User

Provides an IAM user.

NOTE: If policies are attached to the user via the aws.iam.PolicyAttachment resource and you are modifying the user name or path, the force_destroy argument must be set to true and applied before attempting the operation otherwise you will encounter a DeleteConflict error. The aws.iam.UserPolicyAttachment resource (recommended) does not have this requirement.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var lbUser = new Aws.Iam.User("lbUser", new Aws.Iam.UserArgs
        {
            Path = "/system/",
            Tags = 
            {
                { "tag-key", "tag-value" },
            },
        });
        var lbAccessKey = new Aws.Iam.AccessKey("lbAccessKey", new Aws.Iam.AccessKeyArgs
        {
            User = lbUser.Name,
        });
        var lbRo = new Aws.Iam.UserPolicy("lbRo", new Aws.Iam.UserPolicyArgs
        {
            Policy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Action"": [
        ""ec2:Describe*""
      ],
      ""Effect"": ""Allow"",
      ""Resource"": ""*""
    }
  ]
}

",
            User = lbUser.Name,
        });
    }

}

package main

import (
    "fmt"

    "github.com/pulumi/pulumi-aws/sdk/v2/go/aws/iam"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        lbUser, err := iam.NewUser(ctx, "lbUser", &iam.UserArgs{
            Path: pulumi.String("/system/"),
            Tags: pulumi.StringMap{
                "tag-key": pulumi.String("tag-value"),
            },
        })
        if err != nil {
            return err
        }
        _, err = iam.NewAccessKey(ctx, "lbAccessKey", &iam.AccessKeyArgs{
            User: lbUser.Name,
        })
        if err != nil {
            return err
        }
        _, err = iam.NewUserPolicy(ctx, "lbRo", &iam.UserPolicyArgs{
            Policy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Action\": [\n", "        \"ec2:Describe*\"\n", "      ],\n", "      \"Effect\": \"Allow\",\n", "      \"Resource\": \"*\"\n", "    }\n", "  ]\n", "}\n", "\n")),
            User:   lbUser.Name,
        })
        if err != nil {
            return err
        }
        return nil
    })
}

import pulumi
import pulumi_aws as aws

lb_user = aws.iam.User("lbUser",
    path="/system/",
    tags={
        "tag-key": "tag-value",
    })
lb_access_key = aws.iam.AccessKey("lbAccessKey", user=lb_user.name)
lb_ro = aws.iam.UserPolicy("lbRo",
    policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "ec2:Describe*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

""",
    user=lb_user.name)

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const lbUser = new aws.iam.User("lb", {
    path: "/system/",
    tags: {
        "tag-key": "tag-value",
    },
});
const lbAccessKey = new aws.iam.AccessKey("lb", {
    user: lbUser.name,
});
const lbRo = new aws.iam.UserPolicy("lb_ro", {
    policy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "ec2:Describe*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}
`,
    user: lbUser.name,
});

Create a User Resource

new User(name: string, args?: UserArgs, opts?: CustomResourceOptions);

def User(resource_name, opts=None, force_destroy=None, name=None, path=None, permissions_boundary=None, tags=None, __props__=None);

func NewUser(ctx *Context, name string, args *UserArgs, opts ...ResourceOption) (*User, error)

public User(string name, UserArgs? args = null, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args UserArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args UserArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args UserArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

User Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The User resource accepts the following input properties:

ForceDestroy bool: When destroying this user, destroy even if it has non-provider-managed IAM access keys, login profile or MFA devices. Without force_destroy a user with non-provider-managed access keys and login profile will fail to be destroyed.
Name string: The user’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. User names are not distinguished by case. For example, you cannot create users named both “TESTUSER” and “testuser”.
Path string: Path in which to create the user.
PermissionsBoundary string: The ARN of the policy that is used to set the permissions boundary for the user.
Tags Dictionary<string, string>: Key-value mapping of tags for the IAM user

ForceDestroy bool: When destroying this user, destroy even if it has non-provider-managed IAM access keys, login profile or MFA devices. Without force_destroy a user with non-provider-managed access keys and login profile will fail to be destroyed.
Name string: The user’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. User names are not distinguished by case. For example, you cannot create users named both “TESTUSER” and “testuser”.
Path string: Path in which to create the user.
PermissionsBoundary string: The ARN of the policy that is used to set the permissions boundary for the user.
Tags map[string]string: Key-value mapping of tags for the IAM user

forceDestroy boolean: When destroying this user, destroy even if it has non-provider-managed IAM access keys, login profile or MFA devices. Without force_destroy a user with non-provider-managed access keys and login profile will fail to be destroyed.
name string: The user’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. User names are not distinguished by case. For example, you cannot create users named both “TESTUSER” and “testuser”.
path string: Path in which to create the user.
permissionsBoundary string: The ARN of the policy that is used to set the permissions boundary for the user.
tags {[key: string]: string}: Key-value mapping of tags for the IAM user

force_destroy bool: When destroying this user, destroy even if it has non-provider-managed IAM access keys, login profile or MFA devices. Without force_destroy a user with non-provider-managed access keys and login profile will fail to be destroyed.
name str: The user’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. User names are not distinguished by case. For example, you cannot create users named both “TESTUSER” and “testuser”.
path str: Path in which to create the user.
permissions_boundary str: The ARN of the policy that is used to set the permissions boundary for the user.
tags Dict[str, str]: Key-value mapping of tags for the IAM user

Outputs

All input properties are implicitly available as output properties. Additionally, the User resource produces the following output properties:

Arn string: The ARN assigned by AWS for this user.
Id string: The provider-assigned unique ID for this managed resource.
UniqueId string: The [unique ID][1] assigned by AWS.

Arn string: The ARN assigned by AWS for this user.
Id string: The provider-assigned unique ID for this managed resource.
UniqueId string: The [unique ID][1] assigned by AWS.

arn string: The ARN assigned by AWS for this user.
id string: The provider-assigned unique ID for this managed resource.
uniqueId string: The [unique ID][1] assigned by AWS.

arn str: The ARN assigned by AWS for this user.
id str: The provider-assigned unique ID for this managed resource.
unique_id str: The [unique ID][1] assigned by AWS.

Look up an Existing User Resource

Get an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: UserState, opts?: CustomResourceOptions): User

static get(resource_name, id, opts=None, arn=None, force_destroy=None, name=None, path=None, permissions_boundary=None, tags=None, unique_id=None, __props__=None);

func GetUser(ctx *Context, name string, id IDInput, state *UserState, opts ...ResourceOption) (*User, error)

public static User Get(string name, Input<string> id, UserState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Arn string: The ARN assigned by AWS for this user.
ForceDestroy bool: When destroying this user, destroy even if it has non-provider-managed IAM access keys, login profile or MFA devices. Without force_destroy a user with non-provider-managed access keys and login profile will fail to be destroyed.
Name string: The user’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. User names are not distinguished by case. For example, you cannot create users named both “TESTUSER” and “testuser”.
Path string: Path in which to create the user.
PermissionsBoundary string: The ARN of the policy that is used to set the permissions boundary for the user.
Tags Dictionary<string, string>: Key-value mapping of tags for the IAM user
UniqueId string: The [unique ID][1] assigned by AWS.

Arn string: The ARN assigned by AWS for this user.
ForceDestroy bool: When destroying this user, destroy even if it has non-provider-managed IAM access keys, login profile or MFA devices. Without force_destroy a user with non-provider-managed access keys and login profile will fail to be destroyed.
Name string: The user’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. User names are not distinguished by case. For example, you cannot create users named both “TESTUSER” and “testuser”.
Path string: Path in which to create the user.
PermissionsBoundary string: The ARN of the policy that is used to set the permissions boundary for the user.
Tags map[string]string: Key-value mapping of tags for the IAM user
UniqueId string: The [unique ID][1] assigned by AWS.

arn string: The ARN assigned by AWS for this user.
forceDestroy boolean: When destroying this user, destroy even if it has non-provider-managed IAM access keys, login profile or MFA devices. Without force_destroy a user with non-provider-managed access keys and login profile will fail to be destroyed.
name string: The user’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. User names are not distinguished by case. For example, you cannot create users named both “TESTUSER” and “testuser”.
path string: Path in which to create the user.
permissionsBoundary string: The ARN of the policy that is used to set the permissions boundary for the user.
tags {[key: string]: string}: Key-value mapping of tags for the IAM user
uniqueId string: The [unique ID][1] assigned by AWS.

arn str: The ARN assigned by AWS for this user.
force_destroy bool: When destroying this user, destroy even if it has non-provider-managed IAM access keys, login profile or MFA devices. Without force_destroy a user with non-provider-managed access keys and login profile will fail to be destroyed.
name str: The user’s name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-_.. User names are not distinguished by case. For example, you cannot create users named both “TESTUSER” and “testuser”.
path str: Path in which to create the user.
permissions_boundary str: The ARN of the policy that is used to set the permissions boundary for the user.
tags Dict[str, str]: Key-value mapping of tags for the IAM user
unique_id str: The [unique ID][1] assigned by AWS.

Package Details

Repository: https://github.com/pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud