pulumi-aws-kotlin/com.pulumi.aws.iam.kotlin/AccessKeyArgs

AccessKeyArgs

data class AccessKeyArgs(val pgpKey: Output<String>? = null, val status: Output<String>? = null, val user: Output<String>? = null) : ConvertibleToJava<AccessKeyArgs>

Provides an IAM access key. This is a set of credentials that allow API requests to be made as an IAM user.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.User;
import com.pulumi.aws.iam.UserArgs;
import com.pulumi.aws.iam.AccessKey;
import com.pulumi.aws.iam.AccessKeyArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.UserPolicy;
import com.pulumi.aws.iam.UserPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var lbUser = new User("lbUser", UserArgs.builder()
            .path("/system/")
            .build());
        var lbAccessKey = new AccessKey("lbAccessKey", AccessKeyArgs.builder()
            .user(lbUser.name())
            .pgpKey("keybase:some_person_that_exists")
            .build());
        final var lbRoPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .actions("ec2:Describe*")
                .resources("*")
                .build())
            .build());
        var lbRoUserPolicy = new UserPolicy("lbRoUserPolicy", UserPolicyArgs.builder()
            .user(lbUser.name())
            .policy(lbRoPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
            .build());
        ctx.export("secret", lbAccessKey.encryptedSecret());
    }
}

Import

IAM Access Keys can be imported using the identifier, e.g.,

$ pulumi import aws:iam/accessKey:AccessKey example AKIA1234567890

Resource attributes such as encrypted_secret, key_fingerprint, pgp_key, secret, ses_smtp_password_v4, and encrypted_ses_smtp_password_v4 are not available for imported resources as this information cannot be read from the IAM API.

Constructors

AccessKeyArgs

constructor(pgpKey: Output<String>? = null, status: Output<String>? = null, user: Output<String>? = null)

Properties

pgpKey

val pgpKey: Output<String>? = null

Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists, for use in the encrypted_secret output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the -a option to gpg --export).

status

val status: Output<String>? = null

Access key status to apply. Defaults to Active. Valid values are Active and Inactive.

user

val user: Output<String>? = null

IAM user to associate with this access key.

Functions

toJava

open override fun toJava(): AccessKeyArgs