AWS IAM v0.0.3, Jun 1 22

aws-iam.AssumableRolesWithSAML

Explore with Pulumi AI

This resource helps you create predefined IAM roles (admin, poweruser, and readonly) which can be assumed by trusted resources using SAML Federated Users.

Example Usage

Assumable Roles With SAML

using Pulumi;
using Pulumi.AwsIam;
using Pulumi.AwsIam.Inputs;

class MyStack : Stack
{
    public MyStack()
    {
        var assumableRolesWithSaml = new AssumableRolesWithSAML("assumable-roles-with-saml", new AssumableRolesWithSAMLArgs
        {
            ProviderIds = {"arn:aws:iam::235367859851:saml-provider/idp_saml"},
            Admin = new AdminRoleArgs(),
            Readonly = new ReadonlyRoleArgs(),
            Poweruser = new PoweruserRoleArgs
            {
                Name = "developer",
            },
        });

        this.AssumableRolesWithSaml = Output.Create<AssumableRolesWithSAML>(assumableRolesWithSaml);
    }

    [Output]
    public Output<AssumableRolesWithSAML> AssumableRolesWithSaml { get; set; }
}

package main

import (
    iam "github.com/pulumi/pulumi-aws-iam/sdk/go/aws-iam"
    "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        assumableRolesWithSAML, err := iam.NewAssumableRolesWithSAML(ctx, "assumable-roles-with-saml", &iam.AssumableRolesWithSAMLArgs{
            ProviderIds: pulumi.ToStringArray([]string{"arn:aws:iam::235367859851:saml-provider/idp_saml"}),
            Admin:       iam.AdminRoleArgs{},
            Readonly:    iam.ReadonlyRoleArgs{},
            Poweruser: iam.PoweruserRoleArgs{
                Name: pulumi.String("developer"),
            },
        })
        if err != nil {
            return err
        }

        ctx.Export("assumableRolesWithSAML", assumableRolesWithSAML)

        return nil
    })
}

Coming soon!

import pulumi
import pulumi_aws_iam as iam

assumable_roles_with_saml = iam.AssumableRolesWithSAML(
    'assumable_roles_with_saml',
    provider_ids=['arn:aws:iam::235367859851:saml-provider/idp_saml'],
    admin=iam.AdminRoleArgs(),
    readonly=iam.ReadonlyRoleArgs(),
    poweruser=iam.PoweruserRoleArgs(
        name='developer',
    ),
)

pulumi.export('assumable_roles_with_saml', assumable_roles_with_saml)

import * as iam from "@pulumi/aws-iam";

export const assumableRolesWithSaml = new iam.AssumableRolesWithSAML("aws-iam-example-assumable-role-with-saml", {
    providerIds: [ "arn:aws:iam::235367859851:saml-provider/idp_saml" ],
    admin: {},
    poweruser: {
        name: "developer",
    },
    readonly: {},
});

name: awsiam-yaml
runtime: yaml
resources:
    assumableRolesWithSaml:
        type: "aws-iam:index:AssumableRolesWithSAML"
        properties:
            providerIds:
                - "arn:aws:iam::235367859851:saml-provider/idp_saml"
            poweruser:
                name: "developer"
outputs:
    assumableRolesWithSaml: ${assumableRolesWithSaml}

Create AssumableRolesWithSAML Resource

new AssumableRolesWithSAML(name: string, args?: AssumableRolesWithSAMLArgs, opts?: CustomResourceOptions);

@overload
def AssumableRolesWithSAML(resource_name: str,
                           opts: Optional[ResourceOptions] = None,
                           admin: Optional[AdminRoleArgs] = None,
                           aws_saml_endpoint: Optional[str] = None,
                           force_detach_policies: Optional[bool] = None,
                           max_session_duration: Optional[int] = None,
                           poweruser: Optional[PoweruserRoleArgs] = None,
                           provider_ids: Optional[Sequence[str]] = None,
                           readonly: Optional[ReadonlyRoleArgs] = None)
@overload
def AssumableRolesWithSAML(resource_name: str,
                           args: Optional[AssumableRolesWithSAMLArgs] = None,
                           opts: Optional[ResourceOptions] = None)

func NewAssumableRolesWithSAML(ctx *Context, name string, args *AssumableRolesWithSAMLArgs, opts ...ResourceOption) (*AssumableRolesWithSAML, error)

public AssumableRolesWithSAML(string name, AssumableRolesWithSAMLArgs? args = null, CustomResourceOptions? opts = null)

public AssumableRolesWithSAML(String name, AssumableRolesWithSAMLArgs args)
public AssumableRolesWithSAML(String name, AssumableRolesWithSAMLArgs args, CustomResourceOptions options)

type: aws-iam:AssumableRolesWithSAML
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AssumableRolesWithSAMLArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args AssumableRolesWithSAMLArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AssumableRolesWithSAMLArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AssumableRolesWithSAMLArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args AssumableRolesWithSAMLArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

AssumableRolesWithSAML Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AssumableRolesWithSAML resource accepts the following input properties:

Admin Pulumi.AwsIam.Inputs.AdminRoleArgs
AwsSamlEndpoint string: AWS SAML Endpoint.
ForceDetachPolicies bool: Whether policies should be detached from this role when destroying.
MaxSessionDuration int: Maximum CLI/API session duration in seconds between 3600 and 43200.
Poweruser Pulumi.AwsIam.Inputs.PoweruserRoleArgs
ProviderIds List<string>: List of SAML Provider IDs.
Readonly Pulumi.AwsIam.Inputs.ReadonlyRoleArgs

Admin AdminRoleArgs
AwsSamlEndpoint string: AWS SAML Endpoint.
ForceDetachPolicies bool: Whether policies should be detached from this role when destroying.
MaxSessionDuration int: Maximum CLI/API session duration in seconds between 3600 and 43200.
Poweruser PoweruserRoleArgs
ProviderIds []string: List of SAML Provider IDs.
Readonly ReadonlyRoleArgs

admin AdminRoleArgs
awsSamlEndpoint String: AWS SAML Endpoint.
forceDetachPolicies Boolean: Whether policies should be detached from this role when destroying.
maxSessionDuration Integer: Maximum CLI/API session duration in seconds between 3600 and 43200.
poweruser PoweruserRoleArgs
providerIds List<String>: List of SAML Provider IDs.
readonly ReadonlyRoleArgs

admin AdminRoleArgs
awsSamlEndpoint string: AWS SAML Endpoint.
forceDetachPolicies boolean: Whether policies should be detached from this role when destroying.
maxSessionDuration number: Maximum CLI/API session duration in seconds between 3600 and 43200.
poweruser PoweruserRoleArgs
providerIds string[]: List of SAML Provider IDs.
readonly ReadonlyRoleArgs

admin AdminRoleArgs
aws_saml_endpoint str: AWS SAML Endpoint.
force_detach_policies bool: Whether policies should be detached from this role when destroying.
max_session_duration int: Maximum CLI/API session duration in seconds between 3600 and 43200.
poweruser PoweruserRoleArgs
provider_ids Sequence[str]: List of SAML Provider IDs.
readonly ReadonlyRoleArgs

admin Property Map
awsSamlEndpoint String: AWS SAML Endpoint.
forceDetachPolicies Boolean: Whether policies should be detached from this role when destroying.
maxSessionDuration Number: Maximum CLI/API session duration in seconds between 3600 and 43200.
poweruser Property Map
providerIds List<String>: List of SAML Provider IDs.
readonly Property Map

Outputs

All input properties are implicitly available as output properties. Additionally, the AssumableRolesWithSAML resource produces the following output properties:

Supporting Types

AdminRole

Name string: IAM role with admin access.
Path string: Path of admin IAM role.
PermissionsBoundaryArn string: Permissions boundary ARN to use for admin role.
PolicyArns List<string>: List of policy ARNs to use for admin role.
Tags Dictionary<string, string>: A map of tags to add.

Name string: IAM role with admin access.
Path string: Path of admin IAM role.
PermissionsBoundaryArn string: Permissions boundary ARN to use for admin role.
PolicyArns []string: List of policy ARNs to use for admin role.
Tags map[string]string: A map of tags to add.

name String: IAM role with admin access.
path String: Path of admin IAM role.
permissionsBoundaryArn String: Permissions boundary ARN to use for admin role.
policyArns List<String>: List of policy ARNs to use for admin role.
tags Map<String,String>: A map of tags to add.

name string: IAM role with admin access.
path string: Path of admin IAM role.
permissionsBoundaryArn string: Permissions boundary ARN to use for admin role.
policyArns string[]: List of policy ARNs to use for admin role.
tags {[key: string]: string}: A map of tags to add.

name str: IAM role with admin access.
path str: Path of admin IAM role.
permissions_boundary_arn str: Permissions boundary ARN to use for admin role.
policy_arns Sequence[str]: List of policy ARNs to use for admin role.
tags Mapping[str, str]: A map of tags to add.

name String: IAM role with admin access.
path String: Path of admin IAM role.
permissionsBoundaryArn String: Permissions boundary ARN to use for admin role.
policyArns List<String>: List of policy ARNs to use for admin role.
tags Map<String>: A map of tags to add.

PoweruserRole

Name string: IAM role with poweruser access.
Path string: Path of poweruser IAM role.
PermissionsBoundaryArn string: Permissions boundary ARN to use for poweruser role.
PolicyArns List<string>: List of policy ARNs to use for poweruser role.
Tags Dictionary<string, string>: A map of tags to add.

Name string: IAM role with poweruser access.
Path string: Path of poweruser IAM role.
PermissionsBoundaryArn string: Permissions boundary ARN to use for poweruser role.
PolicyArns []string: List of policy ARNs to use for poweruser role.
Tags map[string]string: A map of tags to add.

name String: IAM role with poweruser access.
path String: Path of poweruser IAM role.
permissionsBoundaryArn String: Permissions boundary ARN to use for poweruser role.
policyArns List<String>: List of policy ARNs to use for poweruser role.
tags Map<String,String>: A map of tags to add.

name string: IAM role with poweruser access.
path string: Path of poweruser IAM role.
permissionsBoundaryArn string: Permissions boundary ARN to use for poweruser role.
policyArns string[]: List of policy ARNs to use for poweruser role.
tags {[key: string]: string}: A map of tags to add.

name str: IAM role with poweruser access.
path str: Path of poweruser IAM role.
permissions_boundary_arn str: Permissions boundary ARN to use for poweruser role.
policy_arns Sequence[str]: List of policy ARNs to use for poweruser role.
tags Mapping[str, str]: A map of tags to add.

name String: IAM role with poweruser access.
path String: Path of poweruser IAM role.
permissionsBoundaryArn String: Permissions boundary ARN to use for poweruser role.
policyArns List<String>: List of policy ARNs to use for poweruser role.
tags Map<String>: A map of tags to add.

ReadonlyRole

Name string: IAM role with readonly access.
Path string: Path of readonly IAM role.
PermissionsBoundaryArn string: Permissions boundary ARN to use for readonly role.
PolicyArns List<string>: List of policy ARNs to use for readonly role.
Tags Dictionary<string, string>: A map of tags to add.

Name string: IAM role with readonly access.
Path string: Path of readonly IAM role.
PermissionsBoundaryArn string: Permissions boundary ARN to use for readonly role.
PolicyArns []string: List of policy ARNs to use for readonly role.
Tags map[string]string: A map of tags to add.

name String: IAM role with readonly access.
path String: Path of readonly IAM role.
permissionsBoundaryArn String: Permissions boundary ARN to use for readonly role.
policyArns List<String>: List of policy ARNs to use for readonly role.
tags Map<String,String>: A map of tags to add.

name string: IAM role with readonly access.
path string: Path of readonly IAM role.
permissionsBoundaryArn string: Permissions boundary ARN to use for readonly role.
policyArns string[]: List of policy ARNs to use for readonly role.
tags {[key: string]: string}: A map of tags to add.

name str: IAM role with readonly access.
path str: Path of readonly IAM role.
permissions_boundary_arn str: Permissions boundary ARN to use for readonly role.
policy_arns Sequence[str]: List of policy ARNs to use for readonly role.
tags Mapping[str, str]: A map of tags to add.

name String: IAM role with readonly access.
path String: Path of readonly IAM role.
permissionsBoundaryArn String: Permissions boundary ARN to use for readonly role.
policyArns List<String>: List of policy ARNs to use for readonly role.
tags Map<String>: A map of tags to add.

Package Details

Repository: aws-iam
License