Class SecretBackendRoleArgs

Inheritance

System.Object

InputArgs

ResourceArgs

SecretBackendRoleArgs

Inherited Members

ResourceArgs.Empty

System.Object.Equals(System.Object)

System.Object.Equals(System.Object, System.Object)

System.Object.GetHashCode()

System.Object.GetType()

System.Object.MemberwiseClone()

System.Object.ReferenceEquals(System.Object, System.Object)

System.Object.ToString()

Namespace: Pulumi.Vault.Aws

Assembly: Pulumi.Vault.dll

Syntax

public sealed class SecretBackendRoleArgs : ResourceArgs

Constructors

View Source

SecretBackendRoleArgs()

Declaration

public SecretBackendRoleArgs()

Properties

View Source

Backend

The path the AWS secret backend is mounted at, with no leading or trailing /s.

Declaration

public Input<string> Backend { get; set; }

Property Value

Type	Description
Input<System.String>

View Source

CredentialType

Specifies the type of credential to be used when retrieving credentials from the role. Must be one of iam_user, assumed_role, or federation_token.

Declaration

public Input<string> CredentialType { get; set; }

Property Value

Type	Description
Input<System.String>

View Source

DefaultStsTtl

The default TTL in seconds for STS credentials. When a TTL is not specified when STS credentials are requested, and a default TTL is specified on the role, then this default TTL will be used. Valid only when credential_type is one of assumed_role or federation_token.

Declaration

public Input<int> DefaultStsTtl { get; set; }

Property Value

Type	Description
Input<System.Int32>

View Source

MaxStsTtl

The max allowed TTL in seconds for STS credentials (credentials TTL are capped to max_sts_ttl). Valid only when credential_type is one of assumed_role or federation_token.

Declaration

public Input<int> MaxStsTtl { get; set; }

Property Value

Type	Description
Input<System.Int32>

View Source

Name

The name to identify this role within the backend. Must be unique within the backend.

Declaration

public Input<string> Name { get; set; }

Property Value

Type	Description
Input<System.String>

View Source

PolicyArns

Specifies a list of AWS managed policy ARNs. The behavior depends on the credential type. With iam_user, the policies will be attached to IAM users when they are requested. With assumed_role and federation_token, the policy ARNs will act as a filter on what the credentials can do, similar to policy_document. When credential_type is iam_user or federation_token, at least one of policy_document or policy_arns must be specified.

Declaration

public InputList<string> PolicyArns { get; set; }

Property Value

Type	Description
InputList<System.String>

View Source

PolicyDocument

The IAM policy document for the role. The behavior depends on the credential type. With iam_user, the policy document will be attached to the IAM user generated and augment the permissions the IAM user has. With assumed_role and federation_token, the policy document will act as a filter on what the credentials can do, similar to policy_arns.

Declaration

public Input<string> PolicyDocument { get; set; }

Property Value

Type	Description
Input<System.String>

View Source

RoleArns

Specifies the ARNs of the AWS roles this Vault role is allowed to assume. Required when credential_type is assumed_role and prohibited otherwise.

Declaration

public InputList<string> RoleArns { get; set; }

Property Value

Type	Description
InputList<System.String>