Trusted
Resource for managing an AWS SSO Admin Trusted Token Issuer.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.ssoadmin.getInstances({});
const exampleTrustedTokenIssuer = new aws.ssoadmin.TrustedTokenIssuer("example", {
name: "example",
instanceArn: example.then(example => example.arns?.[0]),
trustedTokenIssuerType: "OIDC_JWT",
trustedTokenIssuerConfiguration: {
oidcJwtConfiguration: {
claimAttributePath: "email",
identityStoreAttributePath: "emails.value",
issuerUrl: "https://example.com",
jwksRetrievalOption: "OPEN_ID_DISCOVERY",
},
},
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.ssoadmin.get_instances()
example_trusted_token_issuer = aws.ssoadmin.TrustedTokenIssuer("example",
name="example",
instance_arn=example.arns[0],
trusted_token_issuer_type="OIDC_JWT",
trusted_token_issuer_configuration={
"oidc_jwt_configuration": {
"claim_attribute_path": "email",
"identity_store_attribute_path": "emails.value",
"issuer_url": "https://example.com",
"jwks_retrieval_option": "OPEN_ID_DISCOVERY",
},
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = Aws.SsoAdmin.GetInstances.Invoke();
var exampleTrustedTokenIssuer = new Aws.SsoAdmin.TrustedTokenIssuer("example", new()
{
Name = "example",
InstanceArn = example.Apply(getInstancesResult => getInstancesResult.Arns[0]),
TrustedTokenIssuerType = "OIDC_JWT",
TrustedTokenIssuerConfiguration = new Aws.SsoAdmin.Inputs.TrustedTokenIssuerTrustedTokenIssuerConfigurationArgs
{
OidcJwtConfiguration = new Aws.SsoAdmin.Inputs.TrustedTokenIssuerTrustedTokenIssuerConfigurationOidcJwtConfigurationArgs
{
ClaimAttributePath = "email",
IdentityStoreAttributePath = "emails.value",
IssuerUrl = "https://example.com",
JwksRetrievalOption = "OPEN_ID_DISCOVERY",
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssoadmin"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := ssoadmin.GetInstances(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
_, err = ssoadmin.NewTrustedTokenIssuer(ctx, "example", &ssoadmin.TrustedTokenIssuerArgs{
Name: pulumi.String("example"),
InstanceArn: pulumi.String(example.Arns[0]),
TrustedTokenIssuerType: pulumi.String("OIDC_JWT"),
TrustedTokenIssuerConfiguration: &ssoadmin.TrustedTokenIssuerTrustedTokenIssuerConfigurationArgs{
OidcJwtConfiguration: &ssoadmin.TrustedTokenIssuerTrustedTokenIssuerConfigurationOidcJwtConfigurationArgs{
ClaimAttributePath: pulumi.String("email"),
IdentityStoreAttributePath: pulumi.String("emails.value"),
IssuerUrl: pulumi.String("https://example.com"),
JwksRetrievalOption: pulumi.String("OPEN_ID_DISCOVERY"),
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ssoadmin.SsoadminFunctions;
import com.pulumi.aws.ssoadmin.TrustedTokenIssuer;
import com.pulumi.aws.ssoadmin.TrustedTokenIssuerArgs;
import com.pulumi.aws.ssoadmin.inputs.TrustedTokenIssuerTrustedTokenIssuerConfigurationArgs;
import com.pulumi.aws.ssoadmin.inputs.TrustedTokenIssuerTrustedTokenIssuerConfigurationOidcJwtConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = SsoadminFunctions.getInstances();
var exampleTrustedTokenIssuer = new TrustedTokenIssuer("exampleTrustedTokenIssuer", TrustedTokenIssuerArgs.builder()
.name("example")
.instanceArn(example.applyValue(getInstancesResult -> getInstancesResult.arns()[0]))
.trustedTokenIssuerType("OIDC_JWT")
.trustedTokenIssuerConfiguration(TrustedTokenIssuerTrustedTokenIssuerConfigurationArgs.builder()
.oidcJwtConfiguration(TrustedTokenIssuerTrustedTokenIssuerConfigurationOidcJwtConfigurationArgs.builder()
.claimAttributePath("email")
.identityStoreAttributePath("emails.value")
.issuerUrl("https://example.com")
.jwksRetrievalOption("OPEN_ID_DISCOVERY")
.build())
.build())
.build());
}
}Content copied to clipboard
resources:
exampleTrustedTokenIssuer:
type: aws:ssoadmin:TrustedTokenIssuer
name: example
properties:
name: example
instanceArn: ${example.arns[0]}
trustedTokenIssuerType: OIDC_JWT
trustedTokenIssuerConfiguration:
oidcJwtConfiguration:
claimAttributePath: email
identityStoreAttributePath: emails.value
issuerUrl: https://example.com
jwksRetrievalOption: OPEN_ID_DISCOVERY
variables:
example:
fn::invoke:
function: aws:ssoadmin:getInstances
arguments: {}Content copied to clipboard
Import
Using pulumi import, import SSO Admin Trusted Token Issuer using the id. For example:
$ pulumi import aws:ssoadmin/trustedTokenIssuer:TrustedTokenIssuer example arn:aws:sso::123456789012:trustedTokenIssuer/ssoins-lu1ye3gew4mbc7ju/tti-2657c556-9707-11ee-b9d1-0242ac120002Content copied to clipboard
Properties
Link copied to clipboard
A unique, case-sensitive ID that you provide to ensure the idempotency of the request. AWS generates a random value when not provided.
Link copied to clipboard
ARN of the instance of IAM Identity Center.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
A block that specifies settings that apply to the trusted token issuer, these change depending on the type you specify in trusted_token_issuer_type. Documented below.
Link copied to clipboard
Specifies the type of the trusted token issuer. Valid values are OIDC_JWT The following arguments are optional: