1. Packages
  2. AWS Native
  3. API Docs
  4. iam
  5. Role

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.97.0 published on Wednesday, Feb 21, 2024 by Pulumi

aws-native.iam.Role

Explore with Pulumi AI

aws-native logo

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.97.0 published on Wednesday, Feb 21, 2024 by Pulumi

    Resource Type definition for AWS::IAM::Role

    Example Usage

    Example

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AwsNative = Pulumi.AwsNative;
    
    return await Deployment.RunAsync(() => 
    {
        var amazonGrafanaWorkspaceIAMRole = new AwsNative.Iam.Role("amazonGrafanaWorkspaceIAMRole", new()
        {
            ManagedPolicyArns = new[]
            {
                "arn:aws:iam::aws:policy/service-role/AmazonGrafanaAthenaAccess",
            },
            AssumeRolePolicyDocument = 
            {
                { "version", "2012-10-17" },
                { "statement", new[]
                {
                    
                    {
                        { "effect", "Allow" },
                        { "principal", 
                        {
                            { "service", new[]
                            {
                                "grafana.amazonaws.com",
                            } },
                        } },
                        { "action", new[]
                        {
                            "sts:AssumeRole",
                        } },
                    },
                } },
            },
        });
    
        var amazonGrafanaWorkspace = new AwsNative.Grafana.Workspace("amazonGrafanaWorkspace", new()
        {
            AccountAccessType = AwsNative.Grafana.WorkspaceAccountAccessType.CurrentAccount,
            Name = "AmazonGrafanaWorkspace",
            Description = "Amazon Grafana Workspace",
            AuthenticationProviders = new[]
            {
                AwsNative.Grafana.WorkspaceAuthenticationProviderTypes.Saml,
            },
            PermissionType = AwsNative.Grafana.WorkspacePermissionType.CustomerManaged,
            GrafanaVersion = "9.4",
            RoleArn = amazonGrafanaWorkspaceIAMRole.Arn,
            SamlConfiguration = new AwsNative.Grafana.Inputs.WorkspaceSamlConfigurationArgs
            {
                IdpMetadata = new AwsNative.Grafana.Inputs.WorkspaceIdpMetadataArgs
                {
                    Xml = "<md:EntityDescriptor xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata' entityID='entityId'>DATA</md:EntityDescriptor>",
                },
                AssertionAttributes = new AwsNative.Grafana.Inputs.WorkspaceAssertionAttributesArgs
                {
                    Name = "displayName",
                    Login = "login",
                    Email = "email",
                    Groups = "group",
                    Role = "role",
                    Org = "org",
                },
                RoleValues = new AwsNative.Grafana.Inputs.WorkspaceRoleValuesArgs
                {
                    Editor = new[]
                    {
                        "editor1",
                    },
                    Admin = new[]
                    {
                        "admin1",
                    },
                },
                AllowedOrganizations = new[]
                {
                    "org1",
                },
                LoginValidityDuration = 60,
            },
        });
    
        return new Dictionary<string, object?>
        {
            ["workspaceEndpoint"] = amazonGrafanaWorkspace.Endpoint,
            ["workspaceStatus"] = amazonGrafanaWorkspace.Status,
            ["workspaceId"] = amazonGrafanaWorkspace.Id,
            ["grafanaVersion"] = amazonGrafanaWorkspace.GrafanaVersion,
        };
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/grafana"
    	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
    amazonGrafanaWorkspaceIAMRole, err := iam.NewRole(ctx, "amazonGrafanaWorkspaceIAMRole", &iam.RoleArgs{
    ManagedPolicyArns: pulumi.StringArray{
    pulumi.String("arn:aws:iam::aws:policy/service-role/AmazonGrafanaAthenaAccess"),
    },
    AssumeRolePolicyDocument: pulumi.Any{
    Version: "2012-10-17",
    Statement: []map[string]interface{}{
    map[string]interface{}{
    "effect": "Allow",
    "principal": map[string]interface{}{
    "service": []string{
    "grafana.amazonaws.com",
    },
    },
    "action": []string{
    "sts:AssumeRole",
    },
    },
    },
    },
    })
    if err != nil {
    return err
    }
    amazonGrafanaWorkspace, err := grafana.NewWorkspace(ctx, "amazonGrafanaWorkspace", &grafana.WorkspaceArgs{
    AccountAccessType: grafana.WorkspaceAccountAccessTypeCurrentAccount,
    Name: pulumi.String("AmazonGrafanaWorkspace"),
    Description: pulumi.String("Amazon Grafana Workspace"),
    AuthenticationProviders: grafana.WorkspaceAuthenticationProviderTypesArray{
    grafana.WorkspaceAuthenticationProviderTypesSaml,
    },
    PermissionType: grafana.WorkspacePermissionTypeCustomerManaged,
    GrafanaVersion: pulumi.String("9.4"),
    RoleArn: amazonGrafanaWorkspaceIAMRole.Arn,
    SamlConfiguration: interface{}{
    IdpMetadata: &grafana.WorkspaceIdpMetadataArgs{
    Xml: pulumi.String("<md:EntityDescriptor xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata' entityID='entityId'>DATA</md:EntityDescriptor>"),
    },
    AssertionAttributes: &grafana.WorkspaceAssertionAttributesArgs{
    Name: pulumi.String("displayName"),
    Login: pulumi.String("login"),
    Email: pulumi.String("email"),
    Groups: pulumi.String("group"),
    Role: pulumi.String("role"),
    Org: pulumi.String("org"),
    },
    RoleValues: &grafana.WorkspaceRoleValuesArgs{
    Editor: pulumi.StringArray{
    pulumi.String("editor1"),
    },
    Admin: pulumi.StringArray{
    pulumi.String("admin1"),
    },
    },
    AllowedOrganizations: pulumi.StringArray{
    pulumi.String("org1"),
    },
    LoginValidityDuration: pulumi.Float64(60),
    },
    })
    if err != nil {
    return err
    }
    ctx.Export("workspaceEndpoint", amazonGrafanaWorkspace.Endpoint)
    ctx.Export("workspaceStatus", amazonGrafanaWorkspace.Status)
    ctx.Export("workspaceId", amazonGrafanaWorkspace.ID())
    ctx.Export("grafanaVersion", amazonGrafanaWorkspace.GrafanaVersion)
    return nil
    })
    }
    

    Coming soon!

    import pulumi
    import pulumi_aws_native as aws_native
    
    amazon_grafana_workspace_iam_role = aws_native.iam.Role("amazonGrafanaWorkspaceIAMRole",
        managed_policy_arns=["arn:aws:iam::aws:policy/service-role/AmazonGrafanaAthenaAccess"],
        assume_role_policy_document={
            "version": "2012-10-17",
            "statement": [{
                "effect": "Allow",
                "principal": {
                    "service": ["grafana.amazonaws.com"],
                },
                "action": ["sts:AssumeRole"],
            }],
        })
    amazon_grafana_workspace = aws_native.grafana.Workspace("amazonGrafanaWorkspace",
        account_access_type=aws_native.grafana.WorkspaceAccountAccessType.CURRENT_ACCOUNT,
        name="AmazonGrafanaWorkspace",
        description="Amazon Grafana Workspace",
        authentication_providers=[aws_native.grafana.WorkspaceAuthenticationProviderTypes.SAML],
        permission_type=aws_native.grafana.WorkspacePermissionType.CUSTOMER_MANAGED,
        grafana_version="9.4",
        role_arn=amazon_grafana_workspace_iam_role.arn,
        saml_configuration=aws_native.grafana.WorkspaceSamlConfigurationArgs(
            idp_metadata=aws_native.grafana.WorkspaceIdpMetadataArgs(
                xml="<md:EntityDescriptor xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata' entityID='entityId'>DATA</md:EntityDescriptor>",
            ),
            assertion_attributes=aws_native.grafana.WorkspaceAssertionAttributesArgs(
                name="displayName",
                login="login",
                email="email",
                groups="group",
                role="role",
                org="org",
            ),
            role_values=aws_native.grafana.WorkspaceRoleValuesArgs(
                editor=["editor1"],
                admin=["admin1"],
            ),
            allowed_organizations=["org1"],
            login_validity_duration=60,
        ))
    pulumi.export("workspaceEndpoint", amazon_grafana_workspace.endpoint)
    pulumi.export("workspaceStatus", amazon_grafana_workspace.status)
    pulumi.export("workspaceId", amazon_grafana_workspace.id)
    pulumi.export("grafanaVersion", amazon_grafana_workspace.grafana_version)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws_native from "@pulumi/aws-native";
    
    const amazonGrafanaWorkspaceIAMRole = new aws_native.iam.Role("amazonGrafanaWorkspaceIAMRole", {
        managedPolicyArns: ["arn:aws:iam::aws:policy/service-role/AmazonGrafanaAthenaAccess"],
        assumeRolePolicyDocument: {
            version: "2012-10-17",
            statement: [{
                effect: "Allow",
                principal: {
                    service: ["grafana.amazonaws.com"],
                },
                action: ["sts:AssumeRole"],
            }],
        },
    });
    const amazonGrafanaWorkspace = new aws_native.grafana.Workspace("amazonGrafanaWorkspace", {
        accountAccessType: aws_native.grafana.WorkspaceAccountAccessType.CurrentAccount,
        name: "AmazonGrafanaWorkspace",
        description: "Amazon Grafana Workspace",
        authenticationProviders: [aws_native.grafana.WorkspaceAuthenticationProviderTypes.Saml],
        permissionType: aws_native.grafana.WorkspacePermissionType.CustomerManaged,
        grafanaVersion: "9.4",
        roleArn: amazonGrafanaWorkspaceIAMRole.arn,
        samlConfiguration: {
            idpMetadata: {
                xml: "<md:EntityDescriptor xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata' entityID='entityId'>DATA</md:EntityDescriptor>",
            },
            assertionAttributes: {
                name: "displayName",
                login: "login",
                email: "email",
                groups: "group",
                role: "role",
                org: "org",
            },
            roleValues: {
                editor: ["editor1"],
                admin: ["admin1"],
            },
            allowedOrganizations: ["org1"],
            loginValidityDuration: 60,
        },
    });
    export const workspaceEndpoint = amazonGrafanaWorkspace.endpoint;
    export const workspaceStatus = amazonGrafanaWorkspace.status;
    export const workspaceId = amazonGrafanaWorkspace.id;
    export const grafanaVersion = amazonGrafanaWorkspace.grafanaVersion;
    

    Coming soon!

    Example

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AwsNative = Pulumi.AwsNative;
    
    return await Deployment.RunAsync(() => 
    {
        var amazonGrafanaWorkspaceIAMRole = new AwsNative.Iam.Role("amazonGrafanaWorkspaceIAMRole", new()
        {
            ManagedPolicyArns = new[]
            {
                "arn:aws:iam::aws:policy/service-role/AmazonGrafanaAthenaAccess",
            },
            AssumeRolePolicyDocument = 
            {
                { "version", "2012-10-17" },
                { "statement", new[]
                {
                    
                    {
                        { "effect", "Allow" },
                        { "principal", 
                        {
                            { "service", new[]
                            {
                                "grafana.amazonaws.com",
                            } },
                        } },
                        { "action", new[]
                        {
                            "sts:AssumeRole",
                        } },
                    },
                } },
            },
        });
    
        var amazonGrafanaWorkspace = new AwsNative.Grafana.Workspace("amazonGrafanaWorkspace", new()
        {
            AccountAccessType = AwsNative.Grafana.WorkspaceAccountAccessType.CurrentAccount,
            Name = "AmazonGrafanaWorkspace",
            Description = "Amazon Grafana Workspace",
            AuthenticationProviders = new[]
            {
                AwsNative.Grafana.WorkspaceAuthenticationProviderTypes.Saml,
            },
            PermissionType = AwsNative.Grafana.WorkspacePermissionType.CustomerManaged,
            GrafanaVersion = "9.4",
            RoleArn = amazonGrafanaWorkspaceIAMRole.Arn,
            SamlConfiguration = new AwsNative.Grafana.Inputs.WorkspaceSamlConfigurationArgs
            {
                IdpMetadata = new AwsNative.Grafana.Inputs.WorkspaceIdpMetadataArgs
                {
                    Xml = "<md:EntityDescriptor xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata' entityID='entityId'>DATA</md:EntityDescriptor>",
                },
                AssertionAttributes = new AwsNative.Grafana.Inputs.WorkspaceAssertionAttributesArgs
                {
                    Name = "displayName",
                    Login = "login",
                    Email = "email",
                    Groups = "group",
                    Role = "role",
                    Org = "org",
                },
                RoleValues = new AwsNative.Grafana.Inputs.WorkspaceRoleValuesArgs
                {
                    Editor = new[]
                    {
                        "editor1",
                    },
                    Admin = new[]
                    {
                        "admin1",
                    },
                },
                AllowedOrganizations = new[]
                {
                    "org1",
                },
                LoginValidityDuration = 60,
            },
        });
    
        return new Dictionary<string, object?>
        {
            ["workspaceEndpoint"] = amazonGrafanaWorkspace.Endpoint,
            ["workspaceStatus"] = amazonGrafanaWorkspace.Status,
            ["workspaceId"] = amazonGrafanaWorkspace.Id,
            ["grafanaVersion"] = amazonGrafanaWorkspace.GrafanaVersion,
        };
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/grafana"
    	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
    amazonGrafanaWorkspaceIAMRole, err := iam.NewRole(ctx, "amazonGrafanaWorkspaceIAMRole", &iam.RoleArgs{
    ManagedPolicyArns: pulumi.StringArray{
    pulumi.String("arn:aws:iam::aws:policy/service-role/AmazonGrafanaAthenaAccess"),
    },
    AssumeRolePolicyDocument: pulumi.Any{
    Version: "2012-10-17",
    Statement: []map[string]interface{}{
    map[string]interface{}{
    "effect": "Allow",
    "principal": map[string]interface{}{
    "service": []string{
    "grafana.amazonaws.com",
    },
    },
    "action": []string{
    "sts:AssumeRole",
    },
    },
    },
    },
    })
    if err != nil {
    return err
    }
    amazonGrafanaWorkspace, err := grafana.NewWorkspace(ctx, "amazonGrafanaWorkspace", &grafana.WorkspaceArgs{
    AccountAccessType: grafana.WorkspaceAccountAccessTypeCurrentAccount,
    Name: pulumi.String("AmazonGrafanaWorkspace"),
    Description: pulumi.String("Amazon Grafana Workspace"),
    AuthenticationProviders: grafana.WorkspaceAuthenticationProviderTypesArray{
    grafana.WorkspaceAuthenticationProviderTypesSaml,
    },
    PermissionType: grafana.WorkspacePermissionTypeCustomerManaged,
    GrafanaVersion: pulumi.String("9.4"),
    RoleArn: amazonGrafanaWorkspaceIAMRole.Arn,
    SamlConfiguration: interface{}{
    IdpMetadata: &grafana.WorkspaceIdpMetadataArgs{
    Xml: pulumi.String("<md:EntityDescriptor xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata' entityID='entityId'>DATA</md:EntityDescriptor>"),
    },
    AssertionAttributes: &grafana.WorkspaceAssertionAttributesArgs{
    Name: pulumi.String("displayName"),
    Login: pulumi.String("login"),
    Email: pulumi.String("email"),
    Groups: pulumi.String("group"),
    Role: pulumi.String("role"),
    Org: pulumi.String("org"),
    },
    RoleValues: &grafana.WorkspaceRoleValuesArgs{
    Editor: pulumi.StringArray{
    pulumi.String("editor1"),
    },
    Admin: pulumi.StringArray{
    pulumi.String("admin1"),
    },
    },
    AllowedOrganizations: pulumi.StringArray{
    pulumi.String("org1"),
    },
    LoginValidityDuration: pulumi.Float64(60),
    },
    })
    if err != nil {
    return err
    }
    ctx.Export("workspaceEndpoint", amazonGrafanaWorkspace.Endpoint)
    ctx.Export("workspaceStatus", amazonGrafanaWorkspace.Status)
    ctx.Export("workspaceId", amazonGrafanaWorkspace.ID())
    ctx.Export("grafanaVersion", amazonGrafanaWorkspace.GrafanaVersion)
    return nil
    })
    }
    

    Coming soon!

    import pulumi
    import pulumi_aws_native as aws_native
    
    amazon_grafana_workspace_iam_role = aws_native.iam.Role("amazonGrafanaWorkspaceIAMRole",
        managed_policy_arns=["arn:aws:iam::aws:policy/service-role/AmazonGrafanaAthenaAccess"],
        assume_role_policy_document={
            "version": "2012-10-17",
            "statement": [{
                "effect": "Allow",
                "principal": {
                    "service": ["grafana.amazonaws.com"],
                },
                "action": ["sts:AssumeRole"],
            }],
        })
    amazon_grafana_workspace = aws_native.grafana.Workspace("amazonGrafanaWorkspace",
        account_access_type=aws_native.grafana.WorkspaceAccountAccessType.CURRENT_ACCOUNT,
        name="AmazonGrafanaWorkspace",
        description="Amazon Grafana Workspace",
        authentication_providers=[aws_native.grafana.WorkspaceAuthenticationProviderTypes.SAML],
        permission_type=aws_native.grafana.WorkspacePermissionType.CUSTOMER_MANAGED,
        grafana_version="9.4",
        role_arn=amazon_grafana_workspace_iam_role.arn,
        saml_configuration=aws_native.grafana.WorkspaceSamlConfigurationArgs(
            idp_metadata=aws_native.grafana.WorkspaceIdpMetadataArgs(
                xml="<md:EntityDescriptor xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata' entityID='entityId'>DATA</md:EntityDescriptor>",
            ),
            assertion_attributes=aws_native.grafana.WorkspaceAssertionAttributesArgs(
                name="displayName",
                login="login",
                email="email",
                groups="group",
                role="role",
                org="org",
            ),
            role_values=aws_native.grafana.WorkspaceRoleValuesArgs(
                editor=["editor1"],
                admin=["admin1"],
            ),
            allowed_organizations=["org1"],
            login_validity_duration=60,
        ))
    pulumi.export("workspaceEndpoint", amazon_grafana_workspace.endpoint)
    pulumi.export("workspaceStatus", amazon_grafana_workspace.status)
    pulumi.export("workspaceId", amazon_grafana_workspace.id)
    pulumi.export("grafanaVersion", amazon_grafana_workspace.grafana_version)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws_native from "@pulumi/aws-native";
    
    const amazonGrafanaWorkspaceIAMRole = new aws_native.iam.Role("amazonGrafanaWorkspaceIAMRole", {
        managedPolicyArns: ["arn:aws:iam::aws:policy/service-role/AmazonGrafanaAthenaAccess"],
        assumeRolePolicyDocument: {
            version: "2012-10-17",
            statement: [{
                effect: "Allow",
                principal: {
                    service: ["grafana.amazonaws.com"],
                },
                action: ["sts:AssumeRole"],
            }],
        },
    });
    const amazonGrafanaWorkspace = new aws_native.grafana.Workspace("amazonGrafanaWorkspace", {
        accountAccessType: aws_native.grafana.WorkspaceAccountAccessType.CurrentAccount,
        name: "AmazonGrafanaWorkspace",
        description: "Amazon Grafana Workspace",
        authenticationProviders: [aws_native.grafana.WorkspaceAuthenticationProviderTypes.Saml],
        permissionType: aws_native.grafana.WorkspacePermissionType.CustomerManaged,
        grafanaVersion: "9.4",
        roleArn: amazonGrafanaWorkspaceIAMRole.arn,
        samlConfiguration: {
            idpMetadata: {
                xml: "<md:EntityDescriptor xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata' entityID='entityId'>DATA</md:EntityDescriptor>",
            },
            assertionAttributes: {
                name: "displayName",
                login: "login",
                email: "email",
                groups: "group",
                role: "role",
                org: "org",
            },
            roleValues: {
                editor: ["editor1"],
                admin: ["admin1"],
            },
            allowedOrganizations: ["org1"],
            loginValidityDuration: 60,
        },
    });
    export const workspaceEndpoint = amazonGrafanaWorkspace.endpoint;
    export const workspaceStatus = amazonGrafanaWorkspace.status;
    export const workspaceId = amazonGrafanaWorkspace.id;
    export const grafanaVersion = amazonGrafanaWorkspace.grafanaVersion;
    

    Coming soon!

    Example

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AwsNative = Pulumi.AwsNative;
    
    return await Deployment.RunAsync(() => 
    {
        var automationExecutionRole = new AwsNative.Iam.Role("automationExecutionRole", new()
        {
            AssumeRolePolicyDocument = 
            {
                { "version", "2012-10-17" },
                { "statement", new[]
                {
                    
                    {
                        { "effect", "Allow" },
                        { "principal", 
                        {
                            { "service", "ssm.amazonaws.com" },
                        } },
                        { "action", new[]
                        {
                            "sts:AssumeRole",
                        } },
                    },
                } },
            },
            Path = "/",
            ManagedPolicyArns = new[]
            {
                "arn:${AWS::Partition}:iam::aws:policy/AmazonEC2FullAccess",
            },
        });
    
        var automationAssociation = new AwsNative.Ssm.Association("automationAssociation", new()
        {
            Name = "AWS-StopEC2Instance",
            Parameters = 
            {
                { "automationAssumeRole", new[]
                {
                    "AutomationExecutionRole.Arn",
                } },
            },
            Targets = new[]
            {
                new AwsNative.Ssm.Inputs.AssociationTargetArgs
                {
                    Key = "ParameterValues",
                    Values = new[]
                    {
                        "i-1234567890abcdef0",
                    },
                },
            },
            AutomationTargetParameterName = "InstanceId",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
    	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/ssm"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := iam.NewRole(ctx, "automationExecutionRole", &iam.RoleArgs{
    			AssumeRolePolicyDocument: pulumi.Any{
    				Version: "2012-10-17",
    				Statement: []map[string]interface{}{
    					map[string]interface{}{
    						"effect": "Allow",
    						"principal": map[string]interface{}{
    							"service": "ssm.amazonaws.com",
    						},
    						"action": []string{
    							"sts:AssumeRole",
    						},
    					},
    				},
    			},
    			Path: pulumi.String("/"),
    			ManagedPolicyArns: pulumi.StringArray{
    				pulumi.String("arn:${AWS::Partition}:iam::aws:policy/AmazonEC2FullAccess"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = ssm.NewAssociation(ctx, "automationAssociation", &ssm.AssociationArgs{
    			Name: pulumi.String("AWS-StopEC2Instance"),
    			Parameters: pulumi.Any{
    				AutomationAssumeRole: []string{
    					"AutomationExecutionRole.Arn",
    				},
    			},
    			Targets: []ssm.AssociationTargetArgs{
    				{
    					Key: pulumi.String("ParameterValues"),
    					Values: pulumi.StringArray{
    						pulumi.String("i-1234567890abcdef0"),
    					},
    				},
    			},
    			AutomationTargetParameterName: pulumi.String("InstanceId"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    

    Coming soon!

    import pulumi
    import pulumi_aws_native as aws_native
    
    automation_execution_role = aws_native.iam.Role("automationExecutionRole",
        assume_role_policy_document={
            "version": "2012-10-17",
            "statement": [{
                "effect": "Allow",
                "principal": {
                    "service": "ssm.amazonaws.com",
                },
                "action": ["sts:AssumeRole"],
            }],
        },
        path="/",
        managed_policy_arns=["arn:${AWS::Partition}:iam::aws:policy/AmazonEC2FullAccess"])
    automation_association = aws_native.ssm.Association("automationAssociation",
        name="AWS-StopEC2Instance",
        parameters={
            "automationAssumeRole": ["AutomationExecutionRole.Arn"],
        },
        targets=[aws_native.ssm.AssociationTargetArgs(
            key="ParameterValues",
            values=["i-1234567890abcdef0"],
        )],
        automation_target_parameter_name="InstanceId")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws_native from "@pulumi/aws-native";
    
    const automationExecutionRole = new aws_native.iam.Role("automationExecutionRole", {
        assumeRolePolicyDocument: {
            version: "2012-10-17",
            statement: [{
                effect: "Allow",
                principal: {
                    service: "ssm.amazonaws.com",
                },
                action: ["sts:AssumeRole"],
            }],
        },
        path: "/",
        managedPolicyArns: ["arn:${AWS::Partition}:iam::aws:policy/AmazonEC2FullAccess"],
    });
    const automationAssociation = new aws_native.ssm.Association("automationAssociation", {
        name: "AWS-StopEC2Instance",
        parameters: {
            automationAssumeRole: ["AutomationExecutionRole.Arn"],
        },
        targets: [{
            key: "ParameterValues",
            values: ["i-1234567890abcdef0"],
        }],
        automationTargetParameterName: "InstanceId",
    });
    

    Coming soon!

    Create Role Resource

    new Role(name: string, args: RoleArgs, opts?: CustomResourceOptions);
    @overload
    def Role(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             assume_role_policy_document: Optional[Any] = None,
             description: Optional[str] = None,
             managed_policy_arns: Optional[Sequence[str]] = None,
             max_session_duration: Optional[int] = None,
             path: Optional[str] = None,
             permissions_boundary: Optional[str] = None,
             policies: Optional[Sequence[RolePolicyArgs]] = None,
             role_name: Optional[str] = None,
             tags: Optional[Sequence[RoleTagArgs]] = None)
    @overload
    def Role(resource_name: str,
             args: RoleArgs,
             opts: Optional[ResourceOptions] = None)
    func NewRole(ctx *Context, name string, args RoleArgs, opts ...ResourceOption) (*Role, error)
    public Role(string name, RoleArgs args, CustomResourceOptions? opts = null)
    public Role(String name, RoleArgs args)
    public Role(String name, RoleArgs args, CustomResourceOptions options)
    
    type: aws-native:iam:Role
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Role Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Role resource accepts the following input properties:

    AssumeRolePolicyDocument object

    The trust policy that is associated with this role.

    Search the CloudFormation User Guide for AWS::IAM::Role for more information about the expected schema for this property.

    Description string
    A description of the role that you provide.
    ManagedPolicyArns List<string>
    A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role.
    MaxSessionDuration int
    The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
    Path string
    The path to the role.
    PermissionsBoundary string
    The ARN of the policy used to set the permissions boundary for the role.
    Policies List<Pulumi.AwsNative.Iam.Inputs.RolePolicy>
    Adds or updates an inline policy document that is embedded in the specified IAM role.
    RoleName string
    A name for the IAM role, up to 64 characters in length.
    Tags List<Pulumi.AwsNative.Iam.Inputs.RoleTag>
    A list of tags that are attached to the role.
    AssumeRolePolicyDocument interface{}

    The trust policy that is associated with this role.

    Search the CloudFormation User Guide for AWS::IAM::Role for more information about the expected schema for this property.

    Description string
    A description of the role that you provide.
    ManagedPolicyArns []string
    A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role.
    MaxSessionDuration int
    The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
    Path string
    The path to the role.
    PermissionsBoundary string
    The ARN of the policy used to set the permissions boundary for the role.
    Policies []RolePolicyTypeArgs
    Adds or updates an inline policy document that is embedded in the specified IAM role.
    RoleName string
    A name for the IAM role, up to 64 characters in length.
    Tags []RoleTagArgs
    A list of tags that are attached to the role.
    assumeRolePolicyDocument Object

    The trust policy that is associated with this role.

    Search the CloudFormation User Guide for AWS::IAM::Role for more information about the expected schema for this property.

    description String
    A description of the role that you provide.
    managedPolicyArns List<String>
    A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role.
    maxSessionDuration Integer
    The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
    path String
    The path to the role.
    permissionsBoundary String
    The ARN of the policy used to set the permissions boundary for the role.
    policies List<RolePolicy>
    Adds or updates an inline policy document that is embedded in the specified IAM role.
    roleName String
    A name for the IAM role, up to 64 characters in length.
    tags List<RoleTag>
    A list of tags that are attached to the role.
    assumeRolePolicyDocument any

    The trust policy that is associated with this role.

    Search the CloudFormation User Guide for AWS::IAM::Role for more information about the expected schema for this property.

    description string
    A description of the role that you provide.
    managedPolicyArns string[]
    A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role.
    maxSessionDuration number
    The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
    path string
    The path to the role.
    permissionsBoundary string
    The ARN of the policy used to set the permissions boundary for the role.
    policies RolePolicy[]
    Adds or updates an inline policy document that is embedded in the specified IAM role.
    roleName string
    A name for the IAM role, up to 64 characters in length.
    tags RoleTag[]
    A list of tags that are attached to the role.
    assume_role_policy_document Any

    The trust policy that is associated with this role.

    Search the CloudFormation User Guide for AWS::IAM::Role for more information about the expected schema for this property.

    description str
    A description of the role that you provide.
    managed_policy_arns Sequence[str]
    A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role.
    max_session_duration int
    The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
    path str
    The path to the role.
    permissions_boundary str
    The ARN of the policy used to set the permissions boundary for the role.
    policies Sequence[RolePolicyArgs]
    Adds or updates an inline policy document that is embedded in the specified IAM role.
    role_name str
    A name for the IAM role, up to 64 characters in length.
    tags Sequence[RoleTagArgs]
    A list of tags that are attached to the role.
    assumeRolePolicyDocument Any

    The trust policy that is associated with this role.

    Search the CloudFormation User Guide for AWS::IAM::Role for more information about the expected schema for this property.

    description String
    A description of the role that you provide.
    managedPolicyArns List<String>
    A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role.
    maxSessionDuration Number
    The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
    path String
    The path to the role.
    permissionsBoundary String
    The ARN of the policy used to set the permissions boundary for the role.
    policies List<Property Map>
    Adds or updates an inline policy document that is embedded in the specified IAM role.
    roleName String
    A name for the IAM role, up to 64 characters in length.
    tags List<Property Map>
    A list of tags that are attached to the role.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Role resource produces the following output properties:

    Arn string
    The Amazon Resource Name (ARN) for the role.
    Id string
    The provider-assigned unique ID for this managed resource.
    RoleId string
    The stable and unique string identifying the role.
    Arn string
    The Amazon Resource Name (ARN) for the role.
    Id string
    The provider-assigned unique ID for this managed resource.
    RoleId string
    The stable and unique string identifying the role.
    arn String
    The Amazon Resource Name (ARN) for the role.
    id String
    The provider-assigned unique ID for this managed resource.
    roleId String
    The stable and unique string identifying the role.
    arn string
    The Amazon Resource Name (ARN) for the role.
    id string
    The provider-assigned unique ID for this managed resource.
    roleId string
    The stable and unique string identifying the role.
    arn str
    The Amazon Resource Name (ARN) for the role.
    id str
    The provider-assigned unique ID for this managed resource.
    role_id str
    The stable and unique string identifying the role.
    arn String
    The Amazon Resource Name (ARN) for the role.
    id String
    The provider-assigned unique ID for this managed resource.
    roleId String
    The stable and unique string identifying the role.

    Supporting Types

    RolePolicy, RolePolicyArgs

    PolicyDocument string
    The policy document.
    PolicyName string
    The friendly name (not ARN) identifying the policy.
    PolicyDocument string
    The policy document.
    PolicyName string
    The friendly name (not ARN) identifying the policy.
    policyDocument String
    The policy document.
    policyName String
    The friendly name (not ARN) identifying the policy.
    policyDocument string
    The policy document.
    policyName string
    The friendly name (not ARN) identifying the policy.
    policy_document str
    The policy document.
    policy_name str
    The friendly name (not ARN) identifying the policy.
    policyDocument String
    The policy document.
    policyName String
    The friendly name (not ARN) identifying the policy.

    RoleTag, RoleTagArgs

    Key string
    The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    Value string
    The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    Key string
    The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    Value string
    The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    key String
    The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    value String
    The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    key string
    The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    value string
    The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    key str
    The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    value str
    The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    key String
    The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
    value String
    The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    AWS Native is in preview. AWS Classic is fully supported.

    AWS Native v0.97.0 published on Wednesday, Feb 21, 2024 by Pulumi