pulumi-vault-kotlin/com.pulumi.vault.aws.kotlin/AuthBackendClientArgs

AuthBackendClientArgs

data class AuthBackendClientArgs(val accessKey: Output<String>? = null, val backend: Output<String>? = null, val ec2Endpoint: Output<String>? = null, val iamEndpoint: Output<String>? = null, val iamServerIdHeaderValue: Output<String>? = null, val namespace: Output<String>? = null, val secretKey: Output<String>? = null, val stsEndpoint: Output<String>? = null, val stsRegion: Output<String>? = null, val useStsRegionFromClient: Output<Boolean>? = null) : ConvertibleToJava<AuthBackendClientArgs>

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const example = new vault.AuthBackend("example", {type: "aws"});
const exampleAuthBackendClient = new vault.aws.AuthBackendClient("example", {
    backend: example.path,
    accessKey: "INSERT_AWS_ACCESS_KEY",
    secretKey: "INSERT_AWS_SECRET_KEY",
});

import pulumi
import pulumi_vault as vault
example = vault.AuthBackend("example", type="aws")
example_auth_backend_client = vault.aws.AuthBackendClient("example",
    backend=example.path,
    access_key="INSERT_AWS_ACCESS_KEY",
    secret_key="INSERT_AWS_SECRET_KEY")

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
    var example = new Vault.AuthBackend("example", new()
    {
        Type = "aws",
    });
    var exampleAuthBackendClient = new Vault.Aws.AuthBackendClient("example", new()
    {
        Backend = example.Path,
        AccessKey = "INSERT_AWS_ACCESS_KEY",
        SecretKey = "INSERT_AWS_SECRET_KEY",
    });
});

package main
import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/aws"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := vault.NewAuthBackend(ctx, "example", &vault.AuthBackendArgs{
			Type: pulumi.String("aws"),
		})
		if err != nil {
			return err
		}
		_, err = aws.NewAuthBackendClient(ctx, "example", &aws.AuthBackendClientArgs{
			Backend:   example.Path,
			AccessKey: pulumi.String("INSERT_AWS_ACCESS_KEY"),
			SecretKey: pulumi.String("INSERT_AWS_SECRET_KEY"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.AuthBackend;
import com.pulumi.vault.AuthBackendArgs;
import com.pulumi.vault.aws.AuthBackendClient;
import com.pulumi.vault.aws.AuthBackendClientArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new AuthBackend("example", AuthBackendArgs.builder()
            .type("aws")
            .build());
        var exampleAuthBackendClient = new AuthBackendClient("exampleAuthBackendClient", AuthBackendClientArgs.builder()
            .backend(example.path())
            .accessKey("INSERT_AWS_ACCESS_KEY")
            .secretKey("INSERT_AWS_SECRET_KEY")
            .build());
    }
}

resources:
  example:
    type: vault:AuthBackend
    properties:
      type: aws
  exampleAuthBackendClient:
    type: vault:aws:AuthBackendClient
    name: example
    properties:
      backend: ${example.path}
      accessKey: INSERT_AWS_ACCESS_KEY
      secretKey: INSERT_AWS_SECRET_KEY

Import

AWS auth backend clients can be imported using auth/, the backend path, and /config/client e.g.

$ pulumi import vault:aws/authBackendClient:AuthBackendClient example auth/aws/config/client

Constructors

AuthBackendClientArgs

constructor(accessKey: Output<String>? = null, backend: Output<String>? = null, ec2Endpoint: Output<String>? = null, iamEndpoint: Output<String>? = null, iamServerIdHeaderValue: Output<String>? = null, namespace: Output<String>? = null, secretKey: Output<String>? = null, stsEndpoint: Output<String>? = null, stsRegion: Output<String>? = null, useStsRegionFromClient: Output<Boolean>? = null)

Properties

accessKey

val accessKey: Output<String>? = null

The AWS access key that Vault should use for the auth backend.

backend

val backend: Output<String>? = null

The path the AWS auth backend being configured was mounted at. Defaults to aws.

ec2Endpoint

val ec2Endpoint: Output<String>? = null

Override the URL Vault uses when making EC2 API calls.

iamEndpoint

val iamEndpoint: Output<String>? = null

Override the URL Vault uses when making IAM API calls.

iamServerIdHeaderValue

val iamServerIdHeaderValue: Output<String>? = null

The value to require in the X-Vault-AWS-IAM-Server-ID header as part of GetCallerIdentity requests that are used in the IAM auth method.

namespace

val namespace: Output<String>? = null

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

secretKey

val secretKey: Output<String>? = null

The AWS secret key that Vault should use for the auth backend.

stsEndpoint

val stsEndpoint: Output<String>? = null

Override the URL Vault uses when making STS API calls.

stsRegion

val stsRegion: Output<String>? = null

Override the default region when making STS API calls. The sts_endpoint argument must be set when using sts_region.

useStsRegionFromClient

val useStsRegionFromClient: Output<Boolean>? = null

Available in Vault v1.15+. If set, overrides both sts_endpoint and sts_region to instead use the region specified in the client request headers for IAM-based authentication. This can be useful when you have client requests coming from different regions and want flexibility in which regional STS API is used.

Functions

toJava

open override fun toJava(): AuthBackendClientArgs