We recommend new projects start with resources from the AWS provider.
aws-native.Provider
Explore with Pulumi AI
We recommend new projects start with resources from the AWS provider.
The provider type for the AWS Cloud Control package. By default, resources use package-wide configuration settings, however an explicit Provider
instance may be created and passed during resource construction to achieve fine-grained programmatic control over provider settings. See the documentation for more information.
Create Provider Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Provider(name: string, args: ProviderArgs, opts?: CustomResourceOptions);
@overload
def Provider(resource_name: str,
args: ProviderArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Provider(resource_name: str,
opts: Optional[ResourceOptions] = None,
access_key: Optional[str] = None,
allowed_account_ids: Optional[Sequence[str]] = None,
assume_role: Optional[ProviderAssumeRoleArgs] = None,
auto_naming: Optional[ProviderAutoNamingArgs] = None,
default_tags: Optional[ProviderDefaultTagsArgs] = None,
endpoints: Optional[Sequence[ProviderEndpointArgs]] = None,
forbidden_account_ids: Optional[Sequence[str]] = None,
ignore_tags: Optional[ProviderIgnoreTagsArgs] = None,
insecure: Optional[bool] = None,
max_retries: Optional[int] = None,
profile: Optional[str] = None,
region: Optional[str] = None,
role_arn: Optional[str] = None,
s3_force_path_style: Optional[bool] = None,
secret_key: Optional[str] = None,
shared_credentials_file: Optional[str] = None,
skip_credentials_validation: Optional[bool] = None,
skip_get_ec2_platforms: Optional[bool] = None,
skip_metadata_api_check: Optional[bool] = None,
skip_region_validation: Optional[bool] = None,
skip_requesting_account_id: Optional[bool] = None,
token: Optional[str] = None)
func NewProvider(ctx *Context, name string, args ProviderArgs, opts ...ResourceOption) (*Provider, error)
public Provider(string name, ProviderArgs args, CustomResourceOptions? opts = null)
public Provider(String name, ProviderArgs args)
public Provider(String name, ProviderArgs args, CustomResourceOptions options)
type: pulumi:providers:aws-native
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ProviderArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ProviderArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ProviderArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ProviderArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ProviderArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Provider Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Provider resource accepts the following input properties:
- Region string
- The region where AWS operations will take place. Examples are
us-east-1
,us-west-2
, etc. It can also be sourced from the following environment variables:AWS_REGION
,AWS_DEFAULT_REGION
- Access
Key string - The access key for API operations. You can retrieve this from the ‘Security & Credentials’ section of the AWS console.
- Allowed
Account List<string>Ids - List of allowed AWS account IDs to prevent you from mistakenly using an incorrect one. Conflicts with
forbiddenAccountIds
. - Assume
Role Pulumi.Aws Native. Inputs. Provider Assume Role - Configuration for retrieving temporary credentials from the STS service.
- Auto
Naming Pulumi.Aws Native. Inputs. Provider Auto Naming - The configuration for automatically naming resources.
- Pulumi.
Aws Native. Inputs. Provider Default Tags - Configuration block with resource tag settings to apply across all resources handled by this provider. This is designed to replace redundant per-resource
tags
configurations. Provider tags can be overridden with new values, but not excluded from specific resources. To override provider tag values, use thetags
argument within a resource to configure new tag values for matching keys. - Endpoints
List<Pulumi.
Aws Native. Inputs. Provider Endpoint> - Configuration block for customizing service endpoints.
- Forbidden
Account List<string>Ids - List of forbidden AWS account IDs to prevent you from mistakenly using the wrong one (and potentially end up destroying a live environment). Conflicts with
allowedAccountIds
. - Pulumi.
Aws Native. Inputs. Provider Ignore Tags - Configuration block with resource tag settings to ignore across all resources handled by this provider (except any individual service tag resources such as
ec2.Tag
) for situations where external systems are managing certain resource tags. - Insecure bool
- Explicitly allow the provider to perform "insecure" SSL requests. If omitted,default value is
false
. - Max
Retries int - The maximum number of times an AWS API request is being executed. If the API request still fails, an error is thrown.
- Profile string
- The profile for API operations. If not set, the default profile created with
aws configure
will be used. It can also be sourced from the following environment variable:AWS_PROFILE
- Role
Arn string - The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role for Cloud Control API to use when performing this resource operation. Note, this is a unique feature for server side security enforcement, not to be confused with assumeRole, which is used to obtain temporary client credentials. If you do not specify a role, Cloud Control API uses a temporary session created using your AWS user credentials instead.
- S3Force
Path boolStyle - Set this to true to force the request to use path-style addressing, i.e.,
http://s3.amazonaws.com/BUCKET/KEY
. By default, the S3 client will use virtual hosted bucket addressing when possible (http://BUCKET.s3.amazonaws.com/KEY
). Specific to the Amazon S3 service. - Secret
Key string - The secret key for API operations. You can retrieve this from the 'Security & Credentials' section of the AWS console.
- string
- The path to the shared credentials file. If not set this defaults to
~/.aws/credentials
. It can also be sourced from the following environment variable:AWS_SHARED_CREDENTIALS_FILE
- Skip
Credentials boolValidation - Skip the credentials validation via STS API. Used for AWS API implementations that do not have STS available/implemented.
- Skip
Get boolEc2Platforms - Skip getting the supported EC2 platforms. Used by users that don't have
ec2:DescribeAccountAttributes
permissions. - Skip
Metadata boolApi Check - Skip the AWS Metadata API check. Useful for AWS API implementations that do not have a metadata API endpoint. Setting to true prevents Pulumi from authenticating via the Metadata API. You may need to use other authentication methods like static credentials, configuration variables, or environment variables.
- Skip
Region boolValidation - Skip static validation of region name. Used by users of alternative AWS-like APIs or users with access to regions that are not public.
- Skip
Requesting boolAccount Id - Skip requesting the account ID. Used for AWS API implementations that do not have IAM/STS API and/or metadata API.
- Token string
- Session token for validating temporary credentials. Typically provided after successful identity federation or Multi-Factor Authentication (MFA) login. With MFA login, this is the session token provided afterward, not the 6 digit MFA code used to get temporary credentials.
- Region string
- The region where AWS operations will take place. Examples are
us-east-1
,us-west-2
, etc. It can also be sourced from the following environment variables:AWS_REGION
,AWS_DEFAULT_REGION
- Access
Key string - The access key for API operations. You can retrieve this from the ‘Security & Credentials’ section of the AWS console.
- Allowed
Account []stringIds - List of allowed AWS account IDs to prevent you from mistakenly using an incorrect one. Conflicts with
forbiddenAccountIds
. - Assume
Role ProviderAssume Role Args - Configuration for retrieving temporary credentials from the STS service.
- Auto
Naming ProviderAuto Naming Args - The configuration for automatically naming resources.
- Provider
Default Tags Args - Configuration block with resource tag settings to apply across all resources handled by this provider. This is designed to replace redundant per-resource
tags
configurations. Provider tags can be overridden with new values, but not excluded from specific resources. To override provider tag values, use thetags
argument within a resource to configure new tag values for matching keys. - Endpoints
[]Provider
Endpoint Args - Configuration block for customizing service endpoints.
- Forbidden
Account []stringIds - List of forbidden AWS account IDs to prevent you from mistakenly using the wrong one (and potentially end up destroying a live environment). Conflicts with
allowedAccountIds
. - Provider
Ignore Tags Args - Configuration block with resource tag settings to ignore across all resources handled by this provider (except any individual service tag resources such as
ec2.Tag
) for situations where external systems are managing certain resource tags. - Insecure bool
- Explicitly allow the provider to perform "insecure" SSL requests. If omitted,default value is
false
. - Max
Retries int - The maximum number of times an AWS API request is being executed. If the API request still fails, an error is thrown.
- Profile string
- The profile for API operations. If not set, the default profile created with
aws configure
will be used. It can also be sourced from the following environment variable:AWS_PROFILE
- Role
Arn string - The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role for Cloud Control API to use when performing this resource operation. Note, this is a unique feature for server side security enforcement, not to be confused with assumeRole, which is used to obtain temporary client credentials. If you do not specify a role, Cloud Control API uses a temporary session created using your AWS user credentials instead.
- S3Force
Path boolStyle - Set this to true to force the request to use path-style addressing, i.e.,
http://s3.amazonaws.com/BUCKET/KEY
. By default, the S3 client will use virtual hosted bucket addressing when possible (http://BUCKET.s3.amazonaws.com/KEY
). Specific to the Amazon S3 service. - Secret
Key string - The secret key for API operations. You can retrieve this from the 'Security & Credentials' section of the AWS console.
- string
- The path to the shared credentials file. If not set this defaults to
~/.aws/credentials
. It can also be sourced from the following environment variable:AWS_SHARED_CREDENTIALS_FILE
- Skip
Credentials boolValidation - Skip the credentials validation via STS API. Used for AWS API implementations that do not have STS available/implemented.
- Skip
Get boolEc2Platforms - Skip getting the supported EC2 platforms. Used by users that don't have
ec2:DescribeAccountAttributes
permissions. - Skip
Metadata boolApi Check - Skip the AWS Metadata API check. Useful for AWS API implementations that do not have a metadata API endpoint. Setting to true prevents Pulumi from authenticating via the Metadata API. You may need to use other authentication methods like static credentials, configuration variables, or environment variables.
- Skip
Region boolValidation - Skip static validation of region name. Used by users of alternative AWS-like APIs or users with access to regions that are not public.
- Skip
Requesting boolAccount Id - Skip requesting the account ID. Used for AWS API implementations that do not have IAM/STS API and/or metadata API.
- Token string
- Session token for validating temporary credentials. Typically provided after successful identity federation or Multi-Factor Authentication (MFA) login. With MFA login, this is the session token provided afterward, not the 6 digit MFA code used to get temporary credentials.
- region String
- The region where AWS operations will take place. Examples are
us-east-1
,us-west-2
, etc. It can also be sourced from the following environment variables:AWS_REGION
,AWS_DEFAULT_REGION
- access
Key String - The access key for API operations. You can retrieve this from the ‘Security & Credentials’ section of the AWS console.
- allowed
Account List<String>Ids - List of allowed AWS account IDs to prevent you from mistakenly using an incorrect one. Conflicts with
forbiddenAccountIds
. - assume
Role ProviderAssume Role - Configuration for retrieving temporary credentials from the STS service.
- auto
Naming ProviderAuto Naming - The configuration for automatically naming resources.
- Provider
Default Tags - Configuration block with resource tag settings to apply across all resources handled by this provider. This is designed to replace redundant per-resource
tags
configurations. Provider tags can be overridden with new values, but not excluded from specific resources. To override provider tag values, use thetags
argument within a resource to configure new tag values for matching keys. - endpoints
List<Provider
Endpoint> - Configuration block for customizing service endpoints.
- forbidden
Account List<String>Ids - List of forbidden AWS account IDs to prevent you from mistakenly using the wrong one (and potentially end up destroying a live environment). Conflicts with
allowedAccountIds
. - Provider
Ignore Tags - Configuration block with resource tag settings to ignore across all resources handled by this provider (except any individual service tag resources such as
ec2.Tag
) for situations where external systems are managing certain resource tags. - insecure Boolean
- Explicitly allow the provider to perform "insecure" SSL requests. If omitted,default value is
false
. - max
Retries Integer - The maximum number of times an AWS API request is being executed. If the API request still fails, an error is thrown.
- profile String
- The profile for API operations. If not set, the default profile created with
aws configure
will be used. It can also be sourced from the following environment variable:AWS_PROFILE
- role
Arn String - The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role for Cloud Control API to use when performing this resource operation. Note, this is a unique feature for server side security enforcement, not to be confused with assumeRole, which is used to obtain temporary client credentials. If you do not specify a role, Cloud Control API uses a temporary session created using your AWS user credentials instead.
- s3Force
Path BooleanStyle - Set this to true to force the request to use path-style addressing, i.e.,
http://s3.amazonaws.com/BUCKET/KEY
. By default, the S3 client will use virtual hosted bucket addressing when possible (http://BUCKET.s3.amazonaws.com/KEY
). Specific to the Amazon S3 service. - secret
Key String - The secret key for API operations. You can retrieve this from the 'Security & Credentials' section of the AWS console.
- String
- The path to the shared credentials file. If not set this defaults to
~/.aws/credentials
. It can also be sourced from the following environment variable:AWS_SHARED_CREDENTIALS_FILE
- skip
Credentials BooleanValidation - Skip the credentials validation via STS API. Used for AWS API implementations that do not have STS available/implemented.
- skip
Get BooleanEc2Platforms - Skip getting the supported EC2 platforms. Used by users that don't have
ec2:DescribeAccountAttributes
permissions. - skip
Metadata BooleanApi Check - Skip the AWS Metadata API check. Useful for AWS API implementations that do not have a metadata API endpoint. Setting to true prevents Pulumi from authenticating via the Metadata API. You may need to use other authentication methods like static credentials, configuration variables, or environment variables.
- skip
Region BooleanValidation - Skip static validation of region name. Used by users of alternative AWS-like APIs or users with access to regions that are not public.
- skip
Requesting BooleanAccount Id - Skip requesting the account ID. Used for AWS API implementations that do not have IAM/STS API and/or metadata API.
- token String
- Session token for validating temporary credentials. Typically provided after successful identity federation or Multi-Factor Authentication (MFA) login. With MFA login, this is the session token provided afterward, not the 6 digit MFA code used to get temporary credentials.
- region Region
- The region where AWS operations will take place. Examples are
us-east-1
,us-west-2
, etc. It can also be sourced from the following environment variables:AWS_REGION
,AWS_DEFAULT_REGION
- access
Key string - The access key for API operations. You can retrieve this from the ‘Security & Credentials’ section of the AWS console.
- allowed
Account string[]Ids - List of allowed AWS account IDs to prevent you from mistakenly using an incorrect one. Conflicts with
forbiddenAccountIds
. - assume
Role ProviderAssume Role - Configuration for retrieving temporary credentials from the STS service.
- auto
Naming ProviderAuto Naming - The configuration for automatically naming resources.
- Provider
Default Tags - Configuration block with resource tag settings to apply across all resources handled by this provider. This is designed to replace redundant per-resource
tags
configurations. Provider tags can be overridden with new values, but not excluded from specific resources. To override provider tag values, use thetags
argument within a resource to configure new tag values for matching keys. - endpoints
Provider
Endpoint[] - Configuration block for customizing service endpoints.
- forbidden
Account string[]Ids - List of forbidden AWS account IDs to prevent you from mistakenly using the wrong one (and potentially end up destroying a live environment). Conflicts with
allowedAccountIds
. - Provider
Ignore Tags - Configuration block with resource tag settings to ignore across all resources handled by this provider (except any individual service tag resources such as
ec2.Tag
) for situations where external systems are managing certain resource tags. - insecure boolean
- Explicitly allow the provider to perform "insecure" SSL requests. If omitted,default value is
false
. - max
Retries number - The maximum number of times an AWS API request is being executed. If the API request still fails, an error is thrown.
- profile string
- The profile for API operations. If not set, the default profile created with
aws configure
will be used. It can also be sourced from the following environment variable:AWS_PROFILE
- role
Arn string - The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role for Cloud Control API to use when performing this resource operation. Note, this is a unique feature for server side security enforcement, not to be confused with assumeRole, which is used to obtain temporary client credentials. If you do not specify a role, Cloud Control API uses a temporary session created using your AWS user credentials instead.
- s3Force
Path booleanStyle - Set this to true to force the request to use path-style addressing, i.e.,
http://s3.amazonaws.com/BUCKET/KEY
. By default, the S3 client will use virtual hosted bucket addressing when possible (http://BUCKET.s3.amazonaws.com/KEY
). Specific to the Amazon S3 service. - secret
Key string - The secret key for API operations. You can retrieve this from the 'Security & Credentials' section of the AWS console.
- string
- The path to the shared credentials file. If not set this defaults to
~/.aws/credentials
. It can also be sourced from the following environment variable:AWS_SHARED_CREDENTIALS_FILE
- skip
Credentials booleanValidation - Skip the credentials validation via STS API. Used for AWS API implementations that do not have STS available/implemented.
- skip
Get booleanEc2Platforms - Skip getting the supported EC2 platforms. Used by users that don't have
ec2:DescribeAccountAttributes
permissions. - skip
Metadata booleanApi Check - Skip the AWS Metadata API check. Useful for AWS API implementations that do not have a metadata API endpoint. Setting to true prevents Pulumi from authenticating via the Metadata API. You may need to use other authentication methods like static credentials, configuration variables, or environment variables.
- skip
Region booleanValidation - Skip static validation of region name. Used by users of alternative AWS-like APIs or users with access to regions that are not public.
- skip
Requesting booleanAccount Id - Skip requesting the account ID. Used for AWS API implementations that do not have IAM/STS API and/or metadata API.
- token string
- Session token for validating temporary credentials. Typically provided after successful identity federation or Multi-Factor Authentication (MFA) login. With MFA login, this is the session token provided afterward, not the 6 digit MFA code used to get temporary credentials.
- region str
- The region where AWS operations will take place. Examples are
us-east-1
,us-west-2
, etc. It can also be sourced from the following environment variables:AWS_REGION
,AWS_DEFAULT_REGION
- access_
key str - The access key for API operations. You can retrieve this from the ‘Security & Credentials’ section of the AWS console.
- allowed_
account_ Sequence[str]ids - List of allowed AWS account IDs to prevent you from mistakenly using an incorrect one. Conflicts with
forbiddenAccountIds
. - assume_
role ProviderAssume Role Args - Configuration for retrieving temporary credentials from the STS service.
- auto_
naming ProviderAuto Naming Args - The configuration for automatically naming resources.
- Provider
Default Tags Args - Configuration block with resource tag settings to apply across all resources handled by this provider. This is designed to replace redundant per-resource
tags
configurations. Provider tags can be overridden with new values, but not excluded from specific resources. To override provider tag values, use thetags
argument within a resource to configure new tag values for matching keys. - endpoints
Sequence[Provider
Endpoint Args] - Configuration block for customizing service endpoints.
- forbidden_
account_ Sequence[str]ids - List of forbidden AWS account IDs to prevent you from mistakenly using the wrong one (and potentially end up destroying a live environment). Conflicts with
allowedAccountIds
. - Provider
Ignore Tags Args - Configuration block with resource tag settings to ignore across all resources handled by this provider (except any individual service tag resources such as
ec2.Tag
) for situations where external systems are managing certain resource tags. - insecure bool
- Explicitly allow the provider to perform "insecure" SSL requests. If omitted,default value is
false
. - max_
retries int - The maximum number of times an AWS API request is being executed. If the API request still fails, an error is thrown.
- profile str
- The profile for API operations. If not set, the default profile created with
aws configure
will be used. It can also be sourced from the following environment variable:AWS_PROFILE
- role_
arn str - The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role for Cloud Control API to use when performing this resource operation. Note, this is a unique feature for server side security enforcement, not to be confused with assumeRole, which is used to obtain temporary client credentials. If you do not specify a role, Cloud Control API uses a temporary session created using your AWS user credentials instead.
- s3_
force_ boolpath_ style - Set this to true to force the request to use path-style addressing, i.e.,
http://s3.amazonaws.com/BUCKET/KEY
. By default, the S3 client will use virtual hosted bucket addressing when possible (http://BUCKET.s3.amazonaws.com/KEY
). Specific to the Amazon S3 service. - secret_
key str - The secret key for API operations. You can retrieve this from the 'Security & Credentials' section of the AWS console.
- str
- The path to the shared credentials file. If not set this defaults to
~/.aws/credentials
. It can also be sourced from the following environment variable:AWS_SHARED_CREDENTIALS_FILE
- skip_
credentials_ boolvalidation - Skip the credentials validation via STS API. Used for AWS API implementations that do not have STS available/implemented.
- skip_
get_ boolec2_ platforms - Skip getting the supported EC2 platforms. Used by users that don't have
ec2:DescribeAccountAttributes
permissions. - skip_
metadata_ boolapi_ check - Skip the AWS Metadata API check. Useful for AWS API implementations that do not have a metadata API endpoint. Setting to true prevents Pulumi from authenticating via the Metadata API. You may need to use other authentication methods like static credentials, configuration variables, or environment variables.
- skip_
region_ boolvalidation - Skip static validation of region name. Used by users of alternative AWS-like APIs or users with access to regions that are not public.
- skip_
requesting_ boolaccount_ id - Skip requesting the account ID. Used for AWS API implementations that do not have IAM/STS API and/or metadata API.
- token str
- Session token for validating temporary credentials. Typically provided after successful identity federation or Multi-Factor Authentication (MFA) login. With MFA login, this is the session token provided afterward, not the 6 digit MFA code used to get temporary credentials.
- region
- The region where AWS operations will take place. Examples are
us-east-1
,us-west-2
, etc. It can also be sourced from the following environment variables:AWS_REGION
,AWS_DEFAULT_REGION
- access
Key String - The access key for API operations. You can retrieve this from the ‘Security & Credentials’ section of the AWS console.
- allowed
Account List<String>Ids - List of allowed AWS account IDs to prevent you from mistakenly using an incorrect one. Conflicts with
forbiddenAccountIds
. - assume
Role Property Map - Configuration for retrieving temporary credentials from the STS service.
- auto
Naming Property Map - The configuration for automatically naming resources.
- Property Map
- Configuration block with resource tag settings to apply across all resources handled by this provider. This is designed to replace redundant per-resource
tags
configurations. Provider tags can be overridden with new values, but not excluded from specific resources. To override provider tag values, use thetags
argument within a resource to configure new tag values for matching keys. - endpoints List<Property Map>
- Configuration block for customizing service endpoints.
- forbidden
Account List<String>Ids - List of forbidden AWS account IDs to prevent you from mistakenly using the wrong one (and potentially end up destroying a live environment). Conflicts with
allowedAccountIds
. - Property Map
- Configuration block with resource tag settings to ignore across all resources handled by this provider (except any individual service tag resources such as
ec2.Tag
) for situations where external systems are managing certain resource tags. - insecure Boolean
- Explicitly allow the provider to perform "insecure" SSL requests. If omitted,default value is
false
. - max
Retries Number - The maximum number of times an AWS API request is being executed. If the API request still fails, an error is thrown.
- profile String
- The profile for API operations. If not set, the default profile created with
aws configure
will be used. It can also be sourced from the following environment variable:AWS_PROFILE
- role
Arn String - The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role for Cloud Control API to use when performing this resource operation. Note, this is a unique feature for server side security enforcement, not to be confused with assumeRole, which is used to obtain temporary client credentials. If you do not specify a role, Cloud Control API uses a temporary session created using your AWS user credentials instead.
- s3Force
Path BooleanStyle - Set this to true to force the request to use path-style addressing, i.e.,
http://s3.amazonaws.com/BUCKET/KEY
. By default, the S3 client will use virtual hosted bucket addressing when possible (http://BUCKET.s3.amazonaws.com/KEY
). Specific to the Amazon S3 service. - secret
Key String - The secret key for API operations. You can retrieve this from the 'Security & Credentials' section of the AWS console.
- String
- The path to the shared credentials file. If not set this defaults to
~/.aws/credentials
. It can also be sourced from the following environment variable:AWS_SHARED_CREDENTIALS_FILE
- skip
Credentials BooleanValidation - Skip the credentials validation via STS API. Used for AWS API implementations that do not have STS available/implemented.
- skip
Get BooleanEc2Platforms - Skip getting the supported EC2 platforms. Used by users that don't have
ec2:DescribeAccountAttributes
permissions. - skip
Metadata BooleanApi Check - Skip the AWS Metadata API check. Useful for AWS API implementations that do not have a metadata API endpoint. Setting to true prevents Pulumi from authenticating via the Metadata API. You may need to use other authentication methods like static credentials, configuration variables, or environment variables.
- skip
Region BooleanValidation - Skip static validation of region name. Used by users of alternative AWS-like APIs or users with access to regions that are not public.
- skip
Requesting BooleanAccount Id - Skip requesting the account ID. Used for AWS API implementations that do not have IAM/STS API and/or metadata API.
- token String
- Session token for validating temporary credentials. Typically provided after successful identity federation or Multi-Factor Authentication (MFA) login. With MFA login, this is the session token provided afterward, not the 6 digit MFA code used to get temporary credentials.
Outputs
All input properties are implicitly available as output properties. Additionally, the Provider resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Supporting Types
ProviderAssumeRole, ProviderAssumeRoleArgs
- Duration
Seconds int - Number of seconds to restrict the assume role session duration.
- External
Id string - External identifier to use when assuming the role.
- Policy string
- IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
- Policy
Arns List<string> - Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the role.
- Role
Arn string - Amazon Resource Name (ARN) of the IAM Role to assume.
- Session
Name string - Session name to use when assuming the role.
- Dictionary<string, string>
- Map of assume role session tags.
- Transitive
Tag List<string>Keys - A list of keys for session tags that you want to set as transitive. If you set a tag key as transitive, the corresponding key and value passes to subsequent sessions in a role chain.
- Duration
Seconds int - Number of seconds to restrict the assume role session duration.
- External
Id string - External identifier to use when assuming the role.
- Policy string
- IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
- Policy
Arns []string - Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the role.
- Role
Arn string - Amazon Resource Name (ARN) of the IAM Role to assume.
- Session
Name string - Session name to use when assuming the role.
- map[string]string
- Map of assume role session tags.
- Transitive
Tag []stringKeys - A list of keys for session tags that you want to set as transitive. If you set a tag key as transitive, the corresponding key and value passes to subsequent sessions in a role chain.
- duration
Seconds Integer - Number of seconds to restrict the assume role session duration.
- external
Id String - External identifier to use when assuming the role.
- policy String
- IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
- policy
Arns List<String> - Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the role.
- role
Arn String - Amazon Resource Name (ARN) of the IAM Role to assume.
- session
Name String - Session name to use when assuming the role.
- Map<String,String>
- Map of assume role session tags.
- transitive
Tag List<String>Keys - A list of keys for session tags that you want to set as transitive. If you set a tag key as transitive, the corresponding key and value passes to subsequent sessions in a role chain.
- duration
Seconds number - Number of seconds to restrict the assume role session duration.
- external
Id string - External identifier to use when assuming the role.
- policy string
- IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
- policy
Arns string[] - Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the role.
- role
Arn string - Amazon Resource Name (ARN) of the IAM Role to assume.
- session
Name string - Session name to use when assuming the role.
- {[key: string]: string}
- Map of assume role session tags.
- transitive
Tag string[]Keys - A list of keys for session tags that you want to set as transitive. If you set a tag key as transitive, the corresponding key and value passes to subsequent sessions in a role chain.
- duration_
seconds int - Number of seconds to restrict the assume role session duration.
- external_
id str - External identifier to use when assuming the role.
- policy str
- IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
- policy_
arns Sequence[str] - Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the role.
- role_
arn str - Amazon Resource Name (ARN) of the IAM Role to assume.
- session_
name str - Session name to use when assuming the role.
- Mapping[str, str]
- Map of assume role session tags.
- transitive_
tag_ Sequence[str]keys - A list of keys for session tags that you want to set as transitive. If you set a tag key as transitive, the corresponding key and value passes to subsequent sessions in a role chain.
- duration
Seconds Number - Number of seconds to restrict the assume role session duration.
- external
Id String - External identifier to use when assuming the role.
- policy String
- IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
- policy
Arns List<String> - Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the role.
- role
Arn String - Amazon Resource Name (ARN) of the IAM Role to assume.
- session
Name String - Session name to use when assuming the role.
- Map<String>
- Map of assume role session tags.
- transitive
Tag List<String>Keys - A list of keys for session tags that you want to set as transitive. If you set a tag key as transitive, the corresponding key and value passes to subsequent sessions in a role chain.
ProviderAutoNaming, ProviderAutoNamingArgs
- Auto
Trim bool - Automatically trim the auto-generated name to meet the maximum length constraint.
- Random
Suffix intMin Length - The minimum length of the random suffix to append to the auto-generated name.
- Auto
Trim bool - Automatically trim the auto-generated name to meet the maximum length constraint.
- Random
Suffix intMin Length - The minimum length of the random suffix to append to the auto-generated name.
- auto
Trim Boolean - Automatically trim the auto-generated name to meet the maximum length constraint.
- random
Suffix IntegerMin Length - The minimum length of the random suffix to append to the auto-generated name.
- auto
Trim boolean - Automatically trim the auto-generated name to meet the maximum length constraint.
- random
Suffix numberMin Length - The minimum length of the random suffix to append to the auto-generated name.
- auto_
trim bool - Automatically trim the auto-generated name to meet the maximum length constraint.
- random_
suffix_ intmin_ length - The minimum length of the random suffix to append to the auto-generated name.
- auto
Trim Boolean - Automatically trim the auto-generated name to meet the maximum length constraint.
- random
Suffix NumberMin Length - The minimum length of the random suffix to append to the auto-generated name.
ProviderDefaultTags, ProviderDefaultTagsArgs
- Dictionary<string, string>
- A group of tags to set across all resources.
- map[string]string
- A group of tags to set across all resources.
- Map<String,String>
- A group of tags to set across all resources.
- {[key: string]: string}
- A group of tags to set across all resources.
- Mapping[str, str]
- A group of tags to set across all resources.
- Map<String>
- A group of tags to set across all resources.
ProviderEndpoint, ProviderEndpointArgs
- Cloudcontrol string
- Override the default endpoint for AWS CloudControl
- Cloudformation string
- Override the default endpoint for AWS CloudFormation
- Ec2 string
- Override the default endpoint for AWS Elastic Compute Cloud (EC2)
- Ssm string
- Override the default endpoint for AWS Systems Manager
- Sts string
- Override the default endpoint for AWS Security Token Service (STS)
- Cloudcontrol string
- Override the default endpoint for AWS CloudControl
- Cloudformation string
- Override the default endpoint for AWS CloudFormation
- Ec2 string
- Override the default endpoint for AWS Elastic Compute Cloud (EC2)
- Ssm string
- Override the default endpoint for AWS Systems Manager
- Sts string
- Override the default endpoint for AWS Security Token Service (STS)
- cloudcontrol String
- Override the default endpoint for AWS CloudControl
- cloudformation String
- Override the default endpoint for AWS CloudFormation
- ec2 String
- Override the default endpoint for AWS Elastic Compute Cloud (EC2)
- ssm String
- Override the default endpoint for AWS Systems Manager
- sts String
- Override the default endpoint for AWS Security Token Service (STS)
- cloudcontrol string
- Override the default endpoint for AWS CloudControl
- cloudformation string
- Override the default endpoint for AWS CloudFormation
- ec2 string
- Override the default endpoint for AWS Elastic Compute Cloud (EC2)
- ssm string
- Override the default endpoint for AWS Systems Manager
- sts string
- Override the default endpoint for AWS Security Token Service (STS)
- cloudcontrol str
- Override the default endpoint for AWS CloudControl
- cloudformation str
- Override the default endpoint for AWS CloudFormation
- ec2 str
- Override the default endpoint for AWS Elastic Compute Cloud (EC2)
- ssm str
- Override the default endpoint for AWS Systems Manager
- sts str
- Override the default endpoint for AWS Security Token Service (STS)
- cloudcontrol String
- Override the default endpoint for AWS CloudControl
- cloudformation String
- Override the default endpoint for AWS CloudFormation
- ec2 String
- Override the default endpoint for AWS Elastic Compute Cloud (EC2)
- ssm String
- Override the default endpoint for AWS Systems Manager
- sts String
- Override the default endpoint for AWS Security Token Service (STS)
ProviderIgnoreTags, ProviderIgnoreTagsArgs
- Key
Prefixes List<string> - List of exact resource tag keys to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning the tag in any
tags
attributes and displaying any configuration difference for the tag value. If any resource configuration still has this tag key configured in thetags
argument, it will display a perpetual difference until the tag is removed from the argument orignoreChanges
is also used. - Keys List<string>
- List of resource tag key prefixes to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning any tag key matching the prefixes in any
tags
attributes and displaying any configuration difference for those tag values. If any resource configuration still has a tag matching one of the prefixes configured in thetags
argument, it will display a perpetual difference until the tag is removed from the argument orignoreChanges
is also used.
- Key
Prefixes []string - List of exact resource tag keys to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning the tag in any
tags
attributes and displaying any configuration difference for the tag value. If any resource configuration still has this tag key configured in thetags
argument, it will display a perpetual difference until the tag is removed from the argument orignoreChanges
is also used. - Keys []string
- List of resource tag key prefixes to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning any tag key matching the prefixes in any
tags
attributes and displaying any configuration difference for those tag values. If any resource configuration still has a tag matching one of the prefixes configured in thetags
argument, it will display a perpetual difference until the tag is removed from the argument orignoreChanges
is also used.
- key
Prefixes List<String> - List of exact resource tag keys to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning the tag in any
tags
attributes and displaying any configuration difference for the tag value. If any resource configuration still has this tag key configured in thetags
argument, it will display a perpetual difference until the tag is removed from the argument orignoreChanges
is also used. - keys List<String>
- List of resource tag key prefixes to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning any tag key matching the prefixes in any
tags
attributes and displaying any configuration difference for those tag values. If any resource configuration still has a tag matching one of the prefixes configured in thetags
argument, it will display a perpetual difference until the tag is removed from the argument orignoreChanges
is also used.
- key
Prefixes string[] - List of exact resource tag keys to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning the tag in any
tags
attributes and displaying any configuration difference for the tag value. If any resource configuration still has this tag key configured in thetags
argument, it will display a perpetual difference until the tag is removed from the argument orignoreChanges
is also used. - keys string[]
- List of resource tag key prefixes to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning any tag key matching the prefixes in any
tags
attributes and displaying any configuration difference for those tag values. If any resource configuration still has a tag matching one of the prefixes configured in thetags
argument, it will display a perpetual difference until the tag is removed from the argument orignoreChanges
is also used.
- key_
prefixes Sequence[str] - List of exact resource tag keys to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning the tag in any
tags
attributes and displaying any configuration difference for the tag value. If any resource configuration still has this tag key configured in thetags
argument, it will display a perpetual difference until the tag is removed from the argument orignoreChanges
is also used. - keys Sequence[str]
- List of resource tag key prefixes to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning any tag key matching the prefixes in any
tags
attributes and displaying any configuration difference for those tag values. If any resource configuration still has a tag matching one of the prefixes configured in thetags
argument, it will display a perpetual difference until the tag is removed from the argument orignoreChanges
is also used.
- key
Prefixes List<String> - List of exact resource tag keys to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning the tag in any
tags
attributes and displaying any configuration difference for the tag value. If any resource configuration still has this tag key configured in thetags
argument, it will display a perpetual difference until the tag is removed from the argument orignoreChanges
is also used. - keys List<String>
- List of resource tag key prefixes to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning any tag key matching the prefixes in any
tags
attributes and displaying any configuration difference for those tag values. If any resource configuration still has a tag matching one of the prefixes configured in thetags
argument, it will display a perpetual difference until the tag is removed from the argument orignoreChanges
is also used.
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.