInstance
public static isInstance(obj: any): obj is InstanceProfile
Returns true if the given object is an instance of InstanceProfile. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property arn
public arn: pulumi.Output<string>;
The ARN assigned by AWS to the instance profile.
property createDate
public createDate: pulumi.Output<string>;
The creation timestamp of the instance profile.
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property name
public name: pulumi.Output<string>;
The profile’s name. If omitted, this provider will assign a random, unique name.
property namePrefix
public namePrefix: pulumi.Output<string | undefined>;
Creates a unique name beginning with the specified prefix. Conflicts with name
.
property path
public path: pulumi.Output<string | undefined>;
Path in which to create the profile.
property role
public role: pulumi.Output<string | undefined>;
The role name to include in the profile.
property uniqueId
public uniqueId: pulumi.Output<string>;
The [unique ID][1] assigned by AWS.
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource OpenIdConnectProvider
class OpenIdConnectProvider extends CustomResource
Provides an IAM OpenID Connect provider.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const defaultOpenIdConnectProvider = new aws.iam.OpenIdConnectProvider("default", {
clientIdLists: ["266362248691-342342xasdasdasda-apps.googleusercontent.com"],
thumbprintLists: [],
url: "https://accounts.google.com",
});
Import
IAM OpenID Connect Providers can be imported using the arn
, e.g.
$ pulumi import aws:iam/openIdConnectProvider:OpenIdConnectProvider default arn:aws:iam::123456789012:oidc-provider/accounts.google.com
constructor
new OpenIdConnectProvider(name: string, args: OpenIdConnectProviderArgs, opts?: pulumi.CustomResourceOptions)
Create a OpenIdConnectProvider resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: OpenIdConnectProviderState, opts?: pulumi.CustomResourceOptions): OpenIdConnectProvider
Get an existing OpenIdConnectProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method isInstance
public static isInstance(obj: any): obj is OpenIdConnectProvider
Returns true if the given object is an instance of OpenIdConnectProvider. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property arn
public arn: pulumi.Output<string>;
The ARN assigned by AWS for this provider.
property clientIdLists
public clientIdLists: pulumi.Output<string[]>;
A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that’s sent as the clientId parameter on OAuth requests.)
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property thumbprintLists
public thumbprintLists: pulumi.Output<string[]>;
A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider’s server certificate(s).
property url
public url: pulumi.Output<string>;
The URL of the identity provider. Corresponds to the iss claim.
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource Policy
class Policy extends CustomResource
Provides an IAM policy.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const policy = new aws.iam.Policy("policy", {
description: "My test policy",
path: "/",
policy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
`,
});
Import
IAM Policies can be imported using the arn
, e.g.
$ pulumi import aws:iam/policy:Policy administrator arn:aws:iam::123456789012:policy/UsersManageOwnCredentials
constructor
new Policy(name: string, args: PolicyArgs, opts?: pulumi.CustomResourceOptions)
Create a Policy resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PolicyState, opts?: pulumi.CustomResourceOptions): Policy
Get an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method isInstance
public static isInstance(obj: any): obj is Policy
Returns true if the given object is an instance of Policy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property arn
public arn: pulumi.Output<string>;
The ARN assigned by AWS to this policy.
property description
public description: pulumi.Output<string | undefined>;
Description of the IAM policy.
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property name
public name: pulumi.Output<string>;
The name of the policy. If omitted, this provider will assign a random, unique name.
property namePrefix
public namePrefix: pulumi.Output<string | undefined>;
Creates a unique name beginning with the specified prefix. Conflicts with name
.
property path
public path: pulumi.Output<string | undefined>;
Path in which to create the policy. See IAM Identifiers for more information.
property policy
public policy: pulumi.Output<string>;
The policy document. This is a JSON formatted string.
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource PolicyAttachment
class PolicyAttachment extends CustomResource
Attaches a Managed IAM Policy to user(s), role(s), and/or group(s)
!> WARNING: The aws.iam.PolicyAttachment resource creates exclusive attachments of IAM policies. Across the entire AWS account, all of the users/roles/groups to which a single policy is attached must be declared by a single aws.iam.PolicyAttachment resource. This means that even any users/roles/groups that have the attached policy via any other mechanism (including other resources managed by this provider) will have that attached policy revoked by this resource. Consider aws.iam.RolePolicyAttachment
, aws.iam.UserPolicyAttachment
, or aws.iam.GroupPolicyAttachment
instead. These resources do not enforce exclusive attachment of an IAM policy.
NOTE: The usage of this resource conflicts with the
aws.iam.GroupPolicyAttachment
,aws.iam.RolePolicyAttachment
, andaws.iam.UserPolicyAttachment
resources and will permanently show a difference if both are defined.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const user = new aws.iam.User("user", {});
const role = new aws.iam.Role("role", {assumeRolePolicy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
`});
const group = new aws.iam.Group("group", {});
const policy = new aws.iam.Policy("policy", {
description: "A test policy",
policy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
`,
});
const test_attach = new aws.iam.PolicyAttachment("test-attach", {
users: [user.name],
roles: [role.name],
groups: [group.name],
policyArn: policy.arn,
});
constructor
new PolicyAttachment(name: string, args: PolicyAttachmentArgs, opts?: pulumi.CustomResourceOptions)
Create a PolicyAttachment resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PolicyAttachmentState, opts?: pulumi.CustomResourceOptions): PolicyAttachment
Get an existing PolicyAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method isInstance
public static isInstance(obj: any): obj is PolicyAttachment
Returns true if the given object is an instance of PolicyAttachment. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property groups
public groups: pulumi.Output<string[] | undefined>;
The group(s) the policy should be applied to
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property name
public name: pulumi.Output<string>;
The name of the attachment. This cannot be an empty string.
property policyArn
public policyArn: pulumi.Output<ARN>;
The ARN of the policy you want to apply
property roles
public roles: pulumi.Output<string[] | undefined>;
The role(s) the policy should be applied to
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property users
public users: pulumi.Output<string[] | undefined>;
The user(s) the policy should be applied to
Resource Role
class Role extends CustomResource
Provides an IAM role.
NOTE: If policies are attached to the role via the
aws.iam.PolicyAttachment
resource and you are modifying the rolename
orpath
, theforceDetachPolicies
argument must be set totrue
and applied before attempting the operation otherwise you will encounter aDeleteConflict
error. Theaws.iam.RolePolicyAttachment
resource (recommended) does not have this requirement.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const testRole = new aws.iam.Role("test_role", {
assumeRolePolicy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
`,
tags: {
"tag-key": "tag-value",
},
});
Example of Using Data Source for Assume Role Policy
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const instance-assume-role-policy = aws.iam.getPolicyDocument({
statements: [{
actions: ["sts:AssumeRole"],
principals: [{
type: "Service",
identifiers: ["ec2.amazonaws.com"],
}],
}],
});
const instance = new aws.iam.Role("instance", {
path: "/system/",
assumeRolePolicy: instance_assume_role_policy.then(instance_assume_role_policy => instance_assume_role_policy.json),
});
Import
IAM Roles can be imported using the name
, e.g.
$ pulumi import aws:iam/role:Role developer developer_name
constructor
new Role(name: string, args: RoleArgs, opts?: pulumi.CustomResourceOptions)
Create a Role resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RoleState, opts?: pulumi.CustomResourceOptions): Role
Get an existing Role resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method isInstance
public static isInstance(obj: any): obj is Role
Returns true if the given object is an instance of Role. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property arn
public arn: pulumi.Output<string>;
The Amazon Resource Name (ARN) specifying the role.
property assumeRolePolicy
public assumeRolePolicy: pulumi.Output<string>;
The policy that grants an entity permission to assume the role.
property createDate
public createDate: pulumi.Output<string>;
The creation date of the IAM role.
property description
public description: pulumi.Output<string | undefined>;
The description of the role.
property forceDetachPolicies
public forceDetachPolicies: pulumi.Output<boolean | undefined>;
Specifies to force detaching any policies the role has before destroying it. Defaults to false
.
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property maxSessionDuration
public maxSessionDuration: pulumi.Output<number | undefined>;
The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
property name
public name: pulumi.Output<string>;
The name of the role. If omitted, this provider will assign a random, unique name.
property namePrefix
public namePrefix: pulumi.Output<string | undefined>;
Creates a unique name beginning with the specified prefix. Conflicts with name
.
property path
public path: pulumi.Output<string | undefined>;
The path to the role. See IAM Identifiers for more information.
property permissionsBoundary
public permissionsBoundary: pulumi.Output<string | undefined>;
The ARN of the policy that is used to set the permissions boundary for the role.
property tags
public tags: pulumi.Output<{[key: string]: string} | undefined>;
Key-value map of tags for the IAM role
property uniqueId
public uniqueId: pulumi.Output<string>;
The stable and unique string identifying the role.
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource RolePolicy
class RolePolicy extends CustomResource
Provides an IAM role inline policy.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const testRole = new aws.iam.Role("testRole", {assumeRolePolicy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
`});
const testPolicy = new aws.iam.RolePolicy("testPolicy", {
role: testRole.id,
policy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
`,
});
Import
IAM Role Policies can be imported using the role_name:role_policy_name
, e.g.
$ pulumi import aws:iam/rolePolicy:RolePolicy mypolicy role_of_mypolicy_name:mypolicy_name
constructor
new RolePolicy(name: string, args: RolePolicyArgs, opts?: pulumi.CustomResourceOptions)
Create a RolePolicy resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RolePolicyState, opts?: pulumi.CustomResourceOptions): RolePolicy
Get an existing RolePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method isInstance
public static isInstance(obj: any): obj is RolePolicy
Returns true if the given object is an instance of RolePolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property name
public name: pulumi.Output<string>;
The name of the role policy. If omitted, this provider will assign a random, unique name.
property namePrefix
public namePrefix: pulumi.Output<string | undefined>;
Creates a unique name beginning with the specified
prefix. Conflicts with name
.
property policy
public policy: pulumi.Output<string>;
The policy document. This is a JSON formatted string.
property role
public role: pulumi.Output<string>;
The IAM role to attach to the policy.
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource RolePolicyAttachment
class RolePolicyAttachment extends CustomResource
Attaches a Managed IAM Policy to an IAM role
NOTE: The usage of this resource conflicts with the
aws.iam.PolicyAttachment
resource and will permanently show a difference if both are defined.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const role = new aws.iam.Role("role", {assumeRolePolicy: ` {
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
`});
const policy = new aws.iam.Policy("policy", {
description: "A test policy",
policy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
`,
});
const test_attach = new aws.iam.RolePolicyAttachment("test-attach", {
role: role.name,
policyArn: policy.arn,
});
Import
IAM role policy attachments can be imported using the role name and policy arn separated by /
.
$ pulumi import aws:iam/rolePolicyAttachment:RolePolicyAttachment test-attach test-role/arn:aws:iam::xxxxxxxxxxxx:policy/test-policy
constructor
new RolePolicyAttachment(name: string, args: RolePolicyAttachmentArgs, opts?: pulumi.CustomResourceOptions)
Create a RolePolicyAttachment resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RolePolicyAttachmentState, opts?: pulumi.CustomResourceOptions): RolePolicyAttachment
Get an existing RolePolicyAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method isInstance
public static isInstance(obj: any): obj is RolePolicyAttachment
Returns true if the given object is an instance of RolePolicyAttachment. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property policyArn
public policyArn: pulumi.Output<ARN>;
The ARN of the policy you want to apply
property role
public role: pulumi.Output<string>;
The role the policy should be applied to
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource SamlProvider
class SamlProvider extends CustomResource
Provides an IAM SAML provider.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * from "fs";
const _default = new aws.iam.SamlProvider("default", {samlMetadataDocument: fs.readFileSync("saml-metadata.xml")});
Import
IAM SAML Providers can be imported using the arn
, e.g.
$ pulumi import aws:iam/samlProvider:SamlProvider default arn:aws:iam::123456789012:saml-provider/SAMLADFS
constructor
new SamlProvider(name: string, args: SamlProviderArgs, opts?: pulumi.CustomResourceOptions)
Create a SamlProvider resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SamlProviderState, opts?: pulumi.CustomResourceOptions): SamlProvider
Get an existing SamlProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method isInstance
public static isInstance(obj: any): obj is SamlProvider
Returns true if the given object is an instance of SamlProvider. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property arn
public arn: pulumi.Output<string>;
The ARN assigned by AWS for this provider.
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property name
public name: pulumi.Output<string>;
The name of the provider to create.
property samlMetadataDocument
public samlMetadataDocument: pulumi.Output<string>;
An XML document generated by an identity provider that supports SAML 2.0.
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property validUntil
public validUntil: pulumi.Output<string>;
The expiration date and time for the SAML provider in RFC1123 format, e.g. Mon, 02 Jan 2006 15:04:05 MST
.
Resource ServerCertificate
class ServerCertificate extends CustomResource
Provides an IAM Server Certificate resource to upload Server Certificates. Certs uploaded to IAM can easily work with other AWS services such as:
- AWS Elastic Beanstalk
- Elastic Load Balancing
- CloudFront
- AWS OpsWorks
For information about server certificates in IAM, see [Managing Server Certificates][2] in AWS Documentation.
Note: All arguments including the private key will be stored in the raw state as plain-text.
Example Usage
Using certs on file:
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * from "fs";
const testCert = new aws.iam.ServerCertificate("testCert", {
certificateBody: fs.readFileSync("self-ca-cert.pem"),
privateKey: fs.readFileSync("test-key.pem"),
});
Example with cert in-line:
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const testCertAlt = new aws.iam.ServerCertificate("test_cert_alt", {
certificateBody: `-----BEGIN CERTIFICATE-----
[......] # cert contents
-----END CERTIFICATE-----
`,
privateKey: `-----BEGIN RSA PRIVATE KEY-----
[......] # cert contents
-----END RSA PRIVATE KEY-----
`,
});
Use in combination with an AWS ELB resource:
Some properties of an IAM Server Certificates cannot be updated while they are
in use. In order for this provider to effectively manage a Certificate in this situation, it is
recommended you utilize the namePrefix
attribute and enable the
createBeforeDestroy
[lifecycle block][lifecycle]. This will allow this provider
to create a new, updated aws.iam.ServerCertificate
resource and replace it in
dependant resources before attempting to destroy the old version.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * from "fs";
const testCert = new aws.iam.ServerCertificate("testCert", {
namePrefix: "example-cert",
certificateBody: fs.readFileSync("self-ca-cert.pem"),
privateKey: fs.readFileSync("test-key.pem"),
});
const ourapp = new aws.elb.LoadBalancer("ourapp", {
availabilityZones: ["us-west-2a"],
crossZoneLoadBalancing: true,
listeners: [{
instancePort: 8000,
instanceProtocol: "http",
lbPort: 443,
lbProtocol: "https",
sslCertificateId: testCert.arn,
}],
});
Import
IAM Server Certificates can be imported using the name
, e.g.
$ pulumi import aws:iam/serverCertificate:ServerCertificate certificate example.com-certificate-until-2018
[1]https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html [2]https://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingServerCerts.html [lifecycle]/docs/configuration/resources.html
constructor
new ServerCertificate(name: string, args: ServerCertificateArgs, opts?: pulumi.CustomResourceOptions)
Create a ServerCertificate resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServerCertificateState, opts?: pulumi.CustomResourceOptions): ServerCertificate
Get an existing ServerCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method isInstance
public static isInstance(obj: any): obj is ServerCertificate
Returns true if the given object is an instance of ServerCertificate. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property arn
public arn: pulumi.Output<string>;
The Amazon Resource Name (ARN) specifying the server certificate.
property certificateBody
public certificateBody: pulumi.Output<string>;
The contents of the public key certificate in PEM-encoded format.
property certificateChain
public certificateChain: pulumi.Output<string | undefined>;
The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property name
public name: pulumi.Output<string>;
The name of the Server Certificate. Do not include the path in this value. If omitted, this provider will assign a random, unique name.
property namePrefix
public namePrefix: pulumi.Output<string | undefined>;
Creates a unique name beginning with the specified
prefix. Conflicts with name
.
property path
public path: pulumi.Output<string | undefined>;
The IAM path for the server certificate. If it is not
included, it defaults to a slash (/). If this certificate is for use with
AWS CloudFront, the path must be in format /cloudfront/your_path_here
.
See IAM Identifiers for more details on IAM Paths.
property privateKey
public privateKey: pulumi.Output<string>;
The contents of the private key in PEM-encoded format.
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource ServiceLinkedRole
class ServiceLinkedRole extends CustomResource
Provides an IAM service-linked role.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const elasticbeanstalk = new aws.iam.ServiceLinkedRole("elasticbeanstalk", {
awsServiceName: "elasticbeanstalk.amazonaws.com",
});
Import
IAM service-linked roles can be imported using role ARN, e.g.
$ pulumi import aws:iam/serviceLinkedRole:ServiceLinkedRole elasticbeanstalk arn:aws:iam::123456789012:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk
constructor
new ServiceLinkedRole(name: string, args: ServiceLinkedRoleArgs, opts?: pulumi.CustomResourceOptions)
Create a ServiceLinkedRole resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServiceLinkedRoleState, opts?: pulumi.CustomResourceOptions): ServiceLinkedRole
Get an existing ServiceLinkedRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method isInstance
public static isInstance(obj: any): obj is ServiceLinkedRole
Returns true if the given object is an instance of ServiceLinkedRole. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property arn
public arn: pulumi.Output<string>;
The Amazon Resource Name (ARN) specifying the role.
property awsServiceName
public awsServiceName: pulumi.Output<string>;
The AWS service to which this role is attached. You use a string similar to a URL but without the http://
in front. For example: elasticbeanstalk.amazonaws.com
. To find the full list of services that support service-linked roles, check the docs.
property createDate
public createDate: pulumi.Output<string>;
The creation date of the IAM role.
property customSuffix
public customSuffix: pulumi.Output<string | undefined>;
Additional string appended to the role name. Not all AWS services support custom suffixes.
property description
public description: pulumi.Output<string | undefined>;
The description of the role.
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property name
public name: pulumi.Output<string>;
The name of the role.
property path
public path: pulumi.Output<string>;
The path of the role.
property uniqueId
public uniqueId: pulumi.Output<string>;
The stable and unique string identifying the role.
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource SshKey
class SshKey extends CustomResource
Uploads an SSH public key and associates it with the specified IAM user.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const userUser = new aws.iam.User("userUser", {path: "/"});
const userSshKey = new aws.iam.SshKey("userSshKey", {
username: userUser.name,
encoding: "SSH",
publicKey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 mytest@mydomain.com",
});
Import
SSH public keys can be imported using the username
, ssh_public_key_id
, and encoding
e.g.
$ pulumi import aws:iam/sshKey:SshKey user user:APKAJNCNNJICVN7CFKCA:SSH
constructor
new SshKey(name: string, args: SshKeyArgs, opts?: pulumi.CustomResourceOptions)
Create a SshKey resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SshKeyState, opts?: pulumi.CustomResourceOptions): SshKey
Get an existing SshKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method isInstance
public static isInstance(obj: any): obj is SshKey
Returns true if the given object is an instance of SshKey. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property encoding
public encoding: pulumi.Output<string>;
Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH
. To retrieve the public key in PEM format, use PEM
.
property fingerprint
public fingerprint: pulumi.Output<string>;
The MD5 message digest of the SSH public key.
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property publicKey
public publicKey: pulumi.Output<string>;
The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
property sshPublicKeyId
public sshPublicKeyId: pulumi.Output<string>;
The unique identifier for the SSH public key.
property status
public status: pulumi.Output<string>;
The status to assign to the SSH public key. Active means the key can be used for authentication with an AWS CodeCommit repository. Inactive means the key cannot be used. Default is active
.
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property username
public username: pulumi.Output<string>;
The name of the IAM user to associate the SSH public key with.
Resource User
class User extends CustomResource
Provides an IAM user.
NOTE: If policies are attached to the user via the
aws.iam.PolicyAttachment
resource and you are modifying the username
orpath
, theforceDestroy
argument must be set totrue
and applied before attempting the operation otherwise you will encounter aDeleteConflict
error. Theaws.iam.UserPolicyAttachment
resource (recommended) does not have this requirement.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const lbUser = new aws.iam.User("lbUser", {
path: "/system/",
tags: {
"tag-key": "tag-value",
},
});
const lbAccessKey = new aws.iam.AccessKey("lbAccessKey", {user: lbUser.name});
const lbRo = new aws.iam.UserPolicy("lbRo", {
user: lbUser.name,
policy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
`,
});
Import
IAM Users can be imported using the name
, e.g.
$ pulumi import aws:iam/user:User lb loadbalancer
constructor
new User(name: string, args?: UserArgs, opts?: pulumi.CustomResourceOptions)
Create a User resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserState, opts?: pulumi.CustomResourceOptions): User
Get an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method isInstance
public static isInstance(obj: any): obj is User
Returns true if the given object is an instance of User. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property arn
public arn: pulumi.Output<string>;
The ARN assigned by AWS for this user.
property forceDestroy
public forceDestroy: pulumi.Output<boolean | undefined>;
When destroying this user, destroy even if it
has non-provider-managed IAM access keys, login profile or MFA devices. Without forceDestroy
a user with non-provider-managed access keys and login profile will fail to be destroyed.
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property name
public name: pulumi.Output<string>;
The user’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.
. User names are not distinguished by case. For example, you cannot create users named both “TESTUSER” and “testuser”.
property path
public path: pulumi.Output<string | undefined>;
Path in which to create the user.
property permissionsBoundary
public permissionsBoundary: pulumi.Output<string | undefined>;
The ARN of the policy that is used to set the permissions boundary for the user.
property tags
public tags: pulumi.Output<{[key: string]: string} | undefined>;
Key-value mapping of tags for the IAM user
property uniqueId
public uniqueId: pulumi.Output<string>;
The [unique ID][1] assigned by AWS.
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource UserGroupMembership
class UserGroupMembership extends CustomResource
Provides a resource for adding an IAM User to IAM Groups. This resource can be used multiple times with the same user for non-overlapping groups.
To exclusively manage the users in a group, see the
[aws.iam.GroupMembership
resource][3].
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const user1 = new aws.iam.User("user1", {});
const group1 = new aws.iam.Group("group1", {});
const group2 = new aws.iam.Group("group2", {});
const example1 = new aws.iam.UserGroupMembership("example1", {
user: user1.name,
groups: [
group1.name,
group2.name,
],
});
const group3 = new aws.iam.Group("group3", {});
const example2 = new aws.iam.UserGroupMembership("example2", {
user: user1.name,
groups: [group3.name],
});
Import
IAM user group membership can be imported using the user name and group names separated by /
.
$ pulumi import aws:iam/userGroupMembership:UserGroupMembership example1 user1/group1/group2
constructor
new UserGroupMembership(name: string, args: UserGroupMembershipArgs, opts?: pulumi.CustomResourceOptions)
Create a UserGroupMembership resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserGroupMembershipState, opts?: pulumi.CustomResourceOptions): UserGroupMembership
Get an existing UserGroupMembership resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method isInstance
public static isInstance(obj: any): obj is UserGroupMembership
Returns true if the given object is an instance of UserGroupMembership. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property groups
public groups: pulumi.Output<string[]>;
A list of IAM Groups to add the user to
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property user
public user: pulumi.Output<string>;
The name of the IAM User to add to groups
Resource UserLoginProfile
class UserLoginProfile extends CustomResource
Manages an IAM User Login Profile with limited support for password creation during this provider resource creation. Uses PGP to encrypt the password for safe transport to the user. PGP keys can be obtained from Keybase.
To reset an IAM User login password via this provider, you can use delete and recreate this resource or change any of the arguments.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleUser = new aws.iam.User("exampleUser", {
path: "/",
forceDestroy: true,
});
const exampleUserLoginProfile = new aws.iam.UserLoginProfile("exampleUserLoginProfile", {
user: exampleUser.name,
pgpKey: "keybase:some_person_that_exists",
});
export const password = exampleUserLoginProfile.encryptedPassword;
Import
IAM User Login Profiles can be imported without password information support via the IAM User name, e.g.
$ pulumi import aws:iam/userLoginProfile:UserLoginProfile example myusername
Since this provider has no method to read the PGP or password information during import, use ignore_changes
argument to ignore them unless password recreation is desired. e.g. hcl resource “aws_iam_user_login_profile” “example” {
… other configuration …
lifecycle {
ignore_changes = [
password_length,
password_reset_required,
pgp_key,
]
} }
constructor
new UserLoginProfile(name: string, args: UserLoginProfileArgs, opts?: pulumi.CustomResourceOptions)
Create a UserLoginProfile resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserLoginProfileState, opts?: pulumi.CustomResourceOptions): UserLoginProfile
Get an existing UserLoginProfile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method isInstance
public static isInstance(obj: any): obj is UserLoginProfile
Returns true if the given object is an instance of UserLoginProfile. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property encryptedPassword
public encryptedPassword: pulumi.Output<string>;
The encrypted password, base64 encoded. Only available if password was handled on this provider resource creation, not import.
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property keyFingerprint
public keyFingerprint: pulumi.Output<string>;
The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.
property passwordLength
public passwordLength: pulumi.Output<number | undefined>;
The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.
property passwordResetRequired
public passwordResetRequired: pulumi.Output<boolean | undefined>;
Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.
property pgpKey
public pgpKey: pulumi.Output<string>;
Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username
. Only applies on resource creation. Drift detection is not possible with this argument.
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property user
public user: pulumi.Output<string>;
The IAM user’s name.
Resource UserPolicy
class UserPolicy extends CustomResource
Provides an IAM policy attached to a user.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const lbUser = new aws.iam.User("lbUser", {path: "/system/"});
const lbRo = new aws.iam.UserPolicy("lbRo", {
user: lbUser.name,
policy: `{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
`,
});
const lbAccessKey = new aws.iam.AccessKey("lbAccessKey", {user: lbUser.name});
Import
IAM User Policies can be imported using the user_name:user_policy_name
, e.g.
$ pulumi import aws:iam/userPolicy:UserPolicy mypolicy user_of_mypolicy_name:mypolicy_name
constructor
new UserPolicy(name: string, args: UserPolicyArgs, opts?: pulumi.CustomResourceOptions)
Create a UserPolicy resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserPolicyState, opts?: pulumi.CustomResourceOptions): UserPolicy
Get an existing UserPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method isInstance
public static isInstance(obj: any): obj is UserPolicy
Returns true if the given object is an instance of UserPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property name
public name: pulumi.Output<string>;
The name of the policy. If omitted, this provider will assign a random, unique name.
property namePrefix
public namePrefix: pulumi.Output<string | undefined>;
Creates a unique name beginning with the specified prefix. Conflicts with name
.
property policy
public policy: pulumi.Output<string>;
The policy document. This is a JSON formatted string.
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property user
public user: pulumi.Output<string>;
IAM user to which to attach this policy.
Resource UserPolicyAttachment
class UserPolicyAttachment extends CustomResource
Attaches a Managed IAM Policy to an IAM user
NOTE: The usage of this resource conflicts with the
aws.iam.PolicyAttachment
resource and will permanently show a difference if both are defined.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const user = new aws.iam.User("user", {});
const policy = new aws.iam.Policy("policy", {
description: "A test policy",
policy: "{ ... policy JSON ... }",
});
const test_attach = new aws.iam.UserPolicyAttachment("test-attach", {
user: user.name,
policyArn: policy.arn,
});
Import
IAM user policy attachments can be imported using the user name and policy arn separated by /
.
$ pulumi import aws:iam/userPolicyAttachment:UserPolicyAttachment test-attach test-user/arn:aws:iam::xxxxxxxxxxxx:policy/test-policy
constructor
new UserPolicyAttachment(name: string, args: UserPolicyAttachmentArgs, opts?: pulumi.CustomResourceOptions)
Create a UserPolicyAttachment resource with the given unique name, arguments, and options.
name
The unique name of the resource.args
The arguments to use to populate this resource's properties.opts
A bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserPolicyAttachmentState, opts?: pulumi.CustomResourceOptions): UserPolicyAttachment
Get an existing UserPolicyAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method isInstance
public static isInstance(obj: any): obj is UserPolicyAttachment
Returns true if the given object is an instance of UserPolicyAttachment. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property id
id: Output<ID>;
id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property policyArn
public policyArn: pulumi.Output<ARN>;
The ARN of the policy you want to apply
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property user
public user: pulumi.Output<string>;
The user the policy should be applied to
Functions
Function getAccountAlias
getAccountAlias(opts?: pulumi.InvokeOptions): Promise<GetAccountAliasResult>
The IAM Account Alias data source allows access to the account alias for the effective account in which this provider is working.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const current = aws.iam.getAccountAlias({});
export const accountId = current.then(current => current.accountAlias);
Function getGroup
getGroup(args: GetGroupArgs, opts?: pulumi.InvokeOptions): Promise<GetGroupResult>
This data source can be used to fetch information about a specific IAM group. By using this data source, you can reference IAM group properties without having to hard code ARNs as input.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = pulumi.output(aws.iam.getGroup({
groupName: "an_example_group_name",
}, { async: true }));
Function getInstanceProfile
getInstanceProfile(args: GetInstanceProfileArgs, opts?: pulumi.InvokeOptions): Promise<GetInstanceProfileResult>
This data source can be used to fetch information about a specific IAM instance profile. By using this data source, you can reference IAM instance profile properties without having to hard code ARNs as input.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = pulumi.output(aws.iam.getInstanceProfile({
name: "an_example_instance_profile_name",
}, { async: true }));
Function getPolicy
getPolicy(args: GetPolicyArgs, opts?: pulumi.InvokeOptions): Promise<GetPolicyResult>
This data source can be used to fetch information about a specific IAM policy.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = pulumi.output(aws.iam.getPolicy({
arn: "arn:aws:iam::123456789012:policy/UsersManageOwnCredentials",
}, { async: true }));
Function getPolicyDocument
getPolicyDocument(args?: GetPolicyDocumentArgs, opts?: pulumi.InvokeOptions): Promise<GetPolicyDocumentResult>
Generates an IAM policy document in JSON format.
This is a data source which can be used to construct a JSON representation of
an IAM policy document, for use with resources which expect policy documents,
such as the aws.iam.Policy
resource.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const examplePolicyDocument = aws.iam.getPolicyDocument({
statements: [
{
sid: "1",
actions: [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation",
],
resources: ["arn:aws:s3:::*"],
},
{
actions: ["s3:ListBucket"],
resources: [`arn:aws:s3:::${_var.s3_bucket_name}`],
conditions: [{
test: "StringLike",
variable: "s3:prefix",
values: [
"",
"home/",
"home/&{aws:username}/",
],
}],
},
{
actions: ["s3:*"],
resources: [
`arn:aws:s3:::${_var.s3_bucket_name}/home/&{aws:username}`,
`arn:aws:s3:::${_var.s3_bucket_name}/home/&{aws:username}/*`,
],
},
],
});
const examplePolicy = new aws.iam.Policy("examplePolicy", {
path: "/",
policy: examplePolicyDocument.then(examplePolicyDocument => examplePolicyDocument.json),
});
Using this data source to generate policy documents is optional. It is also
valid to use literal JSON strings within your configuration, or to use the
file
interpolation function to read a raw JSON policy document from a file.
Context Variable Interpolation
The IAM policy document format allows context variables to be interpolated
into various strings within a statement. The native IAM policy document format
uses ${...}
-style syntax that is in conflict with interpolation
syntax, so this data source instead uses &{...}
syntax for interpolations that
should be processed by AWS rather than by this provider.
Wildcard Principal
In order to define wildcard principal (a.k.a. anonymous user) use type = "*"
and
identifiers = ["*"]
. In that case the rendered json will contain "Principal": "*"
.
Note, that even though the IAM Documentation
states that "Principal": "*"
and "Principal": {"AWS": "*"}
are equivalent,
those principals have different behavior for IAM Role Trust Policy. Therefore
this provider will normalize the principal field only in above-mentioned case and principals
like type = "AWS"
and identifiers = ["*"]
will be rendered as "Principal": {"AWS": "*"}
.
Example with Multiple Principals
Showing how you can use this as an assume role policy as well as showing how you can specify multiple principal blocks with different types.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const eventStreamBucketRoleAssumeRolePolicy = aws.iam.getPolicyDocument({
statements: [{
actions: ["sts:AssumeRole"],
principals: [
{
type: "Service",
identifiers: ["firehose.amazonaws.com"],
},
{
type: "AWS",
identifiers: [_var.trusted_role_arn],
},
{
type: "Federated",
identifiers: [
`arn:aws:iam::${_var.account_id}:saml-provider/${_var.provider_name}`,
"cognito-identity.amazonaws.com",
],
},
],
}],
});
Example with Source and Override
Showing how you can use sourceJson
and overrideJson
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const source = aws.iam.getPolicyDocument({
statements: [
{
actions: ["ec2:*"],
resources: ["*"],
},
{
sid: "SidToOverwrite",
actions: ["s3:*"],
resources: ["*"],
},
],
});
const sourceJsonExample = source.then(source => aws.iam.getPolicyDocument({
sourceJson: source.json,
statements: [{
sid: "SidToOverwrite",
actions: ["s3:*"],
resources: [
"arn:aws:s3:::somebucket",
"arn:aws:s3:::somebucket/*",
],
}],
}));
const override = aws.iam.getPolicyDocument({
statements: [{
sid: "SidToOverwrite",
actions: ["s3:*"],
resources: ["*"],
}],
});
const overrideJsonExample = override.then(override => aws.iam.getPolicyDocument({
overrideJson: override.json,
statements: [
{
actions: ["ec2:*"],
resources: ["*"],
},
{
sid: "SidToOverwrite",
actions: ["s3:*"],
resources: [
"arn:aws:s3:::somebucket",
"arn:aws:s3:::somebucket/*",
],
},
],
}));
data.aws_iam_policy_document.source_json_example.json
will evaluate to:
import * as pulumi from "@pulumi/pulumi";
data.aws_iam_policy_document.override_json_example.json
will evaluate to:
import * as pulumi from "@pulumi/pulumi";
You can also combine sourceJson
and overrideJson
in the same document.
Example without Statement
Use without a statement
:
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const source = aws.iam.getPolicyDocument({
statements: [{
sid: "OverridePlaceholder",
actions: ["ec2:DescribeAccountAttributes"],
resources: ["*"],
}],
});
const override = aws.iam.getPolicyDocument({
statements: [{
sid: "OverridePlaceholder",
actions: ["s3:GetObject"],
resources: ["*"],
}],
});
const politik = Promise.all([source, override]).then(([source, override]) => aws.iam.getPolicyDocument({
sourceJson: source.json,
overrideJson: override.json,
}));
data.aws_iam_policy_document.politik.json
will evaluate to:
import * as pulumi from "@pulumi/pulumi";
Function getRole
getRole(args: GetRoleArgs, opts?: pulumi.InvokeOptions): Promise<GetRoleResult>
This data source can be used to fetch information about a specific IAM role. By using this data source, you can reference IAM role properties without having to hard code ARNs as input.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = pulumi.output(aws.iam.getRole({
name: "an_example_role_name",
}, { async: true }));
Function getServerCertificate
getServerCertificate(args?: GetServerCertificateArgs, opts?: pulumi.InvokeOptions): Promise<GetServerCertificateResult>
Use this data source to lookup information about IAM Server Certificates.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const my-domain = aws.iam.getServerCertificate({
namePrefix: "my-domain.org",
latest: true,
});
const elb = new aws.elb.LoadBalancer("elb", {listeners: [{
instancePort: 8000,
instanceProtocol: "https",
lbPort: 443,
lbProtocol: "https",
sslCertificateId: my_domain.then(my_domain => my_domain.arn),
}]});
Function getUser
getUser(args: GetUserArgs, opts?: pulumi.InvokeOptions): Promise<GetUserResult>
This data source can be used to fetch information about a specific IAM user. By using this data source, you can reference IAM user properties without having to hard code ARNs or unique IDs as input.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = pulumi.output(aws.iam.getUser({
userName: "an_example_user_name",
}, { async: true }));
Others
interface AccessKeyArgs
interface AccessKeyArgs
The set of arguments for constructing a AccessKey resource.
property pgpKey
pgpKey?: pulumi.Input<string>;
Either a base-64 encoded PGP public key, or a
keybase username in the form keybase:some_person_that_exists
, for use
in the encryptedSecret
output attribute.
property status
status?: pulumi.Input<string>;
The access key status to apply. Defaults to Active
.
Valid values are Active
and Inactive
.
property user
user: pulumi.Input<string>;
The IAM user to associate with this access key.
interface AccessKeyState
interface AccessKeyState
Input properties used for looking up and filtering AccessKey resources.
property encryptedSecret
encryptedSecret?: pulumi.Input<string>;
property keyFingerprint
keyFingerprint?: pulumi.Input<string>;
The fingerprint of the PGP key used to encrypt the secret
property pgpKey
pgpKey?: pulumi.Input<string>;
Either a base-64 encoded PGP public key, or a
keybase username in the form keybase:some_person_that_exists
, for use
in the encryptedSecret
output attribute.
property secret
secret?: pulumi.Input<string>;
The secret access key. Note that this will be written
to the state file. If you use this, please protect your backend state file
judiciously. Alternatively, you may supply a pgpKey
instead, which will
prevent the secret from being stored in plaintext, at the cost of preventing
the use of the secret key in automation.
property sesSmtpPasswordV4
sesSmtpPasswordV4?: pulumi.Input<string>;
The secret access key converted into an SES SMTP
password by applying AWS’s documented Sigv4 conversion
algorithm.
As SigV4 is region specific, valid Provider regions are ap-south-1
, ap-southeast-2
, eu-central-1
, eu-west-1
, us-east-1
and us-west-2
. See current AWS SES regions
property status
status?: pulumi.Input<string>;
The access key status to apply. Defaults to Active
.
Valid values are Active
and Inactive
.
property user
user?: pulumi.Input<string>;
The IAM user to associate with this access key.
interface AccountAliasArgs
interface AccountAliasArgs
The set of arguments for constructing a AccountAlias resource.
property accountAlias
accountAlias: pulumi.Input<string>;
The account alias
interface AccountAliasState
interface AccountAliasState
Input properties used for looking up and filtering AccountAlias resources.
property accountAlias
accountAlias?: pulumi.Input<string>;
The account alias
interface AccountPasswordPolicyArgs
interface AccountPasswordPolicyArgs
The set of arguments for constructing a AccountPasswordPolicy resource.
property allowUsersToChangePassword
allowUsersToChangePassword?: pulumi.Input<boolean>;
Whether to allow users to change their own password
property hardExpiry
hardExpiry?: pulumi.Input<boolean>;
Whether users are prevented from setting a new password after their password has expired (i.e. require administrator reset)
property maxPasswordAge
maxPasswordAge?: pulumi.Input<number>;
The number of days that an user password is valid.
property minimumPasswordLength
minimumPasswordLength?: pulumi.Input<number>;
Minimum length to require for user passwords.
property passwordReusePrevention
passwordReusePrevention?: pulumi.Input<number>;
The number of previous passwords that users are prevented from reusing.
property requireLowercaseCharacters
requireLowercaseCharacters?: pulumi.Input<boolean>;
Whether to require lowercase characters for user passwords.
property requireNumbers
requireNumbers?: pulumi.Input<boolean>;
Whether to require numbers for user passwords.
property requireSymbols
requireSymbols?: pulumi.Input<boolean>;
Whether to require symbols for user passwords.
property requireUppercaseCharacters
requireUppercaseCharacters?: pulumi.Input<boolean>;
Whether to require uppercase characters for user passwords.
interface AccountPasswordPolicyState
interface AccountPasswordPolicyState
Input properties used for looking up and filtering AccountPasswordPolicy resources.
property allowUsersToChangePassword
allowUsersToChangePassword?: pulumi.Input<boolean>;
Whether to allow users to change their own password
property expirePasswords
expirePasswords?: pulumi.Input<boolean>;
Indicates whether passwords in the account expire. Returns true
if maxPasswordAge
contains a value greater than 0
. Returns false
if it is 0
or not present.
property hardExpiry
hardExpiry?: pulumi.Input<boolean>;
Whether users are prevented from setting a new password after their password has expired (i.e. require administrator reset)
property maxPasswordAge
maxPasswordAge?: pulumi.Input<number>;
The number of days that an user password is valid.
property minimumPasswordLength
minimumPasswordLength?: pulumi.Input<number>;
Minimum length to require for user passwords.
property passwordReusePrevention
passwordReusePrevention?: pulumi.Input<number>;
The number of previous passwords that users are prevented from reusing.
property requireLowercaseCharacters
requireLowercaseCharacters?: pulumi.Input<boolean>;
Whether to require lowercase characters for user passwords.
property requireNumbers
requireNumbers?: pulumi.Input<boolean>;
Whether to require numbers for user passwords.
property requireSymbols
requireSymbols?: pulumi.Input<boolean>;
Whether to require symbols for user passwords.
property requireUppercaseCharacters
requireUppercaseCharacters?: pulumi.Input<boolean>;
Whether to require uppercase characters for user passwords.
function assumeRolePolicyForPrincipal
assumeRolePolicyForPrincipal(principal: Principal): PolicyDocument
assumeRolePolicyForPrincipal returns a well-formed policy document which can be
used to control which principals may assume an IAM Role, by granting the sts:AssumeRole
action to those principals.
interface AWSPrincipal
interface AWSPrincipal
When you use an AWS account identifier as the principal in a policy, the permissions in the policy statement can be granted to all identities contained in that account. This includes IAM users and roles in that account. When you specify an AWS account, you can use the account ARN (arn:aws:iam::AWS-account-ID:root), or a shortened form that consists of the AWS: prefix followed by the account ID.
property AWS
AWS: Input<string> | Input<Input<string>[]>;
interface ConditionArguments
interface ConditionArguments
interface Conditions
interface Conditions
The Condition element (or Condition block) lets you specify conditions for when a policy is in effect. The Condition element is optional. In the Condition element, you build expressions in which you use condition operators (equal, less than, etc.) to match the condition in the policy against values in the request. Condition values can include date, time, the IP address of the requester, the ARN of the request source, the user name, user ID, and the user agent of the requester. Some services let you specify additional values in conditions; for example, Amazon S3 lets you write a condition using the s3:VersionId key, which is unique to that service.
interface FederatedPrincipal
interface FederatedPrincipal
property Federated
Federated: Input<string> | Input<Input<string>[]>;
interface GetAccountAliasResult
interface GetAccountAliasResult
A collection of values returned by getAccountAlias.
property accountAlias
accountAlias: string;
The alias associated with the AWS account.
property id
id: string;
The provider-assigned unique ID for this managed resource.
interface GetGroupArgs
interface GetGroupArgs
A collection of arguments for invoking getGroup.
property groupName
groupName: string;
The friendly IAM group name to match.
interface GetGroupResult
interface GetGroupResult
A collection of values returned by getGroup.
property arn
arn: string;
The Amazon Resource Name (ARN) specifying the iam user.
property groupId
groupId: string;
The stable and unique string identifying the group.
property groupName
groupName: string;
property id
id: string;
The provider-assigned unique ID for this managed resource.
property path
path: string;
The path to the iam user.
property users
users: GetGroupUser[];
List of objects containing group member information. See supported fields below.
interface GetInstanceProfileArgs
interface GetInstanceProfileArgs
A collection of arguments for invoking getInstanceProfile.
property name
name: string;
The friendly IAM instance profile name to match.
interface GetInstanceProfileResult
interface GetInstanceProfileResult
A collection of values returned by getInstanceProfile.
property arn
arn: string;
The Amazon Resource Name (ARN) specifying the instance profile.
property createDate
createDate: string;
The string representation of the date the instance profile was created.
property id
id: string;
The provider-assigned unique ID for this managed resource.
property name
name: string;
property path
path: string;
The path to the instance profile.
property roleArn
roleArn: string;
The role arn associated with this instance profile.
property roleId
roleId: string;
The role id associated with this instance profile.
property roleName
roleName: string;
The role name associated with this instance profile.
interface GetPolicyArgs
interface GetPolicyArgs
A collection of arguments for invoking getPolicy.
property arn
arn: string;
ARN of the IAM policy.
interface GetPolicyDocumentArgs
interface GetPolicyDocumentArgs
A collection of arguments for invoking getPolicyDocument.
property overrideJson
overrideJson?: undefined | string;
An IAM policy document to import and override the
current policy document. Statements with non-blank sid
s in the override
document will overwrite statements with the same sid
in the current document.
Statements without an sid
cannot be overwritten.
property policyId
policyId?: undefined | string;
An ID for the policy document.
property sourceJson
sourceJson?: undefined | string;
An IAM policy document to import as a base for the
current policy document. Statements with non-blank sid
s in the current
policy document will overwrite statements with the same sid
in the source
json. Statements without an sid
cannot be overwritten.
property statements
statements?: GetPolicyDocumentStatement[];
A nested configuration block (described below) configuring one statement to be included in the policy document.
property version
version?: undefined | string;
IAM policy document version. Valid values: 2008-10-17
, 2012-10-17
. Defaults to 2012-10-17
. For more information, see the AWS IAM User Guide.
interface GetPolicyDocumentResult
interface GetPolicyDocumentResult
A collection of values returned by getPolicyDocument.
property id
id: string;
The provider-assigned unique ID for this managed resource.
property json
json: string;
The above arguments serialized as a standard JSON policy document.
property overrideJson
overrideJson?: undefined | string;
property policyId
policyId?: undefined | string;
property sourceJson
sourceJson?: undefined | string;
property statements
statements?: GetPolicyDocumentStatement[];
property version
version?: undefined | string;
interface GetPolicyResult
interface GetPolicyResult
A collection of values returned by getPolicy.
property arn
arn: string;
The Amazon Resource Name (ARN) specifying the policy.
property description
description: string;
The description of the policy.
property id
id: string;
The provider-assigned unique ID for this managed resource.
property name
name: string;
The name of the IAM policy.
property path
path: string;
The path to the policy.
property policy
policy: string;
The policy document of the policy.
interface GetRoleArgs
interface GetRoleArgs
A collection of arguments for invoking getRole.
property name
name: string;
The friendly IAM role name to match.
property tags
tags?: undefined | {[key: string]: string};
The tags attached to the role.
interface GetRoleResult
interface GetRoleResult
A collection of values returned by getRole.
property arn
arn: string;
The Amazon Resource Name (ARN) specifying the role.
property assumeRolePolicy
assumeRolePolicy: string;
The policy document associated with the role.
property createDate
createDate: string;
Creation date of the role in RFC 3339 format.
property description
description: string;
Description for the role.
property id
id: string;
The provider-assigned unique ID for this managed resource.
property maxSessionDuration
maxSessionDuration: number;
Maximum session duration.
property name
name: string;
property path
path: string;
The path to the role.
property permissionsBoundary
permissionsBoundary: string;
The ARN of the policy that is used to set the permissions boundary for the role.
property tags
tags: {[key: string]: string};
The tags attached to the role.
property uniqueId
uniqueId: string;
The stable and unique string identifying the role.
interface GetServerCertificateArgs
interface GetServerCertificateArgs
A collection of arguments for invoking getServerCertificate.
property latest
latest?: undefined | false | true;
sort results by expiration date. returns the certificate with expiration date in furthest in the future.
property name
name?: undefined | string;
exact name of the cert to lookup
property namePrefix
namePrefix?: undefined | string;
prefix of cert to filter by
property pathPrefix
pathPrefix?: undefined | string;
prefix of path to filter by
interface GetServerCertificateResult
interface GetServerCertificateResult
A collection of values returned by getServerCertificate.
property arn
arn: string;
property certificateBody
certificateBody: string;
property certificateChain
certificateChain: string;
property expirationDate
expirationDate: string;
property id
id: string;
The provider-assigned unique ID for this managed resource.
property latest
latest?: undefined | false | true;
property name
name: string;
property namePrefix
namePrefix?: undefined | string;
property path
path: string;
property pathPrefix
pathPrefix?: undefined | string;
property uploadDate
uploadDate: string;
interface GetUserArgs
interface GetUserArgs
A collection of arguments for invoking getUser.
property userName
userName: string;
The friendly IAM user name to match.
interface GetUserResult
interface GetUserResult
A collection of values returned by getUser.
property arn
arn: string;
The Amazon Resource Name (ARN) assigned by AWS for this user.
property id
id: string;
The provider-assigned unique ID for this managed resource.
property path
path: string;
Path in which this user was created.
property permissionsBoundary
permissionsBoundary: string;
The ARN of the policy that is used to set the permissions boundary for the user.
property userId
userId: string;
The unique ID assigned by AWS for this user.
property userName
userName: string;
The name associated to this User
interface GroupArgs
interface GroupArgs
The set of arguments for constructing a Group resource.
property name
name?: pulumi.Input<string>;
The group’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.
. Group names are not distinguished by case. For example, you cannot create groups named both “ADMINS” and “admins”.
property path
path?: pulumi.Input<string>;
Path in which to create the group.
interface GroupMembershipArgs
interface GroupMembershipArgs
The set of arguments for constructing a GroupMembership resource.
property group
group: pulumi.Input<string>;
The IAM Group name to attach the list of users
to
property name
name?: pulumi.Input<string>;
The name to identify the Group Membership
property users
users: pulumi.Input<pulumi.Input<string>[]>;
A list of IAM User names to associate with the Group
interface GroupMembershipState
interface GroupMembershipState
Input properties used for looking up and filtering GroupMembership resources.
property group
group?: pulumi.Input<string>;
The IAM Group name to attach the list of users
to
property name
name?: pulumi.Input<string>;
The name to identify the Group Membership
property users
users?: pulumi.Input<pulumi.Input<string>[]>;
A list of IAM User names to associate with the Group
interface GroupPolicyArgs
interface GroupPolicyArgs
The set of arguments for constructing a GroupPolicy resource.
property group
group: pulumi.Input<string>;
The IAM group to attach to the policy.
property name
name?: pulumi.Input<string>;
The name of the policy. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;
Creates a unique name beginning with the specified
prefix. Conflicts with name
.
property policy
policy: pulumi.Input<string | PolicyDocument>;
The policy document. This is a JSON formatted string.
interface GroupPolicyAttachmentArgs
interface GroupPolicyAttachmentArgs
The set of arguments for constructing a GroupPolicyAttachment resource.
property group
group: pulumi.Input<string | Group>;
The group the policy should be applied to
property policyArn
policyArn: pulumi.Input<ARN>;
The ARN of the policy you want to apply
interface GroupPolicyAttachmentState
interface GroupPolicyAttachmentState
Input properties used for looking up and filtering GroupPolicyAttachment resources.
property group
group?: pulumi.Input<string | Group>;
The group the policy should be applied to
property policyArn
policyArn?: pulumi.Input<ARN>;
The ARN of the policy you want to apply
interface GroupPolicyState
interface GroupPolicyState
Input properties used for looking up and filtering GroupPolicy resources.
property group
group?: pulumi.Input<string>;
The IAM group to attach to the policy.
property name
name?: pulumi.Input<string>;
The name of the policy. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;
Creates a unique name beginning with the specified
prefix. Conflicts with name
.
property policy
policy?: pulumi.Input<string | PolicyDocument>;
The policy document. This is a JSON formatted string.
interface GroupState
interface GroupState
Input properties used for looking up and filtering Group resources.
property arn
arn?: pulumi.Input<string>;
The ARN assigned by AWS for this group.
property name
name?: pulumi.Input<string>;
The group’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.
. Group names are not distinguished by case. For example, you cannot create groups named both “ADMINS” and “admins”.
property path
path?: pulumi.Input<string>;
Path in which to create the group.
property uniqueId
uniqueId?: pulumi.Input<string>;
The [unique ID][1] assigned by AWS.
interface InstanceProfileArgs
interface InstanceProfileArgs
The set of arguments for constructing a InstanceProfile resource.
property name
name?: pulumi.Input<string>;
The profile’s name. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;
Creates a unique name beginning with the specified prefix. Conflicts with name
.
property path
path?: pulumi.Input<string>;
Path in which to create the profile.
property role
role?: pulumi.Input<string | Role>;
The role name to include in the profile.
interface InstanceProfileState
interface InstanceProfileState
Input properties used for looking up and filtering InstanceProfile resources.
property arn
arn?: pulumi.Input<string>;
The ARN assigned by AWS to the instance profile.
property createDate
createDate?: pulumi.Input<string>;
The creation timestamp of the instance profile.
property name
name?: pulumi.Input<string>;
The profile’s name. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;
Creates a unique name beginning with the specified prefix. Conflicts with name
.
property path
path?: pulumi.Input<string>;
Path in which to create the profile.
property role
role?: pulumi.Input<string | Role>;
The role name to include in the profile.
property uniqueId
uniqueId?: pulumi.Input<string>;
The [unique ID][1] assigned by AWS.
interface OpenIdConnectProviderArgs
interface OpenIdConnectProviderArgs
The set of arguments for constructing a OpenIdConnectProvider resource.
property clientIdLists
clientIdLists: pulumi.Input<pulumi.Input<string>[]>;
A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that’s sent as the clientId parameter on OAuth requests.)
property thumbprintLists
thumbprintLists: pulumi.Input<pulumi.Input<string>[]>;
A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider’s server certificate(s).
property url
url: pulumi.Input<string>;
The URL of the identity provider. Corresponds to the iss claim.
interface OpenIdConnectProviderState
interface OpenIdConnectProviderState
Input properties used for looking up and filtering OpenIdConnectProvider resources.
property arn
arn?: pulumi.Input<string>;
The ARN assigned by AWS for this provider.
property clientIdLists
clientIdLists?: pulumi.Input<pulumi.Input<string>[]>;
A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that’s sent as the clientId parameter on OAuth requests.)
property thumbprintLists
thumbprintLists?: pulumi.Input<pulumi.Input<string>[]>;
A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider’s server certificate(s).
property url
url?: pulumi.Input<string>;
The URL of the identity provider. Corresponds to the iss claim.
interface PolicyArgs
interface PolicyArgs
The set of arguments for constructing a Policy resource.
property description
description?: pulumi.Input<string>;
Description of the IAM policy.
property name
name?: pulumi.Input<string>;
The name of the policy. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;
Creates a unique name beginning with the specified prefix. Conflicts with name
.
property path
path?: pulumi.Input<string>;
Path in which to create the policy. See IAM Identifiers for more information.
property policy
policy: pulumi.Input<string | PolicyDocument>;
The policy document. This is a JSON formatted string.
interface PolicyAttachmentArgs
interface PolicyAttachmentArgs
The set of arguments for constructing a PolicyAttachment resource.
property groups
groups?: pulumi.Input<pulumi.Input<string | Group>[]>;
The group(s) the policy should be applied to
property name
name?: pulumi.Input<string>;
The name of the attachment. This cannot be an empty string.
property policyArn
policyArn: pulumi.Input<ARN>;
The ARN of the policy you want to apply
property roles
roles?: pulumi.Input<pulumi.Input<string | Role>[]>;
The role(s) the policy should be applied to
property users
users?: pulumi.Input<pulumi.Input<string | User>[]>;
The user(s) the policy should be applied to
interface PolicyAttachmentState
interface PolicyAttachmentState
Input properties used for looking up and filtering PolicyAttachment resources.
property groups
groups?: pulumi.Input<pulumi.Input<string | Group>[]>;
The group(s) the policy should be applied to
property name
name?: pulumi.Input<string>;
The name of the attachment. This cannot be an empty string.
property policyArn
policyArn?: pulumi.Input<ARN>;
The ARN of the policy you want to apply
property roles
roles?: pulumi.Input<pulumi.Input<string | Role>[]>;
The role(s) the policy should be applied to
property users
users?: pulumi.Input<pulumi.Input<string | User>[]>;
The user(s) the policy should be applied to
interface PolicyDocument
interface PolicyDocument
You manage access in AWS by creating policies and attaching them to IAM identities or AWS resources. A policy is an object in AWS that, when associated with an entity or resource, defines their permissions. AWS evaluates these policies when a principal, such as a user, makes a request. Permissions in the policies determine whether the request is allowed or denied.
IAM policies define permissions for an action regardless of the method that you use to perform the operation. For
example, if a policy allows the GetUser
action, then a user with that policy can get user information from the
AWS Management Console, the AWS CLI, or the AWS API. When you create an IAM user, you can set up the user to
allow console or programmatic access. The IAM user can sign in to the console using a user name and password.
Or they can use access keys to work with the CLI or API.
Most policies are stored in AWS as JSON documents. Identity-based policies, policies used to set boundaries, or AWS STS boundary policies are JSON policy documents that you attach to a user or role. Resource-based policies are JSON policy documents that you attach to a resource. SCPs are JSON policy documents with restricted syntax that you attach to an AWS Organizations organizational unit (OU). ACLs are also attached to a resource, but you must use a different syntax.
A JSON policy document includes these elements:
- Optional policywide information at the top of the document
- One or more individual statements
Each statement includes information about a single permission. If a policy includes multiple statements, AWS applies a logical OR across the statements when evaluating them. If multiple policies apply to a request, AWS applies a logical OR across all of those policies when evaluating them.
For more details about IAM policies, please refer to the AWS documentation online: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
property Id
Id?: Input<string>;
An optional document ID.
property Statement
Statement: Input<Input<PolicyStatement>[]>;
One or more policy statements, describing the effect, principal, action, resource, and condition.
property Version
Version: Input<"2008-10-17" | "2012-10-17">;
The version of the policy language that you want to use. As a best practice, use the latest 2012-10-17
version.
interface PolicyState
interface PolicyState
Input properties used for looking up and filtering Policy resources.
property arn
arn?: pulumi.Input<string>;
The ARN assigned by AWS to this policy.
property description
description?: pulumi.Input<string>;
Description of the IAM policy.
property name
name?: pulumi.Input<string>;
The name of the policy. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;
Creates a unique name beginning with the specified prefix. Conflicts with name
.
property path
path?: pulumi.Input<string>;
Path in which to create the policy. See IAM Identifiers for more information.
property policy
policy?: pulumi.Input<string | PolicyDocument>;
The policy document. This is a JSON formatted string.
interface PolicyStatement
interface PolicyStatement
The Statement element is the main element for a policy. This element is required. It can include multiple elements (see the subsequent sections in this page). The Statement element contains an array of individual statements.
property Action
Action?: Input<string> | Input<Input<string>[]>;
Include a list of actions that the policy allows or denies. Required (either Action or NotAction) Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html
property Condition
Condition?: Input<Conditions>;
Specify the circumstances under which the policy grants permission.
property Effect
Effect: Input<"Allow" | "Deny">;
Indicate whether the policy allows or denies access.
property NotAction
NotAction?: Input<string> | Input<Input<string>[]>;
Include a list of actions that are not covered by this policy. Required (either Action or NotAction) Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html
property NotPrincipal
NotPrincipal?: Input<Principal>;
Indicate the account, user, role, or federated user to which this policy does not apply.
property NotResource
NotResource?: Input<string> | Input<Input<string>[]>;
A list of resources that are specifically excluded by this policy.
property Principal
Principal?: Input<Principal>;
Indicate the account, user, role, or federated user to which you would like to allow or deny access. If you are creating a policy to attach to a user or role, you cannot include this element. The principal is implied as that user or role.
property Resource
Resource?: Input<string> | Input<Input<string>[]>;
A list of resources to which the actions apply.
property Sid
Sid?: Input<string>;
An optional statement ID to differentiate between your statements.
type Principal
type Principal = "*" | AWSPrincipal | ServicePrincipal | FederatedPrincipal;
Use the Principal element to specify the user (IAM user, federated user, or assumed-role user), AWS account, AWS service, or other principal entity that is allowed or denied access to a resource. You use the Principal element in the trust policies for IAM roles and in resource-based policies—that is, in policies that you embed directly in a resource. For example, you can embed such policies in an Amazon S3 bucket, an Amazon Glacier vault, an Amazon SNS topic, an Amazon SQS queue, or an AWS KMS customer master key (CMK).
Use the Principal element in these ways:
- In IAM roles, use the Principal element in the role's trust policy to specify who can assume the role. For
cross-account access, you must specify the 12-digit identifier of the trusted account.
Note: After you create the role, you can change the account to "*" to allow everyone to assume the role. If
you do this, we strongly recommend that you limit who can access the role through other means, such as a
Condition element that limits access to only certain IP addresses. Do not leave your role accessible to
everyone!
- In resource-based policies, use the Principal element to specify the accounts or users who are allowed to
access the resource.
Do not use the Principal element in policies that you attach to IAM users and groups. Similarly, you do not specify a principal in the permission policy for an IAM role. In those cases, the principal is implicitly the user that the policy is attached to (for IAM users) or the user who assumes the role (for role access policies). When the policy is attached to an IAM group, the principal is the IAM user in that group who is making the request.
interface RoleArgs
interface RoleArgs
The set of arguments for constructing a Role resource.
property assumeRolePolicy
assumeRolePolicy: pulumi.Input<string | PolicyDocument>;
The policy that grants an entity permission to assume the role.
property description
description?: pulumi.Input<string>;
The description of the role.
property forceDetachPolicies
forceDetachPolicies?: pulumi.Input<boolean>;
Specifies to force detaching any policies the role has before destroying it. Defaults to false
.
property maxSessionDuration
maxSessionDuration?: pulumi.Input<number>;
The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
property name
name?: pulumi.Input<string>;
The name of the role. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;
Creates a unique name beginning with the specified prefix. Conflicts with name
.
property path
path?: pulumi.Input<string>;
The path to the role. See IAM Identifiers for more information.
property permissionsBoundary
permissionsBoundary?: pulumi.Input<string>;
The ARN of the policy that is used to set the permissions boundary for the role.
property tags
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
Key-value map of tags for the IAM role
interface RolePolicyArgs
interface RolePolicyArgs
The set of arguments for constructing a RolePolicy resource.
property name
name?: pulumi.Input<string>;
The name of the role policy. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;
Creates a unique name beginning with the specified
prefix. Conflicts with name
.
property policy
policy: pulumi.Input<string | PolicyDocument>;
The policy document. This is a JSON formatted string.
property role
role: pulumi.Input<string | Role>;
The IAM role to attach to the policy.
interface RolePolicyAttachmentArgs
interface RolePolicyAttachmentArgs
The set of arguments for constructing a RolePolicyAttachment resource.
property policyArn
policyArn: pulumi.Input<ARN>;
The ARN of the policy you want to apply
property role
role: pulumi.Input<string | Role>;
The role the policy should be applied to
interface RolePolicyAttachmentState
interface RolePolicyAttachmentState
Input properties used for looking up and filtering RolePolicyAttachment resources.
property policyArn
policyArn?: pulumi.Input<ARN>;
The ARN of the policy you want to apply
property role
role?: pulumi.Input<string | Role>;
The role the policy should be applied to
interface RolePolicyState
interface RolePolicyState
Input properties used for looking up and filtering RolePolicy resources.
property name
name?: pulumi.Input<string>;
The name of the role policy. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;
Creates a unique name beginning with the specified
prefix. Conflicts with name
.
property policy
policy?: pulumi.Input<string | PolicyDocument>;
The policy document. This is a JSON formatted string.
property role
role?: pulumi.Input<string | Role>;
The IAM role to attach to the policy.
interface RoleState
interface RoleState
Input properties used for looking up and filtering Role resources.
property arn
arn?: pulumi.Input<string>;
The Amazon Resource Name (ARN) specifying the role.
property assumeRolePolicy
assumeRolePolicy?: pulumi.Input<string | PolicyDocument>;
The policy that grants an entity permission to assume the role.
property createDate
createDate?: pulumi.Input<string>;
The creation date of the IAM role.
property description
description?: pulumi.Input<string>;
The description of the role.
property forceDetachPolicies
forceDetachPolicies?: pulumi.Input<boolean>;
Specifies to force detaching any policies the role has before destroying it. Defaults to false
.
property maxSessionDuration
maxSessionDuration?: pulumi.Input<number>;
The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
property name
name?: pulumi.Input<string>;
The name of the role. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;
Creates a unique name beginning with the specified prefix. Conflicts with name
.
property path
path?: pulumi.Input<string>;
The path to the role. See IAM Identifiers for more information.
property permissionsBoundary
permissionsBoundary?: pulumi.Input<string>;
The ARN of the policy that is used to set the permissions boundary for the role.
property tags
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
Key-value map of tags for the IAM role
property uniqueId
uniqueId?: pulumi.Input<string>;
The stable and unique string identifying the role.
interface SamlProviderArgs
interface SamlProviderArgs
The set of arguments for constructing a SamlProvider resource.
property name
name?: pulumi.Input<string>;
The name of the provider to create.
property samlMetadataDocument
samlMetadataDocument: pulumi.Input<string>;
An XML document generated by an identity provider that supports SAML 2.0.
interface SamlProviderState
interface SamlProviderState
Input properties used for looking up and filtering SamlProvider resources.
property arn
arn?: pulumi.Input<string>;
The ARN assigned by AWS for this provider.
property name
name?: pulumi.Input<string>;
The name of the provider to create.
property samlMetadataDocument
samlMetadataDocument?: pulumi.Input<string>;
An XML document generated by an identity provider that supports SAML 2.0.
property validUntil
validUntil?: pulumi.Input<string>;
The expiration date and time for the SAML provider in RFC1123 format, e.g. Mon, 02 Jan 2006 15:04:05 MST
.
interface ServerCertificateArgs
interface ServerCertificateArgs
The set of arguments for constructing a ServerCertificate resource.
property arn
arn?: pulumi.Input<string>;
The Amazon Resource Name (ARN) specifying the server certificate.
property certificateBody
certificateBody: pulumi.Input<string>;
The contents of the public key certificate in PEM-encoded format.
property certificateChain
certificateChain?: pulumi.Input<string>;
The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
property name
name?: pulumi.Input<string>;
The name of the Server Certificate. Do not include the path in this value. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;
Creates a unique name beginning with the specified
prefix. Conflicts with name
.
property path
path?: pulumi.Input<string>;
The IAM path for the server certificate. If it is not
included, it defaults to a slash (/). If this certificate is for use with
AWS CloudFront, the path must be in format /cloudfront/your_path_here
.
See IAM Identifiers for more details on IAM Paths.
property privateKey
privateKey: pulumi.Input<string>;
The contents of the private key in PEM-encoded format.
interface ServerCertificateState
interface ServerCertificateState
Input properties used for looking up and filtering ServerCertificate resources.
property arn
arn?: pulumi.Input<string>;
The Amazon Resource Name (ARN) specifying the server certificate.
property certificateBody
certificateBody?: pulumi.Input<string>;
The contents of the public key certificate in PEM-encoded format.
property certificateChain
certificateChain?: pulumi.Input<string>;
The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
property name
name?: pulumi.Input<string>;
The name of the Server Certificate. Do not include the path in this value. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;
Creates a unique name beginning with the specified
prefix. Conflicts with name
.
property path
path?: pulumi.Input<string>;
The IAM path for the server certificate. If it is not
included, it defaults to a slash (/). If this certificate is for use with
AWS CloudFront, the path must be in format /cloudfront/your_path_here
.
See IAM Identifiers for more details on IAM Paths.
property privateKey
privateKey?: pulumi.Input<string>;
The contents of the private key in PEM-encoded format.
interface ServiceLinkedRoleArgs
interface ServiceLinkedRoleArgs
The set of arguments for constructing a ServiceLinkedRole resource.
property awsServiceName
awsServiceName: pulumi.Input<string>;
The AWS service to which this role is attached. You use a string similar to a URL but without the http://
in front. For example: elasticbeanstalk.amazonaws.com
. To find the full list of services that support service-linked roles, check the docs.
property customSuffix
customSuffix?: pulumi.Input<string>;
Additional string appended to the role name. Not all AWS services support custom suffixes.
property description
description?: pulumi.Input<string>;
The description of the role.
interface ServiceLinkedRoleState
interface ServiceLinkedRoleState
Input properties used for looking up and filtering ServiceLinkedRole resources.
property arn
arn?: pulumi.Input<string>;
The Amazon Resource Name (ARN) specifying the role.
property awsServiceName
awsServiceName?: pulumi.Input<string>;
The AWS service to which this role is attached. You use a string similar to a URL but without the http://
in front. For example: elasticbeanstalk.amazonaws.com
. To find the full list of services that support service-linked roles, check the docs.
property createDate
createDate?: pulumi.Input<string>;
The creation date of the IAM role.
property customSuffix
customSuffix?: pulumi.Input<string>;
Additional string appended to the role name. Not all AWS services support custom suffixes.
property description
description?: pulumi.Input<string>;
The description of the role.
property name
name?: pulumi.Input<string>;
The name of the role.
property path
path?: pulumi.Input<string>;
The path of the role.
property uniqueId
uniqueId?: pulumi.Input<string>;
The stable and unique string identifying the role.
interface ServicePrincipal
interface ServicePrincipal
IAM roles that can be assumed by an AWS service are called service roles. Service roles must include a trust policy.
Trust policies are resource-based policies that are attached to a role that define which principals can assume the
role. Some service role have predefined trust policies. However, in some cases, you must specify the service
principal in the trust policy. A service principal is an identifier that is used to grant permissions to a service.
The identifier includes the long version of a service name, e.g. long_service_name.amazonaws.com
. The service
principal is defined by the service. To learn the service principal for a service, see the documentation for that
service.
property Service
Service: Input<string> | Input<Input<string>[]>;
interface SshKeyArgs
interface SshKeyArgs
The set of arguments for constructing a SshKey resource.
property encoding
encoding: pulumi.Input<string>;
Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH
. To retrieve the public key in PEM format, use PEM
.
property publicKey
publicKey: pulumi.Input<string>;
The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
property status
status?: pulumi.Input<string>;
The status to assign to the SSH public key. Active means the key can be used for authentication with an AWS CodeCommit repository. Inactive means the key cannot be used. Default is active
.
property username
username: pulumi.Input<string>;
The name of the IAM user to associate the SSH public key with.
interface SshKeyState
interface SshKeyState
Input properties used for looking up and filtering SshKey resources.
property encoding
encoding?: pulumi.Input<string>;
Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH
. To retrieve the public key in PEM format, use PEM
.
property fingerprint
fingerprint?: pulumi.Input<string>;
The MD5 message digest of the SSH public key.
property publicKey
publicKey?: pulumi.Input<string>;
The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
property sshPublicKeyId
sshPublicKeyId?: pulumi.Input<string>;
The unique identifier for the SSH public key.
property status
status?: pulumi.Input<string>;
The status to assign to the SSH public key. Active means the key can be used for authentication with an AWS CodeCommit repository. Inactive means the key cannot be used. Default is active
.
property username
username?: pulumi.Input<string>;
The name of the IAM user to associate the SSH public key with.
interface UserArgs
interface UserArgs
The set of arguments for constructing a User resource.
property forceDestroy
forceDestroy?: pulumi.Input<boolean>;
When destroying this user, destroy even if it
has non-provider-managed IAM access keys, login profile or MFA devices. Without forceDestroy
a user with non-provider-managed access keys and login profile will fail to be destroyed.
property name
name?: pulumi.Input<string>;
The user’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.
. User names are not distinguished by case. For example, you cannot create users named both “TESTUSER” and “testuser”.
property path
path?: pulumi.Input<string>;
Path in which to create the user.
property permissionsBoundary
permissionsBoundary?: pulumi.Input<string>;
The ARN of the policy that is used to set the permissions boundary for the user.
property tags
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
Key-value mapping of tags for the IAM user
interface UserGroupMembershipArgs
interface UserGroupMembershipArgs
The set of arguments for constructing a UserGroupMembership resource.
property groups
groups: pulumi.Input<pulumi.Input<string>[]>;
A list of IAM Groups to add the user to
property user
user: pulumi.Input<string>;
The name of the IAM User to add to groups
interface UserGroupMembershipState
interface UserGroupMembershipState
Input properties used for looking up and filtering UserGroupMembership resources.
property groups
groups?: pulumi.Input<pulumi.Input<string>[]>;
A list of IAM Groups to add the user to
property user
user?: pulumi.Input<string>;
The name of the IAM User to add to groups
interface UserLoginProfileArgs
interface UserLoginProfileArgs
The set of arguments for constructing a UserLoginProfile resource.
property passwordLength
passwordLength?: pulumi.Input<number>;
The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.
property passwordResetRequired
passwordResetRequired?: pulumi.Input<boolean>;
Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.
property pgpKey
pgpKey: pulumi.Input<string>;
Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username
. Only applies on resource creation. Drift detection is not possible with this argument.
property user
user: pulumi.Input<string>;
The IAM user’s name.
interface UserLoginProfileState
interface UserLoginProfileState
Input properties used for looking up and filtering UserLoginProfile resources.
property encryptedPassword
encryptedPassword?: pulumi.Input<string>;
The encrypted password, base64 encoded. Only available if password was handled on this provider resource creation, not import.
property keyFingerprint
keyFingerprint?: pulumi.Input<string>;
The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.
property passwordLength
passwordLength?: pulumi.Input<number>;
The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.
property passwordResetRequired
passwordResetRequired?: pulumi.Input<boolean>;
Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.
property pgpKey
pgpKey?: pulumi.Input<string>;
Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username
. Only applies on resource creation. Drift detection is not possible with this argument.
property user
user?: pulumi.Input<string>;
The IAM user’s name.
interface UserPolicyArgs
interface UserPolicyArgs
The set of arguments for constructing a UserPolicy resource.
property name
name?: pulumi.Input<string>;
The name of the policy. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;
Creates a unique name beginning with the specified prefix. Conflicts with name
.
property policy
policy: pulumi.Input<string | PolicyDocument>;
The policy document. This is a JSON formatted string.
property user
user: pulumi.Input<string>;
IAM user to which to attach this policy.
interface UserPolicyAttachmentArgs
interface UserPolicyAttachmentArgs
The set of arguments for constructing a UserPolicyAttachment resource.
property policyArn
policyArn: pulumi.Input<ARN>;
The ARN of the policy you want to apply
property user
user: pulumi.Input<string | User>;
The user the policy should be applied to
interface UserPolicyAttachmentState
interface UserPolicyAttachmentState
Input properties used for looking up and filtering UserPolicyAttachment resources.
property policyArn
policyArn?: pulumi.Input<ARN>;
The ARN of the policy you want to apply
property user
user?: pulumi.Input<string | User>;
The user the policy should be applied to
interface UserPolicyState
interface UserPolicyState
Input properties used for looking up and filtering UserPolicy resources.
property name
name?: pulumi.Input<string>;
The name of the policy. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;
Creates a unique name beginning with the specified prefix. Conflicts with name
.
property policy
policy?: pulumi.Input<string | PolicyDocument>;
The policy document. This is a JSON formatted string.
property user
user?: pulumi.Input<string>;
IAM user to which to attach this policy.
interface UserState
interface UserState
Input properties used for looking up and filtering User resources.
property arn
arn?: pulumi.Input<string>;
The ARN assigned by AWS for this user.
property forceDestroy
forceDestroy?: pulumi.Input<boolean>;
When destroying this user, destroy even if it
has non-provider-managed IAM access keys, login profile or MFA devices. Without forceDestroy
a user with non-provider-managed access keys and login profile will fail to be destroyed.
property name
name?: pulumi.Input<string>;
The user’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.
. User names are not distinguished by case. For example, you cannot create users named both “TESTUSER” and “testuser”.
property path
path?: pulumi.Input<string>;
Path in which to create the user.
property permissionsBoundary
permissionsBoundary?: pulumi.Input<string>;
The ARN of the policy that is used to set the permissions boundary for the user.
property tags
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
Key-value mapping of tags for the IAM user
property uniqueId
uniqueId?: pulumi.Input<string>;
The [unique ID][1] assigned by AWS.