Docs Home
akeyless 1.9.0 published on Monday, Apr 14, 2025 by akeyless-community
akeyless.AuthMethod
Explore with Pulumi AI
akeyless 1.9.0 published on Monday, Apr 14, 2025 by akeyless-community
Authentication Methods represent machine identities or human identities
Create AuthMethod Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AuthMethod(name: string, args: AuthMethodArgs, opts?: CustomResourceOptions);@overload
def AuthMethod(resource_name: str,
args: AuthMethodArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AuthMethod(resource_name: str,
opts: Optional[ResourceOptions] = None,
path: Optional[str] = None,
access_expires: Optional[float] = None,
api_keys: Optional[Sequence[AuthMethodApiKeyArgs]] = None,
auth_method_id: Optional[str] = None,
aws_iams: Optional[Sequence[AuthMethodAwsIamArgs]] = None,
azure_ads: Optional[Sequence[AuthMethodAzureAdArgs]] = None,
bound_ips: Optional[str] = None,
gcps: Optional[Sequence[AuthMethodGcpArgs]] = None,
samls: Optional[Sequence[AuthMethodSamlArgs]] = None)func NewAuthMethod(ctx *Context, name string, args AuthMethodArgs, opts ...ResourceOption) (*AuthMethod, error)public AuthMethod(string name, AuthMethodArgs args, CustomResourceOptions? opts = null)
public AuthMethod(String name, AuthMethodArgs args)
public AuthMethod(String name, AuthMethodArgs args, CustomResourceOptions options)
type: akeyless:AuthMethod
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AuthMethodArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AuthMethodArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AuthMethodArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AuthMethodArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AuthMethodArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var authMethodResource = new Akeyless.AuthMethod("authMethodResource", new()
{
Path = "string",
AccessExpires = 0,
ApiKeys = new[]
{
null,
},
AuthMethodId = "string",
AwsIams = new[]
{
new Akeyless.Inputs.AuthMethodAwsIamArgs
{
BoundAwsAccountIds = new[]
{
"string",
},
BoundArns = new[]
{
"string",
},
BoundResourceIds = new[]
{
"string",
},
BoundRoleIds = new[]
{
"string",
},
BoundRoleNames = new[]
{
"string",
},
BoundUserIds = new[]
{
"string",
},
BoundUserNames = new[]
{
"string",
},
StsUrl = "string",
},
},
AzureAds = new[]
{
new Akeyless.Inputs.AuthMethodAzureAdArgs
{
BoundTenantId = "string",
BoundGroupIds = new[]
{
"string",
},
BoundProviders = new[]
{
"string",
},
BoundResourceIds = new[]
{
"string",
},
BoundResourceNames = new[]
{
"string",
},
BoundResourceTypes = new[]
{
"string",
},
BoundRgIds = new[]
{
"string",
},
BoundSpids = new[]
{
"string",
},
BoundSubIds = new[]
{
"string",
},
CustomAudience = "string",
CustomIssuer = "string",
JwksUri = "string",
},
},
BoundIps = "string",
Gcps = new[]
{
new Akeyless.Inputs.AuthMethodGcpArgs
{
ServiceAccountCredsData = "string",
Audience = "string",
Gces = new[]
{
new Akeyless.Inputs.AuthMethodGcpGceArgs
{
BoundLabels = new[]
{
"string",
},
BoundRegions = new[]
{
"string",
},
BoundZones = new[]
{
"string",
},
},
},
Iams = new[]
{
new Akeyless.Inputs.AuthMethodGcpIamArgs
{
BoundServiceAccounts = new[]
{
"string",
},
},
},
},
},
Samls = new[]
{
new Akeyless.Inputs.AuthMethodSamlArgs
{
UniqueIdentifier = "string",
IdpMetadataUrl = "string",
IdpMetadataXmlData = "string",
},
},
});
example, err := akeyless.NewAuthMethod(ctx, "authMethodResource", &akeyless.AuthMethodArgs{
Path: pulumi.String("string"),
AccessExpires: pulumi.Float64(0),
ApiKeys: akeyless.AuthMethodApiKeyTypeArray{
&akeyless.AuthMethodApiKeyTypeArgs{},
},
AuthMethodId: pulumi.String("string"),
AwsIams: akeyless.AuthMethodAwsIamTypeArray{
&akeyless.AuthMethodAwsIamTypeArgs{
BoundAwsAccountIds: pulumi.StringArray{
pulumi.String("string"),
},
BoundArns: pulumi.StringArray{
pulumi.String("string"),
},
BoundResourceIds: pulumi.StringArray{
pulumi.String("string"),
},
BoundRoleIds: pulumi.StringArray{
pulumi.String("string"),
},
BoundRoleNames: pulumi.StringArray{
pulumi.String("string"),
},
BoundUserIds: pulumi.StringArray{
pulumi.String("string"),
},
BoundUserNames: pulumi.StringArray{
pulumi.String("string"),
},
StsUrl: pulumi.String("string"),
},
},
AzureAds: akeyless.AuthMethodAzureAdTypeArray{
&akeyless.AuthMethodAzureAdTypeArgs{
BoundTenantId: pulumi.String("string"),
BoundGroupIds: pulumi.StringArray{
pulumi.String("string"),
},
BoundProviders: pulumi.StringArray{
pulumi.String("string"),
},
BoundResourceIds: pulumi.StringArray{
pulumi.String("string"),
},
BoundResourceNames: pulumi.StringArray{
pulumi.String("string"),
},
BoundResourceTypes: pulumi.StringArray{
pulumi.String("string"),
},
BoundRgIds: pulumi.StringArray{
pulumi.String("string"),
},
BoundSpids: pulumi.StringArray{
pulumi.String("string"),
},
BoundSubIds: pulumi.StringArray{
pulumi.String("string"),
},
CustomAudience: pulumi.String("string"),
CustomIssuer: pulumi.String("string"),
JwksUri: pulumi.String("string"),
},
},
BoundIps: pulumi.String("string"),
Gcps: akeyless.AuthMethodGcpTypeArray{
&akeyless.AuthMethodGcpTypeArgs{
ServiceAccountCredsData: pulumi.String("string"),
Audience: pulumi.String("string"),
Gces: akeyless.AuthMethodGcpGceArray{
&akeyless.AuthMethodGcpGceArgs{
BoundLabels: pulumi.StringArray{
pulumi.String("string"),
},
BoundRegions: pulumi.StringArray{
pulumi.String("string"),
},
BoundZones: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Iams: akeyless.AuthMethodGcpIamArray{
&akeyless.AuthMethodGcpIamArgs{
BoundServiceAccounts: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
},
Samls: akeyless.AuthMethodSamlTypeArray{
&akeyless.AuthMethodSamlTypeArgs{
UniqueIdentifier: pulumi.String("string"),
IdpMetadataUrl: pulumi.String("string"),
IdpMetadataXmlData: pulumi.String("string"),
},
},
})
var authMethodResource = new AuthMethod("authMethodResource", AuthMethodArgs.builder()
.path("string")
.accessExpires(0)
.apiKeys()
.authMethodId("string")
.awsIams(AuthMethodAwsIamArgs.builder()
.boundAwsAccountIds("string")
.boundArns("string")
.boundResourceIds("string")
.boundRoleIds("string")
.boundRoleNames("string")
.boundUserIds("string")
.boundUserNames("string")
.stsUrl("string")
.build())
.azureAds(AuthMethodAzureAdArgs.builder()
.boundTenantId("string")
.boundGroupIds("string")
.boundProviders("string")
.boundResourceIds("string")
.boundResourceNames("string")
.boundResourceTypes("string")
.boundRgIds("string")
.boundSpids("string")
.boundSubIds("string")
.customAudience("string")
.customIssuer("string")
.jwksUri("string")
.build())
.boundIps("string")
.gcps(AuthMethodGcpArgs.builder()
.serviceAccountCredsData("string")
.audience("string")
.gces(AuthMethodGcpGceArgs.builder()
.boundLabels("string")
.boundRegions("string")
.boundZones("string")
.build())
.iams(AuthMethodGcpIamArgs.builder()
.boundServiceAccounts("string")
.build())
.build())
.samls(AuthMethodSamlArgs.builder()
.uniqueIdentifier("string")
.idpMetadataUrl("string")
.idpMetadataXmlData("string")
.build())
.build());
auth_method_resource = akeyless.AuthMethod("authMethodResource",
path="string",
access_expires=0,
api_keys=[{}],
auth_method_id="string",
aws_iams=[{
"bound_aws_account_ids": ["string"],
"bound_arns": ["string"],
"bound_resource_ids": ["string"],
"bound_role_ids": ["string"],
"bound_role_names": ["string"],
"bound_user_ids": ["string"],
"bound_user_names": ["string"],
"sts_url": "string",
}],
azure_ads=[{
"bound_tenant_id": "string",
"bound_group_ids": ["string"],
"bound_providers": ["string"],
"bound_resource_ids": ["string"],
"bound_resource_names": ["string"],
"bound_resource_types": ["string"],
"bound_rg_ids": ["string"],
"bound_spids": ["string"],
"bound_sub_ids": ["string"],
"custom_audience": "string",
"custom_issuer": "string",
"jwks_uri": "string",
}],
bound_ips="string",
gcps=[{
"service_account_creds_data": "string",
"audience": "string",
"gces": [{
"bound_labels": ["string"],
"bound_regions": ["string"],
"bound_zones": ["string"],
}],
"iams": [{
"bound_service_accounts": ["string"],
}],
}],
samls=[{
"unique_identifier": "string",
"idp_metadata_url": "string",
"idp_metadata_xml_data": "string",
}])
const authMethodResource = new akeyless.AuthMethod("authMethodResource", {
path: "string",
accessExpires: 0,
apiKeys: [{}],
authMethodId: "string",
awsIams: [{
boundAwsAccountIds: ["string"],
boundArns: ["string"],
boundResourceIds: ["string"],
boundRoleIds: ["string"],
boundRoleNames: ["string"],
boundUserIds: ["string"],
boundUserNames: ["string"],
stsUrl: "string",
}],
azureAds: [{
boundTenantId: "string",
boundGroupIds: ["string"],
boundProviders: ["string"],
boundResourceIds: ["string"],
boundResourceNames: ["string"],
boundResourceTypes: ["string"],
boundRgIds: ["string"],
boundSpids: ["string"],
boundSubIds: ["string"],
customAudience: "string",
customIssuer: "string",
jwksUri: "string",
}],
boundIps: "string",
gcps: [{
serviceAccountCredsData: "string",
audience: "string",
gces: [{
boundLabels: ["string"],
boundRegions: ["string"],
boundZones: ["string"],
}],
iams: [{
boundServiceAccounts: ["string"],
}],
}],
samls: [{
uniqueIdentifier: "string",
idpMetadataUrl: "string",
idpMetadataXmlData: "string",
}],
});
type: akeyless:AuthMethod
properties:
accessExpires: 0
apiKeys:
- {}
authMethodId: string
awsIams:
- boundArns:
- string
boundAwsAccountIds:
- string
boundResourceIds:
- string
boundRoleIds:
- string
boundRoleNames:
- string
boundUserIds:
- string
boundUserNames:
- string
stsUrl: string
azureAds:
- boundGroupIds:
- string
boundProviders:
- string
boundResourceIds:
- string
boundResourceNames:
- string
boundResourceTypes:
- string
boundRgIds:
- string
boundSpids:
- string
boundSubIds:
- string
boundTenantId: string
customAudience: string
customIssuer: string
jwksUri: string
boundIps: string
gcps:
- audience: string
gces:
- boundLabels:
- string
boundRegions:
- string
boundZones:
- string
iams:
- boundServiceAccounts:
- string
serviceAccountCredsData: string
path: string
samls:
- idpMetadataUrl: string
idpMetadataXmlData: string
uniqueIdentifier: string
AuthMethod Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AuthMethod resource accepts the following input properties:
- Path string
- The path where the Auth Method will be stored
- Access
Expires double - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- Api
Keys List<AuthMethod Api Key> - A configuration block, described below, using API-Key Auth Method
- Auth
Method stringId - The ID of this resource.
- Aws
Iams List<AuthMethod Aws Iam> - A configuration block, described below, using AWS-IAM Auth Method
- Azure
Ads List<AuthMethod Azure Ad> - A configuration block, described below, using Azure AD Auth Method
- Bound
Ips string - A CIDR whitelist with the IPs that the access is restricted to
- Gcps
List<Auth
Method Gcp> - A configuration block, described below, using Auth Method API-Key
- Samls
List<Auth
Method Saml> - A configuration block, described below, using SAML Auth Method
- Path string
- The path where the Auth Method will be stored
- Access
Expires float64 - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- Api
Keys []AuthMethod Api Key Type Args - A configuration block, described below, using API-Key Auth Method
- Auth
Method stringId - The ID of this resource.
- Aws
Iams []AuthMethod Aws Iam Type Args - A configuration block, described below, using AWS-IAM Auth Method
- Azure
Ads []AuthMethod Azure Ad Type Args - A configuration block, described below, using Azure AD Auth Method
- Bound
Ips string - A CIDR whitelist with the IPs that the access is restricted to
- Gcps
[]Auth
Method Gcp Type Args - A configuration block, described below, using Auth Method API-Key
- Samls
[]Auth
Method Saml Type Args - A configuration block, described below, using SAML Auth Method
- path String
- The path where the Auth Method will be stored
- access
Expires Double - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- api
Keys List<AuthMethod Api Key> - A configuration block, described below, using API-Key Auth Method
- auth
Method StringId - The ID of this resource.
- aws
Iams List<AuthMethod Aws Iam> - A configuration block, described below, using AWS-IAM Auth Method
- azure
Ads List<AuthMethod Azure Ad> - A configuration block, described below, using Azure AD Auth Method
- bound
Ips String - A CIDR whitelist with the IPs that the access is restricted to
- gcps
List<Auth
Method Gcp> - A configuration block, described below, using Auth Method API-Key
- samls
List<Auth
Method Saml> - A configuration block, described below, using SAML Auth Method
- path string
- The path where the Auth Method will be stored
- access
Expires number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- api
Keys AuthMethod Api Key[] - A configuration block, described below, using API-Key Auth Method
- auth
Method stringId - The ID of this resource.
- aws
Iams AuthMethod Aws Iam[] - A configuration block, described below, using AWS-IAM Auth Method
- azure
Ads AuthMethod Azure Ad[] - A configuration block, described below, using Azure AD Auth Method
- bound
Ips string - A CIDR whitelist with the IPs that the access is restricted to
- gcps
Auth
Method Gcp[] - A configuration block, described below, using Auth Method API-Key
- samls
Auth
Method Saml[] - A configuration block, described below, using SAML Auth Method
- path str
- The path where the Auth Method will be stored
- access_
expires float - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- api_
keys Sequence[AuthMethod Api Key Args] - A configuration block, described below, using API-Key Auth Method
- auth_
method_ strid - The ID of this resource.
- aws_
iams Sequence[AuthMethod Aws Iam Args] - A configuration block, described below, using AWS-IAM Auth Method
- azure_
ads Sequence[AuthMethod Azure Ad Args] - A configuration block, described below, using Azure AD Auth Method
- bound_
ips str - A CIDR whitelist with the IPs that the access is restricted to
- gcps
Sequence[Auth
Method Gcp Args] - A configuration block, described below, using Auth Method API-Key
- samls
Sequence[Auth
Method Saml Args] - A configuration block, described below, using SAML Auth Method
- path String
- The path where the Auth Method will be stored
- access
Expires Number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- api
Keys List<Property Map> - A configuration block, described below, using API-Key Auth Method
- auth
Method StringId - The ID of this resource.
- aws
Iams List<Property Map> - A configuration block, described below, using AWS-IAM Auth Method
- azure
Ads List<Property Map> - A configuration block, described below, using Azure AD Auth Method
- bound
Ips String - A CIDR whitelist with the IPs that the access is restricted to
- gcps List<Property Map>
- A configuration block, described below, using Auth Method API-Key
- samls List<Property Map>
- A configuration block, described below, using SAML Auth Method
Outputs
All input properties are implicitly available as output properties. Additionally, the AuthMethod resource produces the following output properties:
- access_
id str - Auth Method access ID
- access_
key str - Auth Method access key
- id str
- The provider-assigned unique ID for this managed resource.
Look up Existing AuthMethod Resource
Get an existing AuthMethod resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AuthMethodState, opts?: CustomResourceOptions): AuthMethod@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_expires: Optional[float] = None,
access_id: Optional[str] = None,
access_key: Optional[str] = None,
api_keys: Optional[Sequence[AuthMethodApiKeyArgs]] = None,
auth_method_id: Optional[str] = None,
aws_iams: Optional[Sequence[AuthMethodAwsIamArgs]] = None,
azure_ads: Optional[Sequence[AuthMethodAzureAdArgs]] = None,
bound_ips: Optional[str] = None,
gcps: Optional[Sequence[AuthMethodGcpArgs]] = None,
path: Optional[str] = None,
samls: Optional[Sequence[AuthMethodSamlArgs]] = None) -> AuthMethodfunc GetAuthMethod(ctx *Context, name string, id IDInput, state *AuthMethodState, opts ...ResourceOption) (*AuthMethod, error)public static AuthMethod Get(string name, Input<string> id, AuthMethodState? state, CustomResourceOptions? opts = null)public static AuthMethod get(String name, Output<String> id, AuthMethodState state, CustomResourceOptions options)resources: _: type: akeyless:AuthMethod get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Expires double - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- Access
Id string - Auth Method access ID
- Access
Key string - Auth Method access key
- Api
Keys List<AuthMethod Api Key> - A configuration block, described below, using API-Key Auth Method
- Auth
Method stringId - The ID of this resource.
- Aws
Iams List<AuthMethod Aws Iam> - A configuration block, described below, using AWS-IAM Auth Method
- Azure
Ads List<AuthMethod Azure Ad> - A configuration block, described below, using Azure AD Auth Method
- Bound
Ips string - A CIDR whitelist with the IPs that the access is restricted to
- Gcps
List<Auth
Method Gcp> - A configuration block, described below, using Auth Method API-Key
- Path string
- The path where the Auth Method will be stored
- Samls
List<Auth
Method Saml> - A configuration block, described below, using SAML Auth Method
- Access
Expires float64 - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- Access
Id string - Auth Method access ID
- Access
Key string - Auth Method access key
- Api
Keys []AuthMethod Api Key Type Args - A configuration block, described below, using API-Key Auth Method
- Auth
Method stringId - The ID of this resource.
- Aws
Iams []AuthMethod Aws Iam Type Args - A configuration block, described below, using AWS-IAM Auth Method
- Azure
Ads []AuthMethod Azure Ad Type Args - A configuration block, described below, using Azure AD Auth Method
- Bound
Ips string - A CIDR whitelist with the IPs that the access is restricted to
- Gcps
[]Auth
Method Gcp Type Args - A configuration block, described below, using Auth Method API-Key
- Path string
- The path where the Auth Method will be stored
- Samls
[]Auth
Method Saml Type Args - A configuration block, described below, using SAML Auth Method
- access
Expires Double - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access
Id String - Auth Method access ID
- access
Key String - Auth Method access key
- api
Keys List<AuthMethod Api Key> - A configuration block, described below, using API-Key Auth Method
- auth
Method StringId - The ID of this resource.
- aws
Iams List<AuthMethod Aws Iam> - A configuration block, described below, using AWS-IAM Auth Method
- azure
Ads List<AuthMethod Azure Ad> - A configuration block, described below, using Azure AD Auth Method
- bound
Ips String - A CIDR whitelist with the IPs that the access is restricted to
- gcps
List<Auth
Method Gcp> - A configuration block, described below, using Auth Method API-Key
- path String
- The path where the Auth Method will be stored
- samls
List<Auth
Method Saml> - A configuration block, described below, using SAML Auth Method
- access
Expires number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access
Id string - Auth Method access ID
- access
Key string - Auth Method access key
- api
Keys AuthMethod Api Key[] - A configuration block, described below, using API-Key Auth Method
- auth
Method stringId - The ID of this resource.
- aws
Iams AuthMethod Aws Iam[] - A configuration block, described below, using AWS-IAM Auth Method
- azure
Ads AuthMethod Azure Ad[] - A configuration block, described below, using Azure AD Auth Method
- bound
Ips string - A CIDR whitelist with the IPs that the access is restricted to
- gcps
Auth
Method Gcp[] - A configuration block, described below, using Auth Method API-Key
- path string
- The path where the Auth Method will be stored
- samls
Auth
Method Saml[] - A configuration block, described below, using SAML Auth Method
- access_
expires float - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access_
id str - Auth Method access ID
- access_
key str - Auth Method access key
- api_
keys Sequence[AuthMethod Api Key Args] - A configuration block, described below, using API-Key Auth Method
- auth_
method_ strid - The ID of this resource.
- aws_
iams Sequence[AuthMethod Aws Iam Args] - A configuration block, described below, using AWS-IAM Auth Method
- azure_
ads Sequence[AuthMethod Azure Ad Args] - A configuration block, described below, using Azure AD Auth Method
- bound_
ips str - A CIDR whitelist with the IPs that the access is restricted to
- gcps
Sequence[Auth
Method Gcp Args] - A configuration block, described below, using Auth Method API-Key
- path str
- The path where the Auth Method will be stored
- samls
Sequence[Auth
Method Saml Args] - A configuration block, described below, using SAML Auth Method
- access
Expires Number - Access expiration date in Unix timestamp (select 0 for access without expiry date)
- access
Id String - Auth Method access ID
- access
Key String - Auth Method access key
- api
Keys List<Property Map> - A configuration block, described below, using API-Key Auth Method
- auth
Method StringId - The ID of this resource.
- aws
Iams List<Property Map> - A configuration block, described below, using AWS-IAM Auth Method
- azure
Ads List<Property Map> - A configuration block, described below, using Azure AD Auth Method
- bound
Ips String - A CIDR whitelist with the IPs that the access is restricted to
- gcps List<Property Map>
- A configuration block, described below, using Auth Method API-Key
- path String
- The path where the Auth Method will be stored
- samls List<Property Map>
- A configuration block, described below, using SAML Auth Method
Supporting Types
AuthMethodAwsIam, AuthMethodAwsIamArgs
- Bound
Aws List<string>Account Ids - A list of AWS account-IDs that the access is restricted to
- Bound
Arns List<string> - A list of full arns that the access is restricted to
- Bound
Resource List<string>Ids - A list of full resource ids that the access is restricted to
- Bound
Role List<string>Ids - A list of full role ids that the access is restricted to
- Bound
Role List<string>Names - A list of full role-name that the access is restricted to
- Bound
User List<string>Ids - A list of full user ids that the access is restricted to
- Bound
User List<string>Names - A list of full user-name that the access is restricted to
- Sts
Url string - STS URL (default: https://sts.amazonaws.com)
- Bound
Aws []stringAccount Ids - A list of AWS account-IDs that the access is restricted to
- Bound
Arns []string - A list of full arns that the access is restricted to
- Bound
Resource []stringIds - A list of full resource ids that the access is restricted to
- Bound
Role []stringIds - A list of full role ids that the access is restricted to
- Bound
Role []stringNames - A list of full role-name that the access is restricted to
- Bound
User []stringIds - A list of full user ids that the access is restricted to
- Bound
User []stringNames - A list of full user-name that the access is restricted to
- Sts
Url string - STS URL (default: https://sts.amazonaws.com)
- bound
Aws List<String>Account Ids - A list of AWS account-IDs that the access is restricted to
- bound
Arns List<String> - A list of full arns that the access is restricted to
- bound
Resource List<String>Ids - A list of full resource ids that the access is restricted to
- bound
Role List<String>Ids - A list of full role ids that the access is restricted to
- bound
Role List<String>Names - A list of full role-name that the access is restricted to
- bound
User List<String>Ids - A list of full user ids that the access is restricted to
- bound
User List<String>Names - A list of full user-name that the access is restricted to
- sts
Url String - STS URL (default: https://sts.amazonaws.com)
- bound
Aws string[]Account Ids - A list of AWS account-IDs that the access is restricted to
- bound
Arns string[] - A list of full arns that the access is restricted to
- bound
Resource string[]Ids - A list of full resource ids that the access is restricted to
- bound
Role string[]Ids - A list of full role ids that the access is restricted to
- bound
Role string[]Names - A list of full role-name that the access is restricted to
- bound
User string[]Ids - A list of full user ids that the access is restricted to
- bound
User string[]Names - A list of full user-name that the access is restricted to
- sts
Url string - STS URL (default: https://sts.amazonaws.com)
- bound_
aws_ Sequence[str]account_ ids - A list of AWS account-IDs that the access is restricted to
- bound_
arns Sequence[str] - A list of full arns that the access is restricted to
- bound_
resource_ Sequence[str]ids - A list of full resource ids that the access is restricted to
- bound_
role_ Sequence[str]ids - A list of full role ids that the access is restricted to
- bound_
role_ Sequence[str]names - A list of full role-name that the access is restricted to
- bound_
user_ Sequence[str]ids - A list of full user ids that the access is restricted to
- bound_
user_ Sequence[str]names - A list of full user-name that the access is restricted to
- sts_
url str - STS URL (default: https://sts.amazonaws.com)
- bound
Aws List<String>Account Ids - A list of AWS account-IDs that the access is restricted to
- bound
Arns List<String> - A list of full arns that the access is restricted to
- bound
Resource List<String>Ids - A list of full resource ids that the access is restricted to
- bound
Role List<String>Ids - A list of full role ids that the access is restricted to
- bound
Role List<String>Names - A list of full role-name that the access is restricted to
- bound
User List<String>Ids - A list of full user ids that the access is restricted to
- bound
User List<String>Names - A list of full user-name that the access is restricted to
- sts
Url String - STS URL (default: https://sts.amazonaws.com)
AuthMethodAzureAd, AuthMethodAzureAdArgs
- Bound
Tenant stringId - The Azure tenant id that the access is restricted to
- Bound
Group List<string>Ids - A list of group ids that the access is restricted to
- Bound
Providers List<string> - A list of resource providers that the access is restricted to (e.g, Microsoft.Compute, Microsoft.ManagedIdentity, etc)
- Bound
Resource List<string>Ids - A list of full resource ids that the access is restricted to
- Bound
Resource List<string>Names - A list of resource names that the access is restricted to (e.g, a virtual machine name, scale set name, etc)
- Bound
Resource List<string>Types - A list of resource types that the access is restricted to (e.g, virtualMachines, userAssignedIdentities, etc)
- Bound
Rg List<string>Ids - A list of resource groups that the access is restricted to
- Bound
Spids List<string> - A list of service principal IDs that the access is restricted to
- Bound
Sub List<string>Ids - A list of subscription ids that the access is restricted to
- Custom
Audience string - The audience in the JWT
- Custom
Issuer string - Issuer URL
- Jwks
Uri string - The URL to the JSON Web Key Set (JWKS) that containing the public keys that should be used to verify any JSON Web Token (JWT) issued by the authorization server
- Bound
Tenant stringId - The Azure tenant id that the access is restricted to
- Bound
Group []stringIds - A list of group ids that the access is restricted to
- Bound
Providers []string - A list of resource providers that the access is restricted to (e.g, Microsoft.Compute, Microsoft.ManagedIdentity, etc)
- Bound
Resource []stringIds - A list of full resource ids that the access is restricted to
- Bound
Resource []stringNames - A list of resource names that the access is restricted to (e.g, a virtual machine name, scale set name, etc)
- Bound
Resource []stringTypes - A list of resource types that the access is restricted to (e.g, virtualMachines, userAssignedIdentities, etc)
- Bound
Rg []stringIds - A list of resource groups that the access is restricted to
- Bound
Spids []string - A list of service principal IDs that the access is restricted to
- Bound
Sub []stringIds - A list of subscription ids that the access is restricted to
- Custom
Audience string - The audience in the JWT
- Custom
Issuer string - Issuer URL
- Jwks
Uri string - The URL to the JSON Web Key Set (JWKS) that containing the public keys that should be used to verify any JSON Web Token (JWT) issued by the authorization server
- bound
Tenant StringId - The Azure tenant id that the access is restricted to
- bound
Group List<String>Ids - A list of group ids that the access is restricted to
- bound
Providers List<String> - A list of resource providers that the access is restricted to (e.g, Microsoft.Compute, Microsoft.ManagedIdentity, etc)
- bound
Resource List<String>Ids - A list of full resource ids that the access is restricted to
- bound
Resource List<String>Names - A list of resource names that the access is restricted to (e.g, a virtual machine name, scale set name, etc)
- bound
Resource List<String>Types - A list of resource types that the access is restricted to (e.g, virtualMachines, userAssignedIdentities, etc)
- bound
Rg List<String>Ids - A list of resource groups that the access is restricted to
- bound
Spids List<String> - A list of service principal IDs that the access is restricted to
- bound
Sub List<String>Ids - A list of subscription ids that the access is restricted to
- custom
Audience String - The audience in the JWT
- custom
Issuer String - Issuer URL
- jwks
Uri String - The URL to the JSON Web Key Set (JWKS) that containing the public keys that should be used to verify any JSON Web Token (JWT) issued by the authorization server
- bound
Tenant stringId - The Azure tenant id that the access is restricted to
- bound
Group string[]Ids - A list of group ids that the access is restricted to
- bound
Providers string[] - A list of resource providers that the access is restricted to (e.g, Microsoft.Compute, Microsoft.ManagedIdentity, etc)
- bound
Resource string[]Ids - A list of full resource ids that the access is restricted to
- bound
Resource string[]Names - A list of resource names that the access is restricted to (e.g, a virtual machine name, scale set name, etc)
- bound
Resource string[]Types - A list of resource types that the access is restricted to (e.g, virtualMachines, userAssignedIdentities, etc)
- bound
Rg string[]Ids - A list of resource groups that the access is restricted to
- bound
Spids string[] - A list of service principal IDs that the access is restricted to
- bound
Sub string[]Ids - A list of subscription ids that the access is restricted to
- custom
Audience string - The audience in the JWT
- custom
Issuer string - Issuer URL
- jwks
Uri string - The URL to the JSON Web Key Set (JWKS) that containing the public keys that should be used to verify any JSON Web Token (JWT) issued by the authorization server
- bound_
tenant_ strid - The Azure tenant id that the access is restricted to
- bound_
group_ Sequence[str]ids - A list of group ids that the access is restricted to
- bound_
providers Sequence[str] - A list of resource providers that the access is restricted to (e.g, Microsoft.Compute, Microsoft.ManagedIdentity, etc)
- bound_
resource_ Sequence[str]ids - A list of full resource ids that the access is restricted to
- bound_
resource_ Sequence[str]names - A list of resource names that the access is restricted to (e.g, a virtual machine name, scale set name, etc)
- bound_
resource_ Sequence[str]types - A list of resource types that the access is restricted to (e.g, virtualMachines, userAssignedIdentities, etc)
- bound_
rg_ Sequence[str]ids - A list of resource groups that the access is restricted to
- bound_
spids Sequence[str] - A list of service principal IDs that the access is restricted to
- bound_
sub_ Sequence[str]ids - A list of subscription ids that the access is restricted to
- custom_
audience str - The audience in the JWT
- custom_
issuer str - Issuer URL
- jwks_
uri str - The URL to the JSON Web Key Set (JWKS) that containing the public keys that should be used to verify any JSON Web Token (JWT) issued by the authorization server
- bound
Tenant StringId - The Azure tenant id that the access is restricted to
- bound
Group List<String>Ids - A list of group ids that the access is restricted to
- bound
Providers List<String> - A list of resource providers that the access is restricted to (e.g, Microsoft.Compute, Microsoft.ManagedIdentity, etc)
- bound
Resource List<String>Ids - A list of full resource ids that the access is restricted to
- bound
Resource List<String>Names - A list of resource names that the access is restricted to (e.g, a virtual machine name, scale set name, etc)
- bound
Resource List<String>Types - A list of resource types that the access is restricted to (e.g, virtualMachines, userAssignedIdentities, etc)
- bound
Rg List<String>Ids - A list of resource groups that the access is restricted to
- bound
Spids List<String> - A list of service principal IDs that the access is restricted to
- bound
Sub List<String>Ids - A list of subscription ids that the access is restricted to
- custom
Audience String - The audience in the JWT
- custom
Issuer String - Issuer URL
- jwks
Uri String - The URL to the JSON Web Key Set (JWKS) that containing the public keys that should be used to verify any JSON Web Token (JWT) issued by the authorization server
AuthMethodGcp, AuthMethodGcpArgs
- Service
Account stringCreds Data - Service Account creds data, base64 encoded
- Audience string
- The audience to verify in the JWT received by the client
- Gces
List<Auth
Method Gcp Gce> - IAM GCE Auth Method
- Iams
List<Auth
Method Gcp Iam> - IAM GCP Auth Method
- Service
Account stringCreds Data - Service Account creds data, base64 encoded
- Audience string
- The audience to verify in the JWT received by the client
- Gces
[]Auth
Method Gcp Gce - IAM GCE Auth Method
- Iams
[]Auth
Method Gcp Iam - IAM GCP Auth Method
- service
Account StringCreds Data - Service Account creds data, base64 encoded
- audience String
- The audience to verify in the JWT received by the client
- gces
List<Auth
Method Gcp Gce> - IAM GCE Auth Method
- iams
List<Auth
Method Gcp Iam> - IAM GCP Auth Method
- service
Account stringCreds Data - Service Account creds data, base64 encoded
- audience string
- The audience to verify in the JWT received by the client
- gces
Auth
Method Gcp Gce[] - IAM GCE Auth Method
- iams
Auth
Method Gcp Iam[] - IAM GCP Auth Method
- service_
account_ strcreds_ data - Service Account creds data, base64 encoded
- audience str
- The audience to verify in the JWT received by the client
- gces
Sequence[Auth
Method Gcp Gce] - IAM GCE Auth Method
- iams
Sequence[Auth
Method Gcp Iam] - IAM GCP Auth Method
- service
Account StringCreds Data - Service Account creds data, base64 encoded
- audience String
- The audience to verify in the JWT received by the client
- gces List<Property Map>
- IAM GCE Auth Method
- iams List<Property Map>
- IAM GCP Auth Method
AuthMethodGcpGce, AuthMethodGcpGceArgs
- Bound
Labels List<string> - GCE only. A list of GCP labels formatted as "key:value" pairs that must be set on instances in order to authenticate
- Bound
Regions List<string> - GCE only. A list of regions. GCE instances must belong to any of the provided regions in order to authenticate
- Bound
Zones List<string> - GCE only. A list of zones. GCE instances must belong to any of the provided zones in order to authenticate
- Bound
Labels []string - GCE only. A list of GCP labels formatted as "key:value" pairs that must be set on instances in order to authenticate
- Bound
Regions []string - GCE only. A list of regions. GCE instances must belong to any of the provided regions in order to authenticate
- Bound
Zones []string - GCE only. A list of zones. GCE instances must belong to any of the provided zones in order to authenticate
- bound
Labels List<String> - GCE only. A list of GCP labels formatted as "key:value" pairs that must be set on instances in order to authenticate
- bound
Regions List<String> - GCE only. A list of regions. GCE instances must belong to any of the provided regions in order to authenticate
- bound
Zones List<String> - GCE only. A list of zones. GCE instances must belong to any of the provided zones in order to authenticate
- bound
Labels string[] - GCE only. A list of GCP labels formatted as "key:value" pairs that must be set on instances in order to authenticate
- bound
Regions string[] - GCE only. A list of regions. GCE instances must belong to any of the provided regions in order to authenticate
- bound
Zones string[] - GCE only. A list of zones. GCE instances must belong to any of the provided zones in order to authenticate
- bound_
labels Sequence[str] - GCE only. A list of GCP labels formatted as "key:value" pairs that must be set on instances in order to authenticate
- bound_
regions Sequence[str] - GCE only. A list of regions. GCE instances must belong to any of the provided regions in order to authenticate
- bound_
zones Sequence[str] - GCE only. A list of zones. GCE instances must belong to any of the provided zones in order to authenticate
- bound
Labels List<String> - GCE only. A list of GCP labels formatted as "key:value" pairs that must be set on instances in order to authenticate
- bound
Regions List<String> - GCE only. A list of regions. GCE instances must belong to any of the provided regions in order to authenticate
- bound
Zones List<String> - GCE only. A list of zones. GCE instances must belong to any of the provided zones in order to authenticate
AuthMethodGcpIam, AuthMethodGcpIamArgs
- Bound
Service List<string>Accounts - IAM only. A list of Service Accounts. Clients must belong to any of the provided service accounts in order to authenticate
- Bound
Service []stringAccounts - IAM only. A list of Service Accounts. Clients must belong to any of the provided service accounts in order to authenticate
- bound
Service List<String>Accounts - IAM only. A list of Service Accounts. Clients must belong to any of the provided service accounts in order to authenticate
- bound
Service string[]Accounts - IAM only. A list of Service Accounts. Clients must belong to any of the provided service accounts in order to authenticate
- bound_
service_ Sequence[str]accounts - IAM only. A list of Service Accounts. Clients must belong to any of the provided service accounts in order to authenticate
- bound
Service List<String>Accounts - IAM only. A list of Service Accounts. Clients must belong to any of the provided service accounts in order to authenticate
AuthMethodSaml, AuthMethodSamlArgs
- Unique
Identifier string - A unique identifier (ID) value should be configured for OAuth2, LDAP and SAML authentication method types and is usually a value such as the email, username, or upn for example
- Idp
Metadata stringUrl - IDP metadata url
- Idp
Metadata stringXml Data - IDP metadata xml data
- Unique
Identifier string - A unique identifier (ID) value should be configured for OAuth2, LDAP and SAML authentication method types and is usually a value such as the email, username, or upn for example
- Idp
Metadata stringUrl - IDP metadata url
- Idp
Metadata stringXml Data - IDP metadata xml data
- unique
Identifier String - A unique identifier (ID) value should be configured for OAuth2, LDAP and SAML authentication method types and is usually a value such as the email, username, or upn for example
- idp
Metadata StringUrl - IDP metadata url
- idp
Metadata StringXml Data - IDP metadata xml data
- unique
Identifier string - A unique identifier (ID) value should be configured for OAuth2, LDAP and SAML authentication method types and is usually a value such as the email, username, or upn for example
- idp
Metadata stringUrl - IDP metadata url
- idp
Metadata stringXml Data - IDP metadata xml data
- unique_
identifier str - A unique identifier (ID) value should be configured for OAuth2, LDAP and SAML authentication method types and is usually a value such as the email, username, or upn for example
- idp_
metadata_ strurl - IDP metadata url
- idp_
metadata_ strxml_ data - IDP metadata xml data
- unique
Identifier String - A unique identifier (ID) value should be configured for OAuth2, LDAP and SAML authentication method types and is usually a value such as the email, username, or upn for example
- idp
Metadata StringUrl - IDP metadata url
- idp
Metadata StringXml Data - IDP metadata xml data
Import
$ pulumi import akeyless:index/authMethod:AuthMethod example /full-auth-method-path/and-name-in-akeyless
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- akeyless akeyless-community/terraform-provider-akeyless
- License
- Notes
- This Pulumi package is based on the
akeylessTerraform Provider.
akeyless 1.9.0 published on Monday, Apr 14, 2025 by akeyless-community