Class Role
Provides an IAM role.
NOTE: If policies are attached to the role via the
aws.iam.PolicyAttachmentresource and you are modifying the rolenameorpath, theforce_detach_policiesargument must be set totrueand applied before attempting the operation otherwise you will encounter aDeleteConflicterror. Theaws.iam.RolePolicyAttachmentresource (recommended) does not have this requirement.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var testRole = new Aws.Iam.Role("testRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""ec2.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}
",
Tags =
{
{ "tag-key", "tag-value" },
},
});
}
}
Example of Using Data Source for Assume Role Policy
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var instance_assume_role_policy = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
{
Statements =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"sts:AssumeRole",
},
Principals =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs
{
Identifiers =
{
"ec2.amazonaws.com",
},
Type = "Service",
},
},
},
},
}));
var instance = new Aws.Iam.Role("instance", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = instance_assume_role_policy.Apply(instance_assume_role_policy => instance_assume_role_policy.Json),
Path = "/system/",
});
}
}
Inherited Members
Namespace: Pulumi.Aws.Iam
Assembly: Pulumi.Aws.dll
Syntax
public class Role : CustomResourceConstructors
View SourceRole(String, RoleArgs, CustomResourceOptions)
Create a Role resource with the given unique name, arguments, and options.
Declaration
public Role(string name, RoleArgs args, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resource |
| RoleArgs | args | The arguments used to populate this resource's properties |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Properties
View SourceArn
The Amazon Resource Name (ARN) specifying the role.
Declaration
public Output<string> Arn { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
AssumeRolePolicy
The policy that grants an entity permission to assume the role.
Declaration
public Output<string> AssumeRolePolicy { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
CreateDate
The creation date of the IAM role.
Declaration
public Output<string> CreateDate { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Description
The description of the role.
Declaration
public Output<string> Description { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
ForceDetachPolicies
Specifies to force detaching any policies the role has before destroying it. Defaults to false.
Declaration
public Output<bool?> ForceDetachPolicies { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Boolean>> |
MaxSessionDuration
The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
Declaration
public Output<int?> MaxSessionDuration { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Nullable<System.Int32>> |
Name
The name of the role. If omitted, this provider will assign a random, unique name.
Declaration
public Output<string> Name { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
NamePrefix
Creates a unique name beginning with the specified prefix. Conflicts with name.
Declaration
public Output<string> NamePrefix { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Path
The path to the role. See IAM Identifiers for more information.
Declaration
public Output<string> Path { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
PermissionsBoundary
The ARN of the policy that is used to set the permissions boundary for the role.
Declaration
public Output<string> PermissionsBoundary { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Tags
Key-value map of tags for the IAM role
Declaration
public Output<ImmutableDictionary<string, object>> Tags { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableDictionary<System.String, System.Object>> |
UniqueId
The stable and unique string identifying the role.
Declaration
public Output<string> UniqueId { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Methods
View SourceGet(String, Input<String>, RoleState, CustomResourceOptions)
Get an existing Role resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
Declaration
public static Role Get(string name, Input<string> id, RoleState state = null, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resulting resource. |
| Input<System.String> | id | The unique provider ID of the resource to lookup. |
| RoleState | state | Any extra arguments used during the lookup. |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Returns
| Type | Description |
|---|---|
| Role |