1. Packages
  2. AWS IAM
  3. API Docs
  4. User
AWS IAM v0.0.3 published on Wednesday, Jun 1, 2022 by Pulumi

aws-iam.User

Explore with Pulumi AI

aws-iam logo
AWS IAM v0.0.3 published on Wednesday, Jun 1, 2022 by Pulumi

    This resources helps you create an IAM User, Login Profile, and Access Key. Additionally you can optionally upload an IAM SSH User Public Key.

    Example Usage

    User

    using Pulumi;
    using Pulumi.AwsIam;
    using Pulumi.AwsIam.Inputs;
    
    class MyStack : Stack
    {
        public MyStack()
        {
            var user = new User("user", new UserArgs
            {
                Name = "pulumipus",
                ForceDestroy = true,
                PgpKey = "keybase:test",
                PasswordResetRequired = false,
            });
    
            this.User = Output.Create<User>(user);
        }
    
        [Output]
        public Output<User> User { get; set; }
    }
    
    package main
    
    import (
        iam "github.com/pulumi/pulumi-aws-iam/sdk/go/aws-iam"
        "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
        pulumi.Run(func(ctx *pulumi.Context) error {
            user, err := iam.NewUser(ctx, "user", &iam.UserArgs{
                Name:                  pulumi.String("pulumipus"),
                ForceDestroy:          pulumi.BoolPtr(true),
                PgpKey:                pulumi.String("keybase:test"),
                PasswordResetRequired: pulumi.BoolPtr(false),
            })
            if err != nil {
                return err
            }
    
            ctx.Export("user", user)
    
            return nil
        })
    }
    

    Coming soon!

    import pulumi
    import pulumi_aws_iam as iam
    
    user = iam.User(
        'user',
        name='pulumipus',
        force_destroy=True,
        pgp_key='keybase:test',
        password_reset_required=False,
    )
    
    pulumi.export('user', user)
    
    import * as iam from "@pulumi/aws-iam";
    
    export const user = new iam.User("aws-iam-example-user", {
        name: "pulumipus",
        forceDestroy: true,
        pgpKey: "keybase:test",
        passwordResetRequired: false,
    });
    
    name: awsiam-yaml
    runtime: yaml
    resources:
        user:
            type: "aws-iam:index:User"
            properties:
                name: "pulumipus"
                forceDestroy: true
                pgpKey: "keybase:test"
                passwordResetRequired: false
    outputs:
        user: ${user}
    

    Create User Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new User(name: string, args: UserArgs, opts?: ComponentResourceOptions);
    @overload
    def User(resource_name: str,
             args: UserArgs,
             opts: Optional[ResourceOptions] = None)
    
    @overload
    def User(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             name: Optional[str] = None,
             force_destroy: Optional[bool] = None,
             password_length: Optional[int] = None,
             password_reset_required: Optional[bool] = None,
             path: Optional[str] = None,
             permissions_boundary: Optional[str] = None,
             pgp_key: Optional[str] = None,
             ssh_key_encoding: Optional[str] = None,
             ssh_public_key: Optional[str] = None,
             tags: Optional[Mapping[str, str]] = None,
             upload_iam_user_ssh_key: Optional[bool] = None)
    func NewUser(ctx *Context, name string, args UserArgs, opts ...ResourceOption) (*User, error)
    public User(string name, UserArgs args, ComponentResourceOptions? opts = null)
    public User(String name, UserArgs args)
    public User(String name, UserArgs args, ComponentResourceOptions options)
    
    type: aws-iam:User
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args UserArgs
    The arguments to resource properties.
    opts ComponentResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args UserArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args UserArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args UserArgs
    The arguments to resource properties.
    opts ComponentResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args UserArgs
    The arguments to resource properties.
    options ComponentResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var userResource = new AwsIam.User("userResource", new()
    {
        Name = "string",
        ForceDestroy = false,
        PasswordLength = 0,
        PasswordResetRequired = false,
        Path = "string",
        PermissionsBoundary = "string",
        PgpKey = "string",
        SshKeyEncoding = "string",
        SshPublicKey = "string",
        Tags = 
        {
            { "string", "string" },
        },
        UploadIamUserSshKey = false,
    });
    
    example, err := awsiam.NewUser(ctx, "userResource", &awsiam.UserArgs{
    	Name:                  pulumi.String("string"),
    	ForceDestroy:          pulumi.Bool(false),
    	PasswordLength:        pulumi.Int(0),
    	PasswordResetRequired: pulumi.Bool(false),
    	Path:                  pulumi.String("string"),
    	PermissionsBoundary:   pulumi.String("string"),
    	PgpKey:                pulumi.String("string"),
    	SshKeyEncoding:        pulumi.String("string"),
    	SshPublicKey:          pulumi.String("string"),
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	UploadIamUserSshKey: pulumi.Bool(false),
    })
    
    var userResource = new User("userResource", UserArgs.builder()
        .name("string")
        .forceDestroy(false)
        .passwordLength(0)
        .passwordResetRequired(false)
        .path("string")
        .permissionsBoundary("string")
        .pgpKey("string")
        .sshKeyEncoding("string")
        .sshPublicKey("string")
        .tags(Map.of("string", "string"))
        .uploadIamUserSshKey(false)
        .build());
    
    user_resource = aws_iam.User("userResource",
        name="string",
        force_destroy=False,
        password_length=0,
        password_reset_required=False,
        path="string",
        permissions_boundary="string",
        pgp_key="string",
        ssh_key_encoding="string",
        ssh_public_key="string",
        tags={
            "string": "string",
        },
        upload_iam_user_ssh_key=False)
    
    const userResource = new aws_iam.User("userResource", {
        name: "string",
        forceDestroy: false,
        passwordLength: 0,
        passwordResetRequired: false,
        path: "string",
        permissionsBoundary: "string",
        pgpKey: "string",
        sshKeyEncoding: "string",
        sshPublicKey: "string",
        tags: {
            string: "string",
        },
        uploadIamUserSshKey: false,
    });
    
    type: aws-iam:User
    properties:
        forceDestroy: false
        name: string
        passwordLength: 0
        passwordResetRequired: false
        path: string
        permissionsBoundary: string
        pgpKey: string
        sshKeyEncoding: string
        sshPublicKey: string
        tags:
            string: string
        uploadIamUserSshKey: false
    

    User Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The User resource accepts the following input properties:

    Name string
    Desired name for the IAM user.
    ForceDestroy bool
    When destroying this user, destroy even if it has non-Pulumi-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-Pulumi-managed access keys and login profile will fail to be destroyed.
    PasswordLength int
    The length of the generated password
    PasswordResetRequired bool
    Whether the user should be forced to reset the generated password on first login.
    Path string
    Desired path for the IAM user.
    PermissionsBoundary string
    The ARN of the policy that is used to set the permissions boundary for the user.
    PgpKey string
    Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Used to encrypt password and access key.
    SshKeyEncoding string
    Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.
    SshPublicKey string
    The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
    Tags Dictionary<string, string>
    A map of tags to add.
    UploadIamUserSshKey bool
    Whether to upload a public ssh key to the IAM user.
    Name string
    Desired name for the IAM user.
    ForceDestroy bool
    When destroying this user, destroy even if it has non-Pulumi-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-Pulumi-managed access keys and login profile will fail to be destroyed.
    PasswordLength int
    The length of the generated password
    PasswordResetRequired bool
    Whether the user should be forced to reset the generated password on first login.
    Path string
    Desired path for the IAM user.
    PermissionsBoundary string
    The ARN of the policy that is used to set the permissions boundary for the user.
    PgpKey string
    Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Used to encrypt password and access key.
    SshKeyEncoding string
    Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.
    SshPublicKey string
    The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
    Tags map[string]string
    A map of tags to add.
    UploadIamUserSshKey bool
    Whether to upload a public ssh key to the IAM user.
    name String
    Desired name for the IAM user.
    forceDestroy Boolean
    When destroying this user, destroy even if it has non-Pulumi-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-Pulumi-managed access keys and login profile will fail to be destroyed.
    passwordLength Integer
    The length of the generated password
    passwordResetRequired Boolean
    Whether the user should be forced to reset the generated password on first login.
    path String
    Desired path for the IAM user.
    permissionsBoundary String
    The ARN of the policy that is used to set the permissions boundary for the user.
    pgpKey String
    Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Used to encrypt password and access key.
    sshKeyEncoding String
    Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.
    sshPublicKey String
    The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
    tags Map<String,String>
    A map of tags to add.
    uploadIamUserSshKey Boolean
    Whether to upload a public ssh key to the IAM user.
    name string
    Desired name for the IAM user.
    forceDestroy boolean
    When destroying this user, destroy even if it has non-Pulumi-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-Pulumi-managed access keys and login profile will fail to be destroyed.
    passwordLength number
    The length of the generated password
    passwordResetRequired boolean
    Whether the user should be forced to reset the generated password on first login.
    path string
    Desired path for the IAM user.
    permissionsBoundary string
    The ARN of the policy that is used to set the permissions boundary for the user.
    pgpKey string
    Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Used to encrypt password and access key.
    sshKeyEncoding string
    Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.
    sshPublicKey string
    The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
    tags {[key: string]: string}
    A map of tags to add.
    uploadIamUserSshKey boolean
    Whether to upload a public ssh key to the IAM user.
    name str
    Desired name for the IAM user.
    force_destroy bool
    When destroying this user, destroy even if it has non-Pulumi-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-Pulumi-managed access keys and login profile will fail to be destroyed.
    password_length int
    The length of the generated password
    password_reset_required bool
    Whether the user should be forced to reset the generated password on first login.
    path str
    Desired path for the IAM user.
    permissions_boundary str
    The ARN of the policy that is used to set the permissions boundary for the user.
    pgp_key str
    Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Used to encrypt password and access key.
    ssh_key_encoding str
    Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.
    ssh_public_key str
    The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
    tags Mapping[str, str]
    A map of tags to add.
    upload_iam_user_ssh_key bool
    Whether to upload a public ssh key to the IAM user.
    name String
    Desired name for the IAM user.
    forceDestroy Boolean
    When destroying this user, destroy even if it has non-Pulumi-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-Pulumi-managed access keys and login profile will fail to be destroyed.
    passwordLength Number
    The length of the generated password
    passwordResetRequired Boolean
    Whether the user should be forced to reset the generated password on first login.
    path String
    Desired path for the IAM user.
    permissionsBoundary String
    The ARN of the policy that is used to set the permissions boundary for the user.
    pgpKey String
    Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Used to encrypt password and access key.
    sshKeyEncoding String
    Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.
    sshPublicKey String
    The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
    tags Map<String>
    A map of tags to add.
    uploadIamUserSshKey Boolean
    Whether to upload a public ssh key to the IAM user.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the User resource produces the following output properties:

    Supporting Types

    AccessKeyOutput, AccessKeyOutputArgs

    EncryptedSecret string
    The encrypted secret, base64 encoded.
    Id string
    The access key ID.
    KeyFingerprint string
    The fingerprint of the PGP key used to encrypt the secret.
    Secret string
    The access key secret.
    SesSmtpPasswordV4 string
    The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm.
    Status string
    Active or Inactive. Keys are initially active, but can be made inactive by other means.
    EncryptedSecret string
    The encrypted secret, base64 encoded.
    Id string
    The access key ID.
    KeyFingerprint string
    The fingerprint of the PGP key used to encrypt the secret.
    Secret string
    The access key secret.
    SesSmtpPasswordV4 string
    The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm.
    Status string
    Active or Inactive. Keys are initially active, but can be made inactive by other means.
    encryptedSecret String
    The encrypted secret, base64 encoded.
    id String
    The access key ID.
    keyFingerprint String
    The fingerprint of the PGP key used to encrypt the secret.
    secret String
    The access key secret.
    sesSmtpPasswordV4 String
    The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm.
    status String
    Active or Inactive. Keys are initially active, but can be made inactive by other means.
    encryptedSecret string
    The encrypted secret, base64 encoded.
    id string
    The access key ID.
    keyFingerprint string
    The fingerprint of the PGP key used to encrypt the secret.
    secret string
    The access key secret.
    sesSmtpPasswordV4 string
    The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm.
    status string
    Active or Inactive. Keys are initially active, but can be made inactive by other means.
    encrypted_secret str
    The encrypted secret, base64 encoded.
    id str
    The access key ID.
    key_fingerprint str
    The fingerprint of the PGP key used to encrypt the secret.
    secret str
    The access key secret.
    ses_smtp_password_v4 str
    The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm.
    status str
    Active or Inactive. Keys are initially active, but can be made inactive by other means.
    encryptedSecret String
    The encrypted secret, base64 encoded.
    id String
    The access key ID.
    keyFingerprint String
    The fingerprint of the PGP key used to encrypt the secret.
    secret String
    The access key secret.
    sesSmtpPasswordV4 String
    The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm.
    status String
    Active or Inactive. Keys are initially active, but can be made inactive by other means.

    KeybaseOutput, KeybaseOutputArgs

    PasswordDecryptCommand string
    Decrypt user password command.
    PasswordPgpMessage string
    Encrypted password
    SecretKeyDecryptCommand string
    Decrypt access secret key command.
    SecretKeyPgpMessage string
    Encrypted access secret key.
    PasswordDecryptCommand string
    Decrypt user password command.
    PasswordPgpMessage string
    Encrypted password
    SecretKeyDecryptCommand string
    Decrypt access secret key command.
    SecretKeyPgpMessage string
    Encrypted access secret key.
    passwordDecryptCommand String
    Decrypt user password command.
    passwordPgpMessage String
    Encrypted password
    secretKeyDecryptCommand String
    Decrypt access secret key command.
    secretKeyPgpMessage String
    Encrypted access secret key.
    passwordDecryptCommand string
    Decrypt user password command.
    passwordPgpMessage string
    Encrypted password
    secretKeyDecryptCommand string
    Decrypt access secret key command.
    secretKeyPgpMessage string
    Encrypted access secret key.
    password_decrypt_command str
    Decrypt user password command.
    password_pgp_message str
    Encrypted password
    secret_key_decrypt_command str
    Decrypt access secret key command.
    secret_key_pgp_message str
    Encrypted access secret key.
    passwordDecryptCommand String
    Decrypt user password command.
    passwordPgpMessage String
    Encrypted password
    secretKeyDecryptCommand String
    Decrypt access secret key command.
    secretKeyPgpMessage String
    Encrypted access secret key.

    UserOutput, UserOutputArgs

    Arn string
    The ARN assigned by AWS for this user.
    Name string
    The user's name.
    UniqueId string
    The unique ID assigned by AWS.
    LoginProfileEncryptedPassword string
    The encrypted password, base64 encoded.
    LoginProfileKeyFingerprint string
    The fingerprint of the PGP key used to encrypt the password.
    LoginProfilePassword string
    The user password.
    SshKeyFingerprint string
    The unique identifier for the SSH public key.
    SshKeySshPublicKeyId string
    The unique identifier for the SSH public key
    Arn string
    The ARN assigned by AWS for this user.
    Name string
    The user's name.
    UniqueId string
    The unique ID assigned by AWS.
    LoginProfileEncryptedPassword string
    The encrypted password, base64 encoded.
    LoginProfileKeyFingerprint string
    The fingerprint of the PGP key used to encrypt the password.
    LoginProfilePassword string
    The user password.
    SshKeyFingerprint string
    The unique identifier for the SSH public key.
    SshKeySshPublicKeyId string
    The unique identifier for the SSH public key
    arn String
    The ARN assigned by AWS for this user.
    name String
    The user's name.
    uniqueId String
    The unique ID assigned by AWS.
    loginProfileEncryptedPassword String
    The encrypted password, base64 encoded.
    loginProfileKeyFingerprint String
    The fingerprint of the PGP key used to encrypt the password.
    loginProfilePassword String
    The user password.
    sshKeyFingerprint String
    The unique identifier for the SSH public key.
    sshKeySshPublicKeyId String
    The unique identifier for the SSH public key
    arn string
    The ARN assigned by AWS for this user.
    name string
    The user's name.
    uniqueId string
    The unique ID assigned by AWS.
    loginProfileEncryptedPassword string
    The encrypted password, base64 encoded.
    loginProfileKeyFingerprint string
    The fingerprint of the PGP key used to encrypt the password.
    loginProfilePassword string
    The user password.
    sshKeyFingerprint string
    The unique identifier for the SSH public key.
    sshKeySshPublicKeyId string
    The unique identifier for the SSH public key
    arn str
    The ARN assigned by AWS for this user.
    name str
    The user's name.
    unique_id str
    The unique ID assigned by AWS.
    login_profile_encrypted_password str
    The encrypted password, base64 encoded.
    login_profile_key_fingerprint str
    The fingerprint of the PGP key used to encrypt the password.
    login_profile_password str
    The user password.
    ssh_key_fingerprint str
    The unique identifier for the SSH public key.
    ssh_key_ssh_public_key_id str
    The unique identifier for the SSH public key
    arn String
    The ARN assigned by AWS for this user.
    name String
    The user's name.
    uniqueId String
    The unique ID assigned by AWS.
    loginProfileEncryptedPassword String
    The encrypted password, base64 encoded.
    loginProfileKeyFingerprint String
    The fingerprint of the PGP key used to encrypt the password.
    loginProfilePassword String
    The user password.
    sshKeyFingerprint String
    The unique identifier for the SSH public key.
    sshKeySshPublicKeyId String
    The unique identifier for the SSH public key

    Package Details

    Repository
    aws-iam
    License
    aws-iam logo
    AWS IAM v0.0.3 published on Wednesday, Jun 1, 2022 by Pulumi