aws.transfer.SshKey
Explore with Pulumi AI
Provides a AWS Transfer User SSH Key resource.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as std from "@pulumi/std";
import * as tls from "@pulumi/tls";
const examplePrivateKey = new tls.PrivateKey("example", {
algorithm: "RSA",
rsaBits: 4096,
});
const exampleServer = new aws.transfer.Server("example", {
identityProviderType: "SERVICE_MANAGED",
tags: {
NAME: "tf-acc-test-transfer-server",
},
});
const assumeRole = aws.iam.getPolicyDocument({
statements: [{
effect: "Allow",
principals: [{
type: "Service",
identifiers: ["transfer.amazonaws.com"],
}],
actions: ["sts:AssumeRole"],
}],
});
const exampleRole = new aws.iam.Role("example", {
name: "tf-test-transfer-user-iam-role",
assumeRolePolicy: assumeRole.then(assumeRole => assumeRole.json),
});
const exampleUser = new aws.transfer.User("example", {
serverId: exampleServer.id,
userName: "tftestuser",
role: exampleRole.arn,
tags: {
NAME: "tftestuser",
},
});
const exampleSshKey = new aws.transfer.SshKey("example", {
serverId: exampleServer.id,
userName: exampleUser.userName,
body: std.trimspaceOutput({
input: examplePrivateKey.publicKeyOpenssh,
}).apply(invoke => invoke.result),
});
const example = aws.iam.getPolicyDocument({
statements: [{
sid: "AllowFullAccesstoS3",
effect: "Allow",
actions: ["s3:*"],
resources: ["*"],
}],
});
const exampleRolePolicy = new aws.iam.RolePolicy("example", {
name: "tf-test-transfer-user-iam-policy",
role: exampleRole.id,
policy: example.then(example => example.json),
});
import pulumi
import pulumi_aws as aws
import pulumi_std as std
import pulumi_tls as tls
example_private_key = tls.PrivateKey("example",
algorithm="RSA",
rsa_bits=4096)
example_server = aws.transfer.Server("example",
identity_provider_type="SERVICE_MANAGED",
tags={
"NAME": "tf-acc-test-transfer-server",
})
assume_role = aws.iam.get_policy_document(statements=[{
"effect": "Allow",
"principals": [{
"type": "Service",
"identifiers": ["transfer.amazonaws.com"],
}],
"actions": ["sts:AssumeRole"],
}])
example_role = aws.iam.Role("example",
name="tf-test-transfer-user-iam-role",
assume_role_policy=assume_role.json)
example_user = aws.transfer.User("example",
server_id=example_server.id,
user_name="tftestuser",
role=example_role.arn,
tags={
"NAME": "tftestuser",
})
example_ssh_key = aws.transfer.SshKey("example",
server_id=example_server.id,
user_name=example_user.user_name,
body=std.trimspace_output(input=example_private_key.public_key_openssh).apply(lambda invoke: invoke.result))
example = aws.iam.get_policy_document(statements=[{
"sid": "AllowFullAccesstoS3",
"effect": "Allow",
"actions": ["s3:*"],
"resources": ["*"],
}])
example_role_policy = aws.iam.RolePolicy("example",
name="tf-test-transfer-user-iam-policy",
role=example_role.id,
policy=example.json)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/transfer"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
examplePrivateKey, err := tls.NewPrivateKey(ctx, "example", &tls.PrivateKeyArgs{
Algorithm: pulumi.String("RSA"),
RsaBits: pulumi.Int(4096),
})
if err != nil {
return err
}
exampleServer, err := transfer.NewServer(ctx, "example", &transfer.ServerArgs{
IdentityProviderType: pulumi.String("SERVICE_MANAGED"),
Tags: pulumi.StringMap{
"NAME": pulumi.String("tf-acc-test-transfer-server"),
},
})
if err != nil {
return err
}
assumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Effect: pulumi.StringRef("Allow"),
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "Service",
Identifiers: []string{
"transfer.amazonaws.com",
},
},
},
Actions: []string{
"sts:AssumeRole",
},
},
},
}, nil)
if err != nil {
return err
}
exampleRole, err := iam.NewRole(ctx, "example", &iam.RoleArgs{
Name: pulumi.String("tf-test-transfer-user-iam-role"),
AssumeRolePolicy: pulumi.String(assumeRole.Json),
})
if err != nil {
return err
}
exampleUser, err := transfer.NewUser(ctx, "example", &transfer.UserArgs{
ServerId: exampleServer.ID(),
UserName: pulumi.String("tftestuser"),
Role: exampleRole.Arn,
Tags: pulumi.StringMap{
"NAME": pulumi.String("tftestuser"),
},
})
if err != nil {
return err
}
_, err = transfer.NewSshKey(ctx, "example", &transfer.SshKeyArgs{
ServerId: exampleServer.ID(),
UserName: exampleUser.UserName,
Body: pulumi.String(std.TrimspaceOutput(ctx, std.TrimspaceOutputArgs{
Input: examplePrivateKey.PublicKeyOpenssh,
}, nil).ApplyT(func(invoke std.TrimspaceResult) (*string, error) {
return invoke.Result, nil
}).(pulumi.StringPtrOutput)),
})
if err != nil {
return err
}
example, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Sid: pulumi.StringRef("AllowFullAccesstoS3"),
Effect: pulumi.StringRef("Allow"),
Actions: []string{
"s3:*",
},
Resources: []string{
"*",
},
},
},
}, nil)
if err != nil {
return err
}
_, err = iam.NewRolePolicy(ctx, "example", &iam.RolePolicyArgs{
Name: pulumi.String("tf-test-transfer-user-iam-policy"),
Role: exampleRole.ID(),
Policy: pulumi.String(example.Json),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Std = Pulumi.Std;
using Tls = Pulumi.Tls;
return await Deployment.RunAsync(() =>
{
var examplePrivateKey = new Tls.PrivateKey("example", new()
{
Algorithm = "RSA",
RsaBits = 4096,
});
var exampleServer = new Aws.Transfer.Server("example", new()
{
IdentityProviderType = "SERVICE_MANAGED",
Tags =
{
{ "NAME", "tf-acc-test-transfer-server" },
},
});
var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "Service",
Identifiers = new[]
{
"transfer.amazonaws.com",
},
},
},
Actions = new[]
{
"sts:AssumeRole",
},
},
},
});
var exampleRole = new Aws.Iam.Role("example", new()
{
Name = "tf-test-transfer-user-iam-role",
AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var exampleUser = new Aws.Transfer.User("example", new()
{
ServerId = exampleServer.Id,
UserName = "tftestuser",
Role = exampleRole.Arn,
Tags =
{
{ "NAME", "tftestuser" },
},
});
var exampleSshKey = new Aws.Transfer.SshKey("example", new()
{
ServerId = exampleServer.Id,
UserName = exampleUser.UserName,
Body = Std.Trimspace.Invoke(new()
{
Input = examplePrivateKey.PublicKeyOpenssh,
}).Apply(invoke => invoke.Result),
});
var example = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Sid = "AllowFullAccesstoS3",
Effect = "Allow",
Actions = new[]
{
"s3:*",
},
Resources = new[]
{
"*",
},
},
},
});
var exampleRolePolicy = new Aws.Iam.RolePolicy("example", new()
{
Name = "tf-test-transfer-user-iam-policy",
Role = exampleRole.Id,
Policy = example.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tls.PrivateKey;
import com.pulumi.tls.PrivateKeyArgs;
import com.pulumi.aws.transfer.Server;
import com.pulumi.aws.transfer.ServerArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.transfer.User;
import com.pulumi.aws.transfer.UserArgs;
import com.pulumi.aws.transfer.SshKey;
import com.pulumi.aws.transfer.SshKeyArgs;
import com.pulumi.aws.iam.RolePolicy;
import com.pulumi.aws.iam.RolePolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var examplePrivateKey = new PrivateKey("examplePrivateKey", PrivateKeyArgs.builder()
.algorithm("RSA")
.rsaBits(4096)
.build());
var exampleServer = new Server("exampleServer", ServerArgs.builder()
.identityProviderType("SERVICE_MANAGED")
.tags(Map.of("NAME", "tf-acc-test-transfer-server"))
.build());
final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("Service")
.identifiers("transfer.amazonaws.com")
.build())
.actions("sts:AssumeRole")
.build())
.build());
var exampleRole = new Role("exampleRole", RoleArgs.builder()
.name("tf-test-transfer-user-iam-role")
.assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
var exampleUser = new User("exampleUser", UserArgs.builder()
.serverId(exampleServer.id())
.userName("tftestuser")
.role(exampleRole.arn())
.tags(Map.of("NAME", "tftestuser"))
.build());
var exampleSshKey = new SshKey("exampleSshKey", SshKeyArgs.builder()
.serverId(exampleServer.id())
.userName(exampleUser.userName())
.body(StdFunctions.trimspace().applyValue(invoke -> invoke.result()))
.build());
final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.sid("AllowFullAccesstoS3")
.effect("Allow")
.actions("s3:*")
.resources("*")
.build())
.build());
var exampleRolePolicy = new RolePolicy("exampleRolePolicy", RolePolicyArgs.builder()
.name("tf-test-transfer-user-iam-policy")
.role(exampleRole.id())
.policy(example.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
.build());
}
}
resources:
examplePrivateKey:
type: tls:PrivateKey
name: example
properties:
algorithm: RSA
rsaBits: 4096
exampleSshKey:
type: aws:transfer:SshKey
name: example
properties:
serverId: ${exampleServer.id}
userName: ${exampleUser.userName}
body:
fn::invoke:
Function: std:trimspace
Arguments:
input: ${examplePrivateKey.publicKeyOpenssh}
Return: result
exampleServer:
type: aws:transfer:Server
name: example
properties:
identityProviderType: SERVICE_MANAGED
tags:
NAME: tf-acc-test-transfer-server
exampleUser:
type: aws:transfer:User
name: example
properties:
serverId: ${exampleServer.id}
userName: tftestuser
role: ${exampleRole.arn}
tags:
NAME: tftestuser
exampleRole:
type: aws:iam:Role
name: example
properties:
name: tf-test-transfer-user-iam-role
assumeRolePolicy: ${assumeRole.json}
exampleRolePolicy:
type: aws:iam:RolePolicy
name: example
properties:
name: tf-test-transfer-user-iam-policy
role: ${exampleRole.id}
policy: ${example.json}
variables:
assumeRole:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- effect: Allow
principals:
- type: Service
identifiers:
- transfer.amazonaws.com
actions:
- sts:AssumeRole
example:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- sid: AllowFullAccesstoS3
effect: Allow
actions:
- s3:*
resources:
- '*'
Create SshKey Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new SshKey(name: string, args: SshKeyArgs, opts?: CustomResourceOptions);
@overload
def SshKey(resource_name: str,
args: SshKeyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def SshKey(resource_name: str,
opts: Optional[ResourceOptions] = None,
body: Optional[str] = None,
server_id: Optional[str] = None,
user_name: Optional[str] = None)
func NewSshKey(ctx *Context, name string, args SshKeyArgs, opts ...ResourceOption) (*SshKey, error)
public SshKey(string name, SshKeyArgs args, CustomResourceOptions? opts = null)
public SshKey(String name, SshKeyArgs args)
public SshKey(String name, SshKeyArgs args, CustomResourceOptions options)
type: aws:transfer:SshKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args SshKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args SshKeyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SshKeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SshKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args SshKeyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var awsSshKeyResource = new Aws.Transfer.SshKey("awsSshKeyResource", new()
{
Body = "string",
ServerId = "string",
UserName = "string",
});
example, err := transfer.NewSshKey(ctx, "awsSshKeyResource", &transfer.SshKeyArgs{
Body: pulumi.String("string"),
ServerId: pulumi.String("string"),
UserName: pulumi.String("string"),
})
var awsSshKeyResource = new SshKey("awsSshKeyResource", SshKeyArgs.builder()
.body("string")
.serverId("string")
.userName("string")
.build());
aws_ssh_key_resource = aws.transfer.SshKey("awsSshKeyResource",
body="string",
server_id="string",
user_name="string")
const awsSshKeyResource = new aws.transfer.SshKey("awsSshKeyResource", {
body: "string",
serverId: "string",
userName: "string",
});
type: aws:transfer:SshKey
properties:
body: string
serverId: string
userName: string
SshKey Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The SshKey resource accepts the following input properties:
Outputs
All input properties are implicitly available as output properties. Additionally, the SshKey resource produces the following output properties:
- id str
- The provider-assigned unique ID for this managed resource.
- ssh_
key_ strid
Look up Existing SshKey Resource
Get an existing SshKey resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SshKeyState, opts?: CustomResourceOptions): SshKey
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
body: Optional[str] = None,
server_id: Optional[str] = None,
ssh_key_id: Optional[str] = None,
user_name: Optional[str] = None) -> SshKey
func GetSshKey(ctx *Context, name string, id IDInput, state *SshKeyState, opts ...ResourceOption) (*SshKey, error)
public static SshKey Get(string name, Input<string> id, SshKeyState? state, CustomResourceOptions? opts = null)
public static SshKey get(String name, Output<String> id, SshKeyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- body str
- The public key portion of an SSH key pair.
- server_
id str - The Server ID of the Transfer Server (e.g.,
s-12345678
) - ssh_
key_ strid - user_
name str - The name of the user account that is assigned to one or more servers.
Import
Using pulumi import
, import Transfer SSH Public Key using the server_id
and user_name
and ssh_public_key_id
separated by /
. For example:
$ pulumi import aws:transfer/sshKey:SshKey bar s-12345678/test-username/key-12345
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.