pulumi-aws-kotlin/com.pulumi.aws.iam.kotlin/UserArgs

UserArgs

data class UserArgs(val forceDestroy: Output<Boolean>? = null, val name: Output<String>? = null, val path: Output<String>? = null, val permissionsBoundary: Output<String>? = null, val tags: Output<Map<String, String>>? = null) : ConvertibleToJava<UserArgs>

Provides an IAM user.

NOTE: If policies are attached to the user via the aws.iam.PolicyAttachment resource and you are modifying the user name or path, the force_destroy argument must be set to true and applied before attempting the operation otherwise you will encounter a DeleteConflict error. The aws.iam.UserPolicyAttachment resource (recommended) does not have this requirement.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const lb = new aws.iam.User("lb", {
    name: "loadbalancer",
    path: "/system/",
    tags: {
        "tag-key": "tag-value",
    },
});
const lbAccessKey = new aws.iam.AccessKey("lb", {user: lb.name});
const lbRo = aws.iam.getPolicyDocument({
    statements: [{
        effect: "Allow",
        actions: ["ec2:Describe*"],
        resources: ["*"],
    }],
});
const lbRoUserPolicy = new aws.iam.UserPolicy("lb_ro", {
    name: "test",
    user: lb.name,
    policy: lbRo.then(lbRo => lbRo.json),
});

import pulumi
import pulumi_aws as aws
lb = aws.iam.User("lb",
    name="loadbalancer",
    path="/system/",
    tags={
        "tag-key": "tag-value",
    })
lb_access_key = aws.iam.AccessKey("lb", user=lb.name)
lb_ro = aws.iam.get_policy_document(statements=[{
    "effect": "Allow",
    "actions": ["ec2:Describe*"],
    "resources": ["*"],
}])
lb_ro_user_policy = aws.iam.UserPolicy("lb_ro",
    name="test",
    user=lb.name,
    policy=lb_ro.json)

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var lb = new Aws.Iam.User("lb", new()
    {
        Name = "loadbalancer",
        Path = "/system/",
        Tags =
        {
            { "tag-key", "tag-value" },
        },
    });
    var lbAccessKey = new Aws.Iam.AccessKey("lb", new()
    {
        User = lb.Name,
    });
    var lbRo = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Effect = "Allow",
                Actions = new[]
                {
                    "ec2:Describe*",
                },
                Resources = new[]
                {
                    "*",
                },
            },
        },
    });
    var lbRoUserPolicy = new Aws.Iam.UserPolicy("lb_ro", new()
    {
        Name = "test",
        User = lb.Name,
        Policy = lbRo.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
    });
});

package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		lb, err := iam.NewUser(ctx, "lb", &iam.UserArgs{
			Name: pulumi.String("loadbalancer"),
			Path: pulumi.String("/system/"),
			Tags: pulumi.StringMap{
				"tag-key": pulumi.String("tag-value"),
			},
		})
		if err != nil {
			return err
		}
		_, err = iam.NewAccessKey(ctx, "lb", &iam.AccessKeyArgs{
			User: lb.Name,
		})
		if err != nil {
			return err
		}
		lbRo, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
			Statements: []iam.GetPolicyDocumentStatement{
				{
					Effect: pulumi.StringRef("Allow"),
					Actions: []string{
						"ec2:Describe*",
					},
					Resources: []string{
						"*",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = iam.NewUserPolicy(ctx, "lb_ro", &iam.UserPolicyArgs{
			Name:   pulumi.String("test"),
			User:   lb.Name,
			Policy: pulumi.String(lbRo.Json),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.User;
import com.pulumi.aws.iam.UserArgs;
import com.pulumi.aws.iam.AccessKey;
import com.pulumi.aws.iam.AccessKeyArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.UserPolicy;
import com.pulumi.aws.iam.UserPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var lb = new User("lb", UserArgs.builder()
            .name("loadbalancer")
            .path("/system/")
            .tags(Map.of("tag-key", "tag-value"))
            .build());
        var lbAccessKey = new AccessKey("lbAccessKey", AccessKeyArgs.builder()
            .user(lb.name())
            .build());
        final var lbRo = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .actions("ec2:Describe*")
                .resources("*")
                .build())
            .build());
        var lbRoUserPolicy = new UserPolicy("lbRoUserPolicy", UserPolicyArgs.builder()
            .name("test")
            .user(lb.name())
            .policy(lbRo.json())
            .build());
    }
}

resources:
  lb:
    type: aws:iam:User
    properties:
      name: loadbalancer
      path: /system/
      tags:
        tag-key: tag-value
  lbAccessKey:
    type: aws:iam:AccessKey
    name: lb
    properties:
      user: ${lb.name}
  lbRoUserPolicy:
    type: aws:iam:UserPolicy
    name: lb_ro
    properties:
      name: test
      user: ${lb.name}
      policy: ${lbRo.json}
variables:
  lbRo:
    fn::invoke:
      function: aws:iam:getPolicyDocument
      arguments:
        statements:
          - effect: Allow
            actions:
              - ec2:Describe*
            resources:
              - '*'

Import

Using pulumi import, import IAM Users using the name. For example:

$ pulumi import aws:iam/user:User lb loadbalancer

Constructors

UserArgs

constructor(forceDestroy: Output<Boolean>? = null, name: Output<String>? = null, path: Output<String>? = null, permissionsBoundary: Output<String>? = null, tags: Output<Map<String, String>>? = null)

Properties

forceDestroy

val forceDestroy: Output<Boolean>? = null

When destroying this user, destroy even if it has non-provider-managed IAM access keys, login profile or MFA devices. Without force_destroy a user with non-provider-managed access keys and login profile will fail to be destroyed.

name

val name: Output<String>? = null

The user's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. User names are not distinguished by case. For example, you cannot create users named both "TESTUSER" and "testuser".

path

val path: Output<String>? = null

Path in which to create the user.

permissionsBoundary

val permissionsBoundary: Output<String>? = null

The ARN of the policy that is used to set the permissions boundary for the user.

Functions

toJava

open override fun toJava(): UserArgs