Domain
Resource for managing an AWS DataZone Domain.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const domainExecutionRole = new aws.iam.Role("domain_execution_role", {
name: "my_domain_execution_role",
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Action: [
"sts:AssumeRole",
"sts:TagSession",
],
Effect: "Allow",
Principal: {
Service: "datazone.amazonaws.com",
},
},
{
Action: [
"sts:AssumeRole",
"sts:TagSession",
],
Effect: "Allow",
Principal: {
Service: "cloudformation.amazonaws.com",
},
},
],
}),
inlinePolicies: [{
name: "domain_execution_policy",
policy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: [
"datazone:*",
"ram:*",
"sso:*",
"kms:*",
],
Effect: "Allow",
Resource: "*",
}],
}),
}],
});
const example = new aws.datazone.Domain("example", {
name: "example",
domainExecutionRole: domainExecutionRole.arn,
});Content copied to clipboard
import pulumi
import json
import pulumi_aws as aws
domain_execution_role = aws.iam.Role("domain_execution_role",
name="my_domain_execution_role",
assume_role_policy=json.dumps({
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"sts:AssumeRole",
"sts:TagSession",
],
"Effect": "Allow",
"Principal": {
"Service": "datazone.amazonaws.com",
},
},
{
"Action": [
"sts:AssumeRole",
"sts:TagSession",
],
"Effect": "Allow",
"Principal": {
"Service": "cloudformation.amazonaws.com",
},
},
],
}),
inline_policies=[{
"name": "domain_execution_policy",
"policy": json.dumps({
"Version": "2012-10-17",
"Statement": [{
"Action": [
"datazone:*",
"ram:*",
"sso:*",
"kms:*",
],
"Effect": "Allow",
"Resource": "*",
}],
}),
}])
example = aws.datazone.Domain("example",
name="example",
domain_execution_role=domain_execution_role.arn)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var domainExecutionRole = new Aws.Iam.Role("domain_execution_role", new()
{
Name = "my_domain_execution_role",
AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["Version"] = "2012-10-17",
["Statement"] = new[]
{
new Dictionary<string, object?>
{
["Action"] = new[]
{
"sts:AssumeRole",
"sts:TagSession",
},
["Effect"] = "Allow",
["Principal"] = new Dictionary<string, object?>
{
["Service"] = "datazone.amazonaws.com",
},
},
new Dictionary<string, object?>
{
["Action"] = new[]
{
"sts:AssumeRole",
"sts:TagSession",
},
["Effect"] = "Allow",
["Principal"] = new Dictionary<string, object?>
{
["Service"] = "cloudformation.amazonaws.com",
},
},
},
}),
InlinePolicies = new[]
{
new Aws.Iam.Inputs.RoleInlinePolicyArgs
{
Name = "domain_execution_policy",
Policy = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["Version"] = "2012-10-17",
["Statement"] = new[]
{
new Dictionary<string, object?>
{
["Action"] = new[]
{
"datazone:*",
"ram:*",
"sso:*",
"kms:*",
},
["Effect"] = "Allow",
["Resource"] = "*",
},
},
}),
},
},
});
var example = new Aws.DataZone.Domain("example", new()
{
Name = "example",
DomainExecutionRole = domainExecutionRole.Arn,
});
});Content copied to clipboard
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/datazone"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Statement": []map[string]interface{}{
map[string]interface{}{
"Action": []string{
"sts:AssumeRole",
"sts:TagSession",
},
"Effect": "Allow",
"Principal": map[string]interface{}{
"Service": "datazone.amazonaws.com",
},
},
map[string]interface{}{
"Action": []string{
"sts:AssumeRole",
"sts:TagSession",
},
"Effect": "Allow",
"Principal": map[string]interface{}{
"Service": "cloudformation.amazonaws.com",
},
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
tmpJSON1, err := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Statement": []map[string]interface{}{
map[string]interface{}{
"Action": []string{
"datazone:*",
"ram:*",
"sso:*",
"kms:*",
},
"Effect": "Allow",
"Resource": "*",
},
},
})
if err != nil {
return err
}
json1 := string(tmpJSON1)
domainExecutionRole, err := iam.NewRole(ctx, "domain_execution_role", &iam.RoleArgs{
Name: pulumi.String("my_domain_execution_role"),
AssumeRolePolicy: pulumi.String(json0),
InlinePolicies: iam.RoleInlinePolicyArray{
&iam.RoleInlinePolicyArgs{
Name: pulumi.String("domain_execution_policy"),
Policy: pulumi.String(json1),
},
},
})
if err != nil {
return err
}
_, err = datazone.NewDomain(ctx, "example", &datazone.DomainArgs{
Name: pulumi.String("example"),
DomainExecutionRole: domainExecutionRole.Arn,
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.inputs.RoleInlinePolicyArgs;
import com.pulumi.aws.datazone.Domain;
import com.pulumi.aws.datazone.DomainArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var domainExecutionRole = new Role("domainExecutionRole", RoleArgs.builder()
.name("my_domain_execution_role")
.assumeRolePolicy(serializeJson(
jsonObject(
jsonProperty("Version", "2012-10-17"),
jsonProperty("Statement", jsonArray(
jsonObject(
jsonProperty("Action", jsonArray(
"sts:AssumeRole",
"sts:TagSession"
)),
jsonProperty("Effect", "Allow"),
jsonProperty("Principal", jsonObject(
jsonProperty("Service", "datazone.amazonaws.com")
))
),
jsonObject(
jsonProperty("Action", jsonArray(
"sts:AssumeRole",
"sts:TagSession"
)),
jsonProperty("Effect", "Allow"),
jsonProperty("Principal", jsonObject(
jsonProperty("Service", "cloudformation.amazonaws.com")
))
)
))
)))
.inlinePolicies(RoleInlinePolicyArgs.builder()
.name("domain_execution_policy")
.policy(serializeJson(
jsonObject(
jsonProperty("Version", "2012-10-17"),
jsonProperty("Statement", jsonArray(jsonObject(
jsonProperty("Action", jsonArray(
"datazone:*",
"ram:*",
"sso:*",
"kms:*"
)),
jsonProperty("Effect", "Allow"),
jsonProperty("Resource", "*")
)))
)))
.build())
.build());
var example = new Domain("example", DomainArgs.builder()
.name("example")
.domainExecutionRole(domainExecutionRole.arn())
.build());
}
}Content copied to clipboard
resources:
domainExecutionRole:
type: aws:iam:Role
name: domain_execution_role
properties:
name: my_domain_execution_role
assumeRolePolicy:
fn::toJSON:
Version: 2012-10-17
Statement:
- Action:
- sts:AssumeRole
- sts:TagSession
Effect: Allow
Principal:
Service: datazone.amazonaws.com
- Action:
- sts:AssumeRole
- sts:TagSession
Effect: Allow
Principal:
Service: cloudformation.amazonaws.com
inlinePolicies:
- name: domain_execution_policy
policy:
fn::toJSON:
Version: 2012-10-17
Statement:
- Action:
- datazone:*
- ram:*
- sso:*
- kms:*
Effect: Allow
Resource: '*'
example:
type: aws:datazone:Domain
properties:
name: example
domainExecutionRole: ${domainExecutionRole.arn}Content copied to clipboard
Import
Using pulumi import, import DataZone Domain using the domain_id. For example:
$ pulumi import aws:datazone/domain:Domain example domain-id-12345678Content copied to clipboard
Properties
Link copied to clipboard
Description of the Domain.
Link copied to clipboard
ARN of the role used by DataZone to configure the Domain. The following arguments are optional:
Link copied to clipboard
ARN of the KMS key used to encrypt the Amazon DataZone domain, metadata and reporting data.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Single sign on options, used to enable AWS IAM Identity Center for DataZone.
Link copied to clipboard
Whether to skip the deletion check for the Domain.
Link copied to clipboard