Namespace Pulumi.Vault.Aws

Classes

AuthBackendCert

AuthBackendCertArgs

AuthBackendCertState

AuthBackendClient

AuthBackendClientArgs

AuthBackendClientState

AuthBackendIdentityWhitelist

Configures the periodic tidying operation of the whitelisted identity entries.

For more information, see the Vault docs.

Example Usage

using Pulumi;
using Vault = Pulumi.Vault;

class MyStack : Stack
{
public MyStack()
{
    var exampleAuthBackend = new Vault.AuthBackend("exampleAuthBackend", new Vault.AuthBackendArgs
    {
        Type = "aws",
    });
    var exampleAuthBackendIdentityWhitelist = new Vault.Aws.AuthBackendIdentityWhitelist("exampleAuthBackendIdentityWhitelist", new Vault.Aws.AuthBackendIdentityWhitelistArgs
    {
        Backend = exampleAuthBackend.Path,
        SafetyBuffer = 3600,
    });
}

}

AuthBackendIdentityWhitelistArgs

AuthBackendIdentityWhitelistState

AuthBackendLogin

Logs into a Vault server using an AWS auth backend. Login can be accomplished using a signed identity request from IAM or using ec2 instance metadata. For more information, see the Vault documentation.

AuthBackendLoginArgs

AuthBackendLoginState

AuthBackendRole

Manages an AWS auth backend role in a Vault server. Roles constrain the instances or principals that can perform the login operation against the backend. See the Vault documentation for more information.

Example Usage

using Pulumi;
using Vault = Pulumi.Vault;

class MyStack : Stack
{
public MyStack()
{
    var aws = new Vault.AuthBackend("aws", new Vault.AuthBackendArgs
    {
        Type = "aws",
    });
    var example = new Vault.Aws.AuthBackendRole("example", new Vault.Aws.AuthBackendRoleArgs
    {
        Backend = aws.Path,
        Role = "test-role",
        AuthType = "iam",
        BoundAmiIds = 
        {
            "ami-8c1be5f6",
        },
        BoundAccountIds = 
        {
            "123456789012",
        },
        BoundVpcIds = 
        {
            "vpc-b61106d4",
        },
        BoundSubnetIds = 
        {
            "vpc-133128f1",
        },
        BoundIamRoleArns = 
        {
            "arn:aws:iam::123456789012:role/MyRole",
        },
        BoundIamInstanceProfileArns = 
        {
            "arn:aws:iam::123456789012:instance-profile/MyProfile",
        },
        InferredEntityType = "ec2_instance",
        InferredAwsRegion = "us-east-1",
        TokenTtl = 60,
        TokenMaxTtl = 120,
        TokenPolicies = 
        {
            "default",
            "dev",
            "prod",
        },
    });
}

}

AuthBackendRoleArgs

AuthBackendRoleState

AuthBackendRoleTag

Reads role tag information from an AWS auth backend in Vault.

AuthBackendRoleTagArgs

AuthBackendRoletagBlacklist

Configures the periodic tidying operation of the blacklisted role tag entries.

Example Usage

using Pulumi;
using Vault = Pulumi.Vault;

class MyStack : Stack
{
public MyStack()
{
    var exampleAuthBackend = new Vault.AuthBackend("exampleAuthBackend", new Vault.AuthBackendArgs
    {
        Type = "aws",
    });
    var exampleAuthBackendRoletagBlacklist = new Vault.Aws.AuthBackendRoletagBlacklist("exampleAuthBackendRoletagBlacklist", new Vault.Aws.AuthBackendRoletagBlacklistArgs
    {
        Backend = exampleAuthBackend.Path,
        SafetyBuffer = 360,
    });
}

}

AuthBackendRoletagBlacklistArgs

AuthBackendRoletagBlacklistState

AuthBackendRoleTagState

AuthBackendStsRole

AuthBackendStsRoleArgs

AuthBackendStsRoleState

GetAccessCredentials

GetAccessCredentialsArgs

GetAccessCredentialsResult

SecretBackend

SecretBackendArgs

SecretBackendRole

SecretBackendRoleArgs

SecretBackendRoleState

SecretBackendState