aws-native logo
AWS Native v0.55.0, Mar 28 23

aws-native.iam.Role

Resource Type definition for AWS::IAM::Role

Example Usage

Example

using System.Collections.Generic;
using Pulumi;
using AwsNative = Pulumi.AwsNative;

return await Deployment.RunAsync(() => 
{
    var amazonGrafanaWorkspaceIAMRole = new AwsNative.IAM.Role("amazonGrafanaWorkspaceIAMRole", new()
    {
        ManagedPolicyArns = new[]
        {
            "arn:aws:iam::aws:policy/service-role/AmazonGrafanaAthenaAccess",
        },
        AssumeRolePolicyDocument = 
        {
            { "version", "2012-10-17" },
            { "statement", new[]
            {
                
                {
                    { "effect", "Allow" },
                    { "principal", 
                    {
                        { "service", new[]
                        {
                            "grafana.amazonaws.com",
                        } },
                    } },
                    { "action", new[]
                    {
                        "sts:AssumeRole",
                    } },
                },
            } },
        },
    });

    var amazonGrafanaWorkspace = new AwsNative.Grafana.Workspace("amazonGrafanaWorkspace", new()
    {
        AccountAccessType = AwsNative.Grafana.WorkspaceAccountAccessType.CurrentAccount,
        Name = "AmazonGrafanaWorkspace",
        Description = "Amazon Grafana Workspace",
        AuthenticationProviders = new[]
        {
            AwsNative.Grafana.WorkspaceAuthenticationProviderTypes.Saml,
        },
        PermissionType = AwsNative.Grafana.WorkspacePermissionType.CustomerManaged,
        RoleArn = amazonGrafanaWorkspaceIAMRole.Arn,
        SamlConfiguration = new AwsNative.Grafana.Inputs.WorkspaceSamlConfigurationArgs
        {
            IdpMetadata = new AwsNative.Grafana.Inputs.WorkspaceIdpMetadataArgs
            {
                Xml = "<md:EntityDescriptor xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata' entityID='entityId'>DATA</md:EntityDescriptor>",
            },
            AssertionAttributes = new AwsNative.Grafana.Inputs.WorkspaceAssertionAttributesArgs
            {
                Name = "displayName",
                Login = "login",
                Email = "email",
                Groups = "group",
                Role = "role",
                Org = "org",
            },
            RoleValues = new AwsNative.Grafana.Inputs.WorkspaceRoleValuesArgs
            {
                Editor = new[]
                {
                    "editor1",
                },
                Admin = new[]
                {
                    "admin1",
                },
            },
            AllowedOrganizations = new[]
            {
                "org1",
            },
            LoginValidityDuration = 60,
        },
    });

    return new Dictionary<string, object?>
    {
        ["workspaceEndpoint"] = amazonGrafanaWorkspace.Endpoint,
        ["workspaceStatus"] = amazonGrafanaWorkspace.Status,
        ["workspaceId"] = amazonGrafanaWorkspace.Id,
        ["grafanaVersion"] = amazonGrafanaWorkspace.Grafana_version,
    };
});

Coming soon!

Coming soon!

import pulumi
import pulumi_aws_native as aws_native

amazon_grafana_workspace_iam_role = aws_native.iam.Role("amazonGrafanaWorkspaceIAMRole",
    managed_policy_arns=["arn:aws:iam::aws:policy/service-role/AmazonGrafanaAthenaAccess"],
    assume_role_policy_document={
        "version": "2012-10-17",
        "statement": [{
            "effect": "Allow",
            "principal": {
                "service": ["grafana.amazonaws.com"],
            },
            "action": ["sts:AssumeRole"],
        }],
    })
amazon_grafana_workspace = aws_native.grafana.Workspace("amazonGrafanaWorkspace",
    account_access_type=aws_native.grafana.WorkspaceAccountAccessType.CURRENT_ACCOUNT,
    name="AmazonGrafanaWorkspace",
    description="Amazon Grafana Workspace",
    authentication_providers=[aws_native.grafana.WorkspaceAuthenticationProviderTypes.SAML],
    permission_type=aws_native.grafana.WorkspacePermissionType.CUSTOMER_MANAGED,
    role_arn=amazon_grafana_workspace_iam_role.arn,
    saml_configuration=aws_native.grafana.WorkspaceSamlConfigurationArgs(
        idp_metadata=aws_native.grafana.WorkspaceIdpMetadataArgs(
            xml="<md:EntityDescriptor xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata' entityID='entityId'>DATA</md:EntityDescriptor>",
        ),
        assertion_attributes=aws_native.grafana.WorkspaceAssertionAttributesArgs(
            name="displayName",
            login="login",
            email="email",
            groups="group",
            role="role",
            org="org",
        ),
        role_values=aws_native.grafana.WorkspaceRoleValuesArgs(
            editor=["editor1"],
            admin=["admin1"],
        ),
        allowed_organizations=["org1"],
        login_validity_duration=60,
    ))
pulumi.export("workspaceEndpoint", amazon_grafana_workspace.endpoint)
pulumi.export("workspaceStatus", amazon_grafana_workspace.status)
pulumi.export("workspaceId", amazon_grafana_workspace.id)
pulumi.export("grafanaVersion", amazon_grafana_workspace.grafana_version)
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";

const amazonGrafanaWorkspaceIAMRole = new aws_native.iam.Role("amazonGrafanaWorkspaceIAMRole", {
    managedPolicyArns: ["arn:aws:iam::aws:policy/service-role/AmazonGrafanaAthenaAccess"],
    assumeRolePolicyDocument: {
        version: "2012-10-17",
        statement: [{
            effect: "Allow",
            principal: {
                service: ["grafana.amazonaws.com"],
            },
            action: ["sts:AssumeRole"],
        }],
    },
});
const amazonGrafanaWorkspace = new aws_native.grafana.Workspace("amazonGrafanaWorkspace", {
    accountAccessType: aws_native.grafana.WorkspaceAccountAccessType.CurrentAccount,
    name: "AmazonGrafanaWorkspace",
    description: "Amazon Grafana Workspace",
    authenticationProviders: [aws_native.grafana.WorkspaceAuthenticationProviderTypes.Saml],
    permissionType: aws_native.grafana.WorkspacePermissionType.CustomerManaged,
    roleArn: amazonGrafanaWorkspaceIAMRole.arn,
    samlConfiguration: {
        idpMetadata: {
            xml: "<md:EntityDescriptor xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata' entityID='entityId'>DATA</md:EntityDescriptor>",
        },
        assertionAttributes: {
            name: "displayName",
            login: "login",
            email: "email",
            groups: "group",
            role: "role",
            org: "org",
        },
        roleValues: {
            editor: ["editor1"],
            admin: ["admin1"],
        },
        allowedOrganizations: ["org1"],
        loginValidityDuration: 60,
    },
});
export const workspaceEndpoint = amazonGrafanaWorkspace.endpoint;
export const workspaceStatus = amazonGrafanaWorkspace.status;
export const workspaceId = amazonGrafanaWorkspace.id;
export const grafanaVersion = amazonGrafanaWorkspace.grafanaVersion;

Coming soon!

Example

using System.Collections.Generic;
using Pulumi;
using AwsNative = Pulumi.AwsNative;

return await Deployment.RunAsync(() => 
{
    var amazonGrafanaWorkspaceIAMRole = new AwsNative.IAM.Role("amazonGrafanaWorkspaceIAMRole", new()
    {
        ManagedPolicyArns = new[]
        {
            "arn:aws:iam::aws:policy/service-role/AmazonGrafanaAthenaAccess",
        },
        AssumeRolePolicyDocument = 
        {
            { "version", "2012-10-17" },
            { "statement", new[]
            {
                
                {
                    { "effect", "Allow" },
                    { "principal", 
                    {
                        { "service", new[]
                        {
                            "grafana.amazonaws.com",
                        } },
                    } },
                    { "action", new[]
                    {
                        "sts:AssumeRole",
                    } },
                },
            } },
        },
    });

    var amazonGrafanaWorkspace = new AwsNative.Grafana.Workspace("amazonGrafanaWorkspace", new()
    {
        AccountAccessType = AwsNative.Grafana.WorkspaceAccountAccessType.CurrentAccount,
        Name = "AmazonGrafanaWorkspace",
        Description = "Amazon Grafana Workspace",
        AuthenticationProviders = new[]
        {
            AwsNative.Grafana.WorkspaceAuthenticationProviderTypes.Saml,
        },
        PermissionType = AwsNative.Grafana.WorkspacePermissionType.CustomerManaged,
        RoleArn = amazonGrafanaWorkspaceIAMRole.Arn,
        SamlConfiguration = new AwsNative.Grafana.Inputs.WorkspaceSamlConfigurationArgs
        {
            IdpMetadata = new AwsNative.Grafana.Inputs.WorkspaceIdpMetadataArgs
            {
                Xml = "<md:EntityDescriptor xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata' entityID='entityId'>DATA</md:EntityDescriptor>",
            },
            AssertionAttributes = new AwsNative.Grafana.Inputs.WorkspaceAssertionAttributesArgs
            {
                Name = "displayName",
                Login = "login",
                Email = "email",
                Groups = "group",
                Role = "role",
                Org = "org",
            },
            RoleValues = new AwsNative.Grafana.Inputs.WorkspaceRoleValuesArgs
            {
                Editor = new[]
                {
                    "editor1",
                },
                Admin = new[]
                {
                    "admin1",
                },
            },
            AllowedOrganizations = new[]
            {
                "org1",
            },
            LoginValidityDuration = 60,
        },
    });

    return new Dictionary<string, object?>
    {
        ["workspaceEndpoint"] = amazonGrafanaWorkspace.Endpoint,
        ["workspaceStatus"] = amazonGrafanaWorkspace.Status,
        ["workspaceId"] = amazonGrafanaWorkspace.Id,
        ["grafanaVersion"] = amazonGrafanaWorkspace.Grafana_version,
    };
});

Coming soon!

Coming soon!

import pulumi
import pulumi_aws_native as aws_native

amazon_grafana_workspace_iam_role = aws_native.iam.Role("amazonGrafanaWorkspaceIAMRole",
    managed_policy_arns=["arn:aws:iam::aws:policy/service-role/AmazonGrafanaAthenaAccess"],
    assume_role_policy_document={
        "version": "2012-10-17",
        "statement": [{
            "effect": "Allow",
            "principal": {
                "service": ["grafana.amazonaws.com"],
            },
            "action": ["sts:AssumeRole"],
        }],
    })
amazon_grafana_workspace = aws_native.grafana.Workspace("amazonGrafanaWorkspace",
    account_access_type=aws_native.grafana.WorkspaceAccountAccessType.CURRENT_ACCOUNT,
    name="AmazonGrafanaWorkspace",
    description="Amazon Grafana Workspace",
    authentication_providers=[aws_native.grafana.WorkspaceAuthenticationProviderTypes.SAML],
    permission_type=aws_native.grafana.WorkspacePermissionType.CUSTOMER_MANAGED,
    role_arn=amazon_grafana_workspace_iam_role.arn,
    saml_configuration=aws_native.grafana.WorkspaceSamlConfigurationArgs(
        idp_metadata=aws_native.grafana.WorkspaceIdpMetadataArgs(
            xml="<md:EntityDescriptor xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata' entityID='entityId'>DATA</md:EntityDescriptor>",
        ),
        assertion_attributes=aws_native.grafana.WorkspaceAssertionAttributesArgs(
            name="displayName",
            login="login",
            email="email",
            groups="group",
            role="role",
            org="org",
        ),
        role_values=aws_native.grafana.WorkspaceRoleValuesArgs(
            editor=["editor1"],
            admin=["admin1"],
        ),
        allowed_organizations=["org1"],
        login_validity_duration=60,
    ))
pulumi.export("workspaceEndpoint", amazon_grafana_workspace.endpoint)
pulumi.export("workspaceStatus", amazon_grafana_workspace.status)
pulumi.export("workspaceId", amazon_grafana_workspace.id)
pulumi.export("grafanaVersion", amazon_grafana_workspace.grafana_version)
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";

const amazonGrafanaWorkspaceIAMRole = new aws_native.iam.Role("amazonGrafanaWorkspaceIAMRole", {
    managedPolicyArns: ["arn:aws:iam::aws:policy/service-role/AmazonGrafanaAthenaAccess"],
    assumeRolePolicyDocument: {
        version: "2012-10-17",
        statement: [{
            effect: "Allow",
            principal: {
                service: ["grafana.amazonaws.com"],
            },
            action: ["sts:AssumeRole"],
        }],
    },
});
const amazonGrafanaWorkspace = new aws_native.grafana.Workspace("amazonGrafanaWorkspace", {
    accountAccessType: aws_native.grafana.WorkspaceAccountAccessType.CurrentAccount,
    name: "AmazonGrafanaWorkspace",
    description: "Amazon Grafana Workspace",
    authenticationProviders: [aws_native.grafana.WorkspaceAuthenticationProviderTypes.Saml],
    permissionType: aws_native.grafana.WorkspacePermissionType.CustomerManaged,
    roleArn: amazonGrafanaWorkspaceIAMRole.arn,
    samlConfiguration: {
        idpMetadata: {
            xml: "<md:EntityDescriptor xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata' entityID='entityId'>DATA</md:EntityDescriptor>",
        },
        assertionAttributes: {
            name: "displayName",
            login: "login",
            email: "email",
            groups: "group",
            role: "role",
            org: "org",
        },
        roleValues: {
            editor: ["editor1"],
            admin: ["admin1"],
        },
        allowedOrganizations: ["org1"],
        loginValidityDuration: 60,
    },
});
export const workspaceEndpoint = amazonGrafanaWorkspace.endpoint;
export const workspaceStatus = amazonGrafanaWorkspace.status;
export const workspaceId = amazonGrafanaWorkspace.id;
export const grafanaVersion = amazonGrafanaWorkspace.grafanaVersion;

Coming soon!

Example

using System.Collections.Generic;
using Pulumi;
using AwsNative = Pulumi.AwsNative;

return await Deployment.RunAsync(() => 
{
    var automationExecutionRole = new AwsNative.IAM.Role("automationExecutionRole", new()
    {
        AssumeRolePolicyDocument = 
        {
            { "version", "2012-10-17" },
            { "statement", new[]
            {
                
                {
                    { "effect", "Allow" },
                    { "principal", 
                    {
                        { "service", "ssm.amazonaws.com" },
                    } },
                    { "action", new[]
                    {
                        "sts:AssumeRole",
                    } },
                },
            } },
        },
        Path = "/",
        ManagedPolicyArns = new[]
        {
            "arn:${AWS::Partition}:iam::aws:policy/AmazonEC2FullAccess",
        },
    });

    var automationAssociation = new AwsNative.SSM.Association("automationAssociation", new()
    {
        Name = "AWS-StopEC2Instance",
        Parameters = 
        {
            { "automationAssumeRole", new[]
            {
                "AutomationExecutionRole.Arn",
            } },
        },
        Targets = new[]
        {
            new AwsNative.SSM.Inputs.AssociationTargetArgs
            {
                Key = "ParameterValues",
                Values = new[]
                {
                    "i-1234567890abcdef0",
                },
            },
        },
        AutomationTargetParameterName = "InstanceId",
    });

});
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/ssm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.NewRole(ctx, "automationExecutionRole", &iam.RoleArgs{
			AssumeRolePolicyDocument: pulumi.Any{
				Version: "2012-10-17",
				Statement: []map[string]interface{}{
					map[string]interface{}{
						"effect": "Allow",
						"principal": map[string]interface{}{
							"service": "ssm.amazonaws.com",
						},
						"action": []string{
							"sts:AssumeRole",
						},
					},
				},
			},
			Path: pulumi.String("/"),
			ManagedPolicyArns: pulumi.StringArray{
				pulumi.String(fmt.Sprintf("arn:${AWS::Partition}:iam::aws:policy/AmazonEC2FullAccess")),
			},
		})
		if err != nil {
			return err
		}
		_, err = ssm.NewAssociation(ctx, "automationAssociation", &ssm.AssociationArgs{
			Name: pulumi.String("AWS-StopEC2Instance"),
			Parameters: pulumi.Any{
				AutomationAssumeRole: []string{
					"AutomationExecutionRole.Arn",
				},
			},
			Targets: []ssm.AssociationTargetArgs{
				{
					Key: pulumi.String("ParameterValues"),
					Values: pulumi.StringArray{
						pulumi.String("i-1234567890abcdef0"),
					},
				},
			},
			AutomationTargetParameterName: pulumi.String("InstanceId"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Coming soon!

import pulumi
import pulumi_aws_native as aws_native

automation_execution_role = aws_native.iam.Role("automationExecutionRole",
    assume_role_policy_document={
        "version": "2012-10-17",
        "statement": [{
            "effect": "Allow",
            "principal": {
                "service": "ssm.amazonaws.com",
            },
            "action": ["sts:AssumeRole"],
        }],
    },
    path="/",
    managed_policy_arns=["arn:${AWS::Partition}:iam::aws:policy/AmazonEC2FullAccess"])
automation_association = aws_native.ssm.Association("automationAssociation",
    name="AWS-StopEC2Instance",
    parameters={
        "automationAssumeRole": ["AutomationExecutionRole.Arn"],
    },
    targets=[aws_native.ssm.AssociationTargetArgs(
        key="ParameterValues",
        values=["i-1234567890abcdef0"],
    )],
    automation_target_parameter_name="InstanceId")
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";

const automationExecutionRole = new aws_native.iam.Role("automationExecutionRole", {
    assumeRolePolicyDocument: {
        version: "2012-10-17",
        statement: [{
            effect: "Allow",
            principal: {
                service: "ssm.amazonaws.com",
            },
            action: ["sts:AssumeRole"],
        }],
    },
    path: "/",
    managedPolicyArns: [`arn:${AWS::Partition}:iam::aws:policy/AmazonEC2FullAccess`],
});
const automationAssociation = new aws_native.ssm.Association("automationAssociation", {
    name: "AWS-StopEC2Instance",
    parameters: {
        automationAssumeRole: ["AutomationExecutionRole.Arn"],
    },
    targets: [{
        key: "ParameterValues",
        values: ["i-1234567890abcdef0"],
    }],
    automationTargetParameterName: "InstanceId",
});

Coming soon!

Create Role Resource

new Role(name: string, args: RoleArgs, opts?: CustomResourceOptions);
@overload
def Role(resource_name: str,
         opts: Optional[ResourceOptions] = None,
         assume_role_policy_document: Optional[Any] = None,
         description: Optional[str] = None,
         managed_policy_arns: Optional[Sequence[str]] = None,
         max_session_duration: Optional[int] = None,
         path: Optional[str] = None,
         permissions_boundary: Optional[str] = None,
         policies: Optional[Sequence[RolePolicyArgs]] = None,
         role_name: Optional[str] = None,
         tags: Optional[Sequence[RoleTagArgs]] = None)
@overload
def Role(resource_name: str,
         args: RoleArgs,
         opts: Optional[ResourceOptions] = None)
func NewRole(ctx *Context, name string, args RoleArgs, opts ...ResourceOption) (*Role, error)
public Role(string name, RoleArgs args, CustomResourceOptions? opts = null)
public Role(String name, RoleArgs args)
public Role(String name, RoleArgs args, CustomResourceOptions options)
type: aws-native:iam:Role
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args RoleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args RoleArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args RoleArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args RoleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args RoleArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Role Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Role resource accepts the following input properties:

AssumeRolePolicyDocument object

The trust policy that is associated with this role.

Description string

A description of the role that you provide.

ManagedPolicyArns List<string>

A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role.

MaxSessionDuration int

The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.

Path string

The path to the role.

PermissionsBoundary string

The ARN of the policy used to set the permissions boundary for the role.

Policies List<Pulumi.AwsNative.IAM.Inputs.RolePolicyArgs>

Adds or updates an inline policy document that is embedded in the specified IAM role.

RoleName string

A name for the IAM role, up to 64 characters in length.

Tags List<Pulumi.AwsNative.IAM.Inputs.RoleTagArgs>

A list of tags that are attached to the role.

AssumeRolePolicyDocument interface{}

The trust policy that is associated with this role.

Description string

A description of the role that you provide.

ManagedPolicyArns []string

A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role.

MaxSessionDuration int

The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.

Path string

The path to the role.

PermissionsBoundary string

The ARN of the policy used to set the permissions boundary for the role.

Policies []RolePolicyArgs

Adds or updates an inline policy document that is embedded in the specified IAM role.

RoleName string

A name for the IAM role, up to 64 characters in length.

Tags []RoleTagArgs

A list of tags that are attached to the role.

assumeRolePolicyDocument Object

The trust policy that is associated with this role.

description String

A description of the role that you provide.

managedPolicyArns List<String>

A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role.

maxSessionDuration Integer

The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.

path String

The path to the role.

permissionsBoundary String

The ARN of the policy used to set the permissions boundary for the role.

policies List<RolePolicyArgs>

Adds or updates an inline policy document that is embedded in the specified IAM role.

roleName String

A name for the IAM role, up to 64 characters in length.

tags List<RoleTagArgs>

A list of tags that are attached to the role.

assumeRolePolicyDocument any

The trust policy that is associated with this role.

description string

A description of the role that you provide.

managedPolicyArns string[]

A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role.

maxSessionDuration number

The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.

path string

The path to the role.

permissionsBoundary string

The ARN of the policy used to set the permissions boundary for the role.

policies RolePolicyArgs[]

Adds or updates an inline policy document that is embedded in the specified IAM role.

roleName string

A name for the IAM role, up to 64 characters in length.

tags RoleTagArgs[]

A list of tags that are attached to the role.

assume_role_policy_document Any

The trust policy that is associated with this role.

description str

A description of the role that you provide.

managed_policy_arns Sequence[str]

A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role.

max_session_duration int

The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.

path str

The path to the role.

permissions_boundary str

The ARN of the policy used to set the permissions boundary for the role.

policies Sequence[RolePolicyArgs]

Adds or updates an inline policy document that is embedded in the specified IAM role.

role_name str

A name for the IAM role, up to 64 characters in length.

tags Sequence[RoleTagArgs]

A list of tags that are attached to the role.

assumeRolePolicyDocument Any

The trust policy that is associated with this role.

description String

A description of the role that you provide.

managedPolicyArns List<String>

A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role.

maxSessionDuration Number

The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.

path String

The path to the role.

permissionsBoundary String

The ARN of the policy used to set the permissions boundary for the role.

policies List<Property Map>

Adds or updates an inline policy document that is embedded in the specified IAM role.

roleName String

A name for the IAM role, up to 64 characters in length.

tags List<Property Map>

A list of tags that are attached to the role.

Outputs

All input properties are implicitly available as output properties. Additionally, the Role resource produces the following output properties:

Arn string

The Amazon Resource Name (ARN) for the role.

Id string

The provider-assigned unique ID for this managed resource.

RoleId string

The stable and unique string identifying the role.

Arn string

The Amazon Resource Name (ARN) for the role.

Id string

The provider-assigned unique ID for this managed resource.

RoleId string

The stable and unique string identifying the role.

arn String

The Amazon Resource Name (ARN) for the role.

id String

The provider-assigned unique ID for this managed resource.

roleId String

The stable and unique string identifying the role.

arn string

The Amazon Resource Name (ARN) for the role.

id string

The provider-assigned unique ID for this managed resource.

roleId string

The stable and unique string identifying the role.

arn str

The Amazon Resource Name (ARN) for the role.

id str

The provider-assigned unique ID for this managed resource.

role_id str

The stable and unique string identifying the role.

arn String

The Amazon Resource Name (ARN) for the role.

id String

The provider-assigned unique ID for this managed resource.

roleId String

The stable and unique string identifying the role.

Supporting Types

RolePolicy

PolicyDocument string

The policy document.

PolicyName string

The friendly name (not ARN) identifying the policy.

PolicyDocument string

The policy document.

PolicyName string

The friendly name (not ARN) identifying the policy.

policyDocument String

The policy document.

policyName String

The friendly name (not ARN) identifying the policy.

policyDocument string

The policy document.

policyName string

The friendly name (not ARN) identifying the policy.

policy_document str

The policy document.

policy_name str

The friendly name (not ARN) identifying the policy.

policyDocument String

The policy document.

policyName String

The friendly name (not ARN) identifying the policy.

RoleTag

Key string

The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

Value string

The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

Key string

The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

Value string

The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

key String

The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

value String

The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

key string

The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

value string

The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

key str

The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

value str

The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

key String

The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

value String

The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.

Package Details

Repository
AWS Native pulumi/pulumi-aws-native
License
Apache-2.0