aws-iam.User
Explore with Pulumi AI
This resources helps you create an IAM User, Login Profile, and Access Key. Additionally you can optionally upload an IAM SSH User Public Key.
Example Usage
User
using Pulumi;
using Pulumi.AwsIam;
using Pulumi.AwsIam.Inputs;
class MyStack : Stack
{
public MyStack()
{
var user = new User("user", new UserArgs
{
Name = "pulumipus",
ForceDestroy = true,
PgpKey = "keybase:test",
PasswordResetRequired = false,
});
this.User = Output.Create<User>(user);
}
[Output]
public Output<User> User { get; set; }
}
package main
import (
iam "github.com/pulumi/pulumi-aws-iam/sdk/go/aws-iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
user, err := iam.NewUser(ctx, "user", &iam.UserArgs{
Name: pulumi.String("pulumipus"),
ForceDestroy: pulumi.BoolPtr(true),
PgpKey: pulumi.String("keybase:test"),
PasswordResetRequired: pulumi.BoolPtr(false),
})
if err != nil {
return err
}
ctx.Export("user", user)
return nil
})
}
Coming soon!
import pulumi
import pulumi_aws_iam as iam
user = iam.User(
'user',
name='pulumipus',
force_destroy=True,
pgp_key='keybase:test',
password_reset_required=False,
)
pulumi.export('user', user)
import * as iam from "@pulumi/aws-iam";
export const user = new iam.User("aws-iam-example-user", {
name: "pulumipus",
forceDestroy: true,
pgpKey: "keybase:test",
passwordResetRequired: false,
});
name: awsiam-yaml
runtime: yaml
resources:
user:
type: "aws-iam:index:User"
properties:
name: "pulumipus"
forceDestroy: true
pgpKey: "keybase:test"
passwordResetRequired: false
outputs:
user: ${user}
Create User Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new User(name: string, args: UserArgs, opts?: ComponentResourceOptions);
@overload
def User(resource_name: str,
args: UserArgs,
opts: Optional[ResourceOptions] = None)
@overload
def User(resource_name: str,
opts: Optional[ResourceOptions] = None,
name: Optional[str] = None,
force_destroy: Optional[bool] = None,
password_length: Optional[int] = None,
password_reset_required: Optional[bool] = None,
path: Optional[str] = None,
permissions_boundary: Optional[str] = None,
pgp_key: Optional[str] = None,
ssh_key_encoding: Optional[str] = None,
ssh_public_key: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
upload_iam_user_ssh_key: Optional[bool] = None)
func NewUser(ctx *Context, name string, args UserArgs, opts ...ResourceOption) (*User, error)
public User(string name, UserArgs args, ComponentResourceOptions? opts = null)
type: aws-iam:User
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- opts ComponentResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- opts ComponentResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- options ComponentResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var userResource = new AwsIam.User("userResource", new()
{
Name = "string",
ForceDestroy = false,
PasswordLength = 0,
PasswordResetRequired = false,
Path = "string",
PermissionsBoundary = "string",
PgpKey = "string",
SshKeyEncoding = "string",
SshPublicKey = "string",
Tags =
{
{ "string", "string" },
},
UploadIamUserSshKey = false,
});
example, err := awsiam.NewUser(ctx, "userResource", &awsiam.UserArgs{
Name: pulumi.String("string"),
ForceDestroy: pulumi.Bool(false),
PasswordLength: pulumi.Int(0),
PasswordResetRequired: pulumi.Bool(false),
Path: pulumi.String("string"),
PermissionsBoundary: pulumi.String("string"),
PgpKey: pulumi.String("string"),
SshKeyEncoding: pulumi.String("string"),
SshPublicKey: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
UploadIamUserSshKey: pulumi.Bool(false),
})
var userResource = new User("userResource", UserArgs.builder()
.name("string")
.forceDestroy(false)
.passwordLength(0)
.passwordResetRequired(false)
.path("string")
.permissionsBoundary("string")
.pgpKey("string")
.sshKeyEncoding("string")
.sshPublicKey("string")
.tags(Map.of("string", "string"))
.uploadIamUserSshKey(false)
.build());
user_resource = aws_iam.User("userResource",
name="string",
force_destroy=False,
password_length=0,
password_reset_required=False,
path="string",
permissions_boundary="string",
pgp_key="string",
ssh_key_encoding="string",
ssh_public_key="string",
tags={
"string": "string",
},
upload_iam_user_ssh_key=False)
const userResource = new aws_iam.User("userResource", {
name: "string",
forceDestroy: false,
passwordLength: 0,
passwordResetRequired: false,
path: "string",
permissionsBoundary: "string",
pgpKey: "string",
sshKeyEncoding: "string",
sshPublicKey: "string",
tags: {
string: "string",
},
uploadIamUserSshKey: false,
});
type: aws-iam:User
properties:
forceDestroy: false
name: string
passwordLength: 0
passwordResetRequired: false
path: string
permissionsBoundary: string
pgpKey: string
sshKeyEncoding: string
sshPublicKey: string
tags:
string: string
uploadIamUserSshKey: false
User Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The User resource accepts the following input properties:
- Name string
- Desired name for the IAM user.
- Force
Destroy bool - When destroying this user, destroy even if it has non-Pulumi-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-Pulumi-managed access keys and login profile will fail to be destroyed.
- Password
Length int - The length of the generated password
- Password
Reset boolRequired - Whether the user should be forced to reset the generated password on first login.
- Path string
- Desired path for the IAM user.
- Permissions
Boundary string - The ARN of the policy that is used to set the permissions boundary for the user.
- Pgp
Key string - Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:username
. Used to encrypt password and access key. - Ssh
Key stringEncoding - Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.
- Ssh
Public stringKey - The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
- Dictionary<string, string>
- A map of tags to add.
- Upload
Iam boolUser Ssh Key - Whether to upload a public ssh key to the IAM user.
- Name string
- Desired name for the IAM user.
- Force
Destroy bool - When destroying this user, destroy even if it has non-Pulumi-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-Pulumi-managed access keys and login profile will fail to be destroyed.
- Password
Length int - The length of the generated password
- Password
Reset boolRequired - Whether the user should be forced to reset the generated password on first login.
- Path string
- Desired path for the IAM user.
- Permissions
Boundary string - The ARN of the policy that is used to set the permissions boundary for the user.
- Pgp
Key string - Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:username
. Used to encrypt password and access key. - Ssh
Key stringEncoding - Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.
- Ssh
Public stringKey - The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
- map[string]string
- A map of tags to add.
- Upload
Iam boolUser Ssh Key - Whether to upload a public ssh key to the IAM user.
- name String
- Desired name for the IAM user.
- force
Destroy Boolean - When destroying this user, destroy even if it has non-Pulumi-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-Pulumi-managed access keys and login profile will fail to be destroyed.
- password
Length Integer - The length of the generated password
- password
Reset BooleanRequired - Whether the user should be forced to reset the generated password on first login.
- path String
- Desired path for the IAM user.
- permissions
Boundary String - The ARN of the policy that is used to set the permissions boundary for the user.
- pgp
Key String - Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:username
. Used to encrypt password and access key. - ssh
Key StringEncoding - Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.
- ssh
Public StringKey - The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
- Map<String,String>
- A map of tags to add.
- upload
Iam BooleanUser Ssh Key - Whether to upload a public ssh key to the IAM user.
- name string
- Desired name for the IAM user.
- force
Destroy boolean - When destroying this user, destroy even if it has non-Pulumi-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-Pulumi-managed access keys and login profile will fail to be destroyed.
- password
Length number - The length of the generated password
- password
Reset booleanRequired - Whether the user should be forced to reset the generated password on first login.
- path string
- Desired path for the IAM user.
- permissions
Boundary string - The ARN of the policy that is used to set the permissions boundary for the user.
- pgp
Key string - Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:username
. Used to encrypt password and access key. - ssh
Key stringEncoding - Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.
- ssh
Public stringKey - The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
- {[key: string]: string}
- A map of tags to add.
- upload
Iam booleanUser Ssh Key - Whether to upload a public ssh key to the IAM user.
- name str
- Desired name for the IAM user.
- force_
destroy bool - When destroying this user, destroy even if it has non-Pulumi-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-Pulumi-managed access keys and login profile will fail to be destroyed.
- password_
length int - The length of the generated password
- password_
reset_ boolrequired - Whether the user should be forced to reset the generated password on first login.
- path str
- Desired path for the IAM user.
- permissions_
boundary str - The ARN of the policy that is used to set the permissions boundary for the user.
- pgp_
key str - Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:username
. Used to encrypt password and access key. - ssh_
key_ strencoding - Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.
- ssh_
public_ strkey - The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
- Mapping[str, str]
- A map of tags to add.
- upload_
iam_ booluser_ ssh_ key - Whether to upload a public ssh key to the IAM user.
- name String
- Desired name for the IAM user.
- force
Destroy Boolean - When destroying this user, destroy even if it has non-Pulumi-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-Pulumi-managed access keys and login profile will fail to be destroyed.
- password
Length Number - The length of the generated password
- password
Reset BooleanRequired - Whether the user should be forced to reset the generated password on first login.
- path String
- Desired path for the IAM user.
- permissions
Boundary String - The ARN of the policy that is used to set the permissions boundary for the user.
- pgp
Key String - Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:username
. Used to encrypt password and access key. - ssh
Key StringEncoding - Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.
- ssh
Public StringKey - The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
- Map<String>
- A map of tags to add.
- upload
Iam BooleanUser Ssh Key - Whether to upload a public ssh key to the IAM user.
Outputs
All input properties are implicitly available as output properties. Additionally, the User resource produces the following output properties:
- Access
Key Pulumi.Aws Iam. Outputs. Access Key Output - The IAM access key.
- Keybase
Pulumi.
Aws Iam. Outputs. Keybase Output - User
Info Pulumi.Aws Iam. Outputs. User Output - The IAM user.
- Access
Key AccessKey Output - The IAM access key.
- Keybase
Keybase
Output - User
Info UserOutput Type - The IAM user.
- access
Key AccessKey Output - The IAM access key.
- keybase
Keybase
Output - user
Info UserOutput - The IAM user.
- access
Key AccessKey Output - The IAM access key.
- keybase
Keybase
Output - user
Info UserOutput - The IAM user.
- access_
key AccessKey Output - The IAM access key.
- keybase
Keybase
Output - user_
info UserOutput - The IAM user.
- access
Key Property Map - The IAM access key.
- keybase Property Map
- user
Info Property Map - The IAM user.
Supporting Types
AccessKeyOutput, AccessKeyOutputArgs
- Encrypted
Secret string - The encrypted secret, base64 encoded.
- Id string
- The access key ID.
- Key
Fingerprint string - The fingerprint of the PGP key used to encrypt the secret.
- Secret string
- The access key secret.
- Ses
Smtp stringPassword V4 - The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm.
- Status string
- Active or Inactive. Keys are initially active, but can be made inactive by other means.
- Encrypted
Secret string - The encrypted secret, base64 encoded.
- Id string
- The access key ID.
- Key
Fingerprint string - The fingerprint of the PGP key used to encrypt the secret.
- Secret string
- The access key secret.
- Ses
Smtp stringPassword V4 - The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm.
- Status string
- Active or Inactive. Keys are initially active, but can be made inactive by other means.
- encrypted
Secret String - The encrypted secret, base64 encoded.
- id String
- The access key ID.
- key
Fingerprint String - The fingerprint of the PGP key used to encrypt the secret.
- secret String
- The access key secret.
- ses
Smtp StringPassword V4 - The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm.
- status String
- Active or Inactive. Keys are initially active, but can be made inactive by other means.
- encrypted
Secret string - The encrypted secret, base64 encoded.
- id string
- The access key ID.
- key
Fingerprint string - The fingerprint of the PGP key used to encrypt the secret.
- secret string
- The access key secret.
- ses
Smtp stringPassword V4 - The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm.
- status string
- Active or Inactive. Keys are initially active, but can be made inactive by other means.
- encrypted_
secret str - The encrypted secret, base64 encoded.
- id str
- The access key ID.
- key_
fingerprint str - The fingerprint of the PGP key used to encrypt the secret.
- secret str
- The access key secret.
- ses_
smtp_ strpassword_ v4 - The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm.
- status str
- Active or Inactive. Keys are initially active, but can be made inactive by other means.
- encrypted
Secret String - The encrypted secret, base64 encoded.
- id String
- The access key ID.
- key
Fingerprint String - The fingerprint of the PGP key used to encrypt the secret.
- secret String
- The access key secret.
- ses
Smtp StringPassword V4 - The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm.
- status String
- Active or Inactive. Keys are initially active, but can be made inactive by other means.
KeybaseOutput, KeybaseOutputArgs
- Password
Decrypt stringCommand - Decrypt user password command.
- Password
Pgp stringMessage - Encrypted password
- Secret
Key stringDecrypt Command - Decrypt access secret key command.
- Secret
Key stringPgp Message - Encrypted access secret key.
- Password
Decrypt stringCommand - Decrypt user password command.
- Password
Pgp stringMessage - Encrypted password
- Secret
Key stringDecrypt Command - Decrypt access secret key command.
- Secret
Key stringPgp Message - Encrypted access secret key.
- password
Decrypt StringCommand - Decrypt user password command.
- password
Pgp StringMessage - Encrypted password
- secret
Key StringDecrypt Command - Decrypt access secret key command.
- secret
Key StringPgp Message - Encrypted access secret key.
- password
Decrypt stringCommand - Decrypt user password command.
- password
Pgp stringMessage - Encrypted password
- secret
Key stringDecrypt Command - Decrypt access secret key command.
- secret
Key stringPgp Message - Encrypted access secret key.
- password_
decrypt_ strcommand - Decrypt user password command.
- password_
pgp_ strmessage - Encrypted password
- secret_
key_ strdecrypt_ command - Decrypt access secret key command.
- secret_
key_ strpgp_ message - Encrypted access secret key.
- password
Decrypt StringCommand - Decrypt user password command.
- password
Pgp StringMessage - Encrypted password
- secret
Key StringDecrypt Command - Decrypt access secret key command.
- secret
Key StringPgp Message - Encrypted access secret key.
UserOutput, UserOutputArgs
- Arn string
- The ARN assigned by AWS for this user.
- Name string
- The user's name.
- Unique
Id string - The unique ID assigned by AWS.
- Login
Profile stringEncrypted Password - The encrypted password, base64 encoded.
- Login
Profile stringKey Fingerprint - The fingerprint of the PGP key used to encrypt the password.
- Login
Profile stringPassword - The user password.
- Ssh
Key stringFingerprint - The unique identifier for the SSH public key.
- Ssh
Key stringSsh Public Key Id - The unique identifier for the SSH public key
- Arn string
- The ARN assigned by AWS for this user.
- Name string
- The user's name.
- Unique
Id string - The unique ID assigned by AWS.
- Login
Profile stringEncrypted Password - The encrypted password, base64 encoded.
- Login
Profile stringKey Fingerprint - The fingerprint of the PGP key used to encrypt the password.
- Login
Profile stringPassword - The user password.
- Ssh
Key stringFingerprint - The unique identifier for the SSH public key.
- Ssh
Key stringSsh Public Key Id - The unique identifier for the SSH public key
- arn String
- The ARN assigned by AWS for this user.
- name String
- The user's name.
- unique
Id String - The unique ID assigned by AWS.
- login
Profile StringEncrypted Password - The encrypted password, base64 encoded.
- login
Profile StringKey Fingerprint - The fingerprint of the PGP key used to encrypt the password.
- login
Profile StringPassword - The user password.
- ssh
Key StringFingerprint - The unique identifier for the SSH public key.
- ssh
Key StringSsh Public Key Id - The unique identifier for the SSH public key
- arn string
- The ARN assigned by AWS for this user.
- name string
- The user's name.
- unique
Id string - The unique ID assigned by AWS.
- login
Profile stringEncrypted Password - The encrypted password, base64 encoded.
- login
Profile stringKey Fingerprint - The fingerprint of the PGP key used to encrypt the password.
- login
Profile stringPassword - The user password.
- ssh
Key stringFingerprint - The unique identifier for the SSH public key.
- ssh
Key stringSsh Public Key Id - The unique identifier for the SSH public key
- arn str
- The ARN assigned by AWS for this user.
- name str
- The user's name.
- unique_
id str - The unique ID assigned by AWS.
- login_
profile_ strencrypted_ password - The encrypted password, base64 encoded.
- login_
profile_ strkey_ fingerprint - The fingerprint of the PGP key used to encrypt the password.
- login_
profile_ strpassword - The user password.
- ssh_
key_ strfingerprint - The unique identifier for the SSH public key.
- ssh_
key_ strssh_ public_ key_ id - The unique identifier for the SSH public key
- arn String
- The ARN assigned by AWS for this user.
- name String
- The user's name.
- unique
Id String - The unique ID assigned by AWS.
- login
Profile StringEncrypted Password - The encrypted password, base64 encoded.
- login
Profile StringKey Fingerprint - The fingerprint of the PGP key used to encrypt the password.
- login
Profile StringPassword - The user password.
- ssh
Key StringFingerprint - The unique identifier for the SSH public key.
- ssh
Key StringSsh Public Key Id - The unique identifier for the SSH public key
Package Details
- Repository
- aws-iam
- License