pulumi-vault-kotlin/com.pulumi.vault.aws.kotlin/AuthBackendLogin

AuthBackendLogin

class AuthBackendLogin : KotlinCustomResource

Logs into a Vault server using an AWS auth backend. Login can be accomplished using a signed identity request from IAM or using ec2 instance metadata. For more information, see the [Vault

documentation](https://www.vaultproject.io/docs/auth/aws.html).

Example Usage

resources:
  aws:
    type: vault:AuthBackend
    properties:
      type: aws
      path: aws
  example:
    type: vault:aws:AuthBackendClient
    properties:
      backend: ${aws.path}
      accessKey: '123456789012'
      secretKey: AWSSECRETKEYGOESHERE
  exampleAuthBackendRole:
    type: vault:aws:AuthBackendRole
    name: example
    properties:
      backend: ${aws.path}
      role: test-role
      authType: ec2
      boundAmiId: ami-8c1be5f6
      boundAccountId: '123456789012'
      boundVpcId: vpc-b61106d4
      boundSubnetId: vpc-133128f1
      boundIamInstanceProfileArns:
        - arn:aws:iam::123456789012:instance-profile/MyProfile
      ttl: 60
      maxTtl: 120
      tokenPolicies:
        - default
        - dev
        - prod
    options:
      dependsOn:
        - ${example}
  exampleAuthBackendLogin:
    type: vault:aws:AuthBackendLogin
    name: example
    properties:
      backend: ${exampleVaultAuthBackend.path}
      role: ${exampleAuthBackendRole.role}
      identity: BASE64ENCODEDIDENTITYDOCUMENT
      signature: BASE64ENCODEDSHA256IDENTITYDOCUMENTSIGNATURE

Properties

accessor

val accessor: Output<String>

The token's accessor.

authType

val authType: Output<String>

The authentication type used to generate this token.

backend

val backend: Output<String>?

The unique name of the AWS auth backend. Defaults to 'aws'.

clientToken

val clientToken: Output<String>

The token returned by Vault.

iamHttpRequestMethod

val iamHttpRequestMethod: Output<String>?

The HTTP method used in the signed IAM request.

iamRequestBody

val iamRequestBody: Output<String>?

The base64-encoded body of the signed request.

iamRequestHeaders

val iamRequestHeaders: Output<String>?

The base64-encoded, JSON serialized representation of the GetCallerIdentity HTTP request headers.

iamRequestUrl

val iamRequestUrl: Output<String>?

The base64-encoded HTTP URL used in the signed request.

val id: Output<String>

identity

val identity: Output<String>?

The base64-encoded EC2 instance identity document to authenticate with. Can be retrieved from the EC2 metadata server.

leaseDuration

val leaseDuration: Output<Int>

The duration in seconds the token will be valid, relative to the time in lease_start_time.

leaseStartTime

val leaseStartTime: Output<String>

metadata

val metadata: Output<Map<String, String>>

A map of information returned by the Vault server about the authentication used to generate this token.

namespace

val namespace: Output<String>?

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

nonce

val nonce: Output<String>

The unique nonce to be used for login requests. Can be set to a user-specified value, or will contain the server-generated value once a token is issued. EC2 instances can only acquire a single token until the whitelist is tidied again unless they keep track of this nonce.

pkcs7

val pkcs7: Output<String>?

The PKCS#7 signature of the identity document to authenticate with, with all newline characters removed. Can be retrieved from the EC2 metadata server.

policies

val policies: Output<List<String>>

The Vault policies assigned to this token.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

renewable

val renewable: Output<Boolean>

Set to true if the token can be extended through renewal.

role

val role: Output<String>

The name of the AWS auth backend role to create tokens against.

signature

val signature: Output<String>?

The base64-encoded SHA256 RSA signature of the instance identity document to authenticate with, with all newline characters removed. Can be retrieved from the EC2 metadata server.

urn

val urn: Output<String>