1. Packages
  2. AWS IAM
  3. API Docs
  4. AssumableRoleWithOIDC
AWS IAM v0.0.3 published on Wednesday, Jun 1, 2022 by Pulumi

aws-iam.AssumableRoleWithOIDC

Explore with Pulumi AI

aws-iam logo
AWS IAM v0.0.3 published on Wednesday, Jun 1, 2022 by Pulumi

    This resources helps you create a single IAM role which can be assume by trusted resources using OpenID Connect Federated Users.

    Example Usage

    using Pulumi;
    using Pulumi.AwsIam;
    using Pulumi.AwsIam.Inputs;
    
    class MyStack : Stack
    {
        public MyStack()
        {
            var assumableRoleWithOidc = new AssumableRoleWithOIDC("assumable-role-with-oidc", new AssumableRoleWithOIDCArgs
            {
                Role = new RoleArgs
                {
                    Name = "oidc-role",
                    PolicyArns = {"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"},
                },
                Tags = new InputMap<string>
                {
                    {"Role", "odic-role"},
                },
                ProviderUrls = {"oidc.eks.eu-west-1.amazonaws.com/id/BA9E170D464AF7B92084EF72A69B9DC8"},
            });
    
            this.AssumableRoleWithOidc = Output.Create<AssumableRoleWithOIDC>(assumableRoleWithOidc);
        }
    
        [Output]
        public Output<AssumableRoleWithOIDC> AssumableRoleWithOidc { get; set; }
    }
    
    package main
    
    import (
        iam "github.com/pulumi/pulumi-aws-iam/sdk/go/aws-iam"
        "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
        pulumi.Run(func(ctx *pulumi.Context) error {
            assumableRoleWithOIDC, err := iam.NewAssumableRoleWithOIDC(ctx, "assumable-role-with-oidc", &iam.AssumableRoleWithOIDCArgs{
                Role: iam.RoleArgs{
                    Name:       pulumi.String("oidc-role"),
                    PolicyArns: pulumi.ToStringArray([]string{"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"}),
                },
                Tags: pulumi.ToStringMap(map[string]string{
                    "Role": "oidc-role",
                }),
                ProviderUrls: pulumi.ToStringArray([]string{"oidc.eks.eu-west-1.amazonaws.com/id/BA9E170D464AF7B92084EF72A69B9DC8"}),
            })
            if err != nil {
                return err
            }
    
            ctx.Export("assumableRoleWithOIDC", assumableRoleWithOIDC)
    
            return nil
        })
    }
    

    Coming soon!

    import pulumi
    import pulumi_aws_iam as iam
    
    assumable_role_with_oidc = iam.AssumableRoleWithOIDC(
        'assumable_role_with_oidc',
        role=iam.RoleArgs(
            name='oidc-role',
            policy_arns=['arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy']
        ),
        tags={
            'Role': 'oidc-role',
        },
        provider_urls=['oidc.eks.eu-west-1.amazonaws.com/id/BA9E170D464AF7B92084EF72A69B9DC8']
    )
    
    pulumi.export('assumable_role_with_oidc', assumable_role_with_oidc)
    
    import * as iam from "@pulumi/aws-iam";
    
    export const assumableRoleWithOidc = new iam.AssumableRoleWithOIDC("aws-iam-example-assumable-role-with-oidc", {
        providerUrls: ["oidc.eks.eu-west-1.amazonaws.com/id/BA9E170D464AF7B92084EF72A69B9DC8"],
        role: {
            name: "oidc-role",
            policyArns: [ "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy" ],
        },
        tags: {
            Role: "oidc-role",
        },
    });
    
    name: awsiam-yaml
    runtime: yaml
    resources:
        assumableRoleWithOidc:
            type: "aws-iam:index:AssumableRoleWithOIDC"
            properties:
                role:
                    name: "oidc-role"
                    policyArns:
                        - "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
                tags:
                    Role: "oidc-role"
                providerUrls:
                    - "oidc.eks.eu-west-1.amazonaws.com/id/BA9E170D464AF7B92084EF72A69B9DC8"
    outputs:
        assumableRoleWithOidc: ${assumableRoleWithOidc}
    

    Create AssumableRoleWithOIDC Resource

    new AssumableRoleWithOIDC(name: string, args?: AssumableRoleWithOIDCArgs, opts?: CustomResourceOptions);
    @overload
    def AssumableRoleWithOIDC(resource_name: str,
                              opts: Optional[ResourceOptions] = None,
                              aws_account_id: Optional[str] = None,
                              force_detach_policies: Optional[bool] = None,
                              max_session_duration: Optional[int] = None,
                              oidc_fully_qualified_audiences: Optional[Sequence[str]] = None,
                              oidc_fully_qualified_subjects: Optional[Sequence[str]] = None,
                              oidc_subjects_with_wildcards: Optional[Sequence[str]] = None,
                              provider_urls: Optional[Sequence[str]] = None,
                              role: Optional[RoleArgs] = None,
                              tags: Optional[Mapping[str, str]] = None)
    @overload
    def AssumableRoleWithOIDC(resource_name: str,
                              args: Optional[AssumableRoleWithOIDCArgs] = None,
                              opts: Optional[ResourceOptions] = None)
    func NewAssumableRoleWithOIDC(ctx *Context, name string, args *AssumableRoleWithOIDCArgs, opts ...ResourceOption) (*AssumableRoleWithOIDC, error)
    public AssumableRoleWithOIDC(string name, AssumableRoleWithOIDCArgs? args = null, CustomResourceOptions? opts = null)
    public AssumableRoleWithOIDC(String name, AssumableRoleWithOIDCArgs args)
    public AssumableRoleWithOIDC(String name, AssumableRoleWithOIDCArgs args, CustomResourceOptions options)
    
    type: aws-iam:AssumableRoleWithOIDC
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args AssumableRoleWithOIDCArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AssumableRoleWithOIDCArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AssumableRoleWithOIDCArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AssumableRoleWithOIDCArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AssumableRoleWithOIDCArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    AssumableRoleWithOIDC Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AssumableRoleWithOIDC resource accepts the following input properties:

    AwsAccountId string

    The AWS account ID where the OIDC provider lives, leave empty to use the account for the AWS provider.

    ForceDetachPolicies bool

    Whether policies should be detached from this role when destroying.

    MaxSessionDuration int

    Maximum CLI/API session duration in seconds between 3600 and 43200.

    OidcFullyQualifiedAudiences List<string>

    The audience to be added to the role policy. Set to sts.amazonaws.com for cross-account assumable role. Leave empty otherwise.

    OidcFullyQualifiedSubjects List<string>

    The fully qualified OIDC subjects to be added to the role policy.

    OidcSubjectsWithWildcards List<string>

    The OIDC subject using wildcards to be added to the role policy.

    ProviderUrls List<string>

    List of URLs of the OIDC Providers.

    Role Pulumi.AwsIam.Inputs.Role

    The IAM role.

    Tags Dictionary<string, string>

    A map of tags to add.

    AwsAccountId string

    The AWS account ID where the OIDC provider lives, leave empty to use the account for the AWS provider.

    ForceDetachPolicies bool

    Whether policies should be detached from this role when destroying.

    MaxSessionDuration int

    Maximum CLI/API session duration in seconds between 3600 and 43200.

    OidcFullyQualifiedAudiences []string

    The audience to be added to the role policy. Set to sts.amazonaws.com for cross-account assumable role. Leave empty otherwise.

    OidcFullyQualifiedSubjects []string

    The fully qualified OIDC subjects to be added to the role policy.

    OidcSubjectsWithWildcards []string

    The OIDC subject using wildcards to be added to the role policy.

    ProviderUrls []string

    List of URLs of the OIDC Providers.

    Role RoleArgs

    The IAM role.

    Tags map[string]string

    A map of tags to add.

    awsAccountId String

    The AWS account ID where the OIDC provider lives, leave empty to use the account for the AWS provider.

    forceDetachPolicies Boolean

    Whether policies should be detached from this role when destroying.

    maxSessionDuration Integer

    Maximum CLI/API session duration in seconds between 3600 and 43200.

    oidcFullyQualifiedAudiences List<String>

    The audience to be added to the role policy. Set to sts.amazonaws.com for cross-account assumable role. Leave empty otherwise.

    oidcFullyQualifiedSubjects List<String>

    The fully qualified OIDC subjects to be added to the role policy.

    oidcSubjectsWithWildcards List<String>

    The OIDC subject using wildcards to be added to the role policy.

    providerUrls List<String>

    List of URLs of the OIDC Providers.

    role Role

    The IAM role.

    tags Map<String,String>

    A map of tags to add.

    awsAccountId string

    The AWS account ID where the OIDC provider lives, leave empty to use the account for the AWS provider.

    forceDetachPolicies boolean

    Whether policies should be detached from this role when destroying.

    maxSessionDuration number

    Maximum CLI/API session duration in seconds between 3600 and 43200.

    oidcFullyQualifiedAudiences string[]

    The audience to be added to the role policy. Set to sts.amazonaws.com for cross-account assumable role. Leave empty otherwise.

    oidcFullyQualifiedSubjects string[]

    The fully qualified OIDC subjects to be added to the role policy.

    oidcSubjectsWithWildcards string[]

    The OIDC subject using wildcards to be added to the role policy.

    providerUrls string[]

    List of URLs of the OIDC Providers.

    role Role

    The IAM role.

    tags {[key: string]: string}

    A map of tags to add.

    aws_account_id str

    The AWS account ID where the OIDC provider lives, leave empty to use the account for the AWS provider.

    force_detach_policies bool

    Whether policies should be detached from this role when destroying.

    max_session_duration int

    Maximum CLI/API session duration in seconds between 3600 and 43200.

    oidc_fully_qualified_audiences Sequence[str]

    The audience to be added to the role policy. Set to sts.amazonaws.com for cross-account assumable role. Leave empty otherwise.

    oidc_fully_qualified_subjects Sequence[str]

    The fully qualified OIDC subjects to be added to the role policy.

    oidc_subjects_with_wildcards Sequence[str]

    The OIDC subject using wildcards to be added to the role policy.

    provider_urls Sequence[str]

    List of URLs of the OIDC Providers.

    role RoleArgs

    The IAM role.

    tags Mapping[str, str]

    A map of tags to add.

    awsAccountId String

    The AWS account ID where the OIDC provider lives, leave empty to use the account for the AWS provider.

    forceDetachPolicies Boolean

    Whether policies should be detached from this role when destroying.

    maxSessionDuration Number

    Maximum CLI/API session duration in seconds between 3600 and 43200.

    oidcFullyQualifiedAudiences List<String>

    The audience to be added to the role policy. Set to sts.amazonaws.com for cross-account assumable role. Leave empty otherwise.

    oidcFullyQualifiedSubjects List<String>

    The fully qualified OIDC subjects to be added to the role policy.

    oidcSubjectsWithWildcards List<String>

    The OIDC subject using wildcards to be added to the role policy.

    providerUrls List<String>

    List of URLs of the OIDC Providers.

    role Property Map

    The IAM role.

    tags Map<String>

    A map of tags to add.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AssumableRoleWithOIDC resource produces the following output properties:

    Arn string

    ARN of IAM role.

    Name string

    Name of IAM role.

    Path string

    Path of IAM role.

    UniqueId string

    Unique ID of IAM role.

    Arn string

    ARN of IAM role.

    Name string

    Name of IAM role.

    Path string

    Path of IAM role.

    UniqueId string

    Unique ID of IAM role.

    arn String

    ARN of IAM role.

    name String

    Name of IAM role.

    path String

    Path of IAM role.

    uniqueId String

    Unique ID of IAM role.

    arn string

    ARN of IAM role.

    name string

    Name of IAM role.

    path string

    Path of IAM role.

    uniqueId string

    Unique ID of IAM role.

    arn str

    ARN of IAM role.

    name str

    Name of IAM role.

    path str

    Path of IAM role.

    unique_id str

    Unique ID of IAM role.

    arn String

    ARN of IAM role.

    name String

    Name of IAM role.

    path String

    Path of IAM role.

    uniqueId String

    Unique ID of IAM role.

    Supporting Types

    Role, RoleArgs

    Name string

    IAM role name.

    NamePrefix string

    IAM role name prefix.

    Path string

    Path of admin IAM role.

    PermissionsBoundaryArn string

    Permissions boundary ARN to use for the role.

    PolicyArns List<string>

    List of policy ARNs to use for the role.

    Name string

    IAM role name.

    NamePrefix string

    IAM role name prefix.

    Path string

    Path of admin IAM role.

    PermissionsBoundaryArn string

    Permissions boundary ARN to use for the role.

    PolicyArns []string

    List of policy ARNs to use for the role.

    name String

    IAM role name.

    namePrefix String

    IAM role name prefix.

    path String

    Path of admin IAM role.

    permissionsBoundaryArn String

    Permissions boundary ARN to use for the role.

    policyArns List<String>

    List of policy ARNs to use for the role.

    name string

    IAM role name.

    namePrefix string

    IAM role name prefix.

    path string

    Path of admin IAM role.

    permissionsBoundaryArn string

    Permissions boundary ARN to use for the role.

    policyArns string[]

    List of policy ARNs to use for the role.

    name str

    IAM role name.

    name_prefix str

    IAM role name prefix.

    path str

    Path of admin IAM role.

    permissions_boundary_arn str

    Permissions boundary ARN to use for the role.

    policy_arns Sequence[str]

    List of policy ARNs to use for the role.

    name String

    IAM role name.

    namePrefix String

    IAM role name prefix.

    path String

    Path of admin IAM role.

    permissionsBoundaryArn String

    Permissions boundary ARN to use for the role.

    policyArns List<String>

    List of policy ARNs to use for the role.

    Package Details

    Repository
    aws-iam
    License
    aws-iam logo
    AWS IAM v0.0.3 published on Wednesday, Jun 1, 2022 by Pulumi