pulumi-aws-kotlin/com.pulumi.aws.ssoadmin.kotlin/TrustedTokenIssuer

TrustedTokenIssuer

class TrustedTokenIssuer : KotlinCustomResource

Resource for managing an AWS SSO Admin Trusted Token Issuer.

Example Usage

Basic Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.ssoadmin.getInstances({});
const exampleTrustedTokenIssuer = new aws.ssoadmin.TrustedTokenIssuer("example", {
    name: "example",
    instanceArn: example.then(example => example.arns?.[0]),
    trustedTokenIssuerType: "OIDC_JWT",
    trustedTokenIssuerConfiguration: {
        oidcJwtConfiguration: {
            claimAttributePath: "email",
            identityStoreAttributePath: "emails.value",
            issuerUrl: "https://example.com",
            jwksRetrievalOption: "OPEN_ID_DISCOVERY",
        },
    },
});
Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.ssoadmin.get_instances()
example_trusted_token_issuer = aws.ssoadmin.TrustedTokenIssuer("example",
    name="example",
    instance_arn=example.arns[0],
    trusted_token_issuer_type="OIDC_JWT",
    trusted_token_issuer_configuration={
        "oidc_jwt_configuration": {
            "claim_attribute_path": "email",
            "identity_store_attribute_path": "emails.value",
            "issuer_url": "https://example.com",
            "jwks_retrieval_option": "OPEN_ID_DISCOVERY",
        },
    })
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var example = Aws.SsoAdmin.GetInstances.Invoke();
    var exampleTrustedTokenIssuer = new Aws.SsoAdmin.TrustedTokenIssuer("example", new()
    {
        Name = "example",
        InstanceArn = example.Apply(getInstancesResult => getInstancesResult.Arns[0]),
        TrustedTokenIssuerType = "OIDC_JWT",
        TrustedTokenIssuerConfiguration = new Aws.SsoAdmin.Inputs.TrustedTokenIssuerTrustedTokenIssuerConfigurationArgs
        {
            OidcJwtConfiguration = new Aws.SsoAdmin.Inputs.TrustedTokenIssuerTrustedTokenIssuerConfigurationOidcJwtConfigurationArgs
            {
                ClaimAttributePath = "email",
                IdentityStoreAttributePath = "emails.value",
                IssuerUrl = "https://example.com",
                JwksRetrievalOption = "OPEN_ID_DISCOVERY",
            },
        },
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ssoadmin"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := ssoadmin.GetInstances(ctx, map[string]interface{}{}, nil)
		if err != nil {
			return err
		}
		_, err = ssoadmin.NewTrustedTokenIssuer(ctx, "example", &ssoadmin.TrustedTokenIssuerArgs{
			Name:                   pulumi.String("example"),
			InstanceArn:            pulumi.String(example.Arns[0]),
			TrustedTokenIssuerType: pulumi.String("OIDC_JWT"),
			TrustedTokenIssuerConfiguration: &ssoadmin.TrustedTokenIssuerTrustedTokenIssuerConfigurationArgs{
				OidcJwtConfiguration: &ssoadmin.TrustedTokenIssuerTrustedTokenIssuerConfigurationOidcJwtConfigurationArgs{
					ClaimAttributePath:         pulumi.String("email"),
					IdentityStoreAttributePath: pulumi.String("emails.value"),
					IssuerUrl:                  pulumi.String("https://example.com"),
					JwksRetrievalOption:        pulumi.String("OPEN_ID_DISCOVERY"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ssoadmin.SsoadminFunctions;
import com.pulumi.aws.ssoadmin.TrustedTokenIssuer;
import com.pulumi.aws.ssoadmin.TrustedTokenIssuerArgs;
import com.pulumi.aws.ssoadmin.inputs.TrustedTokenIssuerTrustedTokenIssuerConfigurationArgs;
import com.pulumi.aws.ssoadmin.inputs.TrustedTokenIssuerTrustedTokenIssuerConfigurationOidcJwtConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var example = SsoadminFunctions.getInstances(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);
        var exampleTrustedTokenIssuer = new TrustedTokenIssuer("exampleTrustedTokenIssuer", TrustedTokenIssuerArgs.builder()
            .name("example")
            .instanceArn(example.arns()[0])
            .trustedTokenIssuerType("OIDC_JWT")
            .trustedTokenIssuerConfiguration(TrustedTokenIssuerTrustedTokenIssuerConfigurationArgs.builder()
                .oidcJwtConfiguration(TrustedTokenIssuerTrustedTokenIssuerConfigurationOidcJwtConfigurationArgs.builder()
                    .claimAttributePath("email")
                    .identityStoreAttributePath("emails.value")
                    .issuerUrl("https://example.com")
                    .jwksRetrievalOption("OPEN_ID_DISCOVERY")
                    .build())
                .build())
            .build());
    }
}
Content copied to clipboard
resources:
  exampleTrustedTokenIssuer:
    type: aws:ssoadmin:TrustedTokenIssuer
    name: example
    properties:
      name: example
      instanceArn: ${example.arns[0]}
      trustedTokenIssuerType: OIDC_JWT
      trustedTokenIssuerConfiguration:
        oidcJwtConfiguration:
          claimAttributePath: email
          identityStoreAttributePath: emails.value
          issuerUrl: https://example.com
          jwksRetrievalOption: OPEN_ID_DISCOVERY
variables:
  example:
    fn::invoke:
      function: aws:ssoadmin:getInstances
      arguments: {}
Content copied to clipboard

Import

Using pulumi import, import SSO Admin Trusted Token Issuer using the id. For example:

$ pulumi import aws:ssoadmin/trustedTokenIssuer:TrustedTokenIssuer example arn:aws:sso::123456789012:trustedTokenIssuer/ssoins-lu1ye3gew4mbc7ju/tti-2657c556-9707-11ee-b9d1-0242ac120002
Content copied to clipboard

Properties

Link copied to clipboard
val arn: Output<String>

ARN of the trusted token issuer.

Link copied to clipboard
val clientToken: Output<String>?

A unique, case-sensitive ID that you provide to ensure the idempotency of the request. AWS generates a random value when not provided.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val instanceArn: Output<String>

ARN of the instance of IAM Identity Center.

Link copied to clipboard
val name: Output<String>

Name of the trusted token issuer.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val tags: Output<Map<String, String>>?

Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Link copied to clipboard
val tagsAll: Output<Map<String, String>>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Link copied to clipboard
val trustedTokenIssuerConfiguration: Output<TrustedTokenIssuerTrustedTokenIssuerConfiguration>?

A block that specifies settings that apply to the trusted token issuer, these change depending on the type you specify in trusted_token_issuer_type. Documented below.

Link copied to clipboard
val trustedTokenIssuerType: Output<String>

Specifies the type of the trusted token issuer. Valid values are OIDC_JWT The following arguments are optional:

Link copied to clipboard
val urn: Output<String>