AWS Classic

Pulumi Official
Package maintained by Pulumi
v5.9.1 published on Tuesday, Jun 21, 2022 by Pulumi

UserLoginProfile

Manages an IAM User Login Profile with limited support for password creation during this provider resource creation. Uses PGP to encrypt the password for safe transport to the user. PGP keys can be obtained from Keybase.

To reset an IAM User login password via this provider, you can use delete and recreate this resource or change any of the arguments.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var exampleUser = new Aws.Iam.User("exampleUser", new Aws.Iam.UserArgs
        {
            Path = "/",
            ForceDestroy = true,
        });
        var exampleUserLoginProfile = new Aws.Iam.UserLoginProfile("exampleUserLoginProfile", new Aws.Iam.UserLoginProfileArgs
        {
            User = exampleUser.Name,
            PgpKey = "keybase:some_person_that_exists",
        });
        this.Password = exampleUserLoginProfile.EncryptedPassword;
    }

    [Output("password")]
    public Output<string> Password { get; set; }
}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleUser, err := iam.NewUser(ctx, "exampleUser", &iam.UserArgs{
			Path:         pulumi.String("/"),
			ForceDestroy: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		exampleUserLoginProfile, err := iam.NewUserLoginProfile(ctx, "exampleUserLoginProfile", &iam.UserLoginProfileArgs{
			User:   exampleUser.Name,
			PgpKey: pulumi.String("keybase:some_person_that_exists"),
		})
		if err != nil {
			return err
		}
		ctx.Export("password", exampleUserLoginProfile.EncryptedPassword)
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleUser = new User("exampleUser", UserArgs.builder()        
            .path("/")
            .forceDestroy(true)
            .build());

        var exampleUserLoginProfile = new UserLoginProfile("exampleUserLoginProfile", UserLoginProfileArgs.builder()        
            .user(exampleUser.name())
            .pgpKey("keybase:some_person_that_exists")
            .build());

        ctx.export("password", exampleUserLoginProfile.encryptedPassword());
    }
}
import pulumi
import pulumi_aws as aws

example_user = aws.iam.User("exampleUser",
    path="/",
    force_destroy=True)
example_user_login_profile = aws.iam.UserLoginProfile("exampleUserLoginProfile",
    user=example_user.name,
    pgp_key="keybase:some_person_that_exists")
pulumi.export("password", example_user_login_profile.encrypted_password)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleUser = new aws.iam.User("exampleUser", {
    path: "/",
    forceDestroy: true,
});
const exampleUserLoginProfile = new aws.iam.UserLoginProfile("exampleUserLoginProfile", {
    user: exampleUser.name,
    pgpKey: "keybase:some_person_that_exists",
});
export const password = exampleUserLoginProfile.encryptedPassword;
resources:
  exampleUser:
    type: aws:iam:User
    properties:
      path: /
      forceDestroy: true
  exampleUserLoginProfile:
    type: aws:iam:UserLoginProfile
    properties:
      user: ${exampleUser.name}
      pgpKey: keybase:some_person_that_exists
outputs:
  password: ${exampleUserLoginProfile.encryptedPassword}

Create a UserLoginProfile Resource

new UserLoginProfile(name: string, args: UserLoginProfileArgs, opts?: CustomResourceOptions);
@overload
def UserLoginProfile(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     password_length: Optional[int] = None,
                     password_reset_required: Optional[bool] = None,
                     pgp_key: Optional[str] = None,
                     user: Optional[str] = None)
@overload
def UserLoginProfile(resource_name: str,
                     args: UserLoginProfileArgs,
                     opts: Optional[ResourceOptions] = None)
func NewUserLoginProfile(ctx *Context, name string, args UserLoginProfileArgs, opts ...ResourceOption) (*UserLoginProfile, error)
public UserLoginProfile(string name, UserLoginProfileArgs args, CustomResourceOptions? opts = null)
public UserLoginProfile(String name, UserLoginProfileArgs args)
public UserLoginProfile(String name, UserLoginProfileArgs args, CustomResourceOptions options)
type: aws:iam:UserLoginProfile
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args UserLoginProfileArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args UserLoginProfileArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args UserLoginProfileArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args UserLoginProfileArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args UserLoginProfileArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

UserLoginProfile Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The UserLoginProfile resource accepts the following input properties:

User string

The IAM user's name.

PasswordLength int

The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is 20.

PasswordResetRequired bool

Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.

PgpKey string

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.

User string

The IAM user's name.

PasswordLength int

The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is 20.

PasswordResetRequired bool

Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.

PgpKey string

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.

user String

The IAM user's name.

passwordLength Integer

The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is 20.

passwordResetRequired Boolean

Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.

pgpKey String

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.

user string

The IAM user's name.

passwordLength number

The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is 20.

passwordResetRequired boolean

Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.

pgpKey string

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.

user str

The IAM user's name.

password_length int

The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is 20.

password_reset_required bool

Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.

pgp_key str

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.

user String

The IAM user's name.

passwordLength Number

The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is 20.

passwordResetRequired Boolean

Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.

pgpKey String

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.

Outputs

All input properties are implicitly available as output properties. Additionally, the UserLoginProfile resource produces the following output properties:

EncryptedPassword string
Id string

The provider-assigned unique ID for this managed resource.

KeyFingerprint string

The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.

Password string

The plain text password, only available when pgp_key is not provided.

EncryptedPassword string
Id string

The provider-assigned unique ID for this managed resource.

KeyFingerprint string

The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.

Password string

The plain text password, only available when pgp_key is not provided.

encryptedPassword String
id String

The provider-assigned unique ID for this managed resource.

keyFingerprint String

The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.

password String

The plain text password, only available when pgp_key is not provided.

encryptedPassword string
id string

The provider-assigned unique ID for this managed resource.

keyFingerprint string

The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.

password string

The plain text password, only available when pgp_key is not provided.

encrypted_password str
id str

The provider-assigned unique ID for this managed resource.

key_fingerprint str

The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.

password str

The plain text password, only available when pgp_key is not provided.

encryptedPassword String
id String

The provider-assigned unique ID for this managed resource.

keyFingerprint String

The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.

password String

The plain text password, only available when pgp_key is not provided.

Look up an Existing UserLoginProfile Resource

Get an existing UserLoginProfile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: UserLoginProfileState, opts?: CustomResourceOptions): UserLoginProfile
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        encrypted_password: Optional[str] = None,
        key_fingerprint: Optional[str] = None,
        password: Optional[str] = None,
        password_length: Optional[int] = None,
        password_reset_required: Optional[bool] = None,
        pgp_key: Optional[str] = None,
        user: Optional[str] = None) -> UserLoginProfile
func GetUserLoginProfile(ctx *Context, name string, id IDInput, state *UserLoginProfileState, opts ...ResourceOption) (*UserLoginProfile, error)
public static UserLoginProfile Get(string name, Input<string> id, UserLoginProfileState? state, CustomResourceOptions? opts = null)
public static UserLoginProfile get(String name, Output<String> id, UserLoginProfileState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
EncryptedPassword string
KeyFingerprint string

The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.

Password string

The plain text password, only available when pgp_key is not provided.

PasswordLength int

The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is 20.

PasswordResetRequired bool

Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.

PgpKey string

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.

User string

The IAM user's name.

EncryptedPassword string
KeyFingerprint string

The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.

Password string

The plain text password, only available when pgp_key is not provided.

PasswordLength int

The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is 20.

PasswordResetRequired bool

Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.

PgpKey string

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.

User string

The IAM user's name.

encryptedPassword String
keyFingerprint String

The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.

password String

The plain text password, only available when pgp_key is not provided.

passwordLength Integer

The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is 20.

passwordResetRequired Boolean

Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.

pgpKey String

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.

user String

The IAM user's name.

encryptedPassword string
keyFingerprint string

The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.

password string

The plain text password, only available when pgp_key is not provided.

passwordLength number

The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is 20.

passwordResetRequired boolean

Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.

pgpKey string

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.

user string

The IAM user's name.

encrypted_password str
key_fingerprint str

The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.

password str

The plain text password, only available when pgp_key is not provided.

password_length int

The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is 20.

password_reset_required bool

Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.

pgp_key str

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.

user str

The IAM user's name.

encryptedPassword String
keyFingerprint String

The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.

password String

The plain text password, only available when pgp_key is not provided.

passwordLength Number

The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is 20.

passwordResetRequired Boolean

Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.

pgpKey String

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.

user String

The IAM user's name.

Import

IAM User Login Profiles can be imported without password information support via the IAM User name, e.g.,

 $ pulumi import aws:iam/userLoginProfile:UserLoginProfile example myusername

Since this provider has no method to read the PGP or password information during import, use ignore_changes argument to ignore them unless password recreation is desired. e.g. terraform resource “aws_iam_user_login_profile” “example” {

… other configuration …

lifecycle {

ignore_changes = [

password_length,

password_reset_required,

pgp_key,

]

} }

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.