AWS Classic
UserLoginProfile
Manages an IAM User Login Profile with limited support for password creation during this provider resource creation. Uses PGP to encrypt the password for safe transport to the user. PGP keys can be obtained from Keybase.
To reset an IAM User login password via this provider, you can use delete and recreate this resource or change any of the arguments.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var exampleUser = new Aws.Iam.User("exampleUser", new Aws.Iam.UserArgs
{
Path = "/",
ForceDestroy = true,
});
var exampleUserLoginProfile = new Aws.Iam.UserLoginProfile("exampleUserLoginProfile", new Aws.Iam.UserLoginProfileArgs
{
User = exampleUser.Name,
PgpKey = "keybase:some_person_that_exists",
});
this.Password = exampleUserLoginProfile.EncryptedPassword;
}
[Output("password")]
public Output<string> Password { get; set; }
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleUser, err := iam.NewUser(ctx, "exampleUser", &iam.UserArgs{
Path: pulumi.String("/"),
ForceDestroy: pulumi.Bool(true),
})
if err != nil {
return err
}
exampleUserLoginProfile, err := iam.NewUserLoginProfile(ctx, "exampleUserLoginProfile", &iam.UserLoginProfileArgs{
User: exampleUser.Name,
PgpKey: pulumi.String("keybase:some_person_that_exists"),
})
if err != nil {
return err
}
ctx.Export("password", exampleUserLoginProfile.EncryptedPassword)
return nil
})
}
package generated_program;
import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleUser = new User("exampleUser", UserArgs.builder()
.path("/")
.forceDestroy(true)
.build());
var exampleUserLoginProfile = new UserLoginProfile("exampleUserLoginProfile", UserLoginProfileArgs.builder()
.user(exampleUser.name())
.pgpKey("keybase:some_person_that_exists")
.build());
ctx.export("password", exampleUserLoginProfile.encryptedPassword());
}
}
import pulumi
import pulumi_aws as aws
example_user = aws.iam.User("exampleUser",
path="/",
force_destroy=True)
example_user_login_profile = aws.iam.UserLoginProfile("exampleUserLoginProfile",
user=example_user.name,
pgp_key="keybase:some_person_that_exists")
pulumi.export("password", example_user_login_profile.encrypted_password)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleUser = new aws.iam.User("exampleUser", {
path: "/",
forceDestroy: true,
});
const exampleUserLoginProfile = new aws.iam.UserLoginProfile("exampleUserLoginProfile", {
user: exampleUser.name,
pgpKey: "keybase:some_person_that_exists",
});
export const password = exampleUserLoginProfile.encryptedPassword;
resources:
exampleUser:
type: aws:iam:User
properties:
path: /
forceDestroy: true
exampleUserLoginProfile:
type: aws:iam:UserLoginProfile
properties:
user: ${exampleUser.name}
pgpKey: keybase:some_person_that_exists
outputs:
password: ${exampleUserLoginProfile.encryptedPassword}
Create a UserLoginProfile Resource
new UserLoginProfile(name: string, args: UserLoginProfileArgs, opts?: CustomResourceOptions);@overload
def UserLoginProfile(resource_name: str,
opts: Optional[ResourceOptions] = None,
password_length: Optional[int] = None,
password_reset_required: Optional[bool] = None,
pgp_key: Optional[str] = None,
user: Optional[str] = None)
@overload
def UserLoginProfile(resource_name: str,
args: UserLoginProfileArgs,
opts: Optional[ResourceOptions] = None)func NewUserLoginProfile(ctx *Context, name string, args UserLoginProfileArgs, opts ...ResourceOption) (*UserLoginProfile, error)public UserLoginProfile(string name, UserLoginProfileArgs args, CustomResourceOptions? opts = null)
public UserLoginProfile(String name, UserLoginProfileArgs args)
public UserLoginProfile(String name, UserLoginProfileArgs args, CustomResourceOptions options)
type: aws:iam:UserLoginProfile
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args UserLoginProfileArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args UserLoginProfileArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args UserLoginProfileArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args UserLoginProfileArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args UserLoginProfileArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
UserLoginProfile Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The UserLoginProfile resource accepts the following input properties:
- User string
The IAM user's name.
- Password
Length int The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is
20.- Password
Reset boolRequired Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.
- Pgp
Key string Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.
- User string
The IAM user's name.
- Password
Length int The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is
20.- Password
Reset boolRequired Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.
- Pgp
Key string Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.
- user String
The IAM user's name.
- password
Length Integer The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is
20.- password
Reset BooleanRequired Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.
- pgp
Key String Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.
- user string
The IAM user's name.
- password
Length number The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is
20.- password
Reset booleanRequired Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.
- pgp
Key string Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.
- user str
The IAM user's name.
- password_
length int The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is
20.- password_
reset_ boolrequired Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.
- pgp_
key str Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.
- user String
The IAM user's name.
- password
Length Number The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is
20.- password
Reset BooleanRequired Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.
- pgp
Key String Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.
Outputs
All input properties are implicitly available as output properties. Additionally, the UserLoginProfile resource produces the following output properties:
- Encrypted
Password string - Id string
The provider-assigned unique ID for this managed resource.
- Key
Fingerprint string The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.
- Password string
The plain text password, only available when
pgp_keyis not provided.
- Encrypted
Password string - Id string
The provider-assigned unique ID for this managed resource.
- Key
Fingerprint string The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.
- Password string
The plain text password, only available when
pgp_keyis not provided.
- encrypted
Password String - id String
The provider-assigned unique ID for this managed resource.
- key
Fingerprint String The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.
- password String
The plain text password, only available when
pgp_keyis not provided.
- encrypted
Password string - id string
The provider-assigned unique ID for this managed resource.
- key
Fingerprint string The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.
- password string
The plain text password, only available when
pgp_keyis not provided.
- encrypted_
password str - id str
The provider-assigned unique ID for this managed resource.
- key_
fingerprint str The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.
- password str
The plain text password, only available when
pgp_keyis not provided.
- encrypted
Password String - id String
The provider-assigned unique ID for this managed resource.
- key
Fingerprint String The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.
- password String
The plain text password, only available when
pgp_keyis not provided.
Look up an Existing UserLoginProfile Resource
Get an existing UserLoginProfile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: UserLoginProfileState, opts?: CustomResourceOptions): UserLoginProfile@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
encrypted_password: Optional[str] = None,
key_fingerprint: Optional[str] = None,
password: Optional[str] = None,
password_length: Optional[int] = None,
password_reset_required: Optional[bool] = None,
pgp_key: Optional[str] = None,
user: Optional[str] = None) -> UserLoginProfilefunc GetUserLoginProfile(ctx *Context, name string, id IDInput, state *UserLoginProfileState, opts ...ResourceOption) (*UserLoginProfile, error)public static UserLoginProfile Get(string name, Input<string> id, UserLoginProfileState? state, CustomResourceOptions? opts = null)public static UserLoginProfile get(String name, Output<String> id, UserLoginProfileState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Encrypted
Password string - Key
Fingerprint string The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.
- Password string
The plain text password, only available when
pgp_keyis not provided.- Password
Length int The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is
20.- Password
Reset boolRequired Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.
- Pgp
Key string Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.- User string
The IAM user's name.
- Encrypted
Password string - Key
Fingerprint string The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.
- Password string
The plain text password, only available when
pgp_keyis not provided.- Password
Length int The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is
20.- Password
Reset boolRequired Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.
- Pgp
Key string Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.- User string
The IAM user's name.
- encrypted
Password String - key
Fingerprint String The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.
- password String
The plain text password, only available when
pgp_keyis not provided.- password
Length Integer The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is
20.- password
Reset BooleanRequired Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.
- pgp
Key String Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.- user String
The IAM user's name.
- encrypted
Password string - key
Fingerprint string The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.
- password string
The plain text password, only available when
pgp_keyis not provided.- password
Length number The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is
20.- password
Reset booleanRequired Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.
- pgp
Key string Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.- user string
The IAM user's name.
- encrypted_
password str - key_
fingerprint str The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.
- password str
The plain text password, only available when
pgp_keyis not provided.- password_
length int The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is
20.- password_
reset_ boolrequired Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.
- pgp_
key str Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.- user str
The IAM user's name.
- encrypted
Password String - key
Fingerprint String The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.
- password String
The plain text password, only available when
pgp_keyis not provided.- password
Length Number The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is
20.- password
Reset BooleanRequired Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.
- pgp
Key String Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.- user String
The IAM user's name.
Import
IAM User Login Profiles can be imported without password information support via the IAM User name, e.g.,
$ pulumi import aws:iam/userLoginProfile:UserLoginProfile example myusername
Since this provider has no method to read the PGP or password information during import, use ignore_changes argument to ignore them unless password recreation is desired. e.g. terraform resource “aws_iam_user_login_profile” “example” {
… other configuration …
lifecycle {
ignore_changes = [
password_length,
password_reset_required,
pgp_key,
]
} }
Package Details
- Repository
- https://github.com/pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
awsTerraform Provider.