Auth
Manages an AWS auth backend identity configuration in a Vault server. This configuration defines how Vault interacts with the identity store. See the Vault documentation for more information.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const aws = new vault.AuthBackend("aws", {type: "aws"});
const example = new vault.aws.AuthBackendConfigIdentity("example", {
backend: aws.path,
iamAlias: "full_arn",
iamMetadatas: [
"canonical_arn",
"account_id",
],
});Content copied to clipboard
import pulumi
import pulumi_vault as vault
aws = vault.AuthBackend("aws", type="aws")
example = vault.aws.AuthBackendConfigIdentity("example",
backend=aws.path,
iam_alias="full_arn",
iam_metadatas=[
"canonical_arn",
"account_id",
])Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
var aws = new Vault.AuthBackend("aws", new()
{
Type = "aws",
});
var example = new Vault.Aws.AuthBackendConfigIdentity("example", new()
{
Backend = aws.Path,
IamAlias = "full_arn",
IamMetadatas = new[]
{
"canonical_arn",
"account_id",
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/aws"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
aws, err := vault.NewAuthBackend(ctx, "aws", &vault.AuthBackendArgs{
Type: pulumi.String("aws"),
})
if err != nil {
return err
}
_, err = aws.NewAuthBackendConfigIdentity(ctx, "example", &aws.AuthBackendConfigIdentityArgs{
Backend: aws.Path,
IamAlias: pulumi.String("full_arn"),
IamMetadatas: pulumi.StringArray{
pulumi.String("canonical_arn"),
pulumi.String("account_id"),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.AuthBackend;
import com.pulumi.vault.AuthBackendArgs;
import com.pulumi.vault.aws.AuthBackendConfigIdentity;
import com.pulumi.vault.aws.AuthBackendConfigIdentityArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var aws = new AuthBackend("aws", AuthBackendArgs.builder()
.type("aws")
.build());
var example = new AuthBackendConfigIdentity("example", AuthBackendConfigIdentityArgs.builder()
.backend(aws.path())
.iamAlias("full_arn")
.iamMetadatas(
"canonical_arn",
"account_id")
.build());
}
}Content copied to clipboard
resources:
aws:
type: vault:AuthBackend
properties:
type: aws
example:
type: vault:aws:AuthBackendConfigIdentity
properties:
backend: ${aws.path}
iamAlias: full_arn
iamMetadatas:
- canonical_arn
- account_idContent copied to clipboard
Import
AWS auth backend identity config can be imported using auth/, the backend path, and /config/identity e.g.
$ pulumi import vault:aws/authBackendConfigIdentity:AuthBackendConfigIdentity example auth/aws/config/identityContent copied to clipboard
Properties
Link copied to clipboard
The metadata to include on the token returned by the login endpoint. This metadata will be added to both audit logs, and on the ec2_alias
Link copied to clipboard
The metadata to include on the token returned by the login endpoint. This metadata will be added to both audit logs, and on the iam_alias
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard