Fork me on GitHub

Module iam

@pulumi/aws > iam

Index

iam/accessKey.ts iam/accountAlias.ts iam/accountPasswordPolicy.ts iam/documents.ts iam/getAccountAlias.ts iam/getGroup.ts iam/getInstanceProfile.ts iam/getPolicy.ts iam/getPolicyDocument.ts iam/getRole.ts iam/getServerCertificate.ts iam/getUser.ts iam/group.ts iam/groupMembership.ts iam/groupPolicy.ts iam/groupPolicyAttachment.ts iam/instanceProfile.ts iam/managedPolicies.ts iam/openIdConnectProvider.ts iam/policy.ts iam/policyAttachment.ts iam/role.ts iam/rolePolicy.ts iam/rolePolicyAttachment.ts iam/samlProvider.ts iam/serverCertificate.ts iam/serviceLinkedRole.ts iam/sshKey.ts iam/user.ts iam/userGroupMembership.ts iam/userLoginProfile.ts iam/userPolicy.ts iam/userPolicyAttachment.ts

class AccessKey

Provides an IAM access key. This is a set of credentials that allow API requests to be made as an IAM user.

constructor

new AccessKey(name: string, args: AccessKeyArgs, opts?: pulumi.CustomResourceOptions)

Create a AccessKey resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccessKeyState): AccessKey

Get an existing AccessKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property encryptedSecret

public encryptedSecret: pulumi.Output<string>;

The encrypted secret, base64 encoded. ~> NOTE: The encrypted secret may be decrypted using the command line, for example: terraform output encrypted_secret | base64 --decode | keybase pgp decrypt.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property keyFingerprint

public keyFingerprint: pulumi.Output<string>;

The fingerprint of the PGP key used to encrypt the secret

property pgpKey

public pgpKey: pulumi.Output<string | undefined>;

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists.

property secret

public secret: pulumi.Output<string>;

The secret access key. Note that this will be written to the state file. Please supply a pgp_key instead, which will prevent the secret from being stored in plain text

property sesSmtpPassword

public sesSmtpPassword: pulumi.Output<string>;

The secret access key converted into an SES SMTP password by applying AWS’s documented conversion algorithm.

property status

public status: pulumi.Output<string>;

“Active” or “Inactive”. Keys are initially active, but can be made inactive by other means.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property user

public user: pulumi.Output<string>;

The IAM user to associate with this access key.

class AccountAlias

-> Note: There is only a single account alias per AWS account.

Manages the account alias for the AWS Account.

constructor

new AccountAlias(name: string, args: AccountAliasArgs, opts?: pulumi.CustomResourceOptions)

Create a AccountAlias resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccountAliasState): AccountAlias

Get an existing AccountAlias resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountAlias

public accountAlias: pulumi.Output<string>;

The account alias

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class AccountPasswordPolicy

-> Note: There is only a single policy allowed per AWS account. An existing policy will be lost when using this resource as an effect of this limitation.

Manages Password Policy for the AWS Account. See more about Account Password Policy in the official AWS docs.

constructor

new AccountPasswordPolicy(name: string, args?: AccountPasswordPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a AccountPasswordPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AccountPasswordPolicyState): AccountPasswordPolicy

Get an existing AccountPasswordPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property allowUsersToChangePassword

public allowUsersToChangePassword: pulumi.Output<boolean | undefined>;

Whether to allow users to change their own password

property expirePasswords

public expirePasswords: pulumi.Output<boolean>;

Indicates whether passwords in the account expire. Returns true if max_password_age contains a value greater than 0. Returns false if it is 0 or not present.

property hardExpiry

public hardExpiry: pulumi.Output<boolean>;

Whether users are prevented from setting a new password after their password has expired (i.e. require administrator reset)

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property maxPasswordAge

public maxPasswordAge: pulumi.Output<number>;

The number of days that an user password is valid.

property minimumPasswordLength

public minimumPasswordLength: pulumi.Output<number | undefined>;

Minimum length to require for user passwords.

property passwordReusePrevention

public passwordReusePrevention: pulumi.Output<number>;

The number of previous passwords that users are prevented from reusing.

property requireLowercaseCharacters

public requireLowercaseCharacters: pulumi.Output<boolean>;

Whether to require lowercase characters for user passwords.

property requireNumbers

public requireNumbers: pulumi.Output<boolean>;

Whether to require numbers for user passwords.

property requireSymbols

public requireSymbols: pulumi.Output<boolean>;

Whether to require symbols for user passwords.

property requireUppercaseCharacters

public requireUppercaseCharacters: pulumi.Output<boolean>;

Whether to require uppercase characters for user passwords.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class Group

Provides an IAM group.

constructor

new Group(name: string, args?: GroupArgs, opts?: pulumi.CustomResourceOptions)

Create a Group resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupState): Group

Get an existing Group resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN assigned by AWS for this group.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The group’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. Group names are not distinguished by case. For example, you cannot create groups named both “ADMINS” and “admins”.

property path

public path: pulumi.Output<string | undefined>;

Path in which to create the group.

property uniqueId

public uniqueId: pulumi.Output<string>;

The [unique ID][1] assigned by AWS.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class GroupMembership

~> WARNING: Multiple aws_iam_group_membership resources with the same group name will produce inconsistent behavior!

Provides a top level resource to manage IAM Group membership for IAM Users. For more information on managing IAM Groups or IAM Users, see [IAM Groups][1] or [IAM Users][2]

~> Note: aws_iam_group_membership will conflict with itself if used more than once with the same group. To non-exclusively manage the users in a group, see the [aws_iam_user_group_membership resource][3].

constructor

new GroupMembership(name: string, args: GroupMembershipArgs, opts?: pulumi.CustomResourceOptions)

Create a GroupMembership resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupMembershipState): GroupMembership

Get an existing GroupMembership resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property group

public group: pulumi.Output<string>;

The IAM Group name to attach the list of users to

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name to identify the Group Membership

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property users

public users: pulumi.Output<string[]>;

A list of IAM User names to associate with the Group

class GroupPolicy

Provides an IAM policy attached to a group.

constructor

new GroupPolicy(name: string, args: GroupPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a GroupPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupPolicyState): GroupPolicy

Get an existing GroupPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property group

public group: pulumi.Output<string>;

The IAM group to attach to the policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the policy. If omitted, Terraform will assign a random, unique name.

property namePrefix

public namePrefix: pulumi.Output<string | undefined>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

property policy

public policy: pulumi.Output<string>;

The policy document. This is a JSON formatted string. The heredoc syntax or file function is helpful here.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class GroupPolicyAttachment

Attaches a Managed IAM Policy to an IAM group

constructor

new GroupPolicyAttachment(name: string, args: GroupPolicyAttachmentArgs, opts?: pulumi.CustomResourceOptions)

Create a GroupPolicyAttachment resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupPolicyAttachmentState): GroupPolicyAttachment

Get an existing GroupPolicyAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property group

public group: pulumi.Output<Group>;

The group the policy should be applied to

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property policyArn

public policyArn: pulumi.Output<ARN>;

The ARN of the policy you want to apply

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class InstanceProfile

Provides an IAM instance profile.

~> NOTE: Either role or roles (deprecated) must be specified.

constructor

new InstanceProfile(name: string, args?: InstanceProfileArgs, opts?: pulumi.CustomResourceOptions)

Create a InstanceProfile resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: InstanceProfileState): InstanceProfile

Get an existing InstanceProfile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN assigned by AWS to the instance profile.

property createDate

public createDate: pulumi.Output<string>;

The creation timestamp of the instance profile.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The profile’s name. If omitted, Terraform will assign a random, unique name.

property namePrefix

public namePrefix: pulumi.Output<string | undefined>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

property path

public path: pulumi.Output<string | undefined>;

Path in which to create the profile.

property role

public role: pulumi.Output<Role>;

The role name to include in the profile.

property roles

public roles: pulumi.Output<Role[]>;

A list of role names to include in the profile. The current default is 1. If you see an error message similar to Cannot exceed quota for InstanceSessionsPerInstanceProfile: 1, then you must contact AWS support and ask for a limit increase. WARNING: This is deprecated since version 0.9.3 (April 12, 2017), as >= 2 roles are not possible. See issue #11575.

property uniqueId

public uniqueId: pulumi.Output<string>;

The [unique ID][1] assigned by AWS.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class OpenIdConnectProvider

Provides an IAM OpenID Connect provider.

constructor

new OpenIdConnectProvider(name: string, args: OpenIdConnectProviderArgs, opts?: pulumi.CustomResourceOptions)

Create a OpenIdConnectProvider resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: OpenIdConnectProviderState): OpenIdConnectProvider

Get an existing OpenIdConnectProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN assigned by AWS for this provider.

property clientIdLists

public clientIdLists: pulumi.Output<string[]>;

A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that’s sent as the client_id parameter on OAuth requests.)

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property thumbprintLists

public thumbprintLists: pulumi.Output<string[]>;

A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider’s server certificate(s).

property url

public url: pulumi.Output<string>;

The URL of the identity provider. Corresponds to the iss claim.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class Policy

Provides an IAM policy.

constructor

new Policy(name: string, args: PolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a Policy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PolicyState): Policy

Get an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN assigned by AWS to this policy.

property description

public description: pulumi.Output<string | undefined>;

Description of the IAM policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the policy. If omitted, Terraform will assign a random, unique name.

property namePrefix

public namePrefix: pulumi.Output<string | undefined>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

property path

public path: pulumi.Output<string | undefined>;

Path in which to create the policy. See IAM Identifiers for more information.

property policy

public policy: pulumi.Output<string>;

The policy document. This is a JSON formatted string. The heredoc syntax, file function, or the aws_iam_policy_document data source are all helpful here.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class PolicyAttachment

Attaches a Managed IAM Policy to user(s), role(s), and/or group(s)

!> WARNING: The aws_iam_policy_attachment resource creates exclusive attachments of IAM policies. Across the entire AWS account, all of the users/roles/groups to which a single policy is attached must be declared by a single aws_iam_policy_attachment resource. This means that even any users/roles/groups that have the attached policy via some mechanism other than Terraform will have that attached policy revoked by Terraform. Consider aws_iam_role_policy_attachment, aws_iam_user_policy_attachment, or aws_iam_group_policy_attachment instead. These resources do not enforce exclusive attachment of an IAM policy.

constructor

new PolicyAttachment(name: string, args: PolicyAttachmentArgs, opts?: pulumi.CustomResourceOptions)

Create a PolicyAttachment resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PolicyAttachmentState): PolicyAttachment

Get an existing PolicyAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property groups

public groups: pulumi.Output<Group[] | undefined>;

The group(s) the policy should be applied to

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the attachment. This cannot be an empty string.

property policyArn

public policyArn: pulumi.Output<ARN>;

The ARN of the policy you want to apply

property roles

public roles: pulumi.Output<Role[] | undefined>;

The role(s) the policy should be applied to

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property users

public users: pulumi.Output<User[] | undefined>;

The user(s) the policy should be applied to

class Role

Provides an IAM role.

constructor

new Role(name: string, args: RoleArgs, opts?: pulumi.CustomResourceOptions)

Create a Role resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RoleState): Role

Get an existing Role resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The Amazon Resource Name (ARN) specifying the role.

property assumeRolePolicy

public assumeRolePolicy: pulumi.Output<string>;

The policy that grants an entity permission to assume the role.

property createDate

public createDate: pulumi.Output<string>;

The creation date of the IAM role.

property description

public description: pulumi.Output<string | undefined>;

The description of the role.

property forceDetachPolicies

public forceDetachPolicies: pulumi.Output<boolean | undefined>;

Specifies to force detaching any policies the role has before destroying it. Defaults to false.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property maxSessionDuration

public maxSessionDuration: pulumi.Output<number | undefined>;

The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.

property name

public name: pulumi.Output<string>;

The name of the role. If omitted, Terraform will assign a random, unique name.

property namePrefix

public namePrefix: pulumi.Output<string | undefined>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

property path

public path: pulumi.Output<string | undefined>;

The path to the role. See IAM Identifiers for more information.

property permissionsBoundary

public permissionsBoundary: pulumi.Output<string | undefined>;

The ARN of the policy that is used to set the permissions boundary for the role.

property uniqueId

public uniqueId: pulumi.Output<string>;

The stable and unique string identifying the role.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class RolePolicy

Provides an IAM role policy.

constructor

new RolePolicy(name: string, args: RolePolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a RolePolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RolePolicyState): RolePolicy

Get an existing RolePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the role policy. If omitted, Terraform will assign a random, unique name.

property namePrefix

public namePrefix: pulumi.Output<string | undefined>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

property policy

public policy: pulumi.Output<string>;

The policy document. This is a JSON formatted string. The heredoc syntax or file function is helpful here.

property role

public role: pulumi.Output<string>;

The IAM role to attach to the policy.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class RolePolicyAttachment

Attaches a Managed IAM Policy to an IAM role

constructor

new RolePolicyAttachment(name: string, args: RolePolicyAttachmentArgs, opts?: pulumi.CustomResourceOptions)

Create a RolePolicyAttachment resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RolePolicyAttachmentState): RolePolicyAttachment

Get an existing RolePolicyAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property policyArn

public policyArn: pulumi.Output<ARN>;

The ARN of the policy you want to apply

property role

public role: pulumi.Output<Role>;

The role the policy should be applied to

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class SamlProvider

Provides an IAM SAML provider.

constructor

new SamlProvider(name: string, args: SamlProviderArgs, opts?: pulumi.CustomResourceOptions)

Create a SamlProvider resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SamlProviderState): SamlProvider

Get an existing SamlProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN assigned by AWS for this provider.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the provider to create.

property samlMetadataDocument

public samlMetadataDocument: pulumi.Output<string>;

An XML document generated by an identity provider that supports SAML 2.0.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property validUntil

public validUntil: pulumi.Output<string>;

The expiration date and time for the SAML provider in RFC1123 format, e.g. Mon, 02 Jan 2006 15:04:05 MST.

class ServerCertificate

Provides an IAM Server Certificate resource to upload Server Certificates. Certs uploaded to IAM can easily work with other AWS services such as:

  • AWS Elastic Beanstalk
  • Elastic Load Balancing
  • CloudFront
  • AWS OpsWorks

For information about server certificates in IAM, see [Managing Server Certificates][2] in AWS Documentation.

~> Note: All arguments including the private key will be stored in the raw state as plain-text. Read more about sensitive data in state.

constructor

new ServerCertificate(name: string, args: ServerCertificateArgs, opts?: pulumi.CustomResourceOptions)

Create a ServerCertificate resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServerCertificateState): ServerCertificate

Get an existing ServerCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The Amazon Resource Name (ARN) specifying the server certificate.

property certificateBody

public certificateBody: pulumi.Output<string>;

The contents of the public key certificate in PEM-encoded format.

property certificateChain

public certificateChain: pulumi.Output<string | undefined>;

The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the Server Certificate. Do not include the path in this value. If omitted, Terraform will assign a random, unique name.

property namePrefix

public namePrefix: pulumi.Output<string | undefined>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

property path

public path: pulumi.Output<string | undefined>;

The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See [IAM Identifiers][1] for more details on IAM Paths.

property privateKey

public privateKey: pulumi.Output<string>;

The contents of the private key in PEM-encoded format.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class ServiceLinkedRole

Provides an IAM service-linked role.

constructor

new ServiceLinkedRole(name: string, args: ServiceLinkedRoleArgs, opts?: pulumi.CustomResourceOptions)

Create a ServiceLinkedRole resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServiceLinkedRoleState): ServiceLinkedRole

Get an existing ServiceLinkedRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The Amazon Resource Name (ARN) specifying the role.

property awsServiceName

public awsServiceName: pulumi.Output<string>;

The AWS service to which this role is attached. You use a string similar to a URL but without the http:// in front. For example: elasticbeanstalk.amazonaws.com. To find the full list of services that support service-linked roles, check the docs.

property createDate

public createDate: pulumi.Output<string>;

The creation date of the IAM role.

property customSuffix

public customSuffix: pulumi.Output<string | undefined>;

Additional string appended to the role name. Not all AWS services support custom suffixes.

property description

public description: pulumi.Output<string | undefined>;

The description of the role.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the role.

property path

public path: pulumi.Output<string>;

The path of the role.

property uniqueId

public uniqueId: pulumi.Output<string>;

The stable and unique string identifying the role.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class SshKey

Uploads an SSH public key and associates it with the specified IAM user.

constructor

new SshKey(name: string, args: SshKeyArgs, opts?: pulumi.CustomResourceOptions)

Create a SshKey resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SshKeyState): SshKey

Get an existing SshKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property encoding

public encoding: pulumi.Output<string>;

Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.

property fingerprint

public fingerprint: pulumi.Output<string>;

The MD5 message digest of the SSH public key.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property publicKey

public publicKey: pulumi.Output<string>;

The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.

property sshPublicKeyId

public sshPublicKeyId: pulumi.Output<string>;

The unique identifier for the SSH public key.

property status

public status: pulumi.Output<string>;

The status to assign to the SSH public key. Active means the key can be used for authentication with an AWS CodeCommit repository. Inactive means the key cannot be used. Default is active.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property username

public username: pulumi.Output<string>;

The name of the IAM user to associate the SSH public key with.

class User

Provides an IAM user.

constructor

new User(name: string, args?: UserArgs, opts?: pulumi.CustomResourceOptions)

Create a User resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserState): User

Get an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN assigned by AWS for this user.

property forceDestroy

public forceDestroy: pulumi.Output<boolean | undefined>;

When destroying this user, destroy even if it has non-Terraform-managed IAM access keys, login profile or MFA devices. Without force_destroy a user with non-Terraform-managed access keys and login profile will fail to be destroyed.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The user’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. User names are not distinguished by case. For example, you cannot create users named both “TESTUSER” and “testuser”.

property path

public path: pulumi.Output<string | undefined>;

Path in which to create the user.

property permissionsBoundary

public permissionsBoundary: pulumi.Output<string | undefined>;

The ARN of the policy that is used to set the permissions boundary for the user.

property uniqueId

public uniqueId: pulumi.Output<string>;

The [unique ID][1] assigned by AWS.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

class UserGroupMembership

Provides a resource for adding an [IAM User][2] to [IAM Groups][1]. This resource can be used multiple times with the same user for non-overlapping groups.

To exclusively manage the users in a group, see the [aws_iam_group_membership resource][3].

constructor

new UserGroupMembership(name: string, args: UserGroupMembershipArgs, opts?: pulumi.CustomResourceOptions)

Create a UserGroupMembership resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserGroupMembershipState): UserGroupMembership

Get an existing UserGroupMembership resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property groups

public groups: pulumi.Output<string[]>;

A list of [IAM Groups][1] to add the user to

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property user

public user: pulumi.Output<string>;

The name of the [IAM User][2] to add to groups

class UserLoginProfile

Provides one-time creation of a IAM user login profile, and uses PGP to encrypt the password for safe transport to the user. PGP keys can be obtained from Keybase.

constructor

new UserLoginProfile(name: string, args: UserLoginProfileArgs, opts?: pulumi.CustomResourceOptions)

Create a UserLoginProfile resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserLoginProfileState): UserLoginProfile

Get an existing UserLoginProfile resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property encryptedPassword

public encryptedPassword: pulumi.Output<string>;

The encrypted password, base64 encoded.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property keyFingerprint

public keyFingerprint: pulumi.Output<string>;

The fingerprint of the PGP key used to encrypt the password

property passwordLength

public passwordLength: pulumi.Output<number | undefined>;

The length of the generated password.

property passwordResetRequired

public passwordResetRequired: pulumi.Output<boolean | undefined>;

Whether the user should be forced to reset the generated password on first login.

property pgpKey

public pgpKey: pulumi.Output<string>;

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property user

public user: pulumi.Output<string>;

The IAM user’s name.

class UserPolicy

Provides an IAM policy attached to a user.

constructor

new UserPolicy(name: string, args: UserPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a UserPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserPolicyState): UserPolicy

Get an existing UserPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the policy. If omitted, Terraform will assign a random, unique name.

property namePrefix

public namePrefix: pulumi.Output<string | undefined>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

property policy

public policy: pulumi.Output<string>;

The policy document. This is a JSON formatted string. The heredoc syntax or file function is helpful here.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property user

public user: pulumi.Output<string>;

IAM user to which to attach this policy.

class UserPolicyAttachment

Attaches a Managed IAM Policy to an IAM user

constructor

new UserPolicyAttachment(name: string, args: UserPolicyAttachmentArgs, opts?: pulumi.CustomResourceOptions)

Create a UserPolicyAttachment resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserPolicyAttachmentState): UserPolicyAttachment

Get an existing UserPolicyAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property policyArn

public policyArn: pulumi.Output<ARN>;

The ARN of the policy you want to apply

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property user

public user: pulumi.Output<User>;

The user the policy should be applied to

const AWSAccountActivityAccess

const AWSAccountActivityAccess: ARN = "arn:aws:iam::aws:policy/AWSAccountActivityAccess";

const AWSAccountUsageReportAccess

const AWSAccountUsageReportAccess: ARN = "arn:aws:iam::aws:policy/AWSAccountUsageReportAccess";

const AWSAgentlessDiscoveryService

const AWSAgentlessDiscoveryService: ARN = "arn:aws:iam::aws:policy/AWSAgentlessDiscoveryService";

const AWSApplicationDiscoveryAgentAccess

const AWSApplicationDiscoveryAgentAccess: ARN = "arn:aws:iam::aws:policy/AWSApplicationDiscoveryAgentAccess";

const AWSApplicationDiscoveryServiceFullAccess

const AWSApplicationDiscoveryServiceFullAccess: ARN = "arn:aws:iam::aws:policy/AWSApplicationDiscoveryServiceFullAccess";

const AWSBatchFullAccess

const AWSBatchFullAccess: ARN = "arn:aws:iam::aws:policy/AWSBatchFullAccess";

const AWSBatchServiceRole

const AWSBatchServiceRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole";

const AWSCertificateManagerFullAccess

const AWSCertificateManagerFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCertificateManagerFullAccess";

const AWSCertificateManagerReadOnly

const AWSCertificateManagerReadOnly: ARN = "arn:aws:iam::aws:policy/AWSCertificateManagerReadOnly";

const AWSCloudFormationReadOnlyAccess

const AWSCloudFormationReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSCloudFormationReadOnlyAccess";

const AWSCloudHSMFullAccess

const AWSCloudHSMFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCloudHSMFullAccess";

const AWSCloudHSMReadOnlyAccess

const AWSCloudHSMReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSCloudHSMReadOnlyAccess";

const AWSCloudHSMRole

const AWSCloudHSMRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSCloudHSMRole";

const AWSCloudTrailFullAccess

const AWSCloudTrailFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCloudTrailFullAccess";

const AWSCloudTrailReadOnlyAccess

const AWSCloudTrailReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSCloudTrailReadOnlyAccess";

const AWSCodeBuildAdminAccess

const AWSCodeBuildAdminAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess";

const AWSCodeBuildDeveloperAccess

const AWSCodeBuildDeveloperAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess";

const AWSCodeBuildReadOnlyAccess

const AWSCodeBuildReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeBuildReadOnlyAccess";

const AWSCodeCommitFullAccess

const AWSCodeCommitFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeCommitFullAccess";

const AWSCodeCommitPowerUser

const AWSCodeCommitPowerUser: ARN = "arn:aws:iam::aws:policy/AWSCodeCommitPowerUser";

const AWSCodeCommitReadOnly

const AWSCodeCommitReadOnly: ARN = "arn:aws:iam::aws:policy/AWSCodeCommitReadOnly";

const AWSCodeDeployDeployerAccess

const AWSCodeDeployDeployerAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess";

const AWSCodeDeployFullAccess

const AWSCodeDeployFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeDeployFullAccess";

const AWSCodeDeployReadOnlyAccess

const AWSCodeDeployReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeDeployReadOnlyAccess";

const AWSCodeDeployRole

const AWSCodeDeployRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole";

const AWSCodePipelineApproverAccess

const AWSCodePipelineApproverAccess: ARN = "arn:aws:iam::aws:policy/AWSCodePipelineApproverAccess";

const AWSCodePipelineCustomActionAccess

const AWSCodePipelineCustomActionAccess: ARN = "arn:aws:iam::aws:policy/AWSCodePipelineCustomActionAccess";

const AWSCodePipelineFullAccess

const AWSCodePipelineFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCodePipelineFullAccess";

const AWSCodePipelineReadOnlyAccess

const AWSCodePipelineReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSCodePipelineReadOnlyAccess";

const AWSCodeStarFullAccess

const AWSCodeStarFullAccess: ARN = "arn:aws:iam::aws:policy/AWSCodeStarFullAccess";

const AWSCodeStarServiceRole

const AWSCodeStarServiceRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSCodeStarServiceRole";

const AWSConfigRole

const AWSConfigRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSConfigRole";

const AWSConfigRulesExecutionRole

const AWSConfigRulesExecutionRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSConfigRulesExecutionRole";

const AWSConfigUserAccess

const AWSConfigUserAccess: ARN = "arn:aws:iam::aws:policy/AWSConfigUserAccess";

const AWSConnector

const AWSConnector: ARN = "arn:aws:iam::aws:policy/AWSConnector";

const AWSDataPipelineRole

const AWSDataPipelineRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSDataPipelineRole";

const AWSDataPipeline_FullAccess

const AWSDataPipeline_FullAccess: ARN = "arn:aws:iam::aws:policy/AWSDataPipeline_FullAccess";

const AWSDataPipeline_PowerUser

const AWSDataPipeline_PowerUser: ARN = "arn:aws:iam::aws:policy/AWSDataPipeline_PowerUser";

const AWSDeviceFarmFullAccess

const AWSDeviceFarmFullAccess: ARN = "arn:aws:iam::aws:policy/AWSDeviceFarmFullAccess";

const AWSDirectConnectFullAccess

const AWSDirectConnectFullAccess: ARN = "arn:aws:iam::aws:policy/AWSDirectConnectFullAccess";

const AWSDirectConnectReadOnlyAccess

const AWSDirectConnectReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSDirectConnectReadOnlyAccess";

const AWSDirectoryServiceFullAccess

const AWSDirectoryServiceFullAccess: ARN = "arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess";

const AWSDirectoryServiceReadOnlyAccess

const AWSDirectoryServiceReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSDirectoryServiceReadOnlyAccess";

const AWSElasticBeanstalkCustomPlatformforEC2Role

const AWSElasticBeanstalkCustomPlatformforEC2Role: ARN = "arn:aws:iam::aws:policy/AWSElasticBeanstalkCustomPlatformforEC2Role";

const AWSElasticBeanstalkEnhancedHealth

const AWSElasticBeanstalkEnhancedHealth: ARN = "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkEnhancedHealth";

const AWSElasticBeanstalkFullAccess

const AWSElasticBeanstalkFullAccess: ARN = "arn:aws:iam::aws:policy/AWSElasticBeanstalkFullAccess";

const AWSElasticBeanstalkMulticontainerDocker

const AWSElasticBeanstalkMulticontainerDocker: ARN = "arn:aws:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker";

const AWSElasticBeanstalkReadOnlyAccess

const AWSElasticBeanstalkReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSElasticBeanstalkReadOnlyAccess";

const AWSElasticBeanstalkService

const AWSElasticBeanstalkService: ARN = "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkService";

const AWSElasticBeanstalkWebTier

const AWSElasticBeanstalkWebTier: ARN = "arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier";

const AWSElasticBeanstalkWorkerTier

const AWSElasticBeanstalkWorkerTier: ARN = "arn:aws:iam::aws:policy/AWSElasticBeanstalkWorkerTier";

const AWSGreengrassFullAccess

const AWSGreengrassFullAccess: ARN = "arn:aws:iam::aws:policy/AWSGreengrassFullAccess";

const AWSGreengrassResourceAccessRolePolicy

const AWSGreengrassResourceAccessRolePolicy: ARN = "arn:aws:iam::aws:policy/service-role/AWSGreengrassResourceAccessRolePolicy";

const AWSHealthFullAccess

const AWSHealthFullAccess: ARN = "arn:aws:iam::aws:policy/AWSHealthFullAccess";

const AWSImportExportFullAccess

const AWSImportExportFullAccess: ARN = "arn:aws:iam::aws:policy/AWSImportExportFullAccess";

const AWSImportExportReadOnlyAccess

const AWSImportExportReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSImportExportReadOnlyAccess";

const AWSIoTConfigAccess

const AWSIoTConfigAccess: ARN = "arn:aws:iam::aws:policy/AWSIoTConfigAccess";

const AWSIoTConfigReadOnlyAccess

const AWSIoTConfigReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSIoTConfigReadOnlyAccess";

const AWSIoTDataAccess

const AWSIoTDataAccess: ARN = "arn:aws:iam::aws:policy/AWSIoTDataAccess";

const AWSIoTFullAccess

const AWSIoTFullAccess: ARN = "arn:aws:iam::aws:policy/AWSIoTFullAccess";

const AWSIoTLogging

const AWSIoTLogging: ARN = "arn:aws:iam::aws:policy/service-role/AWSIoTLogging";

const AWSIoTRuleActions

const AWSIoTRuleActions: ARN = "arn:aws:iam::aws:policy/service-role/AWSIoTRuleActions";

const AWSKeyManagementServicePowerUser

const AWSKeyManagementServicePowerUser: ARN = "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser";

const AWSLambdaBasicExecutionRole

const AWSLambdaBasicExecutionRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole";

const AWSLambdaDynamoDBExecutionRole

const AWSLambdaDynamoDBExecutionRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole";

const AWSLambdaENIManagementAccess

const AWSLambdaENIManagementAccess: ARN = "arn:aws:iam::aws:policy/service-role/AWSLambdaENIManagementAccess";

const AWSLambdaExecute

const AWSLambdaExecute: ARN = "arn:aws:iam::aws:policy/AWSLambdaExecute";

const AWSLambdaFullAccess

const AWSLambdaFullAccess: ARN = "arn:aws:iam::aws:policy/AWSLambdaFullAccess";

const AWSLambdaInvocationDynamoDB

const AWSLambdaInvocationDynamoDB: ARN = "arn:aws:iam::aws:policy/AWSLambdaInvocation-DynamoDB";

const AWSLambdaKinesisExecutionRole

const AWSLambdaKinesisExecutionRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSLambdaKinesisExecutionRole";

const AWSLambdaReadOnlyAccess

const AWSLambdaReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSLambdaReadOnlyAccess";

const AWSLambdaRole

const AWSLambdaRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSLambdaRole";

const AWSLambdaVPCAccessExecutionRole

const AWSLambdaVPCAccessExecutionRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole";

const AWSMarketplaceFullAccess

const AWSMarketplaceFullAccess: ARN = "arn:aws:iam::aws:policy/AWSMarketplaceFullAccess";

const AWSMarketplaceGetEntitlements

const AWSMarketplaceGetEntitlements: ARN = "arn:aws:iam::aws:policy/AWSMarketplaceGetEntitlements";

const AWSMarketplaceManageSubscriptions

const AWSMarketplaceManageSubscriptions: ARN = "arn:aws:iam::aws:policy/AWSMarketplaceManageSubscriptions";

const AWSMarketplaceMeteringFullAccess

const AWSMarketplaceMeteringFullAccess: ARN = "arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess";

const AWSMarketplaceReadonly

const AWSMarketplaceReadonly: ARN = "arn:aws:iam::aws:policy/AWSMarketplaceRead-only";

const AWSMobileHub_FullAccess

const AWSMobileHub_FullAccess: ARN = "arn:aws:iam::aws:policy/AWSMobileHub_FullAccess";

const AWSMobileHub_ReadOnly

const AWSMobileHub_ReadOnly: ARN = "arn:aws:iam::aws:policy/AWSMobileHub_ReadOnly";

const AWSMobileHub_ServiceUseOnly

const AWSMobileHub_ServiceUseOnly: ARN = "arn:aws:iam::aws:policy/service-role/AWSMobileHub_ServiceUseOnly";

const AWSOpsWorksCMInstanceProfileRole

const AWSOpsWorksCMInstanceProfileRole: ARN = "arn:aws:iam::aws:policy/AWSOpsWorksCMInstanceProfileRole";

const AWSOpsWorksCMServiceRole

const AWSOpsWorksCMServiceRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSOpsWorksCMServiceRole";

const AWSOpsWorksCloudWatchLogs

const AWSOpsWorksCloudWatchLogs: ARN = "arn:aws:iam::aws:policy/AWSOpsWorksCloudWatchLogs";

const AWSOpsWorksFullAccess

const AWSOpsWorksFullAccess: ARN = "arn:aws:iam::aws:policy/AWSOpsWorksFullAccess";

const AWSOpsWorksInstanceRegistration

const AWSOpsWorksInstanceRegistration: ARN = "arn:aws:iam::aws:policy/AWSOpsWorksInstanceRegistration";

const AWSOpsWorksRegisterCLI

const AWSOpsWorksRegisterCLI: ARN = "arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI";

const AWSOpsWorksRole

const AWSOpsWorksRole: ARN = "arn:aws:iam::aws:policy/service-role/AWSOpsWorksRole";

const AWSQuickSightDescribeRDS

const AWSQuickSightDescribeRDS: ARN = "arn:aws:iam::aws:policy/service-role/AWSQuickSightDescribeRDS";

const AWSQuickSightDescribeRedshift

const AWSQuickSightDescribeRedshift: ARN = "arn:aws:iam::aws:policy/service-role/AWSQuickSightDescribeRedshift";

const AWSQuickSightListIAM

const AWSQuickSightListIAM: ARN = "arn:aws:iam::aws:policy/service-role/AWSQuickSightListIAM";

const AWSQuicksightAthenaAccess

const AWSQuicksightAthenaAccess: ARN = "arn:aws:iam::aws:policy/service-role/AWSQuicksightAthenaAccess";

const AWSStepFunctionsConsoleFullAccess

const AWSStepFunctionsConsoleFullAccess: ARN = "arn:aws:iam::aws:policy/AWSStepFunctionsConsoleFullAccess";

const AWSStepFunctionsFullAccess

const AWSStepFunctionsFullAccess: ARN = "arn:aws:iam::aws:policy/AWSStepFunctionsFullAccess";

const AWSStepFunctionsReadOnlyAccess

const AWSStepFunctionsReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSStepFunctionsReadOnlyAccess";

const AWSStorageGatewayFullAccess

const AWSStorageGatewayFullAccess: ARN = "arn:aws:iam::aws:policy/AWSStorageGatewayFullAccess";

const AWSStorageGatewayReadOnlyAccess

const AWSStorageGatewayReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSStorageGatewayReadOnlyAccess";

const AWSSupportAccess

const AWSSupportAccess: ARN = "arn:aws:iam::aws:policy/AWSSupportAccess";

const AWSWAFFullAccess

const AWSWAFFullAccess: ARN = "arn:aws:iam::aws:policy/AWSWAFFullAccess";

const AWSWAFReadOnlyAccess

const AWSWAFReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSWAFReadOnlyAccess";

const AWSXrayFullAccess

const AWSXrayFullAccess: ARN = "arn:aws:iam::aws:policy/AWSXrayFullAccess";

const AWSXrayReadOnlyAccess

const AWSXrayReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSXrayReadOnlyAccess";

const AWSXrayWriteOnlyAccess

const AWSXrayWriteOnlyAccess: ARN = "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess";

const AdministratorAccess

const AdministratorAccess: ARN = "arn:aws:iam::aws:policy/AdministratorAccess";

const AmazonAPIGatewayAdministrator

const AmazonAPIGatewayAdministrator: ARN = "arn:aws:iam::aws:policy/AmazonAPIGatewayAdministrator";

const AmazonAPIGatewayInvokeFullAccess

const AmazonAPIGatewayInvokeFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess";

const AmazonAPIGatewayPushToCloudWatchLogs

const AmazonAPIGatewayPushToCloudWatchLogs: ARN = "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs";

const AmazonAppStreamFullAccess

const AmazonAppStreamFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonAppStreamFullAccess";

const AmazonAppStreamReadOnlyAccess

const AmazonAppStreamReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonAppStreamReadOnlyAccess";

const AmazonAppStreamServiceAccess

const AmazonAppStreamServiceAccess: ARN = "arn:aws:iam::aws:policy/service-role/AmazonAppStreamServiceAccess";

const AmazonAthenaFullAccess

const AmazonAthenaFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonAthenaFullAccess";

const AmazonCloudDirectoryFullAccess

const AmazonCloudDirectoryFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonCloudDirectoryFullAccess";

const AmazonCloudDirectoryReadOnlyAccess

const AmazonCloudDirectoryReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonCloudDirectoryReadOnlyAccess";

const AmazonCognitoDeveloperAuthenticatedIdentities

const AmazonCognitoDeveloperAuthenticatedIdentities: ARN = "arn:aws:iam::aws:policy/AmazonCognitoDeveloperAuthenticatedIdentities";

const AmazonCognitoPowerUser

const AmazonCognitoPowerUser: ARN = "arn:aws:iam::aws:policy/AmazonCognitoPowerUser";

const AmazonCognitoReadOnly

const AmazonCognitoReadOnly: ARN = "arn:aws:iam::aws:policy/AmazonCognitoReadOnly";

const AmazonDMSCloudWatchLogsRole

const AmazonDMSCloudWatchLogsRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole";

const AmazonDMSRedshiftS3Role

const AmazonDMSRedshiftS3Role: ARN = "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role";

const AmazonDMSVPCManagementRole

const AmazonDMSVPCManagementRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole";

const AmazonDRSVPCManagement

const AmazonDRSVPCManagement: ARN = "arn:aws:iam::aws:policy/AmazonDRSVPCManagement";

const AmazonDynamoDBFullAccess

const AmazonDynamoDBFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess";

const AmazonDynamoDBFullAccesswithDataPipeline

const AmazonDynamoDBFullAccesswithDataPipeline: ARN = "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccesswithDataPipeline";

const AmazonDynamoDBReadOnlyAccess

const AmazonDynamoDBReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess";

const AmazonEC2ContainerRegistryFullAccess

const AmazonEC2ContainerRegistryFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess";

const AmazonEC2ContainerRegistryPowerUser

const AmazonEC2ContainerRegistryPowerUser: ARN = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPowerUser";

const AmazonEC2ContainerRegistryReadOnly

const AmazonEC2ContainerRegistryReadOnly: ARN = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly";

const AmazonEC2ContainerServiceAutoscaleRole

const AmazonEC2ContainerServiceAutoscaleRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceAutoscaleRole";

const AmazonEC2ContainerServiceFullAccess

const AmazonEC2ContainerServiceFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonEC2ContainerServiceFullAccess";

const AmazonEC2ContainerServiceRole

const AmazonEC2ContainerServiceRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole";

const AmazonEC2ContainerServiceforEC2Role

const AmazonEC2ContainerServiceforEC2Role: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role";

const AmazonEC2FullAccess

const AmazonEC2FullAccess: ARN = "arn:aws:iam::aws:policy/AmazonEC2FullAccess";

const AmazonEC2ReadOnlyAccess

const AmazonEC2ReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess";

const AmazonEC2ReportsAccess

const AmazonEC2ReportsAccess: ARN = "arn:aws:iam::aws:policy/AmazonEC2ReportsAccess";

const AmazonEC2RoleforAWSCodeDeploy

const AmazonEC2RoleforAWSCodeDeploy: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeploy";

const AmazonEC2RoleforDataPipelineRole

const AmazonEC2RoleforDataPipelineRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforDataPipelineRole";

const AmazonEC2RoleforSSM

const AmazonEC2RoleforSSM: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM";

const AmazonEC2SpotFleetAutoscaleRole

const AmazonEC2SpotFleetAutoscaleRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetAutoscaleRole";

const AmazonEC2SpotFleetRole

const AmazonEC2SpotFleetRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetRole";

const AmazonESFullAccess

const AmazonESFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonESFullAccess";

const AmazonESReadOnlyAccess

const AmazonESReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonESReadOnlyAccess";

const AmazonElastiCacheFullAccess

const AmazonElastiCacheFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonElastiCacheFullAccess";

const AmazonElastiCacheReadOnlyAccess

const AmazonElastiCacheReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess";

const AmazonElasticFileSystemFullAccess

const AmazonElasticFileSystemFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess";

const AmazonElasticFileSystemReadOnlyAccess

const AmazonElasticFileSystemReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonElasticFileSystemReadOnlyAccess";

const AmazonElasticMapReduceFullAccess

const AmazonElasticMapReduceFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonElasticMapReduceFullAccess";

const AmazonElasticMapReduceReadOnlyAccess

const AmazonElasticMapReduceReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonElasticMapReduceReadOnlyAccess";

const AmazonElasticMapReduceRole

const AmazonElasticMapReduceRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole";

const AmazonElasticMapReduceforAutoScalingRole

const AmazonElasticMapReduceforAutoScalingRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforAutoScalingRole";

const AmazonElasticMapReduceforEC2Role

const AmazonElasticMapReduceforEC2Role: ARN = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role";

const AmazonElasticTranscoderFullAccess

const AmazonElasticTranscoderFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonElasticTranscoderFullAccess";

const AmazonElasticTranscoderJobsSubmitter

const AmazonElasticTranscoderJobsSubmitter: ARN = "arn:aws:iam::aws:policy/AmazonElasticTranscoderJobsSubmitter";

const AmazonElasticTranscoderReadOnlyAccess

const AmazonElasticTranscoderReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonElasticTranscoderReadOnlyAccess";

const AmazonElasticTranscoderRole

const AmazonElasticTranscoderRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonElasticTranscoderRole";

const AmazonGlacierFullAccess

const AmazonGlacierFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonGlacierFullAccess";

const AmazonGlacierReadOnlyAccess

const AmazonGlacierReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonGlacierReadOnlyAccess";

const AmazonInspectorFullAccess

const AmazonInspectorFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonInspectorFullAccess";

const AmazonInspectorReadOnlyAccess

const AmazonInspectorReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonInspectorReadOnlyAccess";

const AmazonKinesisAnalyticsFullAccess

const AmazonKinesisAnalyticsFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonKinesisAnalyticsFullAccess";

const AmazonKinesisAnalyticsReadOnly

const AmazonKinesisAnalyticsReadOnly: ARN = "arn:aws:iam::aws:policy/AmazonKinesisAnalyticsReadOnly";

const AmazonKinesisFirehoseFullAccess

const AmazonKinesisFirehoseFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonKinesisFirehoseFullAccess";

const AmazonKinesisFirehoseReadOnlyAccess

const AmazonKinesisFirehoseReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonKinesisFirehoseReadOnlyAccess";

const AmazonKinesisFullAccess

const AmazonKinesisFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonKinesisFullAccess";

const AmazonKinesisReadOnlyAccess

const AmazonKinesisReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonKinesisReadOnlyAccess";

const AmazonLexFullAccess

const AmazonLexFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonLexFullAccess";

const AmazonLexReadOnly

const AmazonLexReadOnly: ARN = "arn:aws:iam::aws:policy/AmazonLexReadOnly";

const AmazonLexRunBotsOnly

const AmazonLexRunBotsOnly: ARN = "arn:aws:iam::aws:policy/AmazonLexRunBotsOnly";

const AmazonMachineLearningBatchPredictionsAccess

const AmazonMachineLearningBatchPredictionsAccess: ARN = "arn:aws:iam::aws:policy/AmazonMachineLearningBatchPredictionsAccess";

const AmazonMachineLearningCreateOnlyAccess

const AmazonMachineLearningCreateOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonMachineLearningCreateOnlyAccess";

const AmazonMachineLearningFullAccess

const AmazonMachineLearningFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonMachineLearningFullAccess";

const AmazonMachineLearningManageRealTimeEndpointOnlyAccess

const AmazonMachineLearningManageRealTimeEndpointOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonMachineLearningManageRealTimeEndpointOnlyAccess";

const AmazonMachineLearningReadOnlyAccess

const AmazonMachineLearningReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonMachineLearningReadOnlyAccess";

const AmazonMachineLearningRealTimePredictionOnlyAccess

const AmazonMachineLearningRealTimePredictionOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonMachineLearningRealTimePredictionOnlyAccess";

const AmazonMachineLearningRoleforRedshiftDataSource

const AmazonMachineLearningRoleforRedshiftDataSource: ARN = "arn:aws:iam::aws:policy/service-role/AmazonMachineLearningRoleforRedshiftDataSource";

const AmazonMechanicalTurkFullAccess

const AmazonMechanicalTurkFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonMechanicalTurkFullAccess";

const AmazonMechanicalTurkReadOnly

const AmazonMechanicalTurkReadOnly: ARN = "arn:aws:iam::aws:policy/AmazonMechanicalTurkReadOnly";

const AmazonMobileAnalyticsFinancialReportAccess

const AmazonMobileAnalyticsFinancialReportAccess: ARN = "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFinancialReportAccess";

const AmazonMobileAnalyticsFullAccess

const AmazonMobileAnalyticsFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFullAccess";

const AmazonMobileAnalyticsNonfinancialReportAccess

const AmazonMobileAnalyticsNonfinancialReportAccess: ARN = "arn:aws:iam::aws:policy/AmazonMobileAnalyticsNon-financialReportAccess";

const AmazonMobileAnalyticsWriteOnlyAccess

const AmazonMobileAnalyticsWriteOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonMobileAnalyticsWriteOnlyAccess";

const AmazonPollyFullAccess

const AmazonPollyFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonPollyFullAccess";

const AmazonPollyReadOnlyAccess

const AmazonPollyReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonPollyReadOnlyAccess";

const AmazonRDSDirectoryServiceAccess

const AmazonRDSDirectoryServiceAccess: ARN = "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess";

const AmazonRDSEnhancedMonitoringRole

const AmazonRDSEnhancedMonitoringRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole";

const AmazonRDSFullAccess

const AmazonRDSFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonRDSFullAccess";

const AmazonRDSReadOnlyAccess

const AmazonRDSReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonRDSReadOnlyAccess";

const AmazonRedshiftFullAccess

const AmazonRedshiftFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonRedshiftFullAccess";

const AmazonRedshiftReadOnlyAccess

const AmazonRedshiftReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonRedshiftReadOnlyAccess";

const AmazonRekognitionFullAccess

const AmazonRekognitionFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonRekognitionFullAccess";

const AmazonRekognitionReadOnlyAccess

const AmazonRekognitionReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonRekognitionReadOnlyAccess";

const AmazonRoute53DomainsFullAccess

const AmazonRoute53DomainsFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonRoute53DomainsFullAccess";

const AmazonRoute53DomainsReadOnlyAccess

const AmazonRoute53DomainsReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonRoute53DomainsReadOnlyAccess";

const AmazonRoute53FullAccess

const AmazonRoute53FullAccess: ARN = "arn:aws:iam::aws:policy/AmazonRoute53FullAccess";

const AmazonRoute53ReadOnlyAccess

const AmazonRoute53ReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonRoute53ReadOnlyAccess";

const AmazonS3FullAccess

const AmazonS3FullAccess: ARN = "arn:aws:iam::aws:policy/AmazonS3FullAccess";

const AmazonS3ReadOnlyAccess

const AmazonS3ReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess";

const AmazonSESFullAccess

const AmazonSESFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonSESFullAccess";

const AmazonSESReadOnlyAccess

const AmazonSESReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonSESReadOnlyAccess";

const AmazonSNSFullAccess

const AmazonSNSFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonSNSFullAccess";

const AmazonSNSReadOnlyAccess

const AmazonSNSReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonSNSReadOnlyAccess";

const AmazonSNSRole

const AmazonSNSRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonSNSRole";

const AmazonSQSFullAccess

const AmazonSQSFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonSQSFullAccess";

const AmazonSQSReadOnlyAccess

const AmazonSQSReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonSQSReadOnlyAccess";

const AmazonSSMAutomationRole

const AmazonSSMAutomationRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonSSMAutomationRole";

const AmazonSSMFullAccess

const AmazonSSMFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonSSMFullAccess";

const AmazonSSMMaintenanceWindowRole

const AmazonSSMMaintenanceWindowRole: ARN = "arn:aws:iam::aws:policy/service-role/AmazonSSMMaintenanceWindowRole";

const AmazonSSMReadOnlyAccess

const AmazonSSMReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess";

const AmazonVPCFullAccess

const AmazonVPCFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonVPCFullAccess";

const AmazonVPCReadOnlyAccess

const AmazonVPCReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonVPCReadOnlyAccess";

const AmazonWorkMailFullAccess

const AmazonWorkMailFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonWorkMailFullAccess";

const AmazonWorkMailReadOnlyAccess

const AmazonWorkMailReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonWorkMailReadOnlyAccess";

const AmazonWorkSpacesAdmin

const AmazonWorkSpacesAdmin: ARN = "arn:aws:iam::aws:policy/AmazonWorkSpacesAdmin";

const AmazonWorkSpacesApplicationManagerAdminAccess

const AmazonWorkSpacesApplicationManagerAdminAccess: ARN = "arn:aws:iam::aws:policy/AmazonWorkSpacesApplicationManagerAdminAccess";

const AmazonZocaloFullAccess

const AmazonZocaloFullAccess: ARN = "arn:aws:iam::aws:policy/AmazonZocaloFullAccess";

const AmazonZocaloReadOnlyAccess

const AmazonZocaloReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AmazonZocaloReadOnlyAccess";

const ApplicationAutoScalingForAmazonAppStreamAccess

const ApplicationAutoScalingForAmazonAppStreamAccess: ARN = "arn:aws:iam::aws:policy/service-role/ApplicationAutoScalingForAmazonAppStreamAccess";

const AutoScalingConsoleFullAccess

const AutoScalingConsoleFullAccess: ARN = "arn:aws:iam::aws:policy/AutoScalingConsoleFullAccess";

const AutoScalingConsoleReadOnlyAccess

const AutoScalingConsoleReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AutoScalingConsoleReadOnlyAccess";

const AutoScalingFullAccess

const AutoScalingFullAccess: ARN = "arn:aws:iam::aws:policy/AutoScalingFullAccess";

const AutoScalingNotificationAccessRole

const AutoScalingNotificationAccessRole: ARN = "arn:aws:iam::aws:policy/service-role/AutoScalingNotificationAccessRole";

const AutoScalingReadOnlyAccess

const AutoScalingReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/AutoScalingReadOnlyAccess";

const Billing

const Billing: ARN = "arn:aws:iam::aws:policy/job-function/Billing";

const CloudFrontFullAccess

const CloudFrontFullAccess: ARN = "arn:aws:iam::aws:policy/CloudFrontFullAccess";

const CloudFrontReadOnlyAccess

const CloudFrontReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/CloudFrontReadOnlyAccess";

const CloudSearchFullAccess

const CloudSearchFullAccess: ARN = "arn:aws:iam::aws:policy/CloudSearchFullAccess";

const CloudSearchReadOnlyAccess

const CloudSearchReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/CloudSearchReadOnlyAccess";

const CloudWatchActionsEC2Access

const CloudWatchActionsEC2Access: ARN = "arn:aws:iam::aws:policy/CloudWatchActionsEC2Access";

const CloudWatchEventsBuiltInTargetExecutionAccess

const CloudWatchEventsBuiltInTargetExecutionAccess: ARN = "arn:aws:iam::aws:policy/service-role/CloudWatchEventsBuiltInTargetExecutionAccess";

const CloudWatchEventsFullAccess

const CloudWatchEventsFullAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchEventsFullAccess";

const CloudWatchEventsInvocationAccess

const CloudWatchEventsInvocationAccess: ARN = "arn:aws:iam::aws:policy/service-role/CloudWatchEventsInvocationAccess";

const CloudWatchEventsReadOnlyAccess

const CloudWatchEventsReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchEventsReadOnlyAccess";

const CloudWatchFullAccess

const CloudWatchFullAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchFullAccess";

const CloudWatchLogsFullAccess

const CloudWatchLogsFullAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess";

const CloudWatchLogsReadOnlyAccess

const CloudWatchLogsReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess";

const CloudWatchReadOnlyAccess

const CloudWatchReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess";

const DataScientist

const DataScientist: ARN = "arn:aws:iam::aws:policy/job-function/DataScientist";

const DatabaseAdministrator

const DatabaseAdministrator: ARN = "arn:aws:iam::aws:policy/job-function/DatabaseAdministrator";

const IAMFullAccess

const IAMFullAccess: ARN = "arn:aws:iam::aws:policy/IAMFullAccess";

const IAMReadOnlyAccess

const IAMReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/IAMReadOnlyAccess";

const IAMSelfManageServiceSpecificCredentials

const IAMSelfManageServiceSpecificCredentials: ARN = "arn:aws:iam::aws:policy/IAMSelfManageServiceSpecificCredentials";

const IAMUserChangePassword

const IAMUserChangePassword: ARN = "arn:aws:iam::aws:policy/IAMUserChangePassword";

const IAMUserSSHKeys

const IAMUserSSHKeys: ARN = "arn:aws:iam::aws:policy/IAMUserSSHKeys";

const NetworkAdministrator

const NetworkAdministrator: ARN = "arn:aws:iam::aws:policy/job-function/NetworkAdministrator";

const PowerUserAccess

const PowerUserAccess: ARN = "arn:aws:iam::aws:policy/PowerUserAccess";

const RDSCloudHsmAuthorizationRole

const RDSCloudHsmAuthorizationRole: ARN = "arn:aws:iam::aws:policy/service-role/RDSCloudHsmAuthorizationRole";

const ReadOnlyAccess

const ReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/ReadOnlyAccess";

const ResourceGroupsandTagEditorFullAccess

const ResourceGroupsandTagEditorFullAccess: ARN = "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorFullAccess";

const ResourceGroupsandTagEditorReadOnlyAccess

const ResourceGroupsandTagEditorReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorReadOnlyAccess";

const SecurityAudit

const SecurityAudit: ARN = "arn:aws:iam::aws:policy/SecurityAudit";

const ServerMigrationConnector

const ServerMigrationConnector: ARN = "arn:aws:iam::aws:policy/ServerMigrationConnector";

const ServerMigrationServiceRole

const ServerMigrationServiceRole: ARN = "arn:aws:iam::aws:policy/service-role/ServerMigrationServiceRole";

const ServiceCatalogAdminFullAccess

const ServiceCatalogAdminFullAccess: ARN = "arn:aws:iam::aws:policy/ServiceCatalogAdminFullAccess";

const ServiceCatalogAdminReadOnlyAccess

const ServiceCatalogAdminReadOnlyAccess: ARN = "arn:aws:iam::aws:policy/ServiceCatalogAdminReadOnlyAccess";

const ServiceCatalogEndUserAccess

const ServiceCatalogEndUserAccess: ARN = "arn:aws:iam::aws:policy/ServiceCatalogEndUserAccess";

const ServiceCatalogEndUserFullAccess

const ServiceCatalogEndUserFullAccess: ARN = "arn:aws:iam::aws:policy/ServiceCatalogEndUserFullAccess";

const SimpleWorkflowFullAccess

const SimpleWorkflowFullAccess: ARN = "arn:aws:iam::aws:policy/SimpleWorkflowFullAccess";

const SupportUser

const SupportUser: ARN = "arn:aws:iam::aws:policy/job-function/SupportUser";

const SystemAdministrator

const SystemAdministrator: ARN = "arn:aws:iam::aws:policy/job-function/SystemAdministrator";

const VMImportExportRoleForAWSConnector

const VMImportExportRoleForAWSConnector: ARN = "arn:aws:iam::aws:policy/service-role/VMImportExportRoleForAWSConnector";

const ViewOnlyAccess

const ViewOnlyAccess: ARN = "arn:aws:iam::aws:policy/job-function/ViewOnlyAccess";

function assumeRolePolicyForPrincipal

assumeRolePolicyForPrincipal(principal: Principal): PolicyDocument

assumeRolePolicyForPrincipal returns a well-formed policy document which can be used to control which principals may assume an IAM Role, by granting the sts:AssumeRole action to those principals.

function getAccountAlias

getAccountAlias(opts?: pulumi.InvokeOptions): Promise<GetAccountAliasResult>

The IAM Account Alias data source allows access to the account alias for the effective account in which Terraform is working.

function getGroup

getGroup(args: GetGroupArgs, opts?: pulumi.InvokeOptions): Promise<GetGroupResult>

This data source can be used to fetch information about a specific IAM group. By using this data source, you can reference IAM group properties without having to hard code ARNs as input.

function getInstanceProfile

getInstanceProfile(args: GetInstanceProfileArgs, opts?: pulumi.InvokeOptions): Promise<GetInstanceProfileResult>

This data source can be used to fetch information about a specific IAM instance profile. By using this data source, you can reference IAM instance profile properties without having to hard code ARNs as input.

function getPolicy

getPolicy(args: GetPolicyArgs, opts?: pulumi.InvokeOptions): Promise<GetPolicyResult>

This data source can be used to fetch information about a specific IAM policy.

function getPolicyDocument

getPolicyDocument(args: GetPolicyDocumentArgs, opts?: pulumi.InvokeOptions): Promise<GetPolicyDocumentResult>

Generates an IAM policy document in JSON format.

This is a data source which can be used to construct a JSON representation of an IAM policy document, for use with resources which expect policy documents, such as the aws_iam_policy resource.

data "aws_iam_policy_document" "example" {
  statement {
    sid = "1"

    actions = [
      "s3:ListAllMyBuckets",
      "s3:GetBucketLocation",
    ]

    resources = [
      "arn:aws:s3:::*",
    ]
  }

  statement {
    actions = [
      "s3:ListBucket",
    ]

    resources = [
      "arn:aws:s3:::${var.s3_bucket_name}",
    ]

    condition {
      test     = "StringLike"
      variable = "s3:prefix"

      values = [
        "",
        "home/",
        "home/&{aws:username}/",
      ]
    }
  }

  statement {
    actions = [
      "s3:*",
    ]

    resources = [
      "arn:aws:s3:::${var.s3_bucket_name}/home/&{aws:username}",
      "arn:aws:s3:::${var.s3_bucket_name}/home/&{aws:username}/*",
    ]
  }
}

resource "aws_iam_policy" "example" {
  name   = "example_policy"
  path   = "/"
  policy = "${data.aws_iam_policy_document.example.json}"
}

Using this data source to generate policy documents is optional. It is also valid to use literal JSON strings within your configuration, or to use the file interpolation function to read a raw JSON policy document from a file.

function getRole

getRole(args?: GetRoleArgs, opts?: pulumi.InvokeOptions): Promise<GetRoleResult>

This data source can be used to fetch information about a specific IAM role. By using this data source, you can reference IAM role properties without having to hard code ARNs as input.

function getServerCertificate

getServerCertificate(args?: GetServerCertificateArgs, opts?: pulumi.InvokeOptions): Promise<GetServerCertificateResult>

Use this data source to lookup information about IAM Server Certificates.

function getUser

getUser(args: GetUserArgs, opts?: pulumi.InvokeOptions): Promise<GetUserResult>

This data source can be used to fetch information about a specific IAM user. By using this data source, you can reference IAM user properties without having to hard code ARNs or unique IDs as input.

interface AWSPrincipal

property AWS

AWS: string | string[];

interface AccessKeyArgs

The set of arguments for constructing a AccessKey resource.

property pgpKey

pgpKey?: pulumi.Input<string>;

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists.

property user

user: pulumi.Input<string>;

The IAM user to associate with this access key.

interface AccessKeyState

Input properties used for looking up and filtering AccessKey resources.

property encryptedSecret

encryptedSecret?: pulumi.Input<string>;

The encrypted secret, base64 encoded. ~> NOTE: The encrypted secret may be decrypted using the command line, for example: terraform output encrypted_secret | base64 --decode | keybase pgp decrypt.

property keyFingerprint

keyFingerprint?: pulumi.Input<string>;

The fingerprint of the PGP key used to encrypt the secret

property pgpKey

pgpKey?: pulumi.Input<string>;

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists.

property secret

secret?: pulumi.Input<string>;

The secret access key. Note that this will be written to the state file. Please supply a pgp_key instead, which will prevent the secret from being stored in plain text

property sesSmtpPassword

sesSmtpPassword?: pulumi.Input<string>;

The secret access key converted into an SES SMTP password by applying AWS’s documented conversion algorithm.

property status

status?: pulumi.Input<string>;

“Active” or “Inactive”. Keys are initially active, but can be made inactive by other means.

property user

user?: pulumi.Input<string>;

The IAM user to associate with this access key.

interface AccountAliasArgs

The set of arguments for constructing a AccountAlias resource.

property accountAlias

accountAlias: pulumi.Input<string>;

The account alias

interface AccountAliasState

Input properties used for looking up and filtering AccountAlias resources.

property accountAlias

accountAlias?: pulumi.Input<string>;

The account alias

interface AccountPasswordPolicyArgs

The set of arguments for constructing a AccountPasswordPolicy resource.

property allowUsersToChangePassword

allowUsersToChangePassword?: pulumi.Input<boolean>;

Whether to allow users to change their own password

property hardExpiry

hardExpiry?: pulumi.Input<boolean>;

Whether users are prevented from setting a new password after their password has expired (i.e. require administrator reset)

property maxPasswordAge

maxPasswordAge?: pulumi.Input<number>;

The number of days that an user password is valid.

property minimumPasswordLength

minimumPasswordLength?: pulumi.Input<number>;

Minimum length to require for user passwords.

property passwordReusePrevention

passwordReusePrevention?: pulumi.Input<number>;

The number of previous passwords that users are prevented from reusing.

property requireLowercaseCharacters

requireLowercaseCharacters?: pulumi.Input<boolean>;

Whether to require lowercase characters for user passwords.

property requireNumbers

requireNumbers?: pulumi.Input<boolean>;

Whether to require numbers for user passwords.

property requireSymbols

requireSymbols?: pulumi.Input<boolean>;

Whether to require symbols for user passwords.

property requireUppercaseCharacters

requireUppercaseCharacters?: pulumi.Input<boolean>;

Whether to require uppercase characters for user passwords.

interface AccountPasswordPolicyState

Input properties used for looking up and filtering AccountPasswordPolicy resources.

property allowUsersToChangePassword

allowUsersToChangePassword?: pulumi.Input<boolean>;

Whether to allow users to change their own password

property expirePasswords

expirePasswords?: pulumi.Input<boolean>;

Indicates whether passwords in the account expire. Returns true if max_password_age contains a value greater than 0. Returns false if it is 0 or not present.

property hardExpiry

hardExpiry?: pulumi.Input<boolean>;

Whether users are prevented from setting a new password after their password has expired (i.e. require administrator reset)

property maxPasswordAge

maxPasswordAge?: pulumi.Input<number>;

The number of days that an user password is valid.

property minimumPasswordLength

minimumPasswordLength?: pulumi.Input<number>;

Minimum length to require for user passwords.

property passwordReusePrevention

passwordReusePrevention?: pulumi.Input<number>;

The number of previous passwords that users are prevented from reusing.

property requireLowercaseCharacters

requireLowercaseCharacters?: pulumi.Input<boolean>;

Whether to require lowercase characters for user passwords.

property requireNumbers

requireNumbers?: pulumi.Input<boolean>;

Whether to require numbers for user passwords.

property requireSymbols

requireSymbols?: pulumi.Input<boolean>;

Whether to require symbols for user passwords.

property requireUppercaseCharacters

requireUppercaseCharacters?: pulumi.Input<boolean>;

Whether to require uppercase characters for user passwords.

interface ConditionArguments

interface Conditions

interface FederatedPrincipal

property Federated

Federated: string | string[];

interface GetAccountAliasResult

A collection of values returned by getAccountAlias.

property accountAlias

accountAlias: string;

The alias associated with the AWS account.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

interface GetGroupArgs

A collection of arguments for invoking getGroup.

property groupName

groupName: string;

The friendly IAM group name to match.

interface GetGroupResult

A collection of values returned by getGroup.

property arn

arn: string;

The Amazon Resource Name (ARN) specifying the group.

property groupId

groupId: string;

The stable and unique string identifying the group.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property path

path: string;

The path to the group.

interface GetInstanceProfileArgs

A collection of arguments for invoking getInstanceProfile.

property name

name: string;

The friendly IAM instance profile name to match.

interface GetInstanceProfileResult

A collection of values returned by getInstanceProfile.

property arn

arn: string;

The Amazon Resource Name (ARN) specifying the instance profile.

property createDate

createDate: string;

The string representation of the date the instance profile was created.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property path

path: string;

The path to the instance profile.

property roleArn

roleArn: string;

The role arn associated with this instance profile.

property roleId

roleId: string;

The role id associated with this instance profile.

property roleName

roleName: string;

The role name associated with this instance profile.

interface GetPolicyArgs

A collection of arguments for invoking getPolicy.

property arn

arn: string;

ARN of the IAM policy.

interface GetPolicyDocumentArgs

A collection of arguments for invoking getPolicyDocument.

property overrideJson

overrideJson?: string;

An IAM policy document to import and override the current policy document. Statements with non-blank sids in the override document will overwrite statements with the same sid in the current document. Statements without an sid cannot be overwritten.

property policyId

policyId?: string;

An ID for the policy document.

property sourceJson

sourceJson?: string;

An IAM policy document to import as a base for the current policy document. Statements with non-blank sids in the current policy document will overwrite statements with the same sid in the source json. Statements without an sid cannot be overwritten.

property statements

statements: { ... }[];

A nested configuration block (described below) configuring one statement to be included in the policy document.

interface GetPolicyDocumentResult

A collection of values returned by getPolicyDocument.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property json

json: string;

The above arguments serialized as a standard JSON policy document.

interface GetPolicyResult

A collection of values returned by getPolicy.

property description

description: string;

The description of the policy.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property name

name: string;

The name of the IAM policy.

property path

path: string;

The path to the policy.

property policy

policy: string;

The policy document of the policy.

interface GetRoleArgs

A collection of arguments for invoking getRole.

property name

name?: string;

The friendly IAM role name to match.

property roleName

roleName?: string;

interface GetRoleResult

A collection of values returned by getRole.

property arn

arn: string;

The Amazon Resource Name (ARN) specifying the role.

property assumeRolePolicy

assumeRolePolicy: string;

The policy document associated with the role.

property assumeRolePolicyDocument

assumeRolePolicyDocument: string;

property createDate

createDate: string;

property description

description: string;

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property maxSessionDuration

maxSessionDuration: number;

property path

path: string;

The path to the role.

property permissionsBoundary

permissionsBoundary: string;

The ARN of the policy that is used to set the permissions boundary for the role.

property roleId

roleId: string;

property uniqueId

uniqueId: string;

The stable and unique string identifying the role.

interface GetServerCertificateArgs

A collection of arguments for invoking getServerCertificate.

property latest

latest?: boolean;

sort results by expiration date. returns the certificate with expiration date in furthest in the future.

property name

name?: string;

exact name of the cert to lookup

property namePrefix

namePrefix?: string;

prefix of cert to filter by

property pathPrefix

pathPrefix?: string;

prefix of path to filter by

interface GetServerCertificateResult

A collection of values returned by getServerCertificate.

property arn

arn: string;

property certificateBody

certificateBody: string;

property certificateChain

certificateChain: string;

property expirationDate

expirationDate: string;

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property name

name: string;

property path

path: string;

property uploadDate

uploadDate: string;

interface GetUserArgs

A collection of arguments for invoking getUser.

property userName

userName: string;

The friendly IAM user name to match.

interface GetUserResult

A collection of values returned by getUser.

property arn

arn: string;

The Amazon Resource Name (ARN) assigned by AWS for this user.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property path

path: string;

Path in which this user was created.

property permissionsBoundary

permissionsBoundary: string;

The ARN of the policy that is used to set the permissions boundary for the user.

property userId

userId: string;

The unique ID assigned by AWS for this user.

interface GroupArgs

The set of arguments for constructing a Group resource.

property name

name?: pulumi.Input<string>;

The group’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. Group names are not distinguished by case. For example, you cannot create groups named both “ADMINS” and “admins”.

property path

path?: pulumi.Input<string>;

Path in which to create the group.

interface GroupMembershipArgs

The set of arguments for constructing a GroupMembership resource.

property group

group: pulumi.Input<string>;

The IAM Group name to attach the list of users to

property name

name?: pulumi.Input<string>;

The name to identify the Group Membership

property users

users: pulumi.Input<pulumi.Input<string>[]>;

A list of IAM User names to associate with the Group

interface GroupMembershipState

Input properties used for looking up and filtering GroupMembership resources.

property group

group?: pulumi.Input<string>;

The IAM Group name to attach the list of users to

property name

name?: pulumi.Input<string>;

The name to identify the Group Membership

property users

users?: pulumi.Input<pulumi.Input<string>[]>;

A list of IAM User names to associate with the Group

interface GroupPolicyArgs

The set of arguments for constructing a GroupPolicy resource.

property group

group: pulumi.Input<string>;

The IAM group to attach to the policy.

property name

name?: pulumi.Input<string>;

The name of the policy. If omitted, Terraform will assign a random, unique name.

property namePrefix

namePrefix?: pulumi.Input<string>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

property policy

policy: pulumi.Input<string>;

The policy document. This is a JSON formatted string. The heredoc syntax or file function is helpful here.

interface GroupPolicyAttachmentArgs

The set of arguments for constructing a GroupPolicyAttachment resource.

property group

group: pulumi.Input<Group>;

The group the policy should be applied to

property policyArn

policyArn: pulumi.Input<ARN>;

The ARN of the policy you want to apply

interface GroupPolicyAttachmentState

Input properties used for looking up and filtering GroupPolicyAttachment resources.

property group

group?: pulumi.Input<Group>;

The group the policy should be applied to

property policyArn

policyArn?: pulumi.Input<ARN>;

The ARN of the policy you want to apply

interface GroupPolicyState

Input properties used for looking up and filtering GroupPolicy resources.

property group

group?: pulumi.Input<string>;

The IAM group to attach to the policy.

property name

name?: pulumi.Input<string>;

The name of the policy. If omitted, Terraform will assign a random, unique name.

property namePrefix

namePrefix?: pulumi.Input<string>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

property policy

policy?: pulumi.Input<string>;

The policy document. This is a JSON formatted string. The heredoc syntax or file function is helpful here.

interface GroupState

Input properties used for looking up and filtering Group resources.

property arn

arn?: pulumi.Input<string>;

The ARN assigned by AWS for this group.

property name

name?: pulumi.Input<string>;

The group’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. Group names are not distinguished by case. For example, you cannot create groups named both “ADMINS” and “admins”.

property path

path?: pulumi.Input<string>;

Path in which to create the group.

property uniqueId

uniqueId?: pulumi.Input<string>;

The [unique ID][1] assigned by AWS.

interface InstanceProfileArgs

The set of arguments for constructing a InstanceProfile resource.

property name

name?: pulumi.Input<string>;

The profile’s name. If omitted, Terraform will assign a random, unique name.

property namePrefix

namePrefix?: pulumi.Input<string>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

property path

path?: pulumi.Input<string>;

Path in which to create the profile.

property role

role?: pulumi.Input<Role>;

The role name to include in the profile.

property roles

roles?: pulumi.Input<pulumi.Input<Role>[]>;

A list of role names to include in the profile. The current default is 1. If you see an error message similar to Cannot exceed quota for InstanceSessionsPerInstanceProfile: 1, then you must contact AWS support and ask for a limit increase. WARNING: This is deprecated since version 0.9.3 (April 12, 2017), as >= 2 roles are not possible. See issue #11575.

interface InstanceProfileState

Input properties used for looking up and filtering InstanceProfile resources.

property arn

arn?: pulumi.Input<string>;

The ARN assigned by AWS to the instance profile.

property createDate

createDate?: pulumi.Input<string>;

The creation timestamp of the instance profile.

property name

name?: pulumi.Input<string>;

The profile’s name. If omitted, Terraform will assign a random, unique name.

property namePrefix

namePrefix?: pulumi.Input<string>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

property path

path?: pulumi.Input<string>;

Path in which to create the profile.

property role

role?: pulumi.Input<Role>;

The role name to include in the profile.

property roles

roles?: pulumi.Input<pulumi.Input<Role>[]>;

A list of role names to include in the profile. The current default is 1. If you see an error message similar to Cannot exceed quota for InstanceSessionsPerInstanceProfile: 1, then you must contact AWS support and ask for a limit increase. WARNING: This is deprecated since version 0.9.3 (April 12, 2017), as >= 2 roles are not possible. See issue #11575.

property uniqueId

uniqueId?: pulumi.Input<string>;

The [unique ID][1] assigned by AWS.

interface OpenIdConnectProviderArgs

The set of arguments for constructing a OpenIdConnectProvider resource.

property clientIdLists

clientIdLists: pulumi.Input<pulumi.Input<string>[]>;

A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that’s sent as the client_id parameter on OAuth requests.)

property thumbprintLists

thumbprintLists: pulumi.Input<pulumi.Input<string>[]>;

A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider’s server certificate(s).

property url

url: pulumi.Input<string>;

The URL of the identity provider. Corresponds to the iss claim.

interface OpenIdConnectProviderState

Input properties used for looking up and filtering OpenIdConnectProvider resources.

property arn

arn?: pulumi.Input<string>;

The ARN assigned by AWS for this provider.

property clientIdLists

clientIdLists?: pulumi.Input<pulumi.Input<string>[]>;

A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that’s sent as the client_id parameter on OAuth requests.)

property thumbprintLists

thumbprintLists?: pulumi.Input<pulumi.Input<string>[]>;

A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider’s server certificate(s).

property url

url?: pulumi.Input<string>;

The URL of the identity provider. Corresponds to the iss claim.

interface PolicyArgs

The set of arguments for constructing a Policy resource.

property description

description?: pulumi.Input<string>;

Description of the IAM policy.

property name

name?: pulumi.Input<string>;

The name of the policy. If omitted, Terraform will assign a random, unique name.

property namePrefix

namePrefix?: pulumi.Input<string>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

property path

path?: pulumi.Input<string>;

Path in which to create the policy. See IAM Identifiers for more information.

property policy

policy: pulumi.Input<string>;

The policy document. This is a JSON formatted string. The heredoc syntax, file function, or the aws_iam_policy_document data source are all helpful here.

interface PolicyAttachmentArgs

The set of arguments for constructing a PolicyAttachment resource.

property groups

groups?: pulumi.Input<pulumi.Input<Group>[]>;

The group(s) the policy should be applied to

property name

name?: pulumi.Input<string>;

The name of the attachment. This cannot be an empty string.

property policyArn

policyArn: pulumi.Input<ARN>;

The ARN of the policy you want to apply

property roles

roles?: pulumi.Input<pulumi.Input<Role>[]>;

The role(s) the policy should be applied to

property users

users?: pulumi.Input<pulumi.Input<User>[]>;

The user(s) the policy should be applied to

interface PolicyAttachmentState

Input properties used for looking up and filtering PolicyAttachment resources.

property groups

groups?: pulumi.Input<pulumi.Input<Group>[]>;

The group(s) the policy should be applied to

property name

name?: pulumi.Input<string>;

The name of the attachment. This cannot be an empty string.

property policyArn

policyArn?: pulumi.Input<ARN>;

The ARN of the policy you want to apply

property roles

roles?: pulumi.Input<pulumi.Input<Role>[]>;

The role(s) the policy should be applied to

property users

users?: pulumi.Input<pulumi.Input<User>[]>;

The user(s) the policy should be applied to

interface PolicyDocument

property Id

Id?: string;

property Statement

Statement: PolicyStatement[];

property Version

Version: 2008-10-17 | 2012-10-17;

interface PolicyState

Input properties used for looking up and filtering Policy resources.

property arn

arn?: pulumi.Input<string>;

The ARN assigned by AWS to this policy.

property description

description?: pulumi.Input<string>;

Description of the IAM policy.

property name

name?: pulumi.Input<string>;

The name of the policy. If omitted, Terraform will assign a random, unique name.

property namePrefix

namePrefix?: pulumi.Input<string>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

property path

path?: pulumi.Input<string>;

Path in which to create the policy. See IAM Identifiers for more information.

property policy

policy?: pulumi.Input<string>;

The policy document. This is a JSON formatted string. The heredoc syntax, file function, or the aws_iam_policy_document data source are all helpful here.

interface PolicyStatement

property Action

Action?: string | string[];

property Condition

Condition?: Conditions;

property Effect

Effect: Allow | Deny;

property NotAction

NotAction?: string | string[];

property NotPrincipal

NotPrincipal?: Principal;

property NotResource

NotResource?: string | string[];

property Principal

Principal?: Principal;

property Resource

Resource?: string | string[];

property Sid

Sid?: string;

interface RoleArgs

The set of arguments for constructing a Role resource.

property assumeRolePolicy

assumeRolePolicy: pulumi.Input<string>;

The policy that grants an entity permission to assume the role.

property description

description?: pulumi.Input<string>;

The description of the role.

property forceDetachPolicies

forceDetachPolicies?: pulumi.Input<boolean>;

Specifies to force detaching any policies the role has before destroying it. Defaults to false.

property maxSessionDuration

maxSessionDuration?: pulumi.Input<number>;

The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.

property name

name?: pulumi.Input<string>;

The name of the role. If omitted, Terraform will assign a random, unique name.

property namePrefix

namePrefix?: pulumi.Input<string>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

property path

path?: pulumi.Input<string>;

The path to the role. See IAM Identifiers for more information.

property permissionsBoundary

permissionsBoundary?: pulumi.Input<string>;

The ARN of the policy that is used to set the permissions boundary for the role.

interface RolePolicyArgs

The set of arguments for constructing a RolePolicy resource.

property name

name?: pulumi.Input<string>;

The name of the role policy. If omitted, Terraform will assign a random, unique name.

property namePrefix

namePrefix?: pulumi.Input<string>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

property policy

policy: pulumi.Input<string>;

The policy document. This is a JSON formatted string. The heredoc syntax or file function is helpful here.

property role

role: pulumi.Input<string | Role>;

The IAM role to attach to the policy.

interface RolePolicyAttachmentArgs

The set of arguments for constructing a RolePolicyAttachment resource.

property policyArn

policyArn: pulumi.Input<ARN>;

The ARN of the policy you want to apply

property role

role: pulumi.Input<Role>;

The role the policy should be applied to

interface RolePolicyAttachmentState

Input properties used for looking up and filtering RolePolicyAttachment resources.

property policyArn

policyArn?: pulumi.Input<ARN>;

The ARN of the policy you want to apply

property role

role?: pulumi.Input<Role>;

The role the policy should be applied to

interface RolePolicyState

Input properties used for looking up and filtering RolePolicy resources.

property name

name?: pulumi.Input<string>;

The name of the role policy. If omitted, Terraform will assign a random, unique name.

property namePrefix

namePrefix?: pulumi.Input<string>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

property policy

policy?: pulumi.Input<string>;

The policy document. This is a JSON formatted string. The heredoc syntax or file function is helpful here.

property role

role?: pulumi.Input<string | Role>;

The IAM role to attach to the policy.

interface RoleState

Input properties used for looking up and filtering Role resources.

property arn

arn?: pulumi.Input<string>;

The Amazon Resource Name (ARN) specifying the role.

property assumeRolePolicy

assumeRolePolicy?: pulumi.Input<string>;

The policy that grants an entity permission to assume the role.

property createDate

createDate?: pulumi.Input<string>;

The creation date of the IAM role.

property description

description?: pulumi.Input<string>;

The description of the role.

property forceDetachPolicies

forceDetachPolicies?: pulumi.Input<boolean>;

Specifies to force detaching any policies the role has before destroying it. Defaults to false.

property maxSessionDuration

maxSessionDuration?: pulumi.Input<number>;

The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.

property name

name?: pulumi.Input<string>;

The name of the role. If omitted, Terraform will assign a random, unique name.

property namePrefix

namePrefix?: pulumi.Input<string>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

property path

path?: pulumi.Input<string>;

The path to the role. See IAM Identifiers for more information.

property permissionsBoundary

permissionsBoundary?: pulumi.Input<string>;

The ARN of the policy that is used to set the permissions boundary for the role.

property uniqueId

uniqueId?: pulumi.Input<string>;

The stable and unique string identifying the role.

interface SamlProviderArgs

The set of arguments for constructing a SamlProvider resource.

property name

name?: pulumi.Input<string>;

The name of the provider to create.

property samlMetadataDocument

samlMetadataDocument: pulumi.Input<string>;

An XML document generated by an identity provider that supports SAML 2.0.

interface SamlProviderState

Input properties used for looking up and filtering SamlProvider resources.

property arn

arn?: pulumi.Input<string>;

The ARN assigned by AWS for this provider.

property name

name?: pulumi.Input<string>;

The name of the provider to create.

property samlMetadataDocument

samlMetadataDocument?: pulumi.Input<string>;

An XML document generated by an identity provider that supports SAML 2.0.

property validUntil

validUntil?: pulumi.Input<string>;

The expiration date and time for the SAML provider in RFC1123 format, e.g. Mon, 02 Jan 2006 15:04:05 MST.

interface ServerCertificateArgs

The set of arguments for constructing a ServerCertificate resource.

property arn

arn?: pulumi.Input<string>;

The Amazon Resource Name (ARN) specifying the server certificate.

property certificateBody

certificateBody: pulumi.Input<string>;

The contents of the public key certificate in PEM-encoded format.

property certificateChain

certificateChain?: pulumi.Input<string>;

The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.

property name

name?: pulumi.Input<string>;

The name of the Server Certificate. Do not include the path in this value. If omitted, Terraform will assign a random, unique name.

property namePrefix

namePrefix?: pulumi.Input<string>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

property path

path?: pulumi.Input<string>;

The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See [IAM Identifiers][1] for more details on IAM Paths.

property privateKey

privateKey: pulumi.Input<string>;

The contents of the private key in PEM-encoded format.

interface ServerCertificateState

Input properties used for looking up and filtering ServerCertificate resources.

property arn

arn?: pulumi.Input<string>;

The Amazon Resource Name (ARN) specifying the server certificate.

property certificateBody

certificateBody?: pulumi.Input<string>;

The contents of the public key certificate in PEM-encoded format.

property certificateChain

certificateChain?: pulumi.Input<string>;

The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.

property name

name?: pulumi.Input<string>;

The name of the Server Certificate. Do not include the path in this value. If omitted, Terraform will assign a random, unique name.

property namePrefix

namePrefix?: pulumi.Input<string>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

property path

path?: pulumi.Input<string>;

The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See [IAM Identifiers][1] for more details on IAM Paths.

property privateKey

privateKey?: pulumi.Input<string>;

The contents of the private key in PEM-encoded format.

interface ServiceLinkedRoleArgs

The set of arguments for constructing a ServiceLinkedRole resource.

property awsServiceName

awsServiceName: pulumi.Input<string>;

The AWS service to which this role is attached. You use a string similar to a URL but without the http:// in front. For example: elasticbeanstalk.amazonaws.com. To find the full list of services that support service-linked roles, check the docs.

property customSuffix

customSuffix?: pulumi.Input<string>;

Additional string appended to the role name. Not all AWS services support custom suffixes.

property description

description?: pulumi.Input<string>;

The description of the role.

interface ServiceLinkedRoleState

Input properties used for looking up and filtering ServiceLinkedRole resources.

property arn

arn?: pulumi.Input<string>;

The Amazon Resource Name (ARN) specifying the role.

property awsServiceName

awsServiceName?: pulumi.Input<string>;

The AWS service to which this role is attached. You use a string similar to a URL but without the http:// in front. For example: elasticbeanstalk.amazonaws.com. To find the full list of services that support service-linked roles, check the docs.

property createDate

createDate?: pulumi.Input<string>;

The creation date of the IAM role.

property customSuffix

customSuffix?: pulumi.Input<string>;

Additional string appended to the role name. Not all AWS services support custom suffixes.

property description

description?: pulumi.Input<string>;

The description of the role.

property name

name?: pulumi.Input<string>;

The name of the role.

property path

path?: pulumi.Input<string>;

The path of the role.

property uniqueId

uniqueId?: pulumi.Input<string>;

The stable and unique string identifying the role.

interface ServicePrincipal

property Service

Service: string | string[];

interface SshKeyArgs

The set of arguments for constructing a SshKey resource.

property encoding

encoding: pulumi.Input<string>;

Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.

property publicKey

publicKey: pulumi.Input<string>;

The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.

property status

status?: pulumi.Input<string>;

The status to assign to the SSH public key. Active means the key can be used for authentication with an AWS CodeCommit repository. Inactive means the key cannot be used. Default is active.

property username

username: pulumi.Input<string>;

The name of the IAM user to associate the SSH public key with.

interface SshKeyState

Input properties used for looking up and filtering SshKey resources.

property encoding

encoding?: pulumi.Input<string>;

Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.

property fingerprint

fingerprint?: pulumi.Input<string>;

The MD5 message digest of the SSH public key.

property publicKey

publicKey?: pulumi.Input<string>;

The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.

property sshPublicKeyId

sshPublicKeyId?: pulumi.Input<string>;

The unique identifier for the SSH public key.

property status

status?: pulumi.Input<string>;

The status to assign to the SSH public key. Active means the key can be used for authentication with an AWS CodeCommit repository. Inactive means the key cannot be used. Default is active.

property username

username?: pulumi.Input<string>;

The name of the IAM user to associate the SSH public key with.

interface UserArgs

The set of arguments for constructing a User resource.

property forceDestroy

forceDestroy?: pulumi.Input<boolean>;

When destroying this user, destroy even if it has non-Terraform-managed IAM access keys, login profile or MFA devices. Without force_destroy a user with non-Terraform-managed access keys and login profile will fail to be destroyed.

property name

name?: pulumi.Input<string>;

The user’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. User names are not distinguished by case. For example, you cannot create users named both “TESTUSER” and “testuser”.

property path

path?: pulumi.Input<string>;

Path in which to create the user.

property permissionsBoundary

permissionsBoundary?: pulumi.Input<string>;

The ARN of the policy that is used to set the permissions boundary for the user.

interface UserGroupMembershipArgs

The set of arguments for constructing a UserGroupMembership resource.

property groups

groups: pulumi.Input<pulumi.Input<string>[]>;

A list of [IAM Groups][1] to add the user to

property user

user: pulumi.Input<string>;

The name of the [IAM User][2] to add to groups

interface UserGroupMembershipState

Input properties used for looking up and filtering UserGroupMembership resources.

property groups

groups?: pulumi.Input<pulumi.Input<string>[]>;

A list of [IAM Groups][1] to add the user to

property user

user?: pulumi.Input<string>;

The name of the [IAM User][2] to add to groups

interface UserLoginProfileArgs

The set of arguments for constructing a UserLoginProfile resource.

property passwordLength

passwordLength?: pulumi.Input<number>;

The length of the generated password.

property passwordResetRequired

passwordResetRequired?: pulumi.Input<boolean>;

Whether the user should be forced to reset the generated password on first login.

property pgpKey

pgpKey: pulumi.Input<string>;

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username.

property user

user: pulumi.Input<string>;

The IAM user’s name.

interface UserLoginProfileState

Input properties used for looking up and filtering UserLoginProfile resources.

property encryptedPassword

encryptedPassword?: pulumi.Input<string>;

The encrypted password, base64 encoded.

property keyFingerprint

keyFingerprint?: pulumi.Input<string>;

The fingerprint of the PGP key used to encrypt the password

property passwordLength

passwordLength?: pulumi.Input<number>;

The length of the generated password.

property passwordResetRequired

passwordResetRequired?: pulumi.Input<boolean>;

Whether the user should be forced to reset the generated password on first login.

property pgpKey

pgpKey?: pulumi.Input<string>;

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username.

property user

user?: pulumi.Input<string>;

The IAM user’s name.

interface UserPolicyArgs

The set of arguments for constructing a UserPolicy resource.

property name

name?: pulumi.Input<string>;

The name of the policy. If omitted, Terraform will assign a random, unique name.

property namePrefix

namePrefix?: pulumi.Input<string>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

property policy

policy: pulumi.Input<string>;

The policy document. This is a JSON formatted string. The heredoc syntax or file function is helpful here.

property user

user: pulumi.Input<string>;

IAM user to which to attach this policy.

interface UserPolicyAttachmentArgs

The set of arguments for constructing a UserPolicyAttachment resource.

property policyArn

policyArn: pulumi.Input<ARN>;

The ARN of the policy you want to apply

property user

user: pulumi.Input<User>;

The user the policy should be applied to

interface UserPolicyAttachmentState

Input properties used for looking up and filtering UserPolicyAttachment resources.

property policyArn

policyArn?: pulumi.Input<ARN>;

The ARN of the policy you want to apply

property user

user?: pulumi.Input<User>;

The user the policy should be applied to

interface UserPolicyState

Input properties used for looking up and filtering UserPolicy resources.

property name

name?: pulumi.Input<string>;

The name of the policy. If omitted, Terraform will assign a random, unique name.

property namePrefix

namePrefix?: pulumi.Input<string>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

property policy

policy?: pulumi.Input<string>;

The policy document. This is a JSON formatted string. The heredoc syntax or file function is helpful here.

property user

user?: pulumi.Input<string>;

IAM user to which to attach this policy.

interface UserState

Input properties used for looking up and filtering User resources.

property arn

arn?: pulumi.Input<string>;

The ARN assigned by AWS for this user.

property forceDestroy

forceDestroy?: pulumi.Input<boolean>;

When destroying this user, destroy even if it has non-Terraform-managed IAM access keys, login profile or MFA devices. Without force_destroy a user with non-Terraform-managed access keys and login profile will fail to be destroyed.

property name

name?: pulumi.Input<string>;

The user’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. User names are not distinguished by case. For example, you cannot create users named both “TESTUSER” and “testuser”.

property path

path?: pulumi.Input<string>;

Path in which to create the user.

property permissionsBoundary

permissionsBoundary?: pulumi.Input<string>;

The ARN of the policy that is used to set the permissions boundary for the user.

property uniqueId

uniqueId?: pulumi.Input<string>;

The [unique ID][1] assigned by AWS.

type Principal

type Principal = * | AWSPrincipal | ServicePrincipal | FederatedPrincipal;