aws-iam.GroupWithAssumableRolesPolicy

This resource helps you create an IAM Group with Users who are allowed to assume specified IAM roles.

Example Usage

using Pulumi;
using Pulumi.AwsIam;
using Pulumi.AwsIam.Inputs;

class MyStack : Stack
{
    public MyStack()
    {
        var groupWithAssumableRolePolicy = new GroupWithAssumableRolesPolicy("group-with-assumable-roles-policy", new GroupWithAssumableRolesPolicyArgs
        {
            Name = "production-readonly",
            AssumableRoles = {"arn:aws:iam::835367859855:role/readonly"},
            GroupUsers = {"user1", "user2"},
        });

        this.GroupWithAssumableRolesPolicy = Output.Create<GroupWithAssumableRolesPolicy>(groupWithAssumableRolePolicy);
    }

    [Output]
    public Output<GroupWithAssumableRolesPolicy> GroupWithAssumableRolesPolicy { get; set; }
}
package main

import (
    iam "github.com/pulumi/pulumi-aws-iam/sdk/go/aws-iam"
    "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        groupWithAssumableRolesPolicy, err := iam.NewGroupWithAssumableRolesPolicy(ctx, "group-with-assumable-roles-policy", &iam.GroupWithAssumableRolesPolicyArgs{
            Name:           pulumi.String("production-readonly"),
            AssumableRoles: pulumi.ToStringArray([]string{"arn:aws:iam::835367859855:role/readonly"}),
            GroupUsers:     pulumi.ToStringArray([]string{"user1", "user2"}),
        })
        if err != nil {
            return err
        }

        ctx.Export("groupWithAssumableRolesPolicy", groupWithAssumableRolesPolicy)

        return nil
    })
}

Coming soon!

import pulumi
import pulumi_aws_iam as iam

group_with_assume_roles_policy = iam.GroupWithAssumableRolesPolicy(
    'group_with_assume_roles_policy',
    name='production-readonly',
    assumable_roles=['arn:aws:iam::835367859855:role/readonly'],
    group_users=['user1','user2'],
)

pulumi.export('group_with_assume_roles_policy', group_with_assume_roles_policy)
import * as iam from "@pulumi/aws-iam";

export const groupWithAssumableRolesPolicy = new iam.GroupWithAssumableRolesPolicy("aws-iam-example-group-with-assumable-roles-policy", {
    name: "production-readonly",
    assumableRoles: [ "arn:aws:iam::835367859855:role/readonly" ],
    groupUsers: [ "user1" ],
});
name: awsiam-yaml
runtime: yaml
resources:
    groupWithAssumableRolesPolicy:
        type: "aws-iam:index:GroupWithAssumableRolesPolicy"
        properties:
            name: "production-readonly"
            assumableRoles:
                - "arn:aws:iam::835367859855:role/readonly"
            groupUsers:
                - "user1"
                - "user2"
outputs:
    groupWithAssumableRolesPolicy: ${groupWithAssumableRolesPolicy}

Create GroupWithAssumableRolesPolicy Resource

new GroupWithAssumableRolesPolicy(name: string, args: GroupWithAssumableRolesPolicyArgs, opts?: CustomResourceOptions);
@overload
def GroupWithAssumableRolesPolicy(resource_name: str,
                                  opts: Optional[ResourceOptions] = None,
                                  assumable_roles: Optional[Sequence[str]] = None,
                                  group_users: Optional[Sequence[str]] = None,
                                  name: Optional[str] = None,
                                  tags: Optional[Mapping[str, str]] = None)
@overload
def GroupWithAssumableRolesPolicy(resource_name: str,
                                  args: GroupWithAssumableRolesPolicyArgs,
                                  opts: Optional[ResourceOptions] = None)
func NewGroupWithAssumableRolesPolicy(ctx *Context, name string, args GroupWithAssumableRolesPolicyArgs, opts ...ResourceOption) (*GroupWithAssumableRolesPolicy, error)
public GroupWithAssumableRolesPolicy(string name, GroupWithAssumableRolesPolicyArgs args, CustomResourceOptions? opts = null)
public GroupWithAssumableRolesPolicy(String name, GroupWithAssumableRolesPolicyArgs args)
public GroupWithAssumableRolesPolicy(String name, GroupWithAssumableRolesPolicyArgs args, CustomResourceOptions options)
type: aws-iam:GroupWithAssumableRolesPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args GroupWithAssumableRolesPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args GroupWithAssumableRolesPolicyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args GroupWithAssumableRolesPolicyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args GroupWithAssumableRolesPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args GroupWithAssumableRolesPolicyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

GroupWithAssumableRolesPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The GroupWithAssumableRolesPolicy resource accepts the following input properties:

AssumableRoles List<string>

List of IAM roles ARNs which can be assumed by the group

GroupUsers List<string>

List of IAM users to have in an IAM group which can assume the role

Name string

Name of IAM policy and IAM group.

Tags Dictionary<string, string>

A map of tags to add.

AssumableRoles []string

List of IAM roles ARNs which can be assumed by the group

GroupUsers []string

List of IAM users to have in an IAM group which can assume the role

Name string

Name of IAM policy and IAM group.

Tags map[string]string

A map of tags to add.

assumableRoles List<String>

List of IAM roles ARNs which can be assumed by the group

groupUsers List<String>

List of IAM users to have in an IAM group which can assume the role

name String

Name of IAM policy and IAM group.

tags Map<String,String>

A map of tags to add.

assumableRoles string[]

List of IAM roles ARNs which can be assumed by the group

groupUsers string[]

List of IAM users to have in an IAM group which can assume the role

name string

Name of IAM policy and IAM group.

tags {[key: string]: string}

A map of tags to add.

assumable_roles Sequence[str]

List of IAM roles ARNs which can be assumed by the group

group_users Sequence[str]

List of IAM users to have in an IAM group which can assume the role

name str

Name of IAM policy and IAM group.

tags Mapping[str, str]

A map of tags to add.

assumableRoles List<String>

List of IAM roles ARNs which can be assumed by the group

groupUsers List<String>

List of IAM users to have in an IAM group which can assume the role

name String

Name of IAM policy and IAM group.

tags Map<String>

A map of tags to add.

Outputs

All input properties are implicitly available as output properties. Additionally, the GroupWithAssumableRolesPolicy resource produces the following output properties:

GroupArn string

IAM group arn.

GroupName string

IAM group name.

PolicyArn string

Assume role policy ARN of IAM group

GroupArn string

IAM group arn.

GroupName string

IAM group name.

PolicyArn string

Assume role policy ARN of IAM group

groupArn String

IAM group arn.

groupName String

IAM group name.

policyArn String

Assume role policy ARN of IAM group

groupArn string

IAM group arn.

groupName string

IAM group name.

policyArn string

Assume role policy ARN of IAM group

group_arn str

IAM group arn.

group_name str

IAM group name.

policy_arn str

Assume role policy ARN of IAM group

groupArn String

IAM group arn.

groupName String

IAM group name.

policyArn String

Assume role policy ARN of IAM group

Package Details

Repository
aws-iam
License