aws.iam.AccessKey
Explore with Pulumi AI
Provides an IAM access key. This is a set of credentials that allow API requests to be made as an IAM user.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const lbUser = new aws.iam.User("lb", {
name: "loadbalancer",
path: "/system/",
});
const lb = new aws.iam.AccessKey("lb", {
user: lbUser.name,
pgpKey: "keybase:some_person_that_exists",
});
const lbRo = aws.iam.getPolicyDocument({
statements: [{
effect: "Allow",
actions: ["ec2:Describe*"],
resources: ["*"],
}],
});
const lbRoUserPolicy = new aws.iam.UserPolicy("lb_ro", {
name: "test",
user: lbUser.name,
policy: lbRo.then(lbRo => lbRo.json),
});
export const secret = lb.encryptedSecret;
import pulumi
import pulumi_aws as aws
lb_user = aws.iam.User("lb",
name="loadbalancer",
path="/system/")
lb = aws.iam.AccessKey("lb",
user=lb_user.name,
pgp_key="keybase:some_person_that_exists")
lb_ro = aws.iam.get_policy_document(statements=[{
"effect": "Allow",
"actions": ["ec2:Describe*"],
"resources": ["*"],
}])
lb_ro_user_policy = aws.iam.UserPolicy("lb_ro",
name="test",
user=lb_user.name,
policy=lb_ro.json)
pulumi.export("secret", lb.encrypted_secret)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
lbUser, err := iam.NewUser(ctx, "lb", &iam.UserArgs{
Name: pulumi.String("loadbalancer"),
Path: pulumi.String("/system/"),
})
if err != nil {
return err
}
lb, err := iam.NewAccessKey(ctx, "lb", &iam.AccessKeyArgs{
User: lbUser.Name,
PgpKey: pulumi.String("keybase:some_person_that_exists"),
})
if err != nil {
return err
}
lbRo, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: pulumi.StringRef("Allow"),
Actions: []string{
"ec2:Describe*",
},
Resources: []string{
"*",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iam.NewUserPolicy(ctx, "lb_ro", &iam.UserPolicyArgs{
Name: pulumi.String("test"),
User: lbUser.Name,
Policy: pulumi.String(lbRo.Json),
})
if err != nil {
return err
}
ctx.Export("secret", lb.EncryptedSecret)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var lbUser = new Aws.Iam.User("lb", new()
{
Name = "loadbalancer",
Path = "/system/",
});
var lb = new Aws.Iam.AccessKey("lb", new()
{
User = lbUser.Name,
PgpKey = "keybase:some_person_that_exists",
});
var lbRo = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Actions = new[]
{
"ec2:Describe*",
},
Resources = new[]
{
"*",
},
},
},
});
var lbRoUserPolicy = new Aws.Iam.UserPolicy("lb_ro", new()
{
Name = "test",
User = lbUser.Name,
Policy = lbRo.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
return new Dictionary<string, object?>
{
["secret"] = lb.EncryptedSecret,
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.User;
import com.pulumi.aws.iam.UserArgs;
import com.pulumi.aws.iam.AccessKey;
import com.pulumi.aws.iam.AccessKeyArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.UserPolicy;
import com.pulumi.aws.iam.UserPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var lbUser = new User("lbUser", UserArgs.builder()
.name("loadbalancer")
.path("/system/")
.build());
var lb = new AccessKey("lb", AccessKeyArgs.builder()
.user(lbUser.name())
.pgpKey("keybase:some_person_that_exists")
.build());
final var lbRo = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.actions("ec2:Describe*")
.resources("*")
.build())
.build());
var lbRoUserPolicy = new UserPolicy("lbRoUserPolicy", UserPolicyArgs.builder()
.name("test")
.user(lbUser.name())
.policy(lbRo.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
ctx.export("secret", lb.encryptedSecret());
}
}
resources:
lb:
type: aws:iam:AccessKey
properties:
user: ${lbUser.name}
pgpKey: keybase:some_person_that_exists
lbUser:
type: aws:iam:User
name: lb
properties:
name: loadbalancer
path: /system/
lbRoUserPolicy:
type: aws:iam:UserPolicy
name: lb_ro
properties:
name: test
user: ${lbUser.name}
policy: ${lbRo.json}
variables:
lbRo:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- effect: Allow
actions:
- ec2:Describe*
resources:
- '*'
outputs:
secret: ${lb.encryptedSecret}
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const test = new aws.iam.User("test", {
name: "test",
path: "/test/",
});
const testAccessKey = new aws.iam.AccessKey("test", {user: test.name});
export const awsIamSmtpPasswordV4 = testAccessKey.sesSmtpPasswordV4;
import pulumi
import pulumi_aws as aws
test = aws.iam.User("test",
name="test",
path="/test/")
test_access_key = aws.iam.AccessKey("test", user=test.name)
pulumi.export("awsIamSmtpPasswordV4", test_access_key.ses_smtp_password_v4)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
test, err := iam.NewUser(ctx, "test", &iam.UserArgs{
Name: pulumi.String("test"),
Path: pulumi.String("/test/"),
})
if err != nil {
return err
}
testAccessKey, err := iam.NewAccessKey(ctx, "test", &iam.AccessKeyArgs{
User: test.Name,
})
if err != nil {
return err
}
ctx.Export("awsIamSmtpPasswordV4", testAccessKey.SesSmtpPasswordV4)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var test = new Aws.Iam.User("test", new()
{
Name = "test",
Path = "/test/",
});
var testAccessKey = new Aws.Iam.AccessKey("test", new()
{
User = test.Name,
});
return new Dictionary<string, object?>
{
["awsIamSmtpPasswordV4"] = testAccessKey.SesSmtpPasswordV4,
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.User;
import com.pulumi.aws.iam.UserArgs;
import com.pulumi.aws.iam.AccessKey;
import com.pulumi.aws.iam.AccessKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new User("test", UserArgs.builder()
.name("test")
.path("/test/")
.build());
var testAccessKey = new AccessKey("testAccessKey", AccessKeyArgs.builder()
.user(test.name())
.build());
ctx.export("awsIamSmtpPasswordV4", testAccessKey.sesSmtpPasswordV4());
}
}
resources:
test:
type: aws:iam:User
properties:
name: test
path: /test/
testAccessKey:
type: aws:iam:AccessKey
name: test
properties:
user: ${test.name}
outputs:
awsIamSmtpPasswordV4: ${testAccessKey.sesSmtpPasswordV4}
Create AccessKey Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AccessKey(name: string, args: AccessKeyArgs, opts?: CustomResourceOptions);
@overload
def AccessKey(resource_name: str,
args: AccessKeyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AccessKey(resource_name: str,
opts: Optional[ResourceOptions] = None,
user: Optional[str] = None,
pgp_key: Optional[str] = None,
status: Optional[str] = None)
func NewAccessKey(ctx *Context, name string, args AccessKeyArgs, opts ...ResourceOption) (*AccessKey, error)
public AccessKey(string name, AccessKeyArgs args, CustomResourceOptions? opts = null)
public AccessKey(String name, AccessKeyArgs args)
public AccessKey(String name, AccessKeyArgs args, CustomResourceOptions options)
type: aws:iam:AccessKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AccessKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AccessKeyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AccessKeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AccessKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AccessKeyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var accessKeyResource = new Aws.Iam.AccessKey("accessKeyResource", new()
{
User = "string",
PgpKey = "string",
Status = "string",
});
example, err := iam.NewAccessKey(ctx, "accessKeyResource", &iam.AccessKeyArgs{
User: pulumi.String("string"),
PgpKey: pulumi.String("string"),
Status: pulumi.String("string"),
})
var accessKeyResource = new AccessKey("accessKeyResource", AccessKeyArgs.builder()
.user("string")
.pgpKey("string")
.status("string")
.build());
access_key_resource = aws.iam.AccessKey("accessKeyResource",
user="string",
pgp_key="string",
status="string")
const accessKeyResource = new aws.iam.AccessKey("accessKeyResource", {
user: "string",
pgpKey: "string",
status: "string",
});
type: aws:iam:AccessKey
properties:
pgpKey: string
status: string
user: string
AccessKey Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AccessKey resource accepts the following input properties:
- User string
- IAM user to associate with this access key.
- Pgp
Key string - Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:some_person_that_exists
, for use in theencrypted_secret
output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the-a
option togpg --export
). - Status string
- Access key status to apply. Defaults to
Active
. Valid values areActive
andInactive
.
- User string
- IAM user to associate with this access key.
- Pgp
Key string - Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:some_person_that_exists
, for use in theencrypted_secret
output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the-a
option togpg --export
). - Status string
- Access key status to apply. Defaults to
Active
. Valid values areActive
andInactive
.
- user String
- IAM user to associate with this access key.
- pgp
Key String - Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:some_person_that_exists
, for use in theencrypted_secret
output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the-a
option togpg --export
). - status String
- Access key status to apply. Defaults to
Active
. Valid values areActive
andInactive
.
- user string
- IAM user to associate with this access key.
- pgp
Key string - Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:some_person_that_exists
, for use in theencrypted_secret
output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the-a
option togpg --export
). - status string
- Access key status to apply. Defaults to
Active
. Valid values areActive
andInactive
.
- user str
- IAM user to associate with this access key.
- pgp_
key str - Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:some_person_that_exists
, for use in theencrypted_secret
output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the-a
option togpg --export
). - status str
- Access key status to apply. Defaults to
Active
. Valid values areActive
andInactive
.
- user String
- IAM user to associate with this access key.
- pgp
Key String - Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:some_person_that_exists
, for use in theencrypted_secret
output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the-a
option togpg --export
). - status String
- Access key status to apply. Defaults to
Active
. Valid values areActive
andInactive
.
Outputs
All input properties are implicitly available as output properties. Additionally, the AccessKey resource produces the following output properties:
- Create
Date string - Date and time in RFC3339 format that the access key was created.
- Encrypted
Secret string - Encrypted secret, base64 encoded, if
pgp_key
was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line. - Encrypted
Ses stringSmtp Password V4 - Encrypted SES SMTP password, base64 encoded, if
pgp_key
was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line. - Id string
- The provider-assigned unique ID for this managed resource.
- Key
Fingerprint string - Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
- Secret string
- Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a
pgp_key
instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation. - Ses
Smtp stringPassword V4 - Secret access key converted into an SES SMTP password by applying AWS's documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are
ap-south-1
,ap-southeast-2
,eu-central-1
,eu-west-1
,us-east-1
andus-west-2
. See current AWS SES regions.
- Create
Date string - Date and time in RFC3339 format that the access key was created.
- Encrypted
Secret string - Encrypted secret, base64 encoded, if
pgp_key
was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line. - Encrypted
Ses stringSmtp Password V4 - Encrypted SES SMTP password, base64 encoded, if
pgp_key
was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line. - Id string
- The provider-assigned unique ID for this managed resource.
- Key
Fingerprint string - Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
- Secret string
- Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a
pgp_key
instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation. - Ses
Smtp stringPassword V4 - Secret access key converted into an SES SMTP password by applying AWS's documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are
ap-south-1
,ap-southeast-2
,eu-central-1
,eu-west-1
,us-east-1
andus-west-2
. See current AWS SES regions.
- create
Date String - Date and time in RFC3339 format that the access key was created.
- encrypted
Secret String - Encrypted secret, base64 encoded, if
pgp_key
was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line. - encrypted
Ses StringSmtp Password V4 - Encrypted SES SMTP password, base64 encoded, if
pgp_key
was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line. - id String
- The provider-assigned unique ID for this managed resource.
- key
Fingerprint String - Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
- secret String
- Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a
pgp_key
instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation. - ses
Smtp StringPassword V4 - Secret access key converted into an SES SMTP password by applying AWS's documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are
ap-south-1
,ap-southeast-2
,eu-central-1
,eu-west-1
,us-east-1
andus-west-2
. See current AWS SES regions.
- create
Date string - Date and time in RFC3339 format that the access key was created.
- encrypted
Secret string - Encrypted secret, base64 encoded, if
pgp_key
was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line. - encrypted
Ses stringSmtp Password V4 - Encrypted SES SMTP password, base64 encoded, if
pgp_key
was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line. - id string
- The provider-assigned unique ID for this managed resource.
- key
Fingerprint string - Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
- secret string
- Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a
pgp_key
instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation. - ses
Smtp stringPassword V4 - Secret access key converted into an SES SMTP password by applying AWS's documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are
ap-south-1
,ap-southeast-2
,eu-central-1
,eu-west-1
,us-east-1
andus-west-2
. See current AWS SES regions.
- create_
date str - Date and time in RFC3339 format that the access key was created.
- encrypted_
secret str - Encrypted secret, base64 encoded, if
pgp_key
was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line. - encrypted_
ses_ strsmtp_ password_ v4 - Encrypted SES SMTP password, base64 encoded, if
pgp_key
was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line. - id str
- The provider-assigned unique ID for this managed resource.
- key_
fingerprint str - Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
- secret str
- Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a
pgp_key
instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation. - ses_
smtp_ strpassword_ v4 - Secret access key converted into an SES SMTP password by applying AWS's documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are
ap-south-1
,ap-southeast-2
,eu-central-1
,eu-west-1
,us-east-1
andus-west-2
. See current AWS SES regions.
- create
Date String - Date and time in RFC3339 format that the access key was created.
- encrypted
Secret String - Encrypted secret, base64 encoded, if
pgp_key
was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line. - encrypted
Ses StringSmtp Password V4 - Encrypted SES SMTP password, base64 encoded, if
pgp_key
was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line. - id String
- The provider-assigned unique ID for this managed resource.
- key
Fingerprint String - Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
- secret String
- Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a
pgp_key
instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation. - ses
Smtp StringPassword V4 - Secret access key converted into an SES SMTP password by applying AWS's documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are
ap-south-1
,ap-southeast-2
,eu-central-1
,eu-west-1
,us-east-1
andus-west-2
. See current AWS SES regions.
Look up Existing AccessKey Resource
Get an existing AccessKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AccessKeyState, opts?: CustomResourceOptions): AccessKey
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
create_date: Optional[str] = None,
encrypted_secret: Optional[str] = None,
encrypted_ses_smtp_password_v4: Optional[str] = None,
key_fingerprint: Optional[str] = None,
pgp_key: Optional[str] = None,
secret: Optional[str] = None,
ses_smtp_password_v4: Optional[str] = None,
status: Optional[str] = None,
user: Optional[str] = None) -> AccessKey
func GetAccessKey(ctx *Context, name string, id IDInput, state *AccessKeyState, opts ...ResourceOption) (*AccessKey, error)
public static AccessKey Get(string name, Input<string> id, AccessKeyState? state, CustomResourceOptions? opts = null)
public static AccessKey get(String name, Output<String> id, AccessKeyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Create
Date string - Date and time in RFC3339 format that the access key was created.
- Encrypted
Secret string - Encrypted secret, base64 encoded, if
pgp_key
was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line. - Encrypted
Ses stringSmtp Password V4 - Encrypted SES SMTP password, base64 encoded, if
pgp_key
was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line. - Key
Fingerprint string - Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
- Pgp
Key string - Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:some_person_that_exists
, for use in theencrypted_secret
output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the-a
option togpg --export
). - Secret string
- Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a
pgp_key
instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation. - Ses
Smtp stringPassword V4 - Secret access key converted into an SES SMTP password by applying AWS's documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are
ap-south-1
,ap-southeast-2
,eu-central-1
,eu-west-1
,us-east-1
andus-west-2
. See current AWS SES regions. - Status string
- Access key status to apply. Defaults to
Active
. Valid values areActive
andInactive
. - User string
- IAM user to associate with this access key.
- Create
Date string - Date and time in RFC3339 format that the access key was created.
- Encrypted
Secret string - Encrypted secret, base64 encoded, if
pgp_key
was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line. - Encrypted
Ses stringSmtp Password V4 - Encrypted SES SMTP password, base64 encoded, if
pgp_key
was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line. - Key
Fingerprint string - Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
- Pgp
Key string - Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:some_person_that_exists
, for use in theencrypted_secret
output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the-a
option togpg --export
). - Secret string
- Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a
pgp_key
instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation. - Ses
Smtp stringPassword V4 - Secret access key converted into an SES SMTP password by applying AWS's documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are
ap-south-1
,ap-southeast-2
,eu-central-1
,eu-west-1
,us-east-1
andus-west-2
. See current AWS SES regions. - Status string
- Access key status to apply. Defaults to
Active
. Valid values areActive
andInactive
. - User string
- IAM user to associate with this access key.
- create
Date String - Date and time in RFC3339 format that the access key was created.
- encrypted
Secret String - Encrypted secret, base64 encoded, if
pgp_key
was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line. - encrypted
Ses StringSmtp Password V4 - Encrypted SES SMTP password, base64 encoded, if
pgp_key
was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line. - key
Fingerprint String - Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
- pgp
Key String - Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:some_person_that_exists
, for use in theencrypted_secret
output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the-a
option togpg --export
). - secret String
- Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a
pgp_key
instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation. - ses
Smtp StringPassword V4 - Secret access key converted into an SES SMTP password by applying AWS's documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are
ap-south-1
,ap-southeast-2
,eu-central-1
,eu-west-1
,us-east-1
andus-west-2
. See current AWS SES regions. - status String
- Access key status to apply. Defaults to
Active
. Valid values areActive
andInactive
. - user String
- IAM user to associate with this access key.
- create
Date string - Date and time in RFC3339 format that the access key was created.
- encrypted
Secret string - Encrypted secret, base64 encoded, if
pgp_key
was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line. - encrypted
Ses stringSmtp Password V4 - Encrypted SES SMTP password, base64 encoded, if
pgp_key
was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line. - key
Fingerprint string - Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
- pgp
Key string - Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:some_person_that_exists
, for use in theencrypted_secret
output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the-a
option togpg --export
). - secret string
- Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a
pgp_key
instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation. - ses
Smtp stringPassword V4 - Secret access key converted into an SES SMTP password by applying AWS's documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are
ap-south-1
,ap-southeast-2
,eu-central-1
,eu-west-1
,us-east-1
andus-west-2
. See current AWS SES regions. - status string
- Access key status to apply. Defaults to
Active
. Valid values areActive
andInactive
. - user string
- IAM user to associate with this access key.
- create_
date str - Date and time in RFC3339 format that the access key was created.
- encrypted_
secret str - Encrypted secret, base64 encoded, if
pgp_key
was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line. - encrypted_
ses_ strsmtp_ password_ v4 - Encrypted SES SMTP password, base64 encoded, if
pgp_key
was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line. - key_
fingerprint str - Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
- pgp_
key str - Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:some_person_that_exists
, for use in theencrypted_secret
output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the-a
option togpg --export
). - secret str
- Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a
pgp_key
instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation. - ses_
smtp_ strpassword_ v4 - Secret access key converted into an SES SMTP password by applying AWS's documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are
ap-south-1
,ap-southeast-2
,eu-central-1
,eu-west-1
,us-east-1
andus-west-2
. See current AWS SES regions. - status str
- Access key status to apply. Defaults to
Active
. Valid values areActive
andInactive
. - user str
- IAM user to associate with this access key.
- create
Date String - Date and time in RFC3339 format that the access key was created.
- encrypted
Secret String - Encrypted secret, base64 encoded, if
pgp_key
was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line. - encrypted
Ses StringSmtp Password V4 - Encrypted SES SMTP password, base64 encoded, if
pgp_key
was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line. - key
Fingerprint String - Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
- pgp
Key String - Either a base-64 encoded PGP public key, or a keybase username in the form
keybase:some_person_that_exists
, for use in theencrypted_secret
output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the-a
option togpg --export
). - secret String
- Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a
pgp_key
instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation. - ses
Smtp StringPassword V4 - Secret access key converted into an SES SMTP password by applying AWS's documented Sigv4 conversion algorithm. This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are
ap-south-1
,ap-southeast-2
,eu-central-1
,eu-west-1
,us-east-1
andus-west-2
. See current AWS SES regions. - status String
- Access key status to apply. Defaults to
Active
. Valid values areActive
andInactive
. - user String
- IAM user to associate with this access key.
Import
Using pulumi import
, import IAM Access Keys using the identifier. For example:
$ pulumi import aws:iam/accessKey:AccessKey example AKIA1234567890
Resource attributes such as encrypted_secret
, key_fingerprint
, pgp_key
, secret
, ses_smtp_password_v4
, and encrypted_ses_smtp_password_v4
are not available for imported resources as this information cannot be read from the IAM API.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.