1. Packages
  2. AWS Classic
  3. API Docs
  4. iam
  5. AccessKey

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.23.0 published on Thursday, Feb 22, 2024 by Pulumi

aws.iam.AccessKey

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.23.0 published on Thursday, Feb 22, 2024 by Pulumi

    Provides an IAM access key. This is a set of credentials that allow API requests to be made as an IAM user.

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var lbUser = new Aws.Iam.User("lbUser", new()
        {
            Path = "/system/",
        });
    
        var lbAccessKey = new Aws.Iam.AccessKey("lbAccessKey", new()
        {
            User = lbUser.Name,
            PgpKey = "keybase:some_person_that_exists",
        });
    
        var lbRoPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()
        {
            Statements = new[]
            {
                new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
                {
                    Effect = "Allow",
                    Actions = new[]
                    {
                        "ec2:Describe*",
                    },
                    Resources = new[]
                    {
                        "*",
                    },
                },
            },
        });
    
        var lbRoUserPolicy = new Aws.Iam.UserPolicy("lbRoUserPolicy", new()
        {
            User = lbUser.Name,
            Policy = lbRoPolicyDocument.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
        });
    
        return new Dictionary<string, object?>
        {
            ["secret"] = lbAccessKey.EncryptedSecret,
        };
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		lbUser, err := iam.NewUser(ctx, "lbUser", &iam.UserArgs{
    			Path: pulumi.String("/system/"),
    		})
    		if err != nil {
    			return err
    		}
    		lbAccessKey, err := iam.NewAccessKey(ctx, "lbAccessKey", &iam.AccessKeyArgs{
    			User:   lbUser.Name,
    			PgpKey: pulumi.String("keybase:some_person_that_exists"),
    		})
    		if err != nil {
    			return err
    		}
    		lbRoPolicyDocument, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
    			Statements: []iam.GetPolicyDocumentStatement{
    				{
    					Effect: pulumi.StringRef("Allow"),
    					Actions: []string{
    						"ec2:Describe*",
    					},
    					Resources: []string{
    						"*",
    					},
    				},
    			},
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = iam.NewUserPolicy(ctx, "lbRoUserPolicy", &iam.UserPolicyArgs{
    			User:   lbUser.Name,
    			Policy: *pulumi.String(lbRoPolicyDocument.Json),
    		})
    		if err != nil {
    			return err
    		}
    		ctx.Export("secret", lbAccessKey.EncryptedSecret)
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.iam.User;
    import com.pulumi.aws.iam.UserArgs;
    import com.pulumi.aws.iam.AccessKey;
    import com.pulumi.aws.iam.AccessKeyArgs;
    import com.pulumi.aws.iam.IamFunctions;
    import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
    import com.pulumi.aws.iam.UserPolicy;
    import com.pulumi.aws.iam.UserPolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var lbUser = new User("lbUser", UserArgs.builder()        
                .path("/system/")
                .build());
    
            var lbAccessKey = new AccessKey("lbAccessKey", AccessKeyArgs.builder()        
                .user(lbUser.name())
                .pgpKey("keybase:some_person_that_exists")
                .build());
    
            final var lbRoPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
                .statements(GetPolicyDocumentStatementArgs.builder()
                    .effect("Allow")
                    .actions("ec2:Describe*")
                    .resources("*")
                    .build())
                .build());
    
            var lbRoUserPolicy = new UserPolicy("lbRoUserPolicy", UserPolicyArgs.builder()        
                .user(lbUser.name())
                .policy(lbRoPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
                .build());
    
            ctx.export("secret", lbAccessKey.encryptedSecret());
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    lb_user = aws.iam.User("lbUser", path="/system/")
    lb_access_key = aws.iam.AccessKey("lbAccessKey",
        user=lb_user.name,
        pgp_key="keybase:some_person_that_exists")
    lb_ro_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(
        effect="Allow",
        actions=["ec2:Describe*"],
        resources=["*"],
    )])
    lb_ro_user_policy = aws.iam.UserPolicy("lbRoUserPolicy",
        user=lb_user.name,
        policy=lb_ro_policy_document.json)
    pulumi.export("secret", lb_access_key.encrypted_secret)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const lbUser = new aws.iam.User("lbUser", {path: "/system/"});
    const lbAccessKey = new aws.iam.AccessKey("lbAccessKey", {
        user: lbUser.name,
        pgpKey: "keybase:some_person_that_exists",
    });
    const lbRoPolicyDocument = aws.iam.getPolicyDocument({
        statements: [{
            effect: "Allow",
            actions: ["ec2:Describe*"],
            resources: ["*"],
        }],
    });
    const lbRoUserPolicy = new aws.iam.UserPolicy("lbRoUserPolicy", {
        user: lbUser.name,
        policy: lbRoPolicyDocument.then(lbRoPolicyDocument => lbRoPolicyDocument.json),
    });
    export const secret = lbAccessKey.encryptedSecret;
    
    resources:
      lbAccessKey:
        type: aws:iam:AccessKey
        properties:
          user: ${lbUser.name}
          pgpKey: keybase:some_person_that_exists
      lbUser:
        type: aws:iam:User
        properties:
          path: /system/
      lbRoUserPolicy:
        type: aws:iam:UserPolicy
        properties:
          user: ${lbUser.name}
          policy: ${lbRoPolicyDocument.json}
    variables:
      lbRoPolicyDocument:
        fn::invoke:
          Function: aws:iam:getPolicyDocument
          Arguments:
            statements:
              - effect: Allow
                actions:
                  - ec2:Describe*
                resources:
                  - '*'
    outputs:
      secret: ${lbAccessKey.encryptedSecret}
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var testUser = new Aws.Iam.User("testUser", new()
        {
            Path = "/test/",
        });
    
        var testAccessKey = new Aws.Iam.AccessKey("testAccessKey", new()
        {
            User = testUser.Name,
        });
    
        return new Dictionary<string, object?>
        {
            ["awsIamSmtpPasswordV4"] = testAccessKey.SesSmtpPasswordV4,
        };
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		testUser, err := iam.NewUser(ctx, "testUser", &iam.UserArgs{
    			Path: pulumi.String("/test/"),
    		})
    		if err != nil {
    			return err
    		}
    		testAccessKey, err := iam.NewAccessKey(ctx, "testAccessKey", &iam.AccessKeyArgs{
    			User: testUser.Name,
    		})
    		if err != nil {
    			return err
    		}
    		ctx.Export("awsIamSmtpPasswordV4", testAccessKey.SesSmtpPasswordV4)
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.iam.User;
    import com.pulumi.aws.iam.UserArgs;
    import com.pulumi.aws.iam.AccessKey;
    import com.pulumi.aws.iam.AccessKeyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var testUser = new User("testUser", UserArgs.builder()        
                .path("/test/")
                .build());
    
            var testAccessKey = new AccessKey("testAccessKey", AccessKeyArgs.builder()        
                .user(testUser.name())
                .build());
    
            ctx.export("awsIamSmtpPasswordV4", testAccessKey.sesSmtpPasswordV4());
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    test_user = aws.iam.User("testUser", path="/test/")
    test_access_key = aws.iam.AccessKey("testAccessKey", user=test_user.name)
    pulumi.export("awsIamSmtpPasswordV4", test_access_key.ses_smtp_password_v4)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const testUser = new aws.iam.User("testUser", {path: "/test/"});
    const testAccessKey = new aws.iam.AccessKey("testAccessKey", {user: testUser.name});
    export const awsIamSmtpPasswordV4 = testAccessKey.sesSmtpPasswordV4;
    
    resources:
      testUser:
        type: aws:iam:User
        properties:
          path: /test/
      testAccessKey:
        type: aws:iam:AccessKey
        properties:
          user: ${testUser.name}
    outputs:
      awsIamSmtpPasswordV4: ${testAccessKey.sesSmtpPasswordV4}
    

    Create AccessKey Resource

    new AccessKey(name: string, args: AccessKeyArgs, opts?: CustomResourceOptions);
    @overload
    def AccessKey(resource_name: str,
                  opts: Optional[ResourceOptions] = None,
                  pgp_key: Optional[str] = None,
                  status: Optional[str] = None,
                  user: Optional[str] = None)
    @overload
    def AccessKey(resource_name: str,
                  args: AccessKeyArgs,
                  opts: Optional[ResourceOptions] = None)
    func NewAccessKey(ctx *Context, name string, args AccessKeyArgs, opts ...ResourceOption) (*AccessKey, error)
    public AccessKey(string name, AccessKeyArgs args, CustomResourceOptions? opts = null)
    public AccessKey(String name, AccessKeyArgs args)
    public AccessKey(String name, AccessKeyArgs args, CustomResourceOptions options)
    
    type: aws:iam:AccessKey
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args AccessKeyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AccessKeyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AccessKeyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AccessKeyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AccessKeyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    AccessKey Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AccessKey resource accepts the following input properties:

    User string
    IAM user to associate with this access key.
    PgpKey string
    Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists, for use in the encrypted_secret output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the -a option to gpg --export).
    Status string
    Access key status to apply. Defaults to Active. Valid values are Active and Inactive.
    User string
    IAM user to associate with this access key.
    PgpKey string
    Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists, for use in the encrypted_secret output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the -a option to gpg --export).
    Status string
    Access key status to apply. Defaults to Active. Valid values are Active and Inactive.
    user String
    IAM user to associate with this access key.
    pgpKey String
    Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists, for use in the encrypted_secret output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the -a option to gpg --export).
    status String
    Access key status to apply. Defaults to Active. Valid values are Active and Inactive.
    user string
    IAM user to associate with this access key.
    pgpKey string
    Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists, for use in the encrypted_secret output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the -a option to gpg --export).
    status string
    Access key status to apply. Defaults to Active. Valid values are Active and Inactive.
    user str
    IAM user to associate with this access key.
    pgp_key str
    Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists, for use in the encrypted_secret output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the -a option to gpg --export).
    status str
    Access key status to apply. Defaults to Active. Valid values are Active and Inactive.
    user String
    IAM user to associate with this access key.
    pgpKey String
    Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists, for use in the encrypted_secret output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the -a option to gpg --export).
    status String
    Access key status to apply. Defaults to Active. Valid values are Active and Inactive.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AccessKey resource produces the following output properties:

    CreateDate string
    Date and time in RFC3339 format that the access key was created.
    EncryptedSecret string
    Encrypted secret, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line.
    EncryptedSesSmtpPasswordV4 string
    Encrypted SES SMTP password, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line.
    Id string
    The provider-assigned unique ID for this managed resource.
    KeyFingerprint string
    Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
    Secret string
    Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.
    SesSmtpPasswordV4 string
    Secret access key converted into an SES SMTP password by applying AWS's documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are ap-south-1, ap-southeast-2, eu-central-1, eu-west-1, us-east-1 and us-west-2. See current AWS SES regions.
    CreateDate string
    Date and time in RFC3339 format that the access key was created.
    EncryptedSecret string
    Encrypted secret, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line.
    EncryptedSesSmtpPasswordV4 string
    Encrypted SES SMTP password, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line.
    Id string
    The provider-assigned unique ID for this managed resource.
    KeyFingerprint string
    Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
    Secret string
    Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.
    SesSmtpPasswordV4 string
    Secret access key converted into an SES SMTP password by applying AWS's documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are ap-south-1, ap-southeast-2, eu-central-1, eu-west-1, us-east-1 and us-west-2. See current AWS SES regions.
    createDate String
    Date and time in RFC3339 format that the access key was created.
    encryptedSecret String
    Encrypted secret, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line.
    encryptedSesSmtpPasswordV4 String
    Encrypted SES SMTP password, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line.
    id String
    The provider-assigned unique ID for this managed resource.
    keyFingerprint String
    Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
    secret String
    Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.
    sesSmtpPasswordV4 String
    Secret access key converted into an SES SMTP password by applying AWS's documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are ap-south-1, ap-southeast-2, eu-central-1, eu-west-1, us-east-1 and us-west-2. See current AWS SES regions.
    createDate string
    Date and time in RFC3339 format that the access key was created.
    encryptedSecret string
    Encrypted secret, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line.
    encryptedSesSmtpPasswordV4 string
    Encrypted SES SMTP password, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line.
    id string
    The provider-assigned unique ID for this managed resource.
    keyFingerprint string
    Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
    secret string
    Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.
    sesSmtpPasswordV4 string
    Secret access key converted into an SES SMTP password by applying AWS's documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are ap-south-1, ap-southeast-2, eu-central-1, eu-west-1, us-east-1 and us-west-2. See current AWS SES regions.
    create_date str
    Date and time in RFC3339 format that the access key was created.
    encrypted_secret str
    Encrypted secret, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line.
    encrypted_ses_smtp_password_v4 str
    Encrypted SES SMTP password, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line.
    id str
    The provider-assigned unique ID for this managed resource.
    key_fingerprint str
    Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
    secret str
    Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.
    ses_smtp_password_v4 str
    Secret access key converted into an SES SMTP password by applying AWS's documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are ap-south-1, ap-southeast-2, eu-central-1, eu-west-1, us-east-1 and us-west-2. See current AWS SES regions.
    createDate String
    Date and time in RFC3339 format that the access key was created.
    encryptedSecret String
    Encrypted secret, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line.
    encryptedSesSmtpPasswordV4 String
    Encrypted SES SMTP password, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line.
    id String
    The provider-assigned unique ID for this managed resource.
    keyFingerprint String
    Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
    secret String
    Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.
    sesSmtpPasswordV4 String
    Secret access key converted into an SES SMTP password by applying AWS's documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are ap-south-1, ap-southeast-2, eu-central-1, eu-west-1, us-east-1 and us-west-2. See current AWS SES regions.

    Look up Existing AccessKey Resource

    Get an existing AccessKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: AccessKeyState, opts?: CustomResourceOptions): AccessKey
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            create_date: Optional[str] = None,
            encrypted_secret: Optional[str] = None,
            encrypted_ses_smtp_password_v4: Optional[str] = None,
            key_fingerprint: Optional[str] = None,
            pgp_key: Optional[str] = None,
            secret: Optional[str] = None,
            ses_smtp_password_v4: Optional[str] = None,
            status: Optional[str] = None,
            user: Optional[str] = None) -> AccessKey
    func GetAccessKey(ctx *Context, name string, id IDInput, state *AccessKeyState, opts ...ResourceOption) (*AccessKey, error)
    public static AccessKey Get(string name, Input<string> id, AccessKeyState? state, CustomResourceOptions? opts = null)
    public static AccessKey get(String name, Output<String> id, AccessKeyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    CreateDate string
    Date and time in RFC3339 format that the access key was created.
    EncryptedSecret string
    Encrypted secret, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line.
    EncryptedSesSmtpPasswordV4 string
    Encrypted SES SMTP password, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line.
    KeyFingerprint string
    Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
    PgpKey string
    Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists, for use in the encrypted_secret output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the -a option to gpg --export).
    Secret string
    Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.
    SesSmtpPasswordV4 string
    Secret access key converted into an SES SMTP password by applying AWS's documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are ap-south-1, ap-southeast-2, eu-central-1, eu-west-1, us-east-1 and us-west-2. See current AWS SES regions.
    Status string
    Access key status to apply. Defaults to Active. Valid values are Active and Inactive.
    User string
    IAM user to associate with this access key.
    CreateDate string
    Date and time in RFC3339 format that the access key was created.
    EncryptedSecret string
    Encrypted secret, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line.
    EncryptedSesSmtpPasswordV4 string
    Encrypted SES SMTP password, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line.
    KeyFingerprint string
    Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
    PgpKey string
    Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists, for use in the encrypted_secret output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the -a option to gpg --export).
    Secret string
    Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.
    SesSmtpPasswordV4 string
    Secret access key converted into an SES SMTP password by applying AWS's documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are ap-south-1, ap-southeast-2, eu-central-1, eu-west-1, us-east-1 and us-west-2. See current AWS SES regions.
    Status string
    Access key status to apply. Defaults to Active. Valid values are Active and Inactive.
    User string
    IAM user to associate with this access key.
    createDate String
    Date and time in RFC3339 format that the access key was created.
    encryptedSecret String
    Encrypted secret, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line.
    encryptedSesSmtpPasswordV4 String
    Encrypted SES SMTP password, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line.
    keyFingerprint String
    Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
    pgpKey String
    Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists, for use in the encrypted_secret output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the -a option to gpg --export).
    secret String
    Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.
    sesSmtpPasswordV4 String
    Secret access key converted into an SES SMTP password by applying AWS's documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are ap-south-1, ap-southeast-2, eu-central-1, eu-west-1, us-east-1 and us-west-2. See current AWS SES regions.
    status String
    Access key status to apply. Defaults to Active. Valid values are Active and Inactive.
    user String
    IAM user to associate with this access key.
    createDate string
    Date and time in RFC3339 format that the access key was created.
    encryptedSecret string
    Encrypted secret, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line.
    encryptedSesSmtpPasswordV4 string
    Encrypted SES SMTP password, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line.
    keyFingerprint string
    Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
    pgpKey string
    Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists, for use in the encrypted_secret output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the -a option to gpg --export).
    secret string
    Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.
    sesSmtpPasswordV4 string
    Secret access key converted into an SES SMTP password by applying AWS's documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are ap-south-1, ap-southeast-2, eu-central-1, eu-west-1, us-east-1 and us-west-2. See current AWS SES regions.
    status string
    Access key status to apply. Defaults to Active. Valid values are Active and Inactive.
    user string
    IAM user to associate with this access key.
    create_date str
    Date and time in RFC3339 format that the access key was created.
    encrypted_secret str
    Encrypted secret, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line.
    encrypted_ses_smtp_password_v4 str
    Encrypted SES SMTP password, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line.
    key_fingerprint str
    Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
    pgp_key str
    Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists, for use in the encrypted_secret output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the -a option to gpg --export).
    secret str
    Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.
    ses_smtp_password_v4 str
    Secret access key converted into an SES SMTP password by applying AWS's documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are ap-south-1, ap-southeast-2, eu-central-1, eu-west-1, us-east-1 and us-west-2. See current AWS SES regions.
    status str
    Access key status to apply. Defaults to Active. Valid values are Active and Inactive.
    user str
    IAM user to associate with this access key.
    createDate String
    Date and time in RFC3339 format that the access key was created.
    encryptedSecret String
    Encrypted secret, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line.
    encryptedSesSmtpPasswordV4 String
    Encrypted SES SMTP password, base64 encoded, if pgp_key was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line.
    keyFingerprint String
    Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
    pgpKey String
    Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists, for use in the encrypted_secret output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the -a option to gpg --export).
    secret String
    Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a pgp_key instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.
    sesSmtpPasswordV4 String
    Secret access key converted into an SES SMTP password by applying AWS's documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are ap-south-1, ap-southeast-2, eu-central-1, eu-west-1, us-east-1 and us-west-2. See current AWS SES regions.
    status String
    Access key status to apply. Defaults to Active. Valid values are Active and Inactive.
    user String
    IAM user to associate with this access key.

    Import

    Using pulumi import, import IAM Access Keys using the identifier. For example:

     $ pulumi import aws:iam/accessKey:AccessKey example AKIA1234567890
    

    Resource attributes such as encrypted_secret, key_fingerprint, pgp_key, secret, ses_smtp_password_v4, and encrypted_ses_smtp_password_v4 are not available for imported resources as this information cannot be read from the IAM API.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.23.0 published on Thursday, Feb 22, 2024 by Pulumi