vault.aws.getAccessCredentials
Example Usage
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.aws.SecretBackend;
import com.pulumi.vault.aws.SecretBackendArgs;
import com.pulumi.vault.aws.SecretBackendRole;
import com.pulumi.vault.aws.SecretBackendRoleArgs;
import com.pulumi.vault.aws.AwsFunctions;
import com.pulumi.vault.ad.inputs.GetAccessCredentialsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var aws = new SecretBackend("aws", SecretBackendArgs.builder()
.accessKey("AKIA.....")
.secretKey("SECRETKEYFROMAWS")
.build());
var role = new SecretBackendRole("role", SecretBackendRoleArgs.builder()
.backend(aws.path())
.policy("""
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iam:*",
"Resource": "*"
}
]
}
""")
.build());
final var creds = AwsFunctions.getAccessCredentials(GetAccessCredentialsArgs.builder()
.backend(aws.path())
.role(role.name())
.build());
}
}
Coming soon!
Coming soon!
resources:
aws:
type: vault:aws:SecretBackend
properties:
accessKey: AKIA.....
secretKey: SECRETKEYFROMAWS
role:
type: vault:aws:SecretBackendRole
properties:
backend: ${aws.path}
policy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iam:*",
"Resource": "*"
}
]
}
variables:
creds:
Fn::Invoke:
Function: vault:aws:getAccessCredentials
Arguments:
backend: ${aws.path}
role: ${role.name}
Using getAccessCredentials
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getAccessCredentials(args: GetAccessCredentialsArgs, opts?: InvokeOptions): Promise<GetAccessCredentialsResult>
function getAccessCredentialsOutput(args: GetAccessCredentialsOutputArgs, opts?: InvokeOptions): Output<GetAccessCredentialsResult>
def get_access_credentials(backend: Optional[str] = None,
namespace: Optional[str] = None,
region: Optional[str] = None,
role: Optional[str] = None,
role_arn: Optional[str] = None,
ttl: Optional[str] = None,
type: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetAccessCredentialsResult
def get_access_credentials_output(backend: Optional[pulumi.Input[str]] = None,
namespace: Optional[pulumi.Input[str]] = None,
region: Optional[pulumi.Input[str]] = None,
role: Optional[pulumi.Input[str]] = None,
role_arn: Optional[pulumi.Input[str]] = None,
ttl: Optional[pulumi.Input[str]] = None,
type: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetAccessCredentialsResult]
func GetAccessCredentials(ctx *Context, args *GetAccessCredentialsArgs, opts ...InvokeOption) (*GetAccessCredentialsResult, error)
func GetAccessCredentialsOutput(ctx *Context, args *GetAccessCredentialsOutputArgs, opts ...InvokeOption) GetAccessCredentialsResultOutput
> Note: This function is named GetAccessCredentials
in the Go SDK.
public static class GetAccessCredentials
{
public static Task<GetAccessCredentialsResult> InvokeAsync(GetAccessCredentialsArgs args, InvokeOptions? opts = null)
public static Output<GetAccessCredentialsResult> Invoke(GetAccessCredentialsInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetAccessCredentialsResult> getAccessCredentials(GetAccessCredentialsArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: vault:aws/getAccessCredentials:getAccessCredentials
arguments:
# arguments dictionary
The following arguments are supported:
- Backend string
The path to the AWS secret backend to read credentials from, with no leading or trailing
/
s.- Role string
The name of the AWS secret backend role to read credentials from, with no leading or trailing
/
s.- Namespace string
The namespace of the target resource. The value should not contain leading or trailing forward slashes. The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.- Region string
- Role
Arn string The specific AWS ARN to use from the configured role. If the role does not have multiple ARNs, this does not need to be specified.
- Ttl string
Specifies the TTL for the use of the STS token. This is specified as a string with a duration suffix. Valid only when
credential_type
isassumed_role
orfederation_token
- Type string
The type of credentials to read. Defaults to
"creds"
, which just returns an AWS Access Key ID and Secret Key. Can also be set to"sts"
, which will return a security token in addition to the keys.
- Backend string
The path to the AWS secret backend to read credentials from, with no leading or trailing
/
s.- Role string
The name of the AWS secret backend role to read credentials from, with no leading or trailing
/
s.- Namespace string
The namespace of the target resource. The value should not contain leading or trailing forward slashes. The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.- Region string
- Role
Arn string The specific AWS ARN to use from the configured role. If the role does not have multiple ARNs, this does not need to be specified.
- Ttl string
Specifies the TTL for the use of the STS token. This is specified as a string with a duration suffix. Valid only when
credential_type
isassumed_role
orfederation_token
- Type string
The type of credentials to read. Defaults to
"creds"
, which just returns an AWS Access Key ID and Secret Key. Can also be set to"sts"
, which will return a security token in addition to the keys.
- backend String
The path to the AWS secret backend to read credentials from, with no leading or trailing
/
s.- role String
The name of the AWS secret backend role to read credentials from, with no leading or trailing
/
s.- namespace String
The namespace of the target resource. The value should not contain leading or trailing forward slashes. The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.- region String
- role
Arn String The specific AWS ARN to use from the configured role. If the role does not have multiple ARNs, this does not need to be specified.
- ttl String
Specifies the TTL for the use of the STS token. This is specified as a string with a duration suffix. Valid only when
credential_type
isassumed_role
orfederation_token
- type String
The type of credentials to read. Defaults to
"creds"
, which just returns an AWS Access Key ID and Secret Key. Can also be set to"sts"
, which will return a security token in addition to the keys.
- backend string
The path to the AWS secret backend to read credentials from, with no leading or trailing
/
s.- role string
The name of the AWS secret backend role to read credentials from, with no leading or trailing
/
s.- namespace string
The namespace of the target resource. The value should not contain leading or trailing forward slashes. The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.- region string
- role
Arn string The specific AWS ARN to use from the configured role. If the role does not have multiple ARNs, this does not need to be specified.
- ttl string
Specifies the TTL for the use of the STS token. This is specified as a string with a duration suffix. Valid only when
credential_type
isassumed_role
orfederation_token
- type string
The type of credentials to read. Defaults to
"creds"
, which just returns an AWS Access Key ID and Secret Key. Can also be set to"sts"
, which will return a security token in addition to the keys.
- backend str
The path to the AWS secret backend to read credentials from, with no leading or trailing
/
s.- role str
The name of the AWS secret backend role to read credentials from, with no leading or trailing
/
s.- namespace str
The namespace of the target resource. The value should not contain leading or trailing forward slashes. The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.- region str
- role_
arn str The specific AWS ARN to use from the configured role. If the role does not have multiple ARNs, this does not need to be specified.
- ttl str
Specifies the TTL for the use of the STS token. This is specified as a string with a duration suffix. Valid only when
credential_type
isassumed_role
orfederation_token
- type str
The type of credentials to read. Defaults to
"creds"
, which just returns an AWS Access Key ID and Secret Key. Can also be set to"sts"
, which will return a security token in addition to the keys.
- backend String
The path to the AWS secret backend to read credentials from, with no leading or trailing
/
s.- role String
The name of the AWS secret backend role to read credentials from, with no leading or trailing
/
s.- namespace String
The namespace of the target resource. The value should not contain leading or trailing forward slashes. The
namespace
is always relative to the provider's configured namespace. Available only for Vault Enterprise.- region String
- role
Arn String The specific AWS ARN to use from the configured role. If the role does not have multiple ARNs, this does not need to be specified.
- ttl String
Specifies the TTL for the use of the STS token. This is specified as a string with a duration suffix. Valid only when
credential_type
isassumed_role
orfederation_token
- type String
The type of credentials to read. Defaults to
"creds"
, which just returns an AWS Access Key ID and Secret Key. Can also be set to"sts"
, which will return a security token in addition to the keys.
getAccessCredentials Result
The following output properties are available:
- Access
Key string The AWS Access Key ID returned by Vault.
- Backend string
- Id string
The provider-assigned unique ID for this managed resource.
- Lease
Duration int The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
- Lease
Id string The lease identifier assigned by Vault.
- Lease
Renewable bool - Lease
Start stringTime - Role string
- Secret
Key string The AWS Secret Key returned by Vault.
- Security
Token string The STS token returned by Vault, if any.
- Namespace string
- Region string
- Role
Arn string - Ttl string
- Type string
- Access
Key string The AWS Access Key ID returned by Vault.
- Backend string
- Id string
The provider-assigned unique ID for this managed resource.
- Lease
Duration int The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
- Lease
Id string The lease identifier assigned by Vault.
- Lease
Renewable bool - Lease
Start stringTime - Role string
- Secret
Key string The AWS Secret Key returned by Vault.
- Security
Token string The STS token returned by Vault, if any.
- Namespace string
- Region string
- Role
Arn string - Ttl string
- Type string
- access
Key String The AWS Access Key ID returned by Vault.
- backend String
- id String
The provider-assigned unique ID for this managed resource.
- lease
Duration Integer The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
- lease
Id String The lease identifier assigned by Vault.
- lease
Renewable Boolean - lease
Start StringTime - role String
- secret
Key String The AWS Secret Key returned by Vault.
- security
Token String The STS token returned by Vault, if any.
- namespace String
- region String
- role
Arn String - ttl String
- type String
- access
Key string The AWS Access Key ID returned by Vault.
- backend string
- id string
The provider-assigned unique ID for this managed resource.
- lease
Duration number The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
- lease
Id string The lease identifier assigned by Vault.
- lease
Renewable boolean - lease
Start stringTime - role string
- secret
Key string The AWS Secret Key returned by Vault.
- security
Token string The STS token returned by Vault, if any.
- namespace string
- region string
- role
Arn string - ttl string
- type string
- access_
key str The AWS Access Key ID returned by Vault.
- backend str
- id str
The provider-assigned unique ID for this managed resource.
- lease_
duration int The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
- lease_
id str The lease identifier assigned by Vault.
- lease_
renewable bool - lease_
start_ strtime - role str
- secret_
key str The AWS Secret Key returned by Vault.
- security_
token str The STS token returned by Vault, if any.
- namespace str
- region str
- role_
arn str - ttl str
- type str
- access
Key String The AWS Access Key ID returned by Vault.
- backend String
- id String
The provider-assigned unique ID for this managed resource.
- lease
Duration Number The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.
- lease
Id String The lease identifier assigned by Vault.
- lease
Renewable Boolean - lease
Start StringTime - role String
- secret
Key String The AWS Secret Key returned by Vault.
- security
Token String The STS token returned by Vault, if any.
- namespace String
- region String
- role
Arn String - ttl String
- type String
Package Details
- Repository
- Vault pulumi/pulumi-vault
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
vault
Terraform Provider.