pulumi-aws-kotlin/com.pulumi.aws.iam.kotlin/UserLoginProfile

UserLoginProfile

class UserLoginProfile : KotlinCustomResource

Manages an IAM User Login Profile with limited support for password creation during this provider resource creation. Uses PGP to encrypt the password for safe transport to the user. PGP keys can be obtained from Keybase.

To reset an IAM User login password via this provider, you can use delete and recreate this resource or change any of the arguments.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.User;
import com.pulumi.aws.iam.UserArgs;
import com.pulumi.aws.iam.UserLoginProfile;
import com.pulumi.aws.iam.UserLoginProfileArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleUser = new User("exampleUser", UserArgs.builder()
            .path("/")
            .forceDestroy(true)
            .build());
        var exampleUserLoginProfile = new UserLoginProfile("exampleUserLoginProfile", UserLoginProfileArgs.builder()
            .user(exampleUser.name())
            .pgpKey("keybase:some_person_that_exists")
            .build());
        ctx.export("password", exampleUserLoginProfile.encryptedPassword());
    }
}
Content copied to clipboard

Import

IAM User Login Profiles can be imported without password information support via the IAM User name, e.g.,

$ pulumi import aws:iam/userLoginProfile:UserLoginProfile example myusername
Content copied to clipboard

Since this provider has no method to read the PGP or password information during import, use ignore_changes argument to ignore them unless password recreation is desired. e.g. terraform resource "aws_iam_user_login_profile" "example" {

... other configuration ...

lifecycle { ignore_changes = password_length, password_reset_required, pgp_key, } }

Properties

Link copied to clipboard
val encryptedPassword: Output<String>

The encrypted password, base64 encoded. Only available if password was handled on resource creation, not import.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val keyFingerprint: Output<String>

The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.

Link copied to clipboard
val password: Output<String>

The plain text password, only available when pgp_key is not provided.

Link copied to clipboard
val passwordLength: Output<Int>?

The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument. Default value is 20.

Link copied to clipboard
val passwordResetRequired: Output<Boolean>

Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation.

Link copied to clipboard
val pgpKey: Output<String>?

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Only applies on resource creation. Drift detection is not possible with this argument.

Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val urn: Output<String>
Link copied to clipboard
val user: Output<String>

The IAM user's name.