aws-iam logo
AWS IAM v0.0.3, Jun 1 22

aws-iam.User

This resources helps you create an IAM User, Login Profile, and Access Key. Additionally you can optionally upload an IAM SSH User Public Key.

Example Usage

User

using Pulumi;
using Pulumi.AwsIam;
using Pulumi.AwsIam.Inputs;

class MyStack : Stack
{
    public MyStack()
    {
        var user = new User("user", new UserArgs
        {
            Name = "pulumipus",
            ForceDestroy = true,
            PgpKey = "keybase:test",
            PasswordResetRequired = false,
        });

        this.User = Output.Create<User>(user);
    }

    [Output]
    public Output<User> User { get; set; }
}
package main

import (
    iam "github.com/pulumi/pulumi-aws-iam/sdk/go/aws-iam"
    "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        user, err := iam.NewUser(ctx, "user", &iam.UserArgs{
            Name:                  pulumi.String("pulumipus"),
            ForceDestroy:          pulumi.BoolPtr(true),
            PgpKey:                pulumi.String("keybase:test"),
            PasswordResetRequired: pulumi.BoolPtr(false),
        })
        if err != nil {
            return err
        }

        ctx.Export("user", user)

        return nil
    })
}

Coming soon!

import pulumi
import pulumi_aws_iam as iam

user = iam.User(
    'user',
    name='pulumipus',
    force_destroy=True,
    pgp_key='keybase:test',
    password_reset_required=False,
)

pulumi.export('user', user)
import * as iam from "@pulumi/aws-iam";

export const user = new iam.User("aws-iam-example-user", {
    name: "pulumipus",
    forceDestroy: true,
    pgpKey: "keybase:test",
    passwordResetRequired: false,
});
name: awsiam-yaml
runtime: yaml
resources:
    user:
        type: "aws-iam:index:User"
        properties:
            name: "pulumipus"
            forceDestroy: true
            pgpKey: "keybase:test"
            passwordResetRequired: false
outputs:
    user: ${user}

Create User Resource

new User(name: string, args: UserArgs, opts?: CustomResourceOptions);
@overload
def User(resource_name: str,
         opts: Optional[ResourceOptions] = None,
         force_destroy: Optional[bool] = None,
         name: Optional[str] = None,
         password_length: Optional[int] = None,
         password_reset_required: Optional[bool] = None,
         path: Optional[str] = None,
         permissions_boundary: Optional[str] = None,
         pgp_key: Optional[str] = None,
         ssh_key_encoding: Optional[str] = None,
         ssh_public_key: Optional[str] = None,
         tags: Optional[Mapping[str, str]] = None,
         upload_iam_user_ssh_key: Optional[bool] = None)
@overload
def User(resource_name: str,
         args: UserArgs,
         opts: Optional[ResourceOptions] = None)
func NewUser(ctx *Context, name string, args UserArgs, opts ...ResourceOption) (*User, error)
public User(string name, UserArgs args, CustomResourceOptions? opts = null)
public User(String name, UserArgs args)
public User(String name, UserArgs args, CustomResourceOptions options)
type: aws-iam:User
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args UserArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args UserArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args UserArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args UserArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args UserArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

User Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The User resource accepts the following input properties:

Name string

Desired name for the IAM user.

ForceDestroy bool

When destroying this user, destroy even if it has non-Pulumi-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-Pulumi-managed access keys and login profile will fail to be destroyed.

PasswordLength int

The length of the generated password

PasswordResetRequired bool

Whether the user should be forced to reset the generated password on first login.

Path string

Desired path for the IAM user.

PermissionsBoundary string

The ARN of the policy that is used to set the permissions boundary for the user.

PgpKey string

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Used to encrypt password and access key.

SshKeyEncoding string

Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.

SshPublicKey string

The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.

Tags Dictionary<string, string>

A map of tags to add.

UploadIamUserSshKey bool

Whether to upload a public ssh key to the IAM user.

Name string

Desired name for the IAM user.

ForceDestroy bool

When destroying this user, destroy even if it has non-Pulumi-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-Pulumi-managed access keys and login profile will fail to be destroyed.

PasswordLength int

The length of the generated password

PasswordResetRequired bool

Whether the user should be forced to reset the generated password on first login.

Path string

Desired path for the IAM user.

PermissionsBoundary string

The ARN of the policy that is used to set the permissions boundary for the user.

PgpKey string

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Used to encrypt password and access key.

SshKeyEncoding string

Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.

SshPublicKey string

The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.

Tags map[string]string

A map of tags to add.

UploadIamUserSshKey bool

Whether to upload a public ssh key to the IAM user.

name String

Desired name for the IAM user.

forceDestroy Boolean

When destroying this user, destroy even if it has non-Pulumi-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-Pulumi-managed access keys and login profile will fail to be destroyed.

passwordLength Integer

The length of the generated password

passwordResetRequired Boolean

Whether the user should be forced to reset the generated password on first login.

path String

Desired path for the IAM user.

permissionsBoundary String

The ARN of the policy that is used to set the permissions boundary for the user.

pgpKey String

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Used to encrypt password and access key.

sshKeyEncoding String

Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.

sshPublicKey String

The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.

tags Map<String,String>

A map of tags to add.

uploadIamUserSshKey Boolean

Whether to upload a public ssh key to the IAM user.

name string

Desired name for the IAM user.

forceDestroy boolean

When destroying this user, destroy even if it has non-Pulumi-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-Pulumi-managed access keys and login profile will fail to be destroyed.

passwordLength number

The length of the generated password

passwordResetRequired boolean

Whether the user should be forced to reset the generated password on first login.

path string

Desired path for the IAM user.

permissionsBoundary string

The ARN of the policy that is used to set the permissions boundary for the user.

pgpKey string

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Used to encrypt password and access key.

sshKeyEncoding string

Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.

sshPublicKey string

The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.

tags {[key: string]: string}

A map of tags to add.

uploadIamUserSshKey boolean

Whether to upload a public ssh key to the IAM user.

name str

Desired name for the IAM user.

force_destroy bool

When destroying this user, destroy even if it has non-Pulumi-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-Pulumi-managed access keys and login profile will fail to be destroyed.

password_length int

The length of the generated password

password_reset_required bool

Whether the user should be forced to reset the generated password on first login.

path str

Desired path for the IAM user.

permissions_boundary str

The ARN of the policy that is used to set the permissions boundary for the user.

pgp_key str

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Used to encrypt password and access key.

ssh_key_encoding str

Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.

ssh_public_key str

The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.

tags Mapping[str, str]

A map of tags to add.

upload_iam_user_ssh_key bool

Whether to upload a public ssh key to the IAM user.

name String

Desired name for the IAM user.

forceDestroy Boolean

When destroying this user, destroy even if it has non-Pulumi-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-Pulumi-managed access keys and login profile will fail to be destroyed.

passwordLength Number

The length of the generated password

passwordResetRequired Boolean

Whether the user should be forced to reset the generated password on first login.

path String

Desired path for the IAM user.

permissionsBoundary String

The ARN of the policy that is used to set the permissions boundary for the user.

pgpKey String

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Used to encrypt password and access key.

sshKeyEncoding String

Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.

sshPublicKey String

The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.

tags Map<String>

A map of tags to add.

uploadIamUserSshKey Boolean

Whether to upload a public ssh key to the IAM user.

Outputs

All input properties are implicitly available as output properties. Additionally, the User resource produces the following output properties:

Supporting Types

AccessKeyOutput

EncryptedSecret string

The encrypted secret, base64 encoded.

Id string

The access key ID.

KeyFingerprint string

The fingerprint of the PGP key used to encrypt the secret.

Secret string

The access key secret.

SesSmtpPasswordV4 string

The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm.

Status string

Active or Inactive. Keys are initially active, but can be made inactive by other means.

EncryptedSecret string

The encrypted secret, base64 encoded.

Id string

The access key ID.

KeyFingerprint string

The fingerprint of the PGP key used to encrypt the secret.

Secret string

The access key secret.

SesSmtpPasswordV4 string

The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm.

Status string

Active or Inactive. Keys are initially active, but can be made inactive by other means.

encryptedSecret String

The encrypted secret, base64 encoded.

id String

The access key ID.

keyFingerprint String

The fingerprint of the PGP key used to encrypt the secret.

secret String

The access key secret.

sesSmtpPasswordV4 String

The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm.

status String

Active or Inactive. Keys are initially active, but can be made inactive by other means.

encryptedSecret string

The encrypted secret, base64 encoded.

id string

The access key ID.

keyFingerprint string

The fingerprint of the PGP key used to encrypt the secret.

secret string

The access key secret.

sesSmtpPasswordV4 string

The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm.

status string

Active or Inactive. Keys are initially active, but can be made inactive by other means.

encrypted_secret str

The encrypted secret, base64 encoded.

id str

The access key ID.

key_fingerprint str

The fingerprint of the PGP key used to encrypt the secret.

secret str

The access key secret.

ses_smtp_password_v4 str

The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm.

status str

Active or Inactive. Keys are initially active, but can be made inactive by other means.

encryptedSecret String

The encrypted secret, base64 encoded.

id String

The access key ID.

keyFingerprint String

The fingerprint of the PGP key used to encrypt the secret.

secret String

The access key secret.

sesSmtpPasswordV4 String

The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm.

status String

Active or Inactive. Keys are initially active, but can be made inactive by other means.

KeybaseOutput

PasswordDecryptCommand string

Decrypt user password command.

PasswordPgpMessage string

Encrypted password

SecretKeyDecryptCommand string

Decrypt access secret key command.

SecretKeyPgpMessage string

Encrypted access secret key.

PasswordDecryptCommand string

Decrypt user password command.

PasswordPgpMessage string

Encrypted password

SecretKeyDecryptCommand string

Decrypt access secret key command.

SecretKeyPgpMessage string

Encrypted access secret key.

passwordDecryptCommand String

Decrypt user password command.

passwordPgpMessage String

Encrypted password

secretKeyDecryptCommand String

Decrypt access secret key command.

secretKeyPgpMessage String

Encrypted access secret key.

passwordDecryptCommand string

Decrypt user password command.

passwordPgpMessage string

Encrypted password

secretKeyDecryptCommand string

Decrypt access secret key command.

secretKeyPgpMessage string

Encrypted access secret key.

password_decrypt_command str

Decrypt user password command.

password_pgp_message str

Encrypted password

secret_key_decrypt_command str

Decrypt access secret key command.

secret_key_pgp_message str

Encrypted access secret key.

passwordDecryptCommand String

Decrypt user password command.

passwordPgpMessage String

Encrypted password

secretKeyDecryptCommand String

Decrypt access secret key command.

secretKeyPgpMessage String

Encrypted access secret key.

UserOutput

Arn string

The ARN assigned by AWS for this user.

Name string

The user's name.

UniqueId string

The unique ID assigned by AWS.

LoginProfileEncryptedPassword string

The encrypted password, base64 encoded.

LoginProfileKeyFingerprint string

The fingerprint of the PGP key used to encrypt the password.

LoginProfilePassword string

The user password.

SshKeyFingerprint string

The unique identifier for the SSH public key.

SshKeySshPublicKeyId string

The unique identifier for the SSH public key

Arn string

The ARN assigned by AWS for this user.

Name string

The user's name.

UniqueId string

The unique ID assigned by AWS.

LoginProfileEncryptedPassword string

The encrypted password, base64 encoded.

LoginProfileKeyFingerprint string

The fingerprint of the PGP key used to encrypt the password.

LoginProfilePassword string

The user password.

SshKeyFingerprint string

The unique identifier for the SSH public key.

SshKeySshPublicKeyId string

The unique identifier for the SSH public key

arn String

The ARN assigned by AWS for this user.

name String

The user's name.

uniqueId String

The unique ID assigned by AWS.

loginProfileEncryptedPassword String

The encrypted password, base64 encoded.

loginProfileKeyFingerprint String

The fingerprint of the PGP key used to encrypt the password.

loginProfilePassword String

The user password.

sshKeyFingerprint String

The unique identifier for the SSH public key.

sshKeySshPublicKeyId String

The unique identifier for the SSH public key

arn string

The ARN assigned by AWS for this user.

name string

The user's name.

uniqueId string

The unique ID assigned by AWS.

loginProfileEncryptedPassword string

The encrypted password, base64 encoded.

loginProfileKeyFingerprint string

The fingerprint of the PGP key used to encrypt the password.

loginProfilePassword string

The user password.

sshKeyFingerprint string

The unique identifier for the SSH public key.

sshKeySshPublicKeyId string

The unique identifier for the SSH public key

arn str

The ARN assigned by AWS for this user.

name str

The user's name.

unique_id str

The unique ID assigned by AWS.

login_profile_encrypted_password str

The encrypted password, base64 encoded.

login_profile_key_fingerprint str

The fingerprint of the PGP key used to encrypt the password.

login_profile_password str

The user password.

ssh_key_fingerprint str

The unique identifier for the SSH public key.

ssh_key_ssh_public_key_id str

The unique identifier for the SSH public key

arn String

The ARN assigned by AWS for this user.

name String

The user's name.

uniqueId String

The unique ID assigned by AWS.

loginProfileEncryptedPassword String

The encrypted password, base64 encoded.

loginProfileKeyFingerprint String

The fingerprint of the PGP key used to encrypt the password.

loginProfilePassword String

The user password.

sshKeyFingerprint String

The unique identifier for the SSH public key.

sshKeySshPublicKeyId String

The unique identifier for the SSH public key

Package Details

Repository
aws-iam
License