Class SecretBackendRole

Inheritance

System.Object

Resource

CustomResource

SecretBackendRole

Inherited Members

CustomResource.Id

Resource.GetResourceType()

Resource.GetResourceName()

Resource.Urn

System.Object.Equals(System.Object)

System.Object.Equals(System.Object, System.Object)

System.Object.GetHashCode()

System.Object.GetType()

System.Object.MemberwiseClone()

System.Object.ReferenceEquals(System.Object, System.Object)

System.Object.ToString()

Namespace: Pulumi.Vault.Aws

Assembly: Pulumi.Vault.dll

Syntax

public class SecretBackendRole : CustomResource

Constructors

View Source

SecretBackendRole(String, SecretBackendRoleArgs, CustomResourceOptions)

Create a SecretBackendRole resource with the given unique name, arguments, and options.

Declaration

public SecretBackendRole(string name, SecretBackendRoleArgs args, CustomResourceOptions options = null)

Parameters

Type	Name	Description
System.String	name	The unique name of the resource
SecretBackendRoleArgs	args	The arguments used to populate this resource's properties
CustomResourceOptions	options	A bag of options that control this resource's behavior

Properties

View Source

Backend

The path the AWS secret backend is mounted at, with no leading or trailing /s.

Declaration

public Output<string> Backend { get; }

Property Value

Type	Description
Output<System.String>

View Source

CredentialType

Specifies the type of credential to be used when retrieving credentials from the role. Must be one of iam_user, assumed_role, or federation_token.

Declaration

public Output<string> CredentialType { get; }

Property Value

Type	Description
Output<System.String>

View Source

DefaultStsTtl

The default TTL in seconds for STS credentials. When a TTL is not specified when STS credentials are requested, and a default TTL is specified on the role, then this default TTL will be used. Valid only when credential_type is one of assumed_role or federation_token.

Declaration

public Output<int> DefaultStsTtl { get; }

Property Value

Type	Description
Output<System.Int32>

View Source

MaxStsTtl

The max allowed TTL in seconds for STS credentials (credentials TTL are capped to max_sts_ttl). Valid only when credential_type is one of assumed_role or federation_token.

Declaration

public Output<int> MaxStsTtl { get; }

Property Value

Type	Description
Output<System.Int32>

View Source

Name

The name to identify this role within the backend. Must be unique within the backend.

Declaration

public Output<string> Name { get; }

Property Value

Type	Description
Output<System.String>

View Source

PolicyArns

Specifies a list of AWS managed policy ARNs. The behavior depends on the credential type. With iam_user, the policies will be attached to IAM users when they are requested. With assumed_role and federation_token, the policy ARNs will act as a filter on what the credentials can do, similar to policy_document. When credential_type is iam_user or federation_token, at least one of policy_document or policy_arns must be specified.

Declaration

public Output<ImmutableArray<string>> PolicyArns { get; }

Property Value

Type	Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>

View Source

PolicyDocument

The IAM policy document for the role. The behavior depends on the credential type. With iam_user, the policy document will be attached to the IAM user generated and augment the permissions the IAM user has. With assumed_role and federation_token, the policy document will act as a filter on what the credentials can do, similar to policy_arns.

Declaration

public Output<string> PolicyDocument { get; }

Property Value

Type	Description
Output<System.String>

View Source

RoleArns

Specifies the ARNs of the AWS roles this Vault role is allowed to assume. Required when credential_type is assumed_role and prohibited otherwise.

Declaration

public Output<ImmutableArray<string>> RoleArns { get; }

Property Value

Type	Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>

Methods

View Source

Get(String, Input<String>, SecretBackendRoleState, CustomResourceOptions)

Get an existing SecretBackendRole resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration

public static SecretBackendRole Get(string name, Input<string> id, SecretBackendRoleState state = null, CustomResourceOptions options = null)

Parameters

Type	Name	Description
System.String	name	The unique name of the resulting resource.
Input<System.String>	id	The unique provider ID of the resource to lookup.
SecretBackendRoleState	state	Any extra arguments used during the lookup.
CustomResourceOptions	options	A bag of options that control this resource's behavior

Returns

Type	Description
SecretBackendRole