CloudAMQP v3.24.3 published on Saturday, Nov 22, 2025 by Pulumi
CloudAMQP v3.24.3 published on Saturday, Nov 22, 2025 by Pulumi
This resource allows you to configure OAuth2 authentication for your RabbitMQ instance.
Only available for dedicated subscription plans running RabbitMQ.
Example Usage
Basic OAuth2 configuration
import * as pulumi from "@pulumi/pulumi";
import * as cloudamqp from "@pulumi/cloudamqp";
const oauth2Config = new cloudamqp.Oauth2Configuration("oauth2_config", {
instanceId: instance.id,
resourceServerId: "test-resource-server",
issuer: "https://test-issuer.example.com",
verifyAud: true,
oauthClientId: "test-client-id",
oauthScopes: [
"read",
"write",
],
});
import pulumi
import pulumi_cloudamqp as cloudamqp
oauth2_config = cloudamqp.Oauth2Configuration("oauth2_config",
instance_id=instance["id"],
resource_server_id="test-resource-server",
issuer="https://test-issuer.example.com",
verify_aud=True,
oauth_client_id="test-client-id",
oauth_scopes=[
"read",
"write",
])
package main
import (
"github.com/pulumi/pulumi-cloudamqp/sdk/v3/go/cloudamqp"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cloudamqp.NewOauth2Configuration(ctx, "oauth2_config", &cloudamqp.Oauth2ConfigurationArgs{
InstanceId: pulumi.Any(instance.Id),
ResourceServerId: pulumi.String("test-resource-server"),
Issuer: pulumi.String("https://test-issuer.example.com"),
VerifyAud: pulumi.Bool(true),
OauthClientId: pulumi.String("test-client-id"),
OauthScopes: pulumi.StringArray{
pulumi.String("read"),
pulumi.String("write"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using CloudAmqp = Pulumi.CloudAmqp;
return await Deployment.RunAsync(() =>
{
var oauth2Config = new CloudAmqp.Oauth2Configuration("oauth2_config", new()
{
InstanceId = instance.Id,
ResourceServerId = "test-resource-server",
Issuer = "https://test-issuer.example.com",
VerifyAud = true,
OauthClientId = "test-client-id",
OauthScopes = new[]
{
"read",
"write",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudamqp.Oauth2Configuration;
import com.pulumi.cloudamqp.Oauth2ConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var oauth2Config = new Oauth2Configuration("oauth2Config", Oauth2ConfigurationArgs.builder()
.instanceId(instance.id())
.resourceServerId("test-resource-server")
.issuer("https://test-issuer.example.com")
.verifyAud(true)
.oauthClientId("test-client-id")
.oauthScopes(
"read",
"write")
.build());
}
}
resources:
oauth2Config:
type: cloudamqp:Oauth2Configuration
name: oauth2_config
properties:
instanceId: ${instance.id}
resourceServerId: test-resource-server
issuer: https://test-issuer.example.com
verifyAud: true
oauthClientId: test-client-id
oauthScopes:
- read
- write
OAuth2 configuration with all optional fields
import * as pulumi from "@pulumi/pulumi";
import * as cloudamqp from "@pulumi/cloudamqp";
const oauth2Config = new cloudamqp.Oauth2Configuration("oauth2_config", {
instanceId: instance.id,
resourceServerId: "test-resource-server",
issuer: "https://test-issuer.example.com",
preferredUsernameClaims: [
"preferred_username",
"username",
],
additionalScopesKeys: ["admin"],
scopePrefix: "cloudamqp",
scopeAliases: {
read: "read:all",
write: "write:all",
},
verifyAud: true,
oauthClientId: "test-client-id",
oauthScopes: [
"read",
"write",
"admin",
],
audience: "https://test-audience.example.com",
});
import pulumi
import pulumi_cloudamqp as cloudamqp
oauth2_config = cloudamqp.Oauth2Configuration("oauth2_config",
instance_id=instance["id"],
resource_server_id="test-resource-server",
issuer="https://test-issuer.example.com",
preferred_username_claims=[
"preferred_username",
"username",
],
additional_scopes_keys=["admin"],
scope_prefix="cloudamqp",
scope_aliases={
"read": "read:all",
"write": "write:all",
},
verify_aud=True,
oauth_client_id="test-client-id",
oauth_scopes=[
"read",
"write",
"admin",
],
audience="https://test-audience.example.com")
package main
import (
"github.com/pulumi/pulumi-cloudamqp/sdk/v3/go/cloudamqp"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cloudamqp.NewOauth2Configuration(ctx, "oauth2_config", &cloudamqp.Oauth2ConfigurationArgs{
InstanceId: pulumi.Any(instance.Id),
ResourceServerId: pulumi.String("test-resource-server"),
Issuer: pulumi.String("https://test-issuer.example.com"),
PreferredUsernameClaims: pulumi.StringArray{
pulumi.String("preferred_username"),
pulumi.String("username"),
},
AdditionalScopesKeys: pulumi.StringArray{
pulumi.String("admin"),
},
ScopePrefix: pulumi.String("cloudamqp"),
ScopeAliases: pulumi.StringMap{
"read": pulumi.String("read:all"),
"write": pulumi.String("write:all"),
},
VerifyAud: pulumi.Bool(true),
OauthClientId: pulumi.String("test-client-id"),
OauthScopes: pulumi.StringArray{
pulumi.String("read"),
pulumi.String("write"),
pulumi.String("admin"),
},
Audience: pulumi.String("https://test-audience.example.com"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using CloudAmqp = Pulumi.CloudAmqp;
return await Deployment.RunAsync(() =>
{
var oauth2Config = new CloudAmqp.Oauth2Configuration("oauth2_config", new()
{
InstanceId = instance.Id,
ResourceServerId = "test-resource-server",
Issuer = "https://test-issuer.example.com",
PreferredUsernameClaims = new[]
{
"preferred_username",
"username",
},
AdditionalScopesKeys = new[]
{
"admin",
},
ScopePrefix = "cloudamqp",
ScopeAliases =
{
{ "read", "read:all" },
{ "write", "write:all" },
},
VerifyAud = true,
OauthClientId = "test-client-id",
OauthScopes = new[]
{
"read",
"write",
"admin",
},
Audience = "https://test-audience.example.com",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudamqp.Oauth2Configuration;
import com.pulumi.cloudamqp.Oauth2ConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var oauth2Config = new Oauth2Configuration("oauth2Config", Oauth2ConfigurationArgs.builder()
.instanceId(instance.id())
.resourceServerId("test-resource-server")
.issuer("https://test-issuer.example.com")
.preferredUsernameClaims(
"preferred_username",
"username")
.additionalScopesKeys("admin")
.scopePrefix("cloudamqp")
.scopeAliases(Map.ofEntries(
Map.entry("read", "read:all"),
Map.entry("write", "write:all")
))
.verifyAud(true)
.oauthClientId("test-client-id")
.oauthScopes(
"read",
"write",
"admin")
.audience("https://test-audience.example.com")
.build());
}
}
resources:
oauth2Config:
type: cloudamqp:Oauth2Configuration
name: oauth2_config
properties:
instanceId: ${instance.id}
resourceServerId: test-resource-server
issuer: https://test-issuer.example.com
preferredUsernameClaims:
- preferred_username
- username
additionalScopesKeys:
- admin
scopePrefix: cloudamqp
scopeAliases:
read: read:all
write: write:all
verifyAud: true
oauthClientId: test-client-id
oauthScopes:
- read
- write
- admin
audience: https://test-audience.example.com
Minimal OAuth2 configuration
import * as pulumi from "@pulumi/pulumi";
import * as cloudamqp from "@pulumi/cloudamqp";
const oauth2Config = new cloudamqp.Oauth2Configuration("oauth2_config", {
instanceId: instance.id,
resourceServerId: "test-resource-server",
issuer: "https://test-issuer.example.com",
});
import pulumi
import pulumi_cloudamqp as cloudamqp
oauth2_config = cloudamqp.Oauth2Configuration("oauth2_config",
instance_id=instance["id"],
resource_server_id="test-resource-server",
issuer="https://test-issuer.example.com")
package main
import (
"github.com/pulumi/pulumi-cloudamqp/sdk/v3/go/cloudamqp"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cloudamqp.NewOauth2Configuration(ctx, "oauth2_config", &cloudamqp.Oauth2ConfigurationArgs{
InstanceId: pulumi.Any(instance.Id),
ResourceServerId: pulumi.String("test-resource-server"),
Issuer: pulumi.String("https://test-issuer.example.com"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using CloudAmqp = Pulumi.CloudAmqp;
return await Deployment.RunAsync(() =>
{
var oauth2Config = new CloudAmqp.Oauth2Configuration("oauth2_config", new()
{
InstanceId = instance.Id,
ResourceServerId = "test-resource-server",
Issuer = "https://test-issuer.example.com",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudamqp.Oauth2Configuration;
import com.pulumi.cloudamqp.Oauth2ConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var oauth2Config = new Oauth2Configuration("oauth2Config", Oauth2ConfigurationArgs.builder()
.instanceId(instance.id())
.resourceServerId("test-resource-server")
.issuer("https://test-issuer.example.com")
.build());
}
}
resources:
oauth2Config:
type: cloudamqp:Oauth2Configuration
name: oauth2_config
properties:
instanceId: ${instance.id}
resourceServerId: test-resource-server
issuer: https://test-issuer.example.com
Dependency
This resource depends on CloudAMQP instance identifier, cloudamqp_instance.instance.id.
Notes
- Changes to
instance_idwill force recreation of the resource. - OAuth2 configuration changes are applied asynchronously and may take some time to complete. The
resource will poll for job completion using the configured
sleepandtimeoutvalues. - Only one OAuth2 configuration can exist per instance. Creating a new configuration will replace any existing configuration.
- After a configuration has been applied, a restart of RabbitMQ is required for the changes to take effect.
Create Oauth2Configuration Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Oauth2Configuration(name: string, args: Oauth2ConfigurationArgs, opts?: CustomResourceOptions);@overload
def Oauth2Configuration(resource_name: str,
args: Oauth2ConfigurationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Oauth2Configuration(resource_name: str,
opts: Optional[ResourceOptions] = None,
issuer: Optional[str] = None,
resource_server_id: Optional[str] = None,
instance_id: Optional[int] = None,
preferred_username_claims: Optional[Sequence[str]] = None,
oauth_client_id: Optional[str] = None,
oauth_scopes: Optional[Sequence[str]] = None,
additional_scopes_keys: Optional[Sequence[str]] = None,
audience: Optional[str] = None,
scope_aliases: Optional[Mapping[str, str]] = None,
scope_prefix: Optional[str] = None,
sleep: Optional[int] = None,
timeout: Optional[int] = None,
verify_aud: Optional[bool] = None)func NewOauth2Configuration(ctx *Context, name string, args Oauth2ConfigurationArgs, opts ...ResourceOption) (*Oauth2Configuration, error)public Oauth2Configuration(string name, Oauth2ConfigurationArgs args, CustomResourceOptions? opts = null)
public Oauth2Configuration(String name, Oauth2ConfigurationArgs args)
public Oauth2Configuration(String name, Oauth2ConfigurationArgs args, CustomResourceOptions options)
type: cloudamqp:Oauth2Configuration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args Oauth2ConfigurationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args Oauth2ConfigurationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args Oauth2ConfigurationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args Oauth2ConfigurationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args Oauth2ConfigurationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var oauth2ConfigurationResource = new CloudAmqp.Oauth2Configuration("oauth2ConfigurationResource", new()
{
Issuer = "string",
ResourceServerId = "string",
InstanceId = 0,
PreferredUsernameClaims = new[]
{
"string",
},
OauthClientId = "string",
OauthScopes = new[]
{
"string",
},
AdditionalScopesKeys = new[]
{
"string",
},
Audience = "string",
ScopeAliases =
{
{ "string", "string" },
},
ScopePrefix = "string",
Sleep = 0,
Timeout = 0,
VerifyAud = false,
});
example, err := cloudamqp.NewOauth2Configuration(ctx, "oauth2ConfigurationResource", &cloudamqp.Oauth2ConfigurationArgs{
Issuer: pulumi.String("string"),
ResourceServerId: pulumi.String("string"),
InstanceId: pulumi.Int(0),
PreferredUsernameClaims: pulumi.StringArray{
pulumi.String("string"),
},
OauthClientId: pulumi.String("string"),
OauthScopes: pulumi.StringArray{
pulumi.String("string"),
},
AdditionalScopesKeys: pulumi.StringArray{
pulumi.String("string"),
},
Audience: pulumi.String("string"),
ScopeAliases: pulumi.StringMap{
"string": pulumi.String("string"),
},
ScopePrefix: pulumi.String("string"),
Sleep: pulumi.Int(0),
Timeout: pulumi.Int(0),
VerifyAud: pulumi.Bool(false),
})
var oauth2ConfigurationResource = new Oauth2Configuration("oauth2ConfigurationResource", Oauth2ConfigurationArgs.builder()
.issuer("string")
.resourceServerId("string")
.instanceId(0)
.preferredUsernameClaims("string")
.oauthClientId("string")
.oauthScopes("string")
.additionalScopesKeys("string")
.audience("string")
.scopeAliases(Map.of("string", "string"))
.scopePrefix("string")
.sleep(0)
.timeout(0)
.verifyAud(false)
.build());
oauth2_configuration_resource = cloudamqp.Oauth2Configuration("oauth2ConfigurationResource",
issuer="string",
resource_server_id="string",
instance_id=0,
preferred_username_claims=["string"],
oauth_client_id="string",
oauth_scopes=["string"],
additional_scopes_keys=["string"],
audience="string",
scope_aliases={
"string": "string",
},
scope_prefix="string",
sleep=0,
timeout=0,
verify_aud=False)
const oauth2ConfigurationResource = new cloudamqp.Oauth2Configuration("oauth2ConfigurationResource", {
issuer: "string",
resourceServerId: "string",
instanceId: 0,
preferredUsernameClaims: ["string"],
oauthClientId: "string",
oauthScopes: ["string"],
additionalScopesKeys: ["string"],
audience: "string",
scopeAliases: {
string: "string",
},
scopePrefix: "string",
sleep: 0,
timeout: 0,
verifyAud: false,
});
type: cloudamqp:Oauth2Configuration
properties:
additionalScopesKeys:
- string
audience: string
instanceId: 0
issuer: string
oauthClientId: string
oauthScopes:
- string
preferredUsernameClaims:
- string
resourceServerId: string
scopeAliases:
string: string
scopePrefix: string
sleep: 0
timeout: 0
verifyAud: false
Oauth2Configuration Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Oauth2Configuration resource accepts the following input properties:
- Instance
Id int - The CloudAMQP instance ID.
- Issuer string
- The issuer URL of the OAuth2 provider. This is typically the base URL of your OAuth2 provider (e.g., Auth0, Keycloak, etc.).
- Resource
Server stringId - Resource server identifier used to identify the resource server in OAuth2 tokens.
- Additional
Scopes List<string>Keys - List of additional JWT claim keys to extract OAuth2 scopes from.
- Audience string
- The audience to be passed along to the Oauth2 provider when logging in to the management interface. Must be configured for Auth0, cannot be configured for Entra ID v2.
- Oauth
Client stringId - OAuth2 client ID used for token validation.
- Oauth
Scopes List<string> - List of OAuth2 scopes to request. These scopes will be used when obtaining access tokens.
- Preferred
Username List<string>Claims - List of JWT claims to use as the preferred username. The first claim found in the token will be used as the username.
- Scope
Aliases Dictionary<string, string> - Map of scope aliases to translate scope names. This allows mapping OAuth2 scopes to RabbitMQ permission tags.
- Scope
Prefix string - Prefix to add to scopes. This is useful when scopes in the JWT token need to be prefixed for RabbitMQ permissions.
- Sleep int
- Configurable sleep time in seconds between retries for OAuth2 configuration. Default set to 60 seconds.
- Timeout int
- Configurable timeout time in seconds for OAuth2 configuration. Default set to 3600 seconds.
- Verify
Aud bool - Whether to verify the audience claim in the JWT token. Defaults to true.
- Instance
Id int - The CloudAMQP instance ID.
- Issuer string
- The issuer URL of the OAuth2 provider. This is typically the base URL of your OAuth2 provider (e.g., Auth0, Keycloak, etc.).
- Resource
Server stringId - Resource server identifier used to identify the resource server in OAuth2 tokens.
- Additional
Scopes []stringKeys - List of additional JWT claim keys to extract OAuth2 scopes from.
- Audience string
- The audience to be passed along to the Oauth2 provider when logging in to the management interface. Must be configured for Auth0, cannot be configured for Entra ID v2.
- Oauth
Client stringId - OAuth2 client ID used for token validation.
- Oauth
Scopes []string - List of OAuth2 scopes to request. These scopes will be used when obtaining access tokens.
- Preferred
Username []stringClaims - List of JWT claims to use as the preferred username. The first claim found in the token will be used as the username.
- Scope
Aliases map[string]string - Map of scope aliases to translate scope names. This allows mapping OAuth2 scopes to RabbitMQ permission tags.
- Scope
Prefix string - Prefix to add to scopes. This is useful when scopes in the JWT token need to be prefixed for RabbitMQ permissions.
- Sleep int
- Configurable sleep time in seconds between retries for OAuth2 configuration. Default set to 60 seconds.
- Timeout int
- Configurable timeout time in seconds for OAuth2 configuration. Default set to 3600 seconds.
- Verify
Aud bool - Whether to verify the audience claim in the JWT token. Defaults to true.
- instance
Id Integer - The CloudAMQP instance ID.
- issuer String
- The issuer URL of the OAuth2 provider. This is typically the base URL of your OAuth2 provider (e.g., Auth0, Keycloak, etc.).
- resource
Server StringId - Resource server identifier used to identify the resource server in OAuth2 tokens.
- additional
Scopes List<String>Keys - List of additional JWT claim keys to extract OAuth2 scopes from.
- audience String
- The audience to be passed along to the Oauth2 provider when logging in to the management interface. Must be configured for Auth0, cannot be configured for Entra ID v2.
- oauth
Client StringId - OAuth2 client ID used for token validation.
- oauth
Scopes List<String> - List of OAuth2 scopes to request. These scopes will be used when obtaining access tokens.
- preferred
Username List<String>Claims - List of JWT claims to use as the preferred username. The first claim found in the token will be used as the username.
- scope
Aliases Map<String,String> - Map of scope aliases to translate scope names. This allows mapping OAuth2 scopes to RabbitMQ permission tags.
- scope
Prefix String - Prefix to add to scopes. This is useful when scopes in the JWT token need to be prefixed for RabbitMQ permissions.
- sleep Integer
- Configurable sleep time in seconds between retries for OAuth2 configuration. Default set to 60 seconds.
- timeout Integer
- Configurable timeout time in seconds for OAuth2 configuration. Default set to 3600 seconds.
- verify
Aud Boolean - Whether to verify the audience claim in the JWT token. Defaults to true.
- instance
Id number - The CloudAMQP instance ID.
- issuer string
- The issuer URL of the OAuth2 provider. This is typically the base URL of your OAuth2 provider (e.g., Auth0, Keycloak, etc.).
- resource
Server stringId - Resource server identifier used to identify the resource server in OAuth2 tokens.
- additional
Scopes string[]Keys - List of additional JWT claim keys to extract OAuth2 scopes from.
- audience string
- The audience to be passed along to the Oauth2 provider when logging in to the management interface. Must be configured for Auth0, cannot be configured for Entra ID v2.
- oauth
Client stringId - OAuth2 client ID used for token validation.
- oauth
Scopes string[] - List of OAuth2 scopes to request. These scopes will be used when obtaining access tokens.
- preferred
Username string[]Claims - List of JWT claims to use as the preferred username. The first claim found in the token will be used as the username.
- scope
Aliases {[key: string]: string} - Map of scope aliases to translate scope names. This allows mapping OAuth2 scopes to RabbitMQ permission tags.
- scope
Prefix string - Prefix to add to scopes. This is useful when scopes in the JWT token need to be prefixed for RabbitMQ permissions.
- sleep number
- Configurable sleep time in seconds between retries for OAuth2 configuration. Default set to 60 seconds.
- timeout number
- Configurable timeout time in seconds for OAuth2 configuration. Default set to 3600 seconds.
- verify
Aud boolean - Whether to verify the audience claim in the JWT token. Defaults to true.
- instance_
id int - The CloudAMQP instance ID.
- issuer str
- The issuer URL of the OAuth2 provider. This is typically the base URL of your OAuth2 provider (e.g., Auth0, Keycloak, etc.).
- resource_
server_ strid - Resource server identifier used to identify the resource server in OAuth2 tokens.
- additional_
scopes_ Sequence[str]keys - List of additional JWT claim keys to extract OAuth2 scopes from.
- audience str
- The audience to be passed along to the Oauth2 provider when logging in to the management interface. Must be configured for Auth0, cannot be configured for Entra ID v2.
- oauth_
client_ strid - OAuth2 client ID used for token validation.
- oauth_
scopes Sequence[str] - List of OAuth2 scopes to request. These scopes will be used when obtaining access tokens.
- preferred_
username_ Sequence[str]claims - List of JWT claims to use as the preferred username. The first claim found in the token will be used as the username.
- scope_
aliases Mapping[str, str] - Map of scope aliases to translate scope names. This allows mapping OAuth2 scopes to RabbitMQ permission tags.
- scope_
prefix str - Prefix to add to scopes. This is useful when scopes in the JWT token need to be prefixed for RabbitMQ permissions.
- sleep int
- Configurable sleep time in seconds between retries for OAuth2 configuration. Default set to 60 seconds.
- timeout int
- Configurable timeout time in seconds for OAuth2 configuration. Default set to 3600 seconds.
- verify_
aud bool - Whether to verify the audience claim in the JWT token. Defaults to true.
- instance
Id Number - The CloudAMQP instance ID.
- issuer String
- The issuer URL of the OAuth2 provider. This is typically the base URL of your OAuth2 provider (e.g., Auth0, Keycloak, etc.).
- resource
Server StringId - Resource server identifier used to identify the resource server in OAuth2 tokens.
- additional
Scopes List<String>Keys - List of additional JWT claim keys to extract OAuth2 scopes from.
- audience String
- The audience to be passed along to the Oauth2 provider when logging in to the management interface. Must be configured for Auth0, cannot be configured for Entra ID v2.
- oauth
Client StringId - OAuth2 client ID used for token validation.
- oauth
Scopes List<String> - List of OAuth2 scopes to request. These scopes will be used when obtaining access tokens.
- preferred
Username List<String>Claims - List of JWT claims to use as the preferred username. The first claim found in the token will be used as the username.
- scope
Aliases Map<String> - Map of scope aliases to translate scope names. This allows mapping OAuth2 scopes to RabbitMQ permission tags.
- scope
Prefix String - Prefix to add to scopes. This is useful when scopes in the JWT token need to be prefixed for RabbitMQ permissions.
- sleep Number
- Configurable sleep time in seconds between retries for OAuth2 configuration. Default set to 60 seconds.
- timeout Number
- Configurable timeout time in seconds for OAuth2 configuration. Default set to 3600 seconds.
- verify
Aud Boolean - Whether to verify the audience claim in the JWT token. Defaults to true.
Outputs
All input properties are implicitly available as output properties. Additionally, the Oauth2Configuration resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Oauth2Configuration Resource
Get an existing Oauth2Configuration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: Oauth2ConfigurationState, opts?: CustomResourceOptions): Oauth2Configuration@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
additional_scopes_keys: Optional[Sequence[str]] = None,
audience: Optional[str] = None,
instance_id: Optional[int] = None,
issuer: Optional[str] = None,
oauth_client_id: Optional[str] = None,
oauth_scopes: Optional[Sequence[str]] = None,
preferred_username_claims: Optional[Sequence[str]] = None,
resource_server_id: Optional[str] = None,
scope_aliases: Optional[Mapping[str, str]] = None,
scope_prefix: Optional[str] = None,
sleep: Optional[int] = None,
timeout: Optional[int] = None,
verify_aud: Optional[bool] = None) -> Oauth2Configurationfunc GetOauth2Configuration(ctx *Context, name string, id IDInput, state *Oauth2ConfigurationState, opts ...ResourceOption) (*Oauth2Configuration, error)public static Oauth2Configuration Get(string name, Input<string> id, Oauth2ConfigurationState? state, CustomResourceOptions? opts = null)public static Oauth2Configuration get(String name, Output<String> id, Oauth2ConfigurationState state, CustomResourceOptions options)resources: _: type: cloudamqp:Oauth2Configuration get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Additional
Scopes List<string>Keys - List of additional JWT claim keys to extract OAuth2 scopes from.
- Audience string
- The audience to be passed along to the Oauth2 provider when logging in to the management interface. Must be configured for Auth0, cannot be configured for Entra ID v2.
- Instance
Id int - The CloudAMQP instance ID.
- Issuer string
- The issuer URL of the OAuth2 provider. This is typically the base URL of your OAuth2 provider (e.g., Auth0, Keycloak, etc.).
- Oauth
Client stringId - OAuth2 client ID used for token validation.
- Oauth
Scopes List<string> - List of OAuth2 scopes to request. These scopes will be used when obtaining access tokens.
- Preferred
Username List<string>Claims - List of JWT claims to use as the preferred username. The first claim found in the token will be used as the username.
- Resource
Server stringId - Resource server identifier used to identify the resource server in OAuth2 tokens.
- Scope
Aliases Dictionary<string, string> - Map of scope aliases to translate scope names. This allows mapping OAuth2 scopes to RabbitMQ permission tags.
- Scope
Prefix string - Prefix to add to scopes. This is useful when scopes in the JWT token need to be prefixed for RabbitMQ permissions.
- Sleep int
- Configurable sleep time in seconds between retries for OAuth2 configuration. Default set to 60 seconds.
- Timeout int
- Configurable timeout time in seconds for OAuth2 configuration. Default set to 3600 seconds.
- Verify
Aud bool - Whether to verify the audience claim in the JWT token. Defaults to true.
- Additional
Scopes []stringKeys - List of additional JWT claim keys to extract OAuth2 scopes from.
- Audience string
- The audience to be passed along to the Oauth2 provider when logging in to the management interface. Must be configured for Auth0, cannot be configured for Entra ID v2.
- Instance
Id int - The CloudAMQP instance ID.
- Issuer string
- The issuer URL of the OAuth2 provider. This is typically the base URL of your OAuth2 provider (e.g., Auth0, Keycloak, etc.).
- Oauth
Client stringId - OAuth2 client ID used for token validation.
- Oauth
Scopes []string - List of OAuth2 scopes to request. These scopes will be used when obtaining access tokens.
- Preferred
Username []stringClaims - List of JWT claims to use as the preferred username. The first claim found in the token will be used as the username.
- Resource
Server stringId - Resource server identifier used to identify the resource server in OAuth2 tokens.
- Scope
Aliases map[string]string - Map of scope aliases to translate scope names. This allows mapping OAuth2 scopes to RabbitMQ permission tags.
- Scope
Prefix string - Prefix to add to scopes. This is useful when scopes in the JWT token need to be prefixed for RabbitMQ permissions.
- Sleep int
- Configurable sleep time in seconds between retries for OAuth2 configuration. Default set to 60 seconds.
- Timeout int
- Configurable timeout time in seconds for OAuth2 configuration. Default set to 3600 seconds.
- Verify
Aud bool - Whether to verify the audience claim in the JWT token. Defaults to true.
- additional
Scopes List<String>Keys - List of additional JWT claim keys to extract OAuth2 scopes from.
- audience String
- The audience to be passed along to the Oauth2 provider when logging in to the management interface. Must be configured for Auth0, cannot be configured for Entra ID v2.
- instance
Id Integer - The CloudAMQP instance ID.
- issuer String
- The issuer URL of the OAuth2 provider. This is typically the base URL of your OAuth2 provider (e.g., Auth0, Keycloak, etc.).
- oauth
Client StringId - OAuth2 client ID used for token validation.
- oauth
Scopes List<String> - List of OAuth2 scopes to request. These scopes will be used when obtaining access tokens.
- preferred
Username List<String>Claims - List of JWT claims to use as the preferred username. The first claim found in the token will be used as the username.
- resource
Server StringId - Resource server identifier used to identify the resource server in OAuth2 tokens.
- scope
Aliases Map<String,String> - Map of scope aliases to translate scope names. This allows mapping OAuth2 scopes to RabbitMQ permission tags.
- scope
Prefix String - Prefix to add to scopes. This is useful when scopes in the JWT token need to be prefixed for RabbitMQ permissions.
- sleep Integer
- Configurable sleep time in seconds between retries for OAuth2 configuration. Default set to 60 seconds.
- timeout Integer
- Configurable timeout time in seconds for OAuth2 configuration. Default set to 3600 seconds.
- verify
Aud Boolean - Whether to verify the audience claim in the JWT token. Defaults to true.
- additional
Scopes string[]Keys - List of additional JWT claim keys to extract OAuth2 scopes from.
- audience string
- The audience to be passed along to the Oauth2 provider when logging in to the management interface. Must be configured for Auth0, cannot be configured for Entra ID v2.
- instance
Id number - The CloudAMQP instance ID.
- issuer string
- The issuer URL of the OAuth2 provider. This is typically the base URL of your OAuth2 provider (e.g., Auth0, Keycloak, etc.).
- oauth
Client stringId - OAuth2 client ID used for token validation.
- oauth
Scopes string[] - List of OAuth2 scopes to request. These scopes will be used when obtaining access tokens.
- preferred
Username string[]Claims - List of JWT claims to use as the preferred username. The first claim found in the token will be used as the username.
- resource
Server stringId - Resource server identifier used to identify the resource server in OAuth2 tokens.
- scope
Aliases {[key: string]: string} - Map of scope aliases to translate scope names. This allows mapping OAuth2 scopes to RabbitMQ permission tags.
- scope
Prefix string - Prefix to add to scopes. This is useful when scopes in the JWT token need to be prefixed for RabbitMQ permissions.
- sleep number
- Configurable sleep time in seconds between retries for OAuth2 configuration. Default set to 60 seconds.
- timeout number
- Configurable timeout time in seconds for OAuth2 configuration. Default set to 3600 seconds.
- verify
Aud boolean - Whether to verify the audience claim in the JWT token. Defaults to true.
- additional_
scopes_ Sequence[str]keys - List of additional JWT claim keys to extract OAuth2 scopes from.
- audience str
- The audience to be passed along to the Oauth2 provider when logging in to the management interface. Must be configured for Auth0, cannot be configured for Entra ID v2.
- instance_
id int - The CloudAMQP instance ID.
- issuer str
- The issuer URL of the OAuth2 provider. This is typically the base URL of your OAuth2 provider (e.g., Auth0, Keycloak, etc.).
- oauth_
client_ strid - OAuth2 client ID used for token validation.
- oauth_
scopes Sequence[str] - List of OAuth2 scopes to request. These scopes will be used when obtaining access tokens.
- preferred_
username_ Sequence[str]claims - List of JWT claims to use as the preferred username. The first claim found in the token will be used as the username.
- resource_
server_ strid - Resource server identifier used to identify the resource server in OAuth2 tokens.
- scope_
aliases Mapping[str, str] - Map of scope aliases to translate scope names. This allows mapping OAuth2 scopes to RabbitMQ permission tags.
- scope_
prefix str - Prefix to add to scopes. This is useful when scopes in the JWT token need to be prefixed for RabbitMQ permissions.
- sleep int
- Configurable sleep time in seconds between retries for OAuth2 configuration. Default set to 60 seconds.
- timeout int
- Configurable timeout time in seconds for OAuth2 configuration. Default set to 3600 seconds.
- verify_
aud bool - Whether to verify the audience claim in the JWT token. Defaults to true.
- additional
Scopes List<String>Keys - List of additional JWT claim keys to extract OAuth2 scopes from.
- audience String
- The audience to be passed along to the Oauth2 provider when logging in to the management interface. Must be configured for Auth0, cannot be configured for Entra ID v2.
- instance
Id Number - The CloudAMQP instance ID.
- issuer String
- The issuer URL of the OAuth2 provider. This is typically the base URL of your OAuth2 provider (e.g., Auth0, Keycloak, etc.).
- oauth
Client StringId - OAuth2 client ID used for token validation.
- oauth
Scopes List<String> - List of OAuth2 scopes to request. These scopes will be used when obtaining access tokens.
- preferred
Username List<String>Claims - List of JWT claims to use as the preferred username. The first claim found in the token will be used as the username.
- resource
Server StringId - Resource server identifier used to identify the resource server in OAuth2 tokens.
- scope
Aliases Map<String> - Map of scope aliases to translate scope names. This allows mapping OAuth2 scopes to RabbitMQ permission tags.
- scope
Prefix String - Prefix to add to scopes. This is useful when scopes in the JWT token need to be prefixed for RabbitMQ permissions.
- sleep Number
- Configurable sleep time in seconds between retries for OAuth2 configuration. Default set to 60 seconds.
- timeout Number
- Configurable timeout time in seconds for OAuth2 configuration. Default set to 3600 seconds.
- verify
Aud Boolean - Whether to verify the audience claim in the JWT token. Defaults to true.
Import
cloudamqp_oauth2_configuration can be imported using the CloudAMQP instance identifier.
From Terraform v1.5.0, the import block can be used to import this resource:
hcl
import {
to = cloudamqp_oauth2_configuration.oauth2_config
id = cloudamqp_instance.instance.id
}
Or use Terraform CLI:
$ pulumi import cloudamqp:index/oauth2Configuration:Oauth2Configuration oauth2_config <instance_id>`
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- CloudAMQP pulumi/pulumi-cloudamqp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudamqpTerraform Provider.
CloudAMQP v3.24.3 published on Saturday, Nov 22, 2025 by Pulumi
