Provider
The provider type for the AWS Cloud Control package. By default, resources use package-wide configuration settings, however an explicit Provider instance may be created and passed during resource construction to achieve fine-grained programmatic control over provider settings. See the documentation for more information.
Constructors
Properties
List of allowed AWS account IDs to prevent you from mistakenly using an incorrect one. Conflicts with forbiddenAccountIds.
Configuration for retrieving temporary credentials from the STS service.
The configuration for automatically naming resources.
Configuration block with resource tag settings to apply across all resources handled by this provider. This is designed to replace redundant per-resource tags configurations. Provider tags can be overridden with new values, but not excluded from specific resources. To override provider tag values, use the tags argument within a resource to configure new tag values for matching keys.
Configuration block for customizing service endpoints.
List of forbidden AWS account IDs to prevent you from mistakenly using the wrong one (and potentially end up destroying a live environment). Conflicts with allowedAccountIds.
Configuration block with resource tag settings to ignore across all resources handled by this provider (except any individual service tag resources such as ec2.Tag) for situations where external systems are managing certain resource tags.
The maximum number of times an AWS API request is being executed. If the API request still fails, an error is thrown.
The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role for Cloud Control API to use when performing this resource operation. Note, this is a unique feature for server side security enforcement, not to be confused with assumeRole, which is used to obtain temporary client credentials. If you do not specify a role, Cloud Control API uses a temporary session created using your AWS user credentials instead.
Set this to true to force the request to use path-style addressing, i.e., http://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will use virtual hosted bucket addressing when possible (http://BUCKET.s3.amazonaws.com/KEY). Specific to the Amazon S3 service.
The path to the shared credentials file. If not set this defaults to ~/.aws/credentials.
Skip the credentials validation via STS API. Used for AWS API implementations that do not have STS available/implemented.
Skip getting the supported EC2 platforms. Used by users that don't have ec2:DescribeAccountAttributes permissions.
Skip the AWS Metadata API check. Useful for AWS API implementations that do not have a metadata API endpoint. Setting to true prevents Pulumi from authenticating via the Metadata API. You may need to use other authentication methods like static credentials, configuration variables, or environment variables.
Skip static validation of region name. Used by users of alternative AWS-like APIs or users with access to regions that are not public.
Skip requesting the account ID. Used for AWS API implementations that do not have IAM/STS API and/or metadata API.
Session token for validating temporary credentials. Typically provided after successful identity federation or Multi-Factor Authentication (MFA) login. With MFA login, this is the session token provided afterward, not the 6 digit MFA code used to get temporary credentials.