1. Packages
  2. AWS IAM
  3. API Docs
  4. AssumableRolesWithSAML
AWS IAM v0.0.3 published on Wednesday, Jun 1, 2022 by Pulumi

aws-iam.AssumableRolesWithSAML

Explore with Pulumi AI

aws-iam logo
AWS IAM v0.0.3 published on Wednesday, Jun 1, 2022 by Pulumi

    This resource helps you create predefined IAM roles (admin, poweruser, and readonly) which can be assumed by trusted resources using SAML Federated Users.

    Example Usage

    Assumable Roles With SAML

    using Pulumi;
    using Pulumi.AwsIam;
    using Pulumi.AwsIam.Inputs;
    
    class MyStack : Stack
    {
        public MyStack()
        {
            var assumableRolesWithSaml = new AssumableRolesWithSAML("assumable-roles-with-saml", new AssumableRolesWithSAMLArgs
            {
                ProviderIds = {"arn:aws:iam::235367859851:saml-provider/idp_saml"},
                Admin = new AdminRoleArgs(),
                Readonly = new ReadonlyRoleArgs(),
                Poweruser = new PoweruserRoleArgs
                {
                    Name = "developer",
                },
            });
    
            this.AssumableRolesWithSaml = Output.Create<AssumableRolesWithSAML>(assumableRolesWithSaml);
        }
    
        [Output]
        public Output<AssumableRolesWithSAML> AssumableRolesWithSaml { get; set; }
    }
    
    package main
    
    import (
        iam "github.com/pulumi/pulumi-aws-iam/sdk/go/aws-iam"
        "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
        pulumi.Run(func(ctx *pulumi.Context) error {
            assumableRolesWithSAML, err := iam.NewAssumableRolesWithSAML(ctx, "assumable-roles-with-saml", &iam.AssumableRolesWithSAMLArgs{
                ProviderIds: pulumi.ToStringArray([]string{"arn:aws:iam::235367859851:saml-provider/idp_saml"}),
                Admin:       iam.AdminRoleArgs{},
                Readonly:    iam.ReadonlyRoleArgs{},
                Poweruser: iam.PoweruserRoleArgs{
                    Name: pulumi.String("developer"),
                },
            })
            if err != nil {
                return err
            }
    
            ctx.Export("assumableRolesWithSAML", assumableRolesWithSAML)
    
            return nil
        })
    }
    

    Coming soon!

    import pulumi
    import pulumi_aws_iam as iam
    
    assumable_roles_with_saml = iam.AssumableRolesWithSAML(
        'assumable_roles_with_saml',
        provider_ids=['arn:aws:iam::235367859851:saml-provider/idp_saml'],
        admin=iam.AdminRoleArgs(),
        readonly=iam.ReadonlyRoleArgs(),
        poweruser=iam.PoweruserRoleArgs(
            name='developer',
        ),
    )
    
    pulumi.export('assumable_roles_with_saml', assumable_roles_with_saml)
    
    import * as iam from "@pulumi/aws-iam";
    
    export const assumableRolesWithSaml = new iam.AssumableRolesWithSAML("aws-iam-example-assumable-role-with-saml", {
        providerIds: [ "arn:aws:iam::235367859851:saml-provider/idp_saml" ],
        admin: {},
        poweruser: {
            name: "developer",
        },
        readonly: {},
    });
    
    name: awsiam-yaml
    runtime: yaml
    resources:
        assumableRolesWithSaml:
            type: "aws-iam:index:AssumableRolesWithSAML"
            properties:
                providerIds:
                    - "arn:aws:iam::235367859851:saml-provider/idp_saml"
                poweruser:
                    name: "developer"
    outputs:
        assumableRolesWithSaml: ${assumableRolesWithSaml}
    

    Create AssumableRolesWithSAML Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AssumableRolesWithSAML(name: string, args?: AssumableRolesWithSAMLArgs, opts?: CustomResourceOptions);
    @overload
    def AssumableRolesWithSAML(resource_name: str,
                               args: Optional[AssumableRolesWithSAMLArgs] = None,
                               opts: Optional[ResourceOptions] = None)
    
    @overload
    def AssumableRolesWithSAML(resource_name: str,
                               opts: Optional[ResourceOptions] = None,
                               admin: Optional[AdminRoleArgs] = None,
                               aws_saml_endpoint: Optional[str] = None,
                               force_detach_policies: Optional[bool] = None,
                               max_session_duration: Optional[int] = None,
                               poweruser: Optional[PoweruserRoleArgs] = None,
                               provider_ids: Optional[Sequence[str]] = None,
                               readonly: Optional[ReadonlyRoleArgs] = None)
    func NewAssumableRolesWithSAML(ctx *Context, name string, args *AssumableRolesWithSAMLArgs, opts ...ResourceOption) (*AssumableRolesWithSAML, error)
    public AssumableRolesWithSAML(string name, AssumableRolesWithSAMLArgs? args = null, CustomResourceOptions? opts = null)
    public AssumableRolesWithSAML(String name, AssumableRolesWithSAMLArgs args)
    public AssumableRolesWithSAML(String name, AssumableRolesWithSAMLArgs args, CustomResourceOptions options)
    
    type: aws-iam:AssumableRolesWithSAML
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AssumableRolesWithSAMLArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AssumableRolesWithSAMLArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AssumableRolesWithSAMLArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AssumableRolesWithSAMLArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AssumableRolesWithSAMLArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var assumableRolesWithSAMLResource = new AwsIam.AssumableRolesWithSAML("assumableRolesWithSAMLResource", new()
    {
        Admin = new AwsIam.Inputs.AdminRoleArgs
        {
            Name = "string",
            Path = "string",
            PermissionsBoundaryArn = "string",
            PolicyArns = new[]
            {
                "string",
            },
            Tags = 
            {
                { "string", "string" },
            },
        },
        AwsSamlEndpoint = "string",
        ForceDetachPolicies = false,
        MaxSessionDuration = 0,
        Poweruser = new AwsIam.Inputs.PoweruserRoleArgs
        {
            Name = "string",
            Path = "string",
            PermissionsBoundaryArn = "string",
            PolicyArns = new[]
            {
                "string",
            },
            Tags = 
            {
                { "string", "string" },
            },
        },
        ProviderIds = new[]
        {
            "string",
        },
        Readonly = new AwsIam.Inputs.ReadonlyRoleArgs
        {
            Name = "string",
            Path = "string",
            PermissionsBoundaryArn = "string",
            PolicyArns = new[]
            {
                "string",
            },
            Tags = 
            {
                { "string", "string" },
            },
        },
    });
    
    example, err := awsiam.NewAssumableRolesWithSAML(ctx, "assumableRolesWithSAMLResource", &awsiam.AssumableRolesWithSAMLArgs{
    	Admin: &awsiam.AdminRoleArgs{
    		Name:                   pulumi.String("string"),
    		Path:                   pulumi.String("string"),
    		PermissionsBoundaryArn: pulumi.String("string"),
    		PolicyArns: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Tags: pulumi.StringMap{
    			"string": pulumi.String("string"),
    		},
    	},
    	AwsSamlEndpoint:     pulumi.String("string"),
    	ForceDetachPolicies: pulumi.Bool(false),
    	MaxSessionDuration:  pulumi.Int(0),
    	Poweruser: &awsiam.PoweruserRoleArgs{
    		Name:                   pulumi.String("string"),
    		Path:                   pulumi.String("string"),
    		PermissionsBoundaryArn: pulumi.String("string"),
    		PolicyArns: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Tags: pulumi.StringMap{
    			"string": pulumi.String("string"),
    		},
    	},
    	ProviderIds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Readonly: &awsiam.ReadonlyRoleArgs{
    		Name:                   pulumi.String("string"),
    		Path:                   pulumi.String("string"),
    		PermissionsBoundaryArn: pulumi.String("string"),
    		PolicyArns: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Tags: pulumi.StringMap{
    			"string": pulumi.String("string"),
    		},
    	},
    })
    
    var assumableRolesWithSAMLResource = new AssumableRolesWithSAML("assumableRolesWithSAMLResource", AssumableRolesWithSAMLArgs.builder()
        .admin(AdminRoleArgs.builder()
            .name("string")
            .path("string")
            .permissionsBoundaryArn("string")
            .policyArns("string")
            .tags(Map.of("string", "string"))
            .build())
        .awsSamlEndpoint("string")
        .forceDetachPolicies(false)
        .maxSessionDuration(0)
        .poweruser(PoweruserRoleArgs.builder()
            .name("string")
            .path("string")
            .permissionsBoundaryArn("string")
            .policyArns("string")
            .tags(Map.of("string", "string"))
            .build())
        .providerIds("string")
        .readonly(ReadonlyRoleArgs.builder()
            .name("string")
            .path("string")
            .permissionsBoundaryArn("string")
            .policyArns("string")
            .tags(Map.of("string", "string"))
            .build())
        .build());
    
    assumable_roles_with_saml_resource = aws_iam.AssumableRolesWithSAML("assumableRolesWithSAMLResource",
        admin=aws_iam.AdminRoleArgs(
            name="string",
            path="string",
            permissions_boundary_arn="string",
            policy_arns=["string"],
            tags={
                "string": "string",
            },
        ),
        aws_saml_endpoint="string",
        force_detach_policies=False,
        max_session_duration=0,
        poweruser=aws_iam.PoweruserRoleArgs(
            name="string",
            path="string",
            permissions_boundary_arn="string",
            policy_arns=["string"],
            tags={
                "string": "string",
            },
        ),
        provider_ids=["string"],
        readonly=aws_iam.ReadonlyRoleArgs(
            name="string",
            path="string",
            permissions_boundary_arn="string",
            policy_arns=["string"],
            tags={
                "string": "string",
            },
        ))
    
    const assumableRolesWithSAMLResource = new aws_iam.AssumableRolesWithSAML("assumableRolesWithSAMLResource", {
        admin: {
            name: "string",
            path: "string",
            permissionsBoundaryArn: "string",
            policyArns: ["string"],
            tags: {
                string: "string",
            },
        },
        awsSamlEndpoint: "string",
        forceDetachPolicies: false,
        maxSessionDuration: 0,
        poweruser: {
            name: "string",
            path: "string",
            permissionsBoundaryArn: "string",
            policyArns: ["string"],
            tags: {
                string: "string",
            },
        },
        providerIds: ["string"],
        readonly: {
            name: "string",
            path: "string",
            permissionsBoundaryArn: "string",
            policyArns: ["string"],
            tags: {
                string: "string",
            },
        },
    });
    
    type: aws-iam:AssumableRolesWithSAML
    properties:
        admin:
            name: string
            path: string
            permissionsBoundaryArn: string
            policyArns:
                - string
            tags:
                string: string
        awsSamlEndpoint: string
        forceDetachPolicies: false
        maxSessionDuration: 0
        poweruser:
            name: string
            path: string
            permissionsBoundaryArn: string
            policyArns:
                - string
            tags:
                string: string
        providerIds:
            - string
        readonly:
            name: string
            path: string
            permissionsBoundaryArn: string
            policyArns:
                - string
            tags:
                string: string
    

    AssumableRolesWithSAML Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AssumableRolesWithSAML resource accepts the following input properties:

    Admin Pulumi.AwsIam.Inputs.AdminRole
    AwsSamlEndpoint string
    AWS SAML Endpoint.
    ForceDetachPolicies bool
    Whether policies should be detached from this role when destroying.
    MaxSessionDuration int
    Maximum CLI/API session duration in seconds between 3600 and 43200.
    Poweruser Pulumi.AwsIam.Inputs.PoweruserRole
    ProviderIds List<string>
    List of SAML Provider IDs.
    Readonly Pulumi.AwsIam.Inputs.ReadonlyRole
    Admin AdminRoleArgs
    AwsSamlEndpoint string
    AWS SAML Endpoint.
    ForceDetachPolicies bool
    Whether policies should be detached from this role when destroying.
    MaxSessionDuration int
    Maximum CLI/API session duration in seconds between 3600 and 43200.
    Poweruser PoweruserRoleArgs
    ProviderIds []string
    List of SAML Provider IDs.
    Readonly ReadonlyRoleArgs
    admin AdminRole
    awsSamlEndpoint String
    AWS SAML Endpoint.
    forceDetachPolicies Boolean
    Whether policies should be detached from this role when destroying.
    maxSessionDuration Integer
    Maximum CLI/API session duration in seconds between 3600 and 43200.
    poweruser PoweruserRole
    providerIds List<String>
    List of SAML Provider IDs.
    readonly ReadonlyRole
    admin AdminRole
    awsSamlEndpoint string
    AWS SAML Endpoint.
    forceDetachPolicies boolean
    Whether policies should be detached from this role when destroying.
    maxSessionDuration number
    Maximum CLI/API session duration in seconds between 3600 and 43200.
    poweruser PoweruserRole
    providerIds string[]
    List of SAML Provider IDs.
    readonly ReadonlyRole
    admin AdminRoleArgs
    aws_saml_endpoint str
    AWS SAML Endpoint.
    force_detach_policies bool
    Whether policies should be detached from this role when destroying.
    max_session_duration int
    Maximum CLI/API session duration in seconds between 3600 and 43200.
    poweruser PoweruserRoleArgs
    provider_ids Sequence[str]
    List of SAML Provider IDs.
    readonly ReadonlyRoleArgs
    admin Property Map
    awsSamlEndpoint String
    AWS SAML Endpoint.
    forceDetachPolicies Boolean
    Whether policies should be detached from this role when destroying.
    maxSessionDuration Number
    Maximum CLI/API session duration in seconds between 3600 and 43200.
    poweruser Property Map
    providerIds List<String>
    List of SAML Provider IDs.
    readonly Property Map

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AssumableRolesWithSAML resource produces the following output properties:

    Supporting Types

    AdminRole, AdminRoleArgs

    Name string
    IAM role with admin access.
    Path string
    Path of admin IAM role.
    PermissionsBoundaryArn string
    Permissions boundary ARN to use for admin role.
    PolicyArns List<string>
    List of policy ARNs to use for admin role.
    Tags Dictionary<string, string>
    A map of tags to add.
    Name string
    IAM role with admin access.
    Path string
    Path of admin IAM role.
    PermissionsBoundaryArn string
    Permissions boundary ARN to use for admin role.
    PolicyArns []string
    List of policy ARNs to use for admin role.
    Tags map[string]string
    A map of tags to add.
    name String
    IAM role with admin access.
    path String
    Path of admin IAM role.
    permissionsBoundaryArn String
    Permissions boundary ARN to use for admin role.
    policyArns List<String>
    List of policy ARNs to use for admin role.
    tags Map<String,String>
    A map of tags to add.
    name string
    IAM role with admin access.
    path string
    Path of admin IAM role.
    permissionsBoundaryArn string
    Permissions boundary ARN to use for admin role.
    policyArns string[]
    List of policy ARNs to use for admin role.
    tags {[key: string]: string}
    A map of tags to add.
    name str
    IAM role with admin access.
    path str
    Path of admin IAM role.
    permissions_boundary_arn str
    Permissions boundary ARN to use for admin role.
    policy_arns Sequence[str]
    List of policy ARNs to use for admin role.
    tags Mapping[str, str]
    A map of tags to add.
    name String
    IAM role with admin access.
    path String
    Path of admin IAM role.
    permissionsBoundaryArn String
    Permissions boundary ARN to use for admin role.
    policyArns List<String>
    List of policy ARNs to use for admin role.
    tags Map<String>
    A map of tags to add.

    PoweruserRole, PoweruserRoleArgs

    Name string
    IAM role with poweruser access.
    Path string
    Path of poweruser IAM role.
    PermissionsBoundaryArn string
    Permissions boundary ARN to use for poweruser role.
    PolicyArns List<string>
    List of policy ARNs to use for poweruser role.
    Tags Dictionary<string, string>
    A map of tags to add.
    Name string
    IAM role with poweruser access.
    Path string
    Path of poweruser IAM role.
    PermissionsBoundaryArn string
    Permissions boundary ARN to use for poweruser role.
    PolicyArns []string
    List of policy ARNs to use for poweruser role.
    Tags map[string]string
    A map of tags to add.
    name String
    IAM role with poweruser access.
    path String
    Path of poweruser IAM role.
    permissionsBoundaryArn String
    Permissions boundary ARN to use for poweruser role.
    policyArns List<String>
    List of policy ARNs to use for poweruser role.
    tags Map<String,String>
    A map of tags to add.
    name string
    IAM role with poweruser access.
    path string
    Path of poweruser IAM role.
    permissionsBoundaryArn string
    Permissions boundary ARN to use for poweruser role.
    policyArns string[]
    List of policy ARNs to use for poweruser role.
    tags {[key: string]: string}
    A map of tags to add.
    name str
    IAM role with poweruser access.
    path str
    Path of poweruser IAM role.
    permissions_boundary_arn str
    Permissions boundary ARN to use for poweruser role.
    policy_arns Sequence[str]
    List of policy ARNs to use for poweruser role.
    tags Mapping[str, str]
    A map of tags to add.
    name String
    IAM role with poweruser access.
    path String
    Path of poweruser IAM role.
    permissionsBoundaryArn String
    Permissions boundary ARN to use for poweruser role.
    policyArns List<String>
    List of policy ARNs to use for poweruser role.
    tags Map<String>
    A map of tags to add.

    ReadonlyRole, ReadonlyRoleArgs

    Name string
    IAM role with readonly access.
    Path string
    Path of readonly IAM role.
    PermissionsBoundaryArn string
    Permissions boundary ARN to use for readonly role.
    PolicyArns List<string>
    List of policy ARNs to use for readonly role.
    Tags Dictionary<string, string>
    A map of tags to add.
    Name string
    IAM role with readonly access.
    Path string
    Path of readonly IAM role.
    PermissionsBoundaryArn string
    Permissions boundary ARN to use for readonly role.
    PolicyArns []string
    List of policy ARNs to use for readonly role.
    Tags map[string]string
    A map of tags to add.
    name String
    IAM role with readonly access.
    path String
    Path of readonly IAM role.
    permissionsBoundaryArn String
    Permissions boundary ARN to use for readonly role.
    policyArns List<String>
    List of policy ARNs to use for readonly role.
    tags Map<String,String>
    A map of tags to add.
    name string
    IAM role with readonly access.
    path string
    Path of readonly IAM role.
    permissionsBoundaryArn string
    Permissions boundary ARN to use for readonly role.
    policyArns string[]
    List of policy ARNs to use for readonly role.
    tags {[key: string]: string}
    A map of tags to add.
    name str
    IAM role with readonly access.
    path str
    Path of readonly IAM role.
    permissions_boundary_arn str
    Permissions boundary ARN to use for readonly role.
    policy_arns Sequence[str]
    List of policy ARNs to use for readonly role.
    tags Mapping[str, str]
    A map of tags to add.
    name String
    IAM role with readonly access.
    path String
    Path of readonly IAM role.
    permissionsBoundaryArn String
    Permissions boundary ARN to use for readonly role.
    policyArns List<String>
    List of policy ARNs to use for readonly role.
    tags Map<String>
    A map of tags to add.

    Package Details

    Repository
    aws-iam
    License
    aws-iam logo
    AWS IAM v0.0.3 published on Wednesday, Jun 1, 2022 by Pulumi