aws-iam.AssumableRolesWithSAML
Explore with Pulumi AI
This resource helps you create predefined IAM roles (admin
, poweruser
, and readonly
) which can be assumed
by trusted resources using SAML Federated Users.
Example Usage
Assumable Roles With SAML
using Pulumi;
using Pulumi.AwsIam;
using Pulumi.AwsIam.Inputs;
class MyStack : Stack
{
public MyStack()
{
var assumableRolesWithSaml = new AssumableRolesWithSAML("assumable-roles-with-saml", new AssumableRolesWithSAMLArgs
{
ProviderIds = {"arn:aws:iam::235367859851:saml-provider/idp_saml"},
Admin = new AdminRoleArgs(),
Readonly = new ReadonlyRoleArgs(),
Poweruser = new PoweruserRoleArgs
{
Name = "developer",
},
});
this.AssumableRolesWithSaml = Output.Create<AssumableRolesWithSAML>(assumableRolesWithSaml);
}
[Output]
public Output<AssumableRolesWithSAML> AssumableRolesWithSaml { get; set; }
}
package main
import (
iam "github.com/pulumi/pulumi-aws-iam/sdk/go/aws-iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
assumableRolesWithSAML, err := iam.NewAssumableRolesWithSAML(ctx, "assumable-roles-with-saml", &iam.AssumableRolesWithSAMLArgs{
ProviderIds: pulumi.ToStringArray([]string{"arn:aws:iam::235367859851:saml-provider/idp_saml"}),
Admin: iam.AdminRoleArgs{},
Readonly: iam.ReadonlyRoleArgs{},
Poweruser: iam.PoweruserRoleArgs{
Name: pulumi.String("developer"),
},
})
if err != nil {
return err
}
ctx.Export("assumableRolesWithSAML", assumableRolesWithSAML)
return nil
})
}
Coming soon!
import pulumi
import pulumi_aws_iam as iam
assumable_roles_with_saml = iam.AssumableRolesWithSAML(
'assumable_roles_with_saml',
provider_ids=['arn:aws:iam::235367859851:saml-provider/idp_saml'],
admin=iam.AdminRoleArgs(),
readonly=iam.ReadonlyRoleArgs(),
poweruser=iam.PoweruserRoleArgs(
name='developer',
),
)
pulumi.export('assumable_roles_with_saml', assumable_roles_with_saml)
import * as iam from "@pulumi/aws-iam";
export const assumableRolesWithSaml = new iam.AssumableRolesWithSAML("aws-iam-example-assumable-role-with-saml", {
providerIds: [ "arn:aws:iam::235367859851:saml-provider/idp_saml" ],
admin: {},
poweruser: {
name: "developer",
},
readonly: {},
});
name: awsiam-yaml
runtime: yaml
resources:
assumableRolesWithSaml:
type: "aws-iam:index:AssumableRolesWithSAML"
properties:
providerIds:
- "arn:aws:iam::235367859851:saml-provider/idp_saml"
poweruser:
name: "developer"
outputs:
assumableRolesWithSaml: ${assumableRolesWithSaml}
Create AssumableRolesWithSAML Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AssumableRolesWithSAML(name: string, args?: AssumableRolesWithSAMLArgs, opts?: ComponentResourceOptions);
@overload
def AssumableRolesWithSAML(resource_name: str,
args: Optional[AssumableRolesWithSAMLArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def AssumableRolesWithSAML(resource_name: str,
opts: Optional[ResourceOptions] = None,
admin: Optional[AdminRoleArgs] = None,
aws_saml_endpoint: Optional[str] = None,
force_detach_policies: Optional[bool] = None,
max_session_duration: Optional[int] = None,
poweruser: Optional[PoweruserRoleArgs] = None,
provider_ids: Optional[Sequence[str]] = None,
readonly: Optional[ReadonlyRoleArgs] = None)
func NewAssumableRolesWithSAML(ctx *Context, name string, args *AssumableRolesWithSAMLArgs, opts ...ResourceOption) (*AssumableRolesWithSAML, error)
public AssumableRolesWithSAML(string name, AssumableRolesWithSAMLArgs? args = null, ComponentResourceOptions? opts = null)
public AssumableRolesWithSAML(String name, AssumableRolesWithSAMLArgs args)
public AssumableRolesWithSAML(String name, AssumableRolesWithSAMLArgs args, ComponentResourceOptions options)
type: aws-iam:AssumableRolesWithSAML
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AssumableRolesWithSAMLArgs
- The arguments to resource properties.
- opts ComponentResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AssumableRolesWithSAMLArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AssumableRolesWithSAMLArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AssumableRolesWithSAMLArgs
- The arguments to resource properties.
- opts ComponentResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AssumableRolesWithSAMLArgs
- The arguments to resource properties.
- options ComponentResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var assumableRolesWithSAMLResource = new AwsIam.AssumableRolesWithSAML("assumableRolesWithSAMLResource", new()
{
Admin = new AwsIam.Inputs.AdminRoleArgs
{
Name = "string",
Path = "string",
PermissionsBoundaryArn = "string",
PolicyArns = new[]
{
"string",
},
Tags =
{
{ "string", "string" },
},
},
AwsSamlEndpoint = "string",
ForceDetachPolicies = false,
MaxSessionDuration = 0,
Poweruser = new AwsIam.Inputs.PoweruserRoleArgs
{
Name = "string",
Path = "string",
PermissionsBoundaryArn = "string",
PolicyArns = new[]
{
"string",
},
Tags =
{
{ "string", "string" },
},
},
ProviderIds = new[]
{
"string",
},
Readonly = new AwsIam.Inputs.ReadonlyRoleArgs
{
Name = "string",
Path = "string",
PermissionsBoundaryArn = "string",
PolicyArns = new[]
{
"string",
},
Tags =
{
{ "string", "string" },
},
},
});
example, err := awsiam.NewAssumableRolesWithSAML(ctx, "assumableRolesWithSAMLResource", &awsiam.AssumableRolesWithSAMLArgs{
Admin: &awsiam.AdminRoleArgs{
Name: pulumi.String("string"),
Path: pulumi.String("string"),
PermissionsBoundaryArn: pulumi.String("string"),
PolicyArns: pulumi.StringArray{
pulumi.String("string"),
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
AwsSamlEndpoint: pulumi.String("string"),
ForceDetachPolicies: pulumi.Bool(false),
MaxSessionDuration: pulumi.Int(0),
Poweruser: &awsiam.PoweruserRoleArgs{
Name: pulumi.String("string"),
Path: pulumi.String("string"),
PermissionsBoundaryArn: pulumi.String("string"),
PolicyArns: pulumi.StringArray{
pulumi.String("string"),
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
ProviderIds: pulumi.StringArray{
pulumi.String("string"),
},
Readonly: &awsiam.ReadonlyRoleArgs{
Name: pulumi.String("string"),
Path: pulumi.String("string"),
PermissionsBoundaryArn: pulumi.String("string"),
PolicyArns: pulumi.StringArray{
pulumi.String("string"),
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
})
var assumableRolesWithSAMLResource = new AssumableRolesWithSAML("assumableRolesWithSAMLResource", AssumableRolesWithSAMLArgs.builder()
.admin(AdminRoleArgs.builder()
.name("string")
.path("string")
.permissionsBoundaryArn("string")
.policyArns("string")
.tags(Map.of("string", "string"))
.build())
.awsSamlEndpoint("string")
.forceDetachPolicies(false)
.maxSessionDuration(0)
.poweruser(PoweruserRoleArgs.builder()
.name("string")
.path("string")
.permissionsBoundaryArn("string")
.policyArns("string")
.tags(Map.of("string", "string"))
.build())
.providerIds("string")
.readonly(ReadonlyRoleArgs.builder()
.name("string")
.path("string")
.permissionsBoundaryArn("string")
.policyArns("string")
.tags(Map.of("string", "string"))
.build())
.build());
assumable_roles_with_saml_resource = aws_iam.AssumableRolesWithSAML("assumableRolesWithSAMLResource",
admin={
"name": "string",
"path": "string",
"permissions_boundary_arn": "string",
"policy_arns": ["string"],
"tags": {
"string": "string",
},
},
aws_saml_endpoint="string",
force_detach_policies=False,
max_session_duration=0,
poweruser={
"name": "string",
"path": "string",
"permissions_boundary_arn": "string",
"policy_arns": ["string"],
"tags": {
"string": "string",
},
},
provider_ids=["string"],
readonly={
"name": "string",
"path": "string",
"permissions_boundary_arn": "string",
"policy_arns": ["string"],
"tags": {
"string": "string",
},
})
const assumableRolesWithSAMLResource = new aws_iam.AssumableRolesWithSAML("assumableRolesWithSAMLResource", {
admin: {
name: "string",
path: "string",
permissionsBoundaryArn: "string",
policyArns: ["string"],
tags: {
string: "string",
},
},
awsSamlEndpoint: "string",
forceDetachPolicies: false,
maxSessionDuration: 0,
poweruser: {
name: "string",
path: "string",
permissionsBoundaryArn: "string",
policyArns: ["string"],
tags: {
string: "string",
},
},
providerIds: ["string"],
readonly: {
name: "string",
path: "string",
permissionsBoundaryArn: "string",
policyArns: ["string"],
tags: {
string: "string",
},
},
});
type: aws-iam:AssumableRolesWithSAML
properties:
admin:
name: string
path: string
permissionsBoundaryArn: string
policyArns:
- string
tags:
string: string
awsSamlEndpoint: string
forceDetachPolicies: false
maxSessionDuration: 0
poweruser:
name: string
path: string
permissionsBoundaryArn: string
policyArns:
- string
tags:
string: string
providerIds:
- string
readonly:
name: string
path: string
permissionsBoundaryArn: string
policyArns:
- string
tags:
string: string
AssumableRolesWithSAML Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AssumableRolesWithSAML resource accepts the following input properties:
- Admin
Pulumi.
Aws Iam. Inputs. Admin Role - Aws
Saml stringEndpoint - AWS SAML Endpoint.
- Force
Detach boolPolicies - Whether policies should be detached from this role when destroying.
- Max
Session intDuration - Maximum CLI/API session duration in seconds between 3600 and 43200.
- Poweruser
Pulumi.
Aws Iam. Inputs. Poweruser Role - Provider
Ids List<string> - List of SAML Provider IDs.
- Readonly
Pulumi.
Aws Iam. Inputs. Readonly Role
- Admin
Admin
Role Args - Aws
Saml stringEndpoint - AWS SAML Endpoint.
- Force
Detach boolPolicies - Whether policies should be detached from this role when destroying.
- Max
Session intDuration - Maximum CLI/API session duration in seconds between 3600 and 43200.
- Poweruser
Poweruser
Role Args - Provider
Ids []string - List of SAML Provider IDs.
- Readonly
Readonly
Role Args
- admin
Admin
Role - aws
Saml StringEndpoint - AWS SAML Endpoint.
- force
Detach BooleanPolicies - Whether policies should be detached from this role when destroying.
- max
Session IntegerDuration - Maximum CLI/API session duration in seconds between 3600 and 43200.
- poweruser
Poweruser
Role - provider
Ids List<String> - List of SAML Provider IDs.
- readonly
Readonly
Role
- admin
Admin
Role - aws
Saml stringEndpoint - AWS SAML Endpoint.
- force
Detach booleanPolicies - Whether policies should be detached from this role when destroying.
- max
Session numberDuration - Maximum CLI/API session duration in seconds between 3600 and 43200.
- poweruser
Poweruser
Role - provider
Ids string[] - List of SAML Provider IDs.
- readonly
Readonly
Role
- admin
Admin
Role Args - aws_
saml_ strendpoint - AWS SAML Endpoint.
- force_
detach_ boolpolicies - Whether policies should be detached from this role when destroying.
- max_
session_ intduration - Maximum CLI/API session duration in seconds between 3600 and 43200.
- poweruser
Poweruser
Role Args - provider_
ids Sequence[str] - List of SAML Provider IDs.
- readonly
Readonly
Role Args
- admin Property Map
- aws
Saml StringEndpoint - AWS SAML Endpoint.
- force
Detach BooleanPolicies - Whether policies should be detached from this role when destroying.
- max
Session NumberDuration - Maximum CLI/API session duration in seconds between 3600 and 43200.
- poweruser Property Map
- provider
Ids List<String> - List of SAML Provider IDs.
- readonly Property Map
Outputs
All input properties are implicitly available as output properties. Additionally, the AssumableRolesWithSAML resource produces the following output properties:
Supporting Types
AdminRole, AdminRoleArgs
- Name string
- IAM role with admin access.
- Path string
- Path of admin IAM role.
- Permissions
Boundary stringArn - Permissions boundary ARN to use for admin role.
- Policy
Arns List<string> - List of policy ARNs to use for admin role.
- Dictionary<string, string>
- A map of tags to add.
- Name string
- IAM role with admin access.
- Path string
- Path of admin IAM role.
- Permissions
Boundary stringArn - Permissions boundary ARN to use for admin role.
- Policy
Arns []string - List of policy ARNs to use for admin role.
- map[string]string
- A map of tags to add.
- name String
- IAM role with admin access.
- path String
- Path of admin IAM role.
- permissions
Boundary StringArn - Permissions boundary ARN to use for admin role.
- policy
Arns List<String> - List of policy ARNs to use for admin role.
- Map<String,String>
- A map of tags to add.
- name string
- IAM role with admin access.
- path string
- Path of admin IAM role.
- permissions
Boundary stringArn - Permissions boundary ARN to use for admin role.
- policy
Arns string[] - List of policy ARNs to use for admin role.
- {[key: string]: string}
- A map of tags to add.
- name str
- IAM role with admin access.
- path str
- Path of admin IAM role.
- permissions_
boundary_ strarn - Permissions boundary ARN to use for admin role.
- policy_
arns Sequence[str] - List of policy ARNs to use for admin role.
- Mapping[str, str]
- A map of tags to add.
- name String
- IAM role with admin access.
- path String
- Path of admin IAM role.
- permissions
Boundary StringArn - Permissions boundary ARN to use for admin role.
- policy
Arns List<String> - List of policy ARNs to use for admin role.
- Map<String>
- A map of tags to add.
PoweruserRole, PoweruserRoleArgs
- Name string
- IAM role with poweruser access.
- Path string
- Path of poweruser IAM role.
- Permissions
Boundary stringArn - Permissions boundary ARN to use for poweruser role.
- Policy
Arns List<string> - List of policy ARNs to use for poweruser role.
- Dictionary<string, string>
- A map of tags to add.
- Name string
- IAM role with poweruser access.
- Path string
- Path of poweruser IAM role.
- Permissions
Boundary stringArn - Permissions boundary ARN to use for poweruser role.
- Policy
Arns []string - List of policy ARNs to use for poweruser role.
- map[string]string
- A map of tags to add.
- name String
- IAM role with poweruser access.
- path String
- Path of poweruser IAM role.
- permissions
Boundary StringArn - Permissions boundary ARN to use for poweruser role.
- policy
Arns List<String> - List of policy ARNs to use for poweruser role.
- Map<String,String>
- A map of tags to add.
- name string
- IAM role with poweruser access.
- path string
- Path of poweruser IAM role.
- permissions
Boundary stringArn - Permissions boundary ARN to use for poweruser role.
- policy
Arns string[] - List of policy ARNs to use for poweruser role.
- {[key: string]: string}
- A map of tags to add.
- name str
- IAM role with poweruser access.
- path str
- Path of poweruser IAM role.
- permissions_
boundary_ strarn - Permissions boundary ARN to use for poweruser role.
- policy_
arns Sequence[str] - List of policy ARNs to use for poweruser role.
- Mapping[str, str]
- A map of tags to add.
- name String
- IAM role with poweruser access.
- path String
- Path of poweruser IAM role.
- permissions
Boundary StringArn - Permissions boundary ARN to use for poweruser role.
- policy
Arns List<String> - List of policy ARNs to use for poweruser role.
- Map<String>
- A map of tags to add.
ReadonlyRole, ReadonlyRoleArgs
- Name string
- IAM role with readonly access.
- Path string
- Path of readonly IAM role.
- Permissions
Boundary stringArn - Permissions boundary ARN to use for readonly role.
- Policy
Arns List<string> - List of policy ARNs to use for readonly role.
- Dictionary<string, string>
- A map of tags to add.
- Name string
- IAM role with readonly access.
- Path string
- Path of readonly IAM role.
- Permissions
Boundary stringArn - Permissions boundary ARN to use for readonly role.
- Policy
Arns []string - List of policy ARNs to use for readonly role.
- map[string]string
- A map of tags to add.
- name String
- IAM role with readonly access.
- path String
- Path of readonly IAM role.
- permissions
Boundary StringArn - Permissions boundary ARN to use for readonly role.
- policy
Arns List<String> - List of policy ARNs to use for readonly role.
- Map<String,String>
- A map of tags to add.
- name string
- IAM role with readonly access.
- path string
- Path of readonly IAM role.
- permissions
Boundary stringArn - Permissions boundary ARN to use for readonly role.
- policy
Arns string[] - List of policy ARNs to use for readonly role.
- {[key: string]: string}
- A map of tags to add.
- name str
- IAM role with readonly access.
- path str
- Path of readonly IAM role.
- permissions_
boundary_ strarn - Permissions boundary ARN to use for readonly role.
- policy_
arns Sequence[str] - List of policy ARNs to use for readonly role.
- Mapping[str, str]
- A map of tags to add.
- name String
- IAM role with readonly access.
- path String
- Path of readonly IAM role.
- permissions
Boundary StringArn - Permissions boundary ARN to use for readonly role.
- policy
Arns List<String> - List of policy ARNs to use for readonly role.
- Map<String>
- A map of tags to add.
Package Details
- Repository
- aws-iam
- License