pulumi-aws-kotlin/com.pulumi.aws.iam.kotlin/UserArgs

UserArgs

data class UserArgs(val forceDestroy: Output<Boolean>? = null, val name: Output<String>? = null, val path: Output<String>? = null, val permissionsBoundary: Output<String>? = null, val tags: Output<Map<String, String>>? = null) : ConvertibleToJava<UserArgs>

Provides an IAM user.

NOTE: If policies are attached to the user via the aws.iam.PolicyAttachment resource and you are modifying the user name or path, the force_destroy argument must be set to true and applied before attempting the operation otherwise you will encounter a DeleteConflict error. The aws.iam.UserPolicyAttachment resource (recommended) does not have this requirement.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.User;
import com.pulumi.aws.iam.UserArgs;
import com.pulumi.aws.iam.AccessKey;
import com.pulumi.aws.iam.AccessKeyArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.UserPolicy;
import com.pulumi.aws.iam.UserPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var lbUser = new User("lbUser", UserArgs.builder()
            .path("/system/")
            .tags(Map.of("tag-key", "tag-value"))
            .build());
        var lbAccessKey = new AccessKey("lbAccessKey", AccessKeyArgs.builder()
            .user(lbUser.name())
            .build());
        final var lbRoPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .actions("ec2:Describe*")
                .resources("*")
                .build())
            .build());
        var lbRoUserPolicy = new UserPolicy("lbRoUserPolicy", UserPolicyArgs.builder()
            .user(lbUser.name())
            .policy(lbRoPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
            .build());
    }
}

Import

IAM Users can be imported using the name, e.g.,

$ pulumi import aws:iam/user:User lb loadbalancer

Constructors

UserArgs

constructor(forceDestroy: Output<Boolean>? = null, name: Output<String>? = null, path: Output<String>? = null, permissionsBoundary: Output<String>? = null, tags: Output<Map<String, String>>? = null)

Properties

forceDestroy

val forceDestroy: Output<Boolean>? = null

When destroying this user, destroy even if it has non-provider-managed IAM access keys, login profile or MFA devices. Without force_destroy a user with non-provider-managed access keys and login profile will fail to be destroyed.

name

val name: Output<String>? = null

The user's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. User names are not distinguished by case. For example, you cannot create users named both "TESTUSER" and "testuser".

path

val path: Output<String>? = null

Path in which to create the user.

permissionsBoundary

val permissionsBoundary: Output<String>? = null

The ARN of the policy that is used to set the permissions boundary for the user.

Functions

toJava

open override fun toJava(): UserArgs