1. Packages
  2. AWS IAM
  3. API Docs
  4. AssumableRoleWithOIDC
AWS IAM v0.0.3 published on Wednesday, Jun 1, 2022 by Pulumi

aws-iam.AssumableRoleWithOIDC

Explore with Pulumi AI

aws-iam logo
AWS IAM v0.0.3 published on Wednesday, Jun 1, 2022 by Pulumi

    This resources helps you create a single IAM role which can be assume by trusted resources using OpenID Connect Federated Users.

    Example Usage

    using Pulumi;
    using Pulumi.AwsIam;
    using Pulumi.AwsIam.Inputs;
    
    class MyStack : Stack
    {
        public MyStack()
        {
            var assumableRoleWithOidc = new AssumableRoleWithOIDC("assumable-role-with-oidc", new AssumableRoleWithOIDCArgs
            {
                Role = new RoleArgs
                {
                    Name = "oidc-role",
                    PolicyArns = {"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"},
                },
                Tags = new InputMap<string>
                {
                    {"Role", "odic-role"},
                },
                ProviderUrls = {"oidc.eks.eu-west-1.amazonaws.com/id/BA9E170D464AF7B92084EF72A69B9DC8"},
            });
    
            this.AssumableRoleWithOidc = Output.Create<AssumableRoleWithOIDC>(assumableRoleWithOidc);
        }
    
        [Output]
        public Output<AssumableRoleWithOIDC> AssumableRoleWithOidc { get; set; }
    }
    
    package main
    
    import (
        iam "github.com/pulumi/pulumi-aws-iam/sdk/go/aws-iam"
        "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
        pulumi.Run(func(ctx *pulumi.Context) error {
            assumableRoleWithOIDC, err := iam.NewAssumableRoleWithOIDC(ctx, "assumable-role-with-oidc", &iam.AssumableRoleWithOIDCArgs{
                Role: iam.RoleArgs{
                    Name:       pulumi.String("oidc-role"),
                    PolicyArns: pulumi.ToStringArray([]string{"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"}),
                },
                Tags: pulumi.ToStringMap(map[string]string{
                    "Role": "oidc-role",
                }),
                ProviderUrls: pulumi.ToStringArray([]string{"oidc.eks.eu-west-1.amazonaws.com/id/BA9E170D464AF7B92084EF72A69B9DC8"}),
            })
            if err != nil {
                return err
            }
    
            ctx.Export("assumableRoleWithOIDC", assumableRoleWithOIDC)
    
            return nil
        })
    }
    

    Coming soon!

    import pulumi
    import pulumi_aws_iam as iam
    
    assumable_role_with_oidc = iam.AssumableRoleWithOIDC(
        'assumable_role_with_oidc',
        role=iam.RoleArgs(
            name='oidc-role',
            policy_arns=['arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy']
        ),
        tags={
            'Role': 'oidc-role',
        },
        provider_urls=['oidc.eks.eu-west-1.amazonaws.com/id/BA9E170D464AF7B92084EF72A69B9DC8']
    )
    
    pulumi.export('assumable_role_with_oidc', assumable_role_with_oidc)
    
    import * as iam from "@pulumi/aws-iam";
    
    export const assumableRoleWithOidc = new iam.AssumableRoleWithOIDC("aws-iam-example-assumable-role-with-oidc", {
        providerUrls: ["oidc.eks.eu-west-1.amazonaws.com/id/BA9E170D464AF7B92084EF72A69B9DC8"],
        role: {
            name: "oidc-role",
            policyArns: [ "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy" ],
        },
        tags: {
            Role: "oidc-role",
        },
    });
    
    name: awsiam-yaml
    runtime: yaml
    resources:
        assumableRoleWithOidc:
            type: "aws-iam:index:AssumableRoleWithOIDC"
            properties:
                role:
                    name: "oidc-role"
                    policyArns:
                        - "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
                tags:
                    Role: "oidc-role"
                providerUrls:
                    - "oidc.eks.eu-west-1.amazonaws.com/id/BA9E170D464AF7B92084EF72A69B9DC8"
    outputs:
        assumableRoleWithOidc: ${assumableRoleWithOidc}
    

    Create AssumableRoleWithOIDC Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AssumableRoleWithOIDC(name: string, args?: AssumableRoleWithOIDCArgs, opts?: CustomResourceOptions);
    @overload
    def AssumableRoleWithOIDC(resource_name: str,
                              args: Optional[AssumableRoleWithOIDCArgs] = None,
                              opts: Optional[ResourceOptions] = None)
    
    @overload
    def AssumableRoleWithOIDC(resource_name: str,
                              opts: Optional[ResourceOptions] = None,
                              aws_account_id: Optional[str] = None,
                              force_detach_policies: Optional[bool] = None,
                              max_session_duration: Optional[int] = None,
                              oidc_fully_qualified_audiences: Optional[Sequence[str]] = None,
                              oidc_fully_qualified_subjects: Optional[Sequence[str]] = None,
                              oidc_subjects_with_wildcards: Optional[Sequence[str]] = None,
                              provider_urls: Optional[Sequence[str]] = None,
                              role: Optional[RoleArgs] = None,
                              tags: Optional[Mapping[str, str]] = None)
    func NewAssumableRoleWithOIDC(ctx *Context, name string, args *AssumableRoleWithOIDCArgs, opts ...ResourceOption) (*AssumableRoleWithOIDC, error)
    public AssumableRoleWithOIDC(string name, AssumableRoleWithOIDCArgs? args = null, CustomResourceOptions? opts = null)
    public AssumableRoleWithOIDC(String name, AssumableRoleWithOIDCArgs args)
    public AssumableRoleWithOIDC(String name, AssumableRoleWithOIDCArgs args, CustomResourceOptions options)
    
    type: aws-iam:AssumableRoleWithOIDC
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AssumableRoleWithOIDCArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AssumableRoleWithOIDCArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AssumableRoleWithOIDCArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AssumableRoleWithOIDCArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AssumableRoleWithOIDCArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var assumableRoleWithOIDCResource = new AwsIam.AssumableRoleWithOIDC("assumableRoleWithOIDCResource", new()
    {
        AwsAccountId = "string",
        ForceDetachPolicies = false,
        MaxSessionDuration = 0,
        OidcFullyQualifiedAudiences = new[]
        {
            "string",
        },
        OidcFullyQualifiedSubjects = new[]
        {
            "string",
        },
        OidcSubjectsWithWildcards = new[]
        {
            "string",
        },
        ProviderUrls = new[]
        {
            "string",
        },
        Role = new AwsIam.Inputs.RoleArgs
        {
            Name = "string",
            NamePrefix = "string",
            Path = "string",
            PermissionsBoundaryArn = "string",
            PolicyArns = new[]
            {
                "string",
            },
        },
        Tags = 
        {
            { "string", "string" },
        },
    });
    
    example, err := awsiam.NewAssumableRoleWithOIDC(ctx, "assumableRoleWithOIDCResource", &awsiam.AssumableRoleWithOIDCArgs{
    	AwsAccountId:        pulumi.String("string"),
    	ForceDetachPolicies: pulumi.Bool(false),
    	MaxSessionDuration:  pulumi.Int(0),
    	OidcFullyQualifiedAudiences: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	OidcFullyQualifiedSubjects: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	OidcSubjectsWithWildcards: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	ProviderUrls: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Role: &awsiam.RoleArgs{
    		Name:                   pulumi.String("string"),
    		NamePrefix:             pulumi.String("string"),
    		Path:                   pulumi.String("string"),
    		PermissionsBoundaryArn: pulumi.String("string"),
    		PolicyArns: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    })
    
    var assumableRoleWithOIDCResource = new AssumableRoleWithOIDC("assumableRoleWithOIDCResource", AssumableRoleWithOIDCArgs.builder()        
        .awsAccountId("string")
        .forceDetachPolicies(false)
        .maxSessionDuration(0)
        .oidcFullyQualifiedAudiences("string")
        .oidcFullyQualifiedSubjects("string")
        .oidcSubjectsWithWildcards("string")
        .providerUrls("string")
        .role(RoleArgs.builder()
            .name("string")
            .namePrefix("string")
            .path("string")
            .permissionsBoundaryArn("string")
            .policyArns("string")
            .build())
        .tags(Map.of("string", "string"))
        .build());
    
    assumable_role_with_oidc_resource = aws_iam.AssumableRoleWithOIDC("assumableRoleWithOIDCResource",
        aws_account_id="string",
        force_detach_policies=False,
        max_session_duration=0,
        oidc_fully_qualified_audiences=["string"],
        oidc_fully_qualified_subjects=["string"],
        oidc_subjects_with_wildcards=["string"],
        provider_urls=["string"],
        role=aws_iam.RoleArgs(
            name="string",
            name_prefix="string",
            path="string",
            permissions_boundary_arn="string",
            policy_arns=["string"],
        ),
        tags={
            "string": "string",
        })
    
    const assumableRoleWithOIDCResource = new aws_iam.AssumableRoleWithOIDC("assumableRoleWithOIDCResource", {
        awsAccountId: "string",
        forceDetachPolicies: false,
        maxSessionDuration: 0,
        oidcFullyQualifiedAudiences: ["string"],
        oidcFullyQualifiedSubjects: ["string"],
        oidcSubjectsWithWildcards: ["string"],
        providerUrls: ["string"],
        role: {
            name: "string",
            namePrefix: "string",
            path: "string",
            permissionsBoundaryArn: "string",
            policyArns: ["string"],
        },
        tags: {
            string: "string",
        },
    });
    
    type: aws-iam:AssumableRoleWithOIDC
    properties:
        awsAccountId: string
        forceDetachPolicies: false
        maxSessionDuration: 0
        oidcFullyQualifiedAudiences:
            - string
        oidcFullyQualifiedSubjects:
            - string
        oidcSubjectsWithWildcards:
            - string
        providerUrls:
            - string
        role:
            name: string
            namePrefix: string
            path: string
            permissionsBoundaryArn: string
            policyArns:
                - string
        tags:
            string: string
    

    AssumableRoleWithOIDC Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AssumableRoleWithOIDC resource accepts the following input properties:

    AwsAccountId string
    The AWS account ID where the OIDC provider lives, leave empty to use the account for the AWS provider.
    ForceDetachPolicies bool
    Whether policies should be detached from this role when destroying.
    MaxSessionDuration int
    Maximum CLI/API session duration in seconds between 3600 and 43200.
    OidcFullyQualifiedAudiences List<string>
    The audience to be added to the role policy. Set to sts.amazonaws.com for cross-account assumable role. Leave empty otherwise.
    OidcFullyQualifiedSubjects List<string>
    The fully qualified OIDC subjects to be added to the role policy.
    OidcSubjectsWithWildcards List<string>
    The OIDC subject using wildcards to be added to the role policy.
    ProviderUrls List<string>
    List of URLs of the OIDC Providers.
    Role Pulumi.AwsIam.Inputs.Role
    The IAM role.
    Tags Dictionary<string, string>
    A map of tags to add.
    AwsAccountId string
    The AWS account ID where the OIDC provider lives, leave empty to use the account for the AWS provider.
    ForceDetachPolicies bool
    Whether policies should be detached from this role when destroying.
    MaxSessionDuration int
    Maximum CLI/API session duration in seconds between 3600 and 43200.
    OidcFullyQualifiedAudiences []string
    The audience to be added to the role policy. Set to sts.amazonaws.com for cross-account assumable role. Leave empty otherwise.
    OidcFullyQualifiedSubjects []string
    The fully qualified OIDC subjects to be added to the role policy.
    OidcSubjectsWithWildcards []string
    The OIDC subject using wildcards to be added to the role policy.
    ProviderUrls []string
    List of URLs of the OIDC Providers.
    Role RoleArgs
    The IAM role.
    Tags map[string]string
    A map of tags to add.
    awsAccountId String
    The AWS account ID where the OIDC provider lives, leave empty to use the account for the AWS provider.
    forceDetachPolicies Boolean
    Whether policies should be detached from this role when destroying.
    maxSessionDuration Integer
    Maximum CLI/API session duration in seconds between 3600 and 43200.
    oidcFullyQualifiedAudiences List<String>
    The audience to be added to the role policy. Set to sts.amazonaws.com for cross-account assumable role. Leave empty otherwise.
    oidcFullyQualifiedSubjects List<String>
    The fully qualified OIDC subjects to be added to the role policy.
    oidcSubjectsWithWildcards List<String>
    The OIDC subject using wildcards to be added to the role policy.
    providerUrls List<String>
    List of URLs of the OIDC Providers.
    role Role
    The IAM role.
    tags Map<String,String>
    A map of tags to add.
    awsAccountId string
    The AWS account ID where the OIDC provider lives, leave empty to use the account for the AWS provider.
    forceDetachPolicies boolean
    Whether policies should be detached from this role when destroying.
    maxSessionDuration number
    Maximum CLI/API session duration in seconds between 3600 and 43200.
    oidcFullyQualifiedAudiences string[]
    The audience to be added to the role policy. Set to sts.amazonaws.com for cross-account assumable role. Leave empty otherwise.
    oidcFullyQualifiedSubjects string[]
    The fully qualified OIDC subjects to be added to the role policy.
    oidcSubjectsWithWildcards string[]
    The OIDC subject using wildcards to be added to the role policy.
    providerUrls string[]
    List of URLs of the OIDC Providers.
    role Role
    The IAM role.
    tags {[key: string]: string}
    A map of tags to add.
    aws_account_id str
    The AWS account ID where the OIDC provider lives, leave empty to use the account for the AWS provider.
    force_detach_policies bool
    Whether policies should be detached from this role when destroying.
    max_session_duration int
    Maximum CLI/API session duration in seconds between 3600 and 43200.
    oidc_fully_qualified_audiences Sequence[str]
    The audience to be added to the role policy. Set to sts.amazonaws.com for cross-account assumable role. Leave empty otherwise.
    oidc_fully_qualified_subjects Sequence[str]
    The fully qualified OIDC subjects to be added to the role policy.
    oidc_subjects_with_wildcards Sequence[str]
    The OIDC subject using wildcards to be added to the role policy.
    provider_urls Sequence[str]
    List of URLs of the OIDC Providers.
    role RoleArgs
    The IAM role.
    tags Mapping[str, str]
    A map of tags to add.
    awsAccountId String
    The AWS account ID where the OIDC provider lives, leave empty to use the account for the AWS provider.
    forceDetachPolicies Boolean
    Whether policies should be detached from this role when destroying.
    maxSessionDuration Number
    Maximum CLI/API session duration in seconds between 3600 and 43200.
    oidcFullyQualifiedAudiences List<String>
    The audience to be added to the role policy. Set to sts.amazonaws.com for cross-account assumable role. Leave empty otherwise.
    oidcFullyQualifiedSubjects List<String>
    The fully qualified OIDC subjects to be added to the role policy.
    oidcSubjectsWithWildcards List<String>
    The OIDC subject using wildcards to be added to the role policy.
    providerUrls List<String>
    List of URLs of the OIDC Providers.
    role Property Map
    The IAM role.
    tags Map<String>
    A map of tags to add.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AssumableRoleWithOIDC resource produces the following output properties:

    Arn string
    ARN of IAM role.
    Name string
    Name of IAM role.
    Path string
    Path of IAM role.
    UniqueId string
    Unique ID of IAM role.
    Arn string
    ARN of IAM role.
    Name string
    Name of IAM role.
    Path string
    Path of IAM role.
    UniqueId string
    Unique ID of IAM role.
    arn String
    ARN of IAM role.
    name String
    Name of IAM role.
    path String
    Path of IAM role.
    uniqueId String
    Unique ID of IAM role.
    arn string
    ARN of IAM role.
    name string
    Name of IAM role.
    path string
    Path of IAM role.
    uniqueId string
    Unique ID of IAM role.
    arn str
    ARN of IAM role.
    name str
    Name of IAM role.
    path str
    Path of IAM role.
    unique_id str
    Unique ID of IAM role.
    arn String
    ARN of IAM role.
    name String
    Name of IAM role.
    path String
    Path of IAM role.
    uniqueId String
    Unique ID of IAM role.

    Supporting Types

    Role, RoleArgs

    Name string
    IAM role name.
    NamePrefix string
    IAM role name prefix.
    Path string
    Path of admin IAM role.
    PermissionsBoundaryArn string
    Permissions boundary ARN to use for the role.
    PolicyArns List<string>
    List of policy ARNs to use for the role.
    Name string
    IAM role name.
    NamePrefix string
    IAM role name prefix.
    Path string
    Path of admin IAM role.
    PermissionsBoundaryArn string
    Permissions boundary ARN to use for the role.
    PolicyArns []string
    List of policy ARNs to use for the role.
    name String
    IAM role name.
    namePrefix String
    IAM role name prefix.
    path String
    Path of admin IAM role.
    permissionsBoundaryArn String
    Permissions boundary ARN to use for the role.
    policyArns List<String>
    List of policy ARNs to use for the role.
    name string
    IAM role name.
    namePrefix string
    IAM role name prefix.
    path string
    Path of admin IAM role.
    permissionsBoundaryArn string
    Permissions boundary ARN to use for the role.
    policyArns string[]
    List of policy ARNs to use for the role.
    name str
    IAM role name.
    name_prefix str
    IAM role name prefix.
    path str
    Path of admin IAM role.
    permissions_boundary_arn str
    Permissions boundary ARN to use for the role.
    policy_arns Sequence[str]
    List of policy ARNs to use for the role.
    name String
    IAM role name.
    namePrefix String
    IAM role name prefix.
    path String
    Path of admin IAM role.
    permissionsBoundaryArn String
    Permissions boundary ARN to use for the role.
    policyArns List<String>
    List of policy ARNs to use for the role.

    Package Details

    Repository
    aws-iam
    License
    aws-iam logo
    AWS IAM v0.0.3 published on Wednesday, Jun 1, 2022 by Pulumi