Docs Home
AWS IAM v0.0.3 published on Wednesday, Jun 1, 2022 by Pulumi
aws-iam.AssumableRoleWithSAML
Explore with Pulumi AI
This resource helps you create a single IAM Role which can be assumed by trusted resources using SAML Federated Users.
Example Usage
using Pulumi;
using Pulumi.AwsIam;
using Pulumi.AwsIam.Inputs;
class MyStack : Stack
{
public MyStack()
{
var assumableRoleWithSaml = new AssumableRoleWithSAML("assumable-role-with-saml", new AssumableRoleWithSAMLArgs
{
Role = new RoleArgs
{
Name = "saml-role",
PolicyArns = {"arn:aws:iam::aws:policy/ReadOnlyAccess"},
},
Tags = new InputMap<string>
{
{"Role", "saml-role"},
},
ProviderIds = {"arn:aws:iam::235367859851:saml-provider/idp_saml"},
});
this.AssumableRoleWithSaml = Output.Create<AssumableRoleWithSAML>(assumableRoleWithSaml);
}
[Output]
public Output<AssumableRoleWithSAML> AssumableRoleWithSaml { get; set; }
}
package main
import (
iam "github.com/pulumi/pulumi-aws-iam/sdk/go/aws-iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
assumableRoleWithSAML, err := iam.NewAssumableRoleWithSAML(ctx, "assumable-role-with-saml", &iam.AssumableRoleWithSAMLArgs{
Role: iam.RoleArgs{
Name: pulumi.String("saml-role"),
PolicyArns: pulumi.ToStringArray([]string{"arn:aws:iam::aws:policy/ReadOnlyAccess"}),
},
Tags: pulumi.ToStringMap(map[string]string{
"Role": "saml-role",
}),
ProviderIds: pulumi.ToStringArray([]string{"arn:aws:iam::235367859851:saml-provider/idp_saml"}),
})
if err != nil {
return err
}
ctx.Export("assumableRoleWithSAML", assumableRoleWithSAML)
return nil
})
}
Coming soon!
import pulumi
import pulumi_aws_iam as iam
assumable_role_with_saml = iam.AssumableRoleWithSAML(
'assumable_role_with_saml',
role=iam.RoleArgs(
name='saml-role',
policy_arns=['arn:aws:iam::aws:policy/ReadOnlyAccess'],
),
tags={
'Role': 'saml-role',
},
provider_ids=['arn:aws:iam::235367859851:saml-provider/idp_saml']
)
pulumi.export('assumable_role_with_saml', assumable_role_with_saml)
import * as iam from "@pulumi/aws-iam";
export const assumableRoleWithSaml = new iam.AssumableRoleWithSAML("aws-iam-example-assumable-role-with-saml", {
providerIds: [ "arn:aws:iam::235367859851:saml-provider/idp_saml" ],
role: {
name: "saml-role",
policyArns: [ "arn:aws:iam::aws:policy/ReadOnlyAccess" ],
},
tags: {
Role: "saml-role",
},
});
name: awsiam-yaml
runtime: yaml
resources:
assumableRoleWithSaml:
type: "aws-iam:index:AssumableRoleWithSAML"
properties:
role:
name: "saml-role"
policyArns:
- "arn:aws:iam::aws:policy/ReadOnlyAccess"
tags:
Role: "saml-role"
providerIds:
- "arn:aws:iam::235367859851:saml-provider/idp_saml"
outputs:
assumableRoleWithSaml: ${assumableRoleWithSaml}
Create AssumableRoleWithSAML Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AssumableRoleWithSAML(name: string, args?: AssumableRoleWithSAMLArgs, opts?: ComponentResourceOptions);@overload
def AssumableRoleWithSAML(resource_name: str,
args: Optional[AssumableRoleWithSAMLArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def AssumableRoleWithSAML(resource_name: str,
opts: Optional[ResourceOptions] = None,
aws_saml_endpoint: Optional[str] = None,
force_detach_policies: Optional[bool] = None,
max_session_duration: Optional[int] = None,
provider_ids: Optional[Sequence[str]] = None,
role: Optional[RoleArgs] = None,
tags: Optional[Mapping[str, str]] = None)func NewAssumableRoleWithSAML(ctx *Context, name string, args *AssumableRoleWithSAMLArgs, opts ...ResourceOption) (*AssumableRoleWithSAML, error)public AssumableRoleWithSAML(string name, AssumableRoleWithSAMLArgs? args = null, ComponentResourceOptions? opts = null)
public AssumableRoleWithSAML(String name, AssumableRoleWithSAMLArgs args)
public AssumableRoleWithSAML(String name, AssumableRoleWithSAMLArgs args, ComponentResourceOptions options)
type: aws-iam:AssumableRoleWithSAML
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AssumableRoleWithSAMLArgs
- The arguments to resource properties.
- opts ComponentResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AssumableRoleWithSAMLArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AssumableRoleWithSAMLArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AssumableRoleWithSAMLArgs
- The arguments to resource properties.
- opts ComponentResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AssumableRoleWithSAMLArgs
- The arguments to resource properties.
- options ComponentResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var assumableRoleWithSAMLResource = new AwsIam.AssumableRoleWithSAML("assumableRoleWithSAMLResource", new()
{
AwsSamlEndpoint = "string",
ForceDetachPolicies = false,
MaxSessionDuration = 0,
ProviderIds = new[]
{
"string",
},
Role = new AwsIam.Inputs.RoleArgs
{
Name = "string",
NamePrefix = "string",
Path = "string",
PermissionsBoundaryArn = "string",
PolicyArns = new[]
{
"string",
},
},
Tags =
{
{ "string", "string" },
},
});
example, err := awsiam.NewAssumableRoleWithSAML(ctx, "assumableRoleWithSAMLResource", &awsiam.AssumableRoleWithSAMLArgs{
AwsSamlEndpoint: pulumi.String("string"),
ForceDetachPolicies: pulumi.Bool(false),
MaxSessionDuration: pulumi.Int(0),
ProviderIds: pulumi.StringArray{
pulumi.String("string"),
},
Role: &awsiam.RoleArgs{
Name: pulumi.String("string"),
NamePrefix: pulumi.String("string"),
Path: pulumi.String("string"),
PermissionsBoundaryArn: pulumi.String("string"),
PolicyArns: pulumi.StringArray{
pulumi.String("string"),
},
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var assumableRoleWithSAMLResource = new AssumableRoleWithSAML("assumableRoleWithSAMLResource", AssumableRoleWithSAMLArgs.builder()
.awsSamlEndpoint("string")
.forceDetachPolicies(false)
.maxSessionDuration(0)
.providerIds("string")
.role(RoleArgs.builder()
.name("string")
.namePrefix("string")
.path("string")
.permissionsBoundaryArn("string")
.policyArns("string")
.build())
.tags(Map.of("string", "string"))
.build());
assumable_role_with_saml_resource = aws_iam.AssumableRoleWithSAML("assumableRoleWithSAMLResource",
aws_saml_endpoint="string",
force_detach_policies=False,
max_session_duration=0,
provider_ids=["string"],
role={
"name": "string",
"name_prefix": "string",
"path": "string",
"permissions_boundary_arn": "string",
"policy_arns": ["string"],
},
tags={
"string": "string",
})
const assumableRoleWithSAMLResource = new aws_iam.AssumableRoleWithSAML("assumableRoleWithSAMLResource", {
awsSamlEndpoint: "string",
forceDetachPolicies: false,
maxSessionDuration: 0,
providerIds: ["string"],
role: {
name: "string",
namePrefix: "string",
path: "string",
permissionsBoundaryArn: "string",
policyArns: ["string"],
},
tags: {
string: "string",
},
});
type: aws-iam:AssumableRoleWithSAML
properties:
awsSamlEndpoint: string
forceDetachPolicies: false
maxSessionDuration: 0
providerIds:
- string
role:
name: string
namePrefix: string
path: string
permissionsBoundaryArn: string
policyArns:
- string
tags:
string: string
AssumableRoleWithSAML Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AssumableRoleWithSAML resource accepts the following input properties:
- Aws
Saml stringEndpoint - AWS SAML Endpoint.
- Force
Detach boolPolicies - Whether policies should be detached from this role when destroying.
- Max
Session intDuration - Maximum CLI/API session duration in seconds between 3600 and 43200.
- Provider
Ids List<string> - List of SAML Provider IDs.
- Role
Pulumi.
Aws Iam. Inputs. Role - Dictionary<string, string>
- A map of tags to add.
- Aws
Saml stringEndpoint - AWS SAML Endpoint.
- Force
Detach boolPolicies - Whether policies should be detached from this role when destroying.
- Max
Session intDuration - Maximum CLI/API session duration in seconds between 3600 and 43200.
- Provider
Ids []string - List of SAML Provider IDs.
- Role
Role
Args - map[string]string
- A map of tags to add.
- aws
Saml StringEndpoint - AWS SAML Endpoint.
- force
Detach BooleanPolicies - Whether policies should be detached from this role when destroying.
- max
Session IntegerDuration - Maximum CLI/API session duration in seconds between 3600 and 43200.
- provider
Ids List<String> - List of SAML Provider IDs.
- role Role
- Map<String,String>
- A map of tags to add.
- aws
Saml stringEndpoint - AWS SAML Endpoint.
- force
Detach booleanPolicies - Whether policies should be detached from this role when destroying.
- max
Session numberDuration - Maximum CLI/API session duration in seconds between 3600 and 43200.
- provider
Ids string[] - List of SAML Provider IDs.
- role Role
- {[key: string]: string}
- A map of tags to add.
- aws_
saml_ strendpoint - AWS SAML Endpoint.
- force_
detach_ boolpolicies - Whether policies should be detached from this role when destroying.
- max_
session_ intduration - Maximum CLI/API session duration in seconds between 3600 and 43200.
- provider_
ids Sequence[str] - List of SAML Provider IDs.
- role
Role
Args - Mapping[str, str]
- A map of tags to add.
- aws
Saml StringEndpoint - AWS SAML Endpoint.
- force
Detach BooleanPolicies - Whether policies should be detached from this role when destroying.
- max
Session NumberDuration - Maximum CLI/API session duration in seconds between 3600 and 43200.
- provider
Ids List<String> - List of SAML Provider IDs.
- role Property Map
- Map<String>
- A map of tags to add.
Outputs
All input properties are implicitly available as output properties. Additionally, the AssumableRoleWithSAML resource produces the following output properties:
- Role
Arn string - ARN of IAM role.
- Role
Name string - Name of IAM role.
- Role
Path string - Path of IAM role.
- Role
Unique stringId - Unique ID of IAM role.
- Role
Arn string - ARN of IAM role.
- Role
Name string - Name of IAM role.
- Role
Path string - Path of IAM role.
- Role
Unique stringId - Unique ID of IAM role.
- role
Arn String - ARN of IAM role.
- role
Name String - Name of IAM role.
- role
Path String - Path of IAM role.
- role
Unique StringId - Unique ID of IAM role.
- role
Arn string - ARN of IAM role.
- role
Name string - Name of IAM role.
- role
Path string - Path of IAM role.
- role
Unique stringId - Unique ID of IAM role.
- role_
arn str - ARN of IAM role.
- role_
name str - Name of IAM role.
- role_
path str - Path of IAM role.
- role_
unique_ strid - Unique ID of IAM role.
- role
Arn String - ARN of IAM role.
- role
Name String - Name of IAM role.
- role
Path String - Path of IAM role.
- role
Unique StringId - Unique ID of IAM role.
Supporting Types
Role, RoleArgs
- Name string
- IAM role name.
- Name
Prefix string - IAM role name prefix.
- Path string
- Path of admin IAM role.
- Permissions
Boundary stringArn - Permissions boundary ARN to use for the role.
- Policy
Arns List<string> - List of policy ARNs to use for the role.
- Name string
- IAM role name.
- Name
Prefix string - IAM role name prefix.
- Path string
- Path of admin IAM role.
- Permissions
Boundary stringArn - Permissions boundary ARN to use for the role.
- Policy
Arns []string - List of policy ARNs to use for the role.
- name String
- IAM role name.
- name
Prefix String - IAM role name prefix.
- path String
- Path of admin IAM role.
- permissions
Boundary StringArn - Permissions boundary ARN to use for the role.
- policy
Arns List<String> - List of policy ARNs to use for the role.
- name string
- IAM role name.
- name
Prefix string - IAM role name prefix.
- path string
- Path of admin IAM role.
- permissions
Boundary stringArn - Permissions boundary ARN to use for the role.
- policy
Arns string[] - List of policy ARNs to use for the role.
- name str
- IAM role name.
- name_
prefix str - IAM role name prefix.
- path str
- Path of admin IAM role.
- permissions_
boundary_ strarn - Permissions boundary ARN to use for the role.
- policy_
arns Sequence[str] - List of policy ARNs to use for the role.
- name String
- IAM role name.
- name
Prefix String - IAM role name prefix.
- path String
- Path of admin IAM role.
- permissions
Boundary StringArn - Permissions boundary ARN to use for the role.
- policy
Arns List<String> - List of policy ARNs to use for the role.
Package Details
- Repository
- aws-iam
- License