pulumi-vault-kotlin/com.pulumi.vault.aws.kotlin/AuthBackendStsRoleArgs

AuthBackendStsRoleArgs

data class AuthBackendStsRoleArgs(val accountId: Output<String>? = null, val backend: Output<String>? = null, val externalId: Output<String>? = null, val namespace: Output<String>? = null, val stsRole: Output<String>? = null) : ConvertibleToJava<AuthBackendStsRoleArgs>

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";
const aws = new vault.AuthBackend("aws", {type: "aws"});
const role = new vault.aws.AuthBackendStsRole("role", {
    backend: aws.path,
    accountId: "1234567890",
    stsRole: "arn:aws:iam::1234567890:role/my-role",
});
Content copied to clipboard
import pulumi
import pulumi_vault as vault
aws = vault.AuthBackend("aws", type="aws")
role = vault.aws.AuthBackendStsRole("role",
    backend=aws.path,
    account_id="1234567890",
    sts_role="arn:aws:iam::1234567890:role/my-role")
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;
return await Deployment.RunAsync(() =>
{
    var aws = new Vault.AuthBackend("aws", new()
    {
        Type = "aws",
    });
    var role = new Vault.Aws.AuthBackendStsRole("role", new()
    {
        Backend = aws.Path,
        AccountId = "1234567890",
        StsRole = "arn:aws:iam::1234567890:role/my-role",
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault"
	"github.com/pulumi/pulumi-vault/sdk/v6/go/vault/aws"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		aws, err := vault.NewAuthBackend(ctx, "aws", &vault.AuthBackendArgs{
			Type: pulumi.String("aws"),
		})
		if err != nil {
			return err
		}
		_, err = aws.NewAuthBackendStsRole(ctx, "role", &aws.AuthBackendStsRoleArgs{
			Backend:   aws.Path,
			AccountId: pulumi.String("1234567890"),
			StsRole:   pulumi.String("arn:aws:iam::1234567890:role/my-role"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.AuthBackend;
import com.pulumi.vault.AuthBackendArgs;
import com.pulumi.vault.aws.AuthBackendStsRole;
import com.pulumi.vault.aws.AuthBackendStsRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var aws = new AuthBackend("aws", AuthBackendArgs.builder()
            .type("aws")
            .build());
        var role = new AuthBackendStsRole("role", AuthBackendStsRoleArgs.builder()
            .backend(aws.path())
            .accountId("1234567890")
            .stsRole("arn:aws:iam::1234567890:role/my-role")
            .build());
    }
}
Content copied to clipboard
resources:
  aws:
    type: vault:AuthBackend
    properties:
      type: aws
  role:
    type: vault:aws:AuthBackendStsRole
    properties:
      backend: ${aws.path}
      accountId: '1234567890'
      stsRole: arn:aws:iam::1234567890:role/my-role
Content copied to clipboard

Import

AWS auth backend STS roles can be imported using auth/, the backend path, /config/sts/, and the account_id e.g.

$ pulumi import vault:aws/authBackendStsRole:AuthBackendStsRole example auth/aws/config/sts/1234567890
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(accountId: Output<String>? = null, backend: Output<String>? = null, externalId: Output<String>? = null, namespace: Output<String>? = null, stsRole: Output<String>? = null)

Properties

Link copied to clipboard
val accountId: Output<String>? = null

The AWS account ID to configure the STS role for.

Link copied to clipboard
val backend: Output<String>? = null

The path the AWS auth backend being configured was mounted at. Defaults to aws.

Link copied to clipboard
val externalId: Output<String>? = null

External ID expected by the STS role. The associated STS role must be configured to require the external ID. Requires Vault 1.17+.

Link copied to clipboard
val namespace: Output<String>? = null

The namespace to provision the resource in. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

Link copied to clipboard
val stsRole: Output<String>? = null

The STS role to assume when verifying requests made by EC2 instances in the account specified by account_id.

Functions

Link copied to clipboard
open override fun toJava(): AuthBackendStsRoleArgs