@pulumi/aws-native
Version:
The Pulumi AWS Cloud Control Provider enables you to build, deploy, and manage [any AWS resource that's supported by the AWS Cloud Control API](https://github.com/pulumi/pulumi-aws-native/blob/master/provider/cmd/pulumi-gen-aws-native/supported-types.txt)
613 lines • 20.1 kB
JavaScript
"use strict";
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.Role = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("../utilities");
/**
* Creates a new role for your AWS-account.
* For more information about roles, see [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) in the *IAM User Guide*. For information about quotas for role names and the number of roles you can create, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.
*
* ## Example Usage
* ### Example
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws_native from "@pulumi/aws-native";
*
* const iamRole = new aws_native.iam.Role("iamRole", {
* assumeRolePolicyDocument: {
* version: "2012-10-17",
* statement: [{
* effect: "Allow",
* principal: {
* service: [
* "cloudformation.amazonaws.com",
* "gamelift.amazonaws.com",
* ],
* },
* action: "sts:AssumeRole",
* }],
* },
* roleName: "ScriptIAMRole",
* policies: [{
* policyName: "ScriptResourceIAMPolicy",
* policyDocument: {
* version: "2012-10-17",
* statement: [{
* effect: "Allow",
* action: [
* "s3:GetObject",
* "s3:GetObjectVersion",
* "s3:GetObjectMetadata",
* "s3:*Object*",
* ],
* resource: ["*"],
* }],
* },
* }],
* });
* const scriptResource = new aws_native.gamelift.Script("scriptResource", {
* name: "MyRealtimeScript",
* version: "v1.0",
* storageLocation: {
* bucket: "MyBucketName",
* key: "MyScriptFiles.zip",
* roleArn: iamRole.arn,
* },
* });
*
* ```
* ### Example
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws_native from "@pulumi/aws-native";
*
* const iamRole = new aws_native.iam.Role("iamRole", {
* assumeRolePolicyDocument: {
* version: "2012-10-17",
* statement: [{
* effect: "Allow",
* principal: {
* service: [
* "cloudformation.amazonaws.com",
* "gamelift.amazonaws.com",
* ],
* },
* action: "sts:AssumeRole",
* }],
* },
* roleName: "ScriptIAMRole",
* policies: [{
* policyName: "ScriptResourceIAMPolicy",
* policyDocument: {
* version: "2012-10-17",
* statement: [{
* effect: "Allow",
* action: [
* "s3:GetObject",
* "s3:GetObjectVersion",
* "s3:GetObjectMetadata",
* "s3:*Object*",
* ],
* resource: ["*"],
* }],
* },
* }],
* });
* const scriptResource = new aws_native.gamelift.Script("scriptResource", {
* name: "MyRealtimeScript",
* version: "v1.0",
* storageLocation: {
* bucket: "MyBucketName",
* key: "MyScriptFiles.zip",
* roleArn: iamRole.arn,
* },
* });
*
* ```
* ### Example
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws_native from "@pulumi/aws-native";
*
* const myJobRole = new aws_native.iam.Role("myJobRole", {
* assumeRolePolicyDocument: {
* version: "2012-10-17",
* statement: [{
* effect: "Allow",
* principal: {
* service: ["glue.amazonaws.com"],
* },
* action: ["sts:AssumeRole"],
* }],
* },
* path: "/",
* policies: [{
* policyName: "root",
* policyDocument: {
* version: "2012-10-17",
* statement: [{
* effect: "Allow",
* action: "*",
* resource: "*",
* }],
* },
* }],
* });
* const myJob = new aws_native.glue.Job("myJob", {
* command: {
* name: "glueetl",
* scriptLocation: "s3://<your-S3-script-uri>",
* },
* defaultArguments: {
* "--job-bookmark-option": "job-bookmark-enable",
* },
* executionProperty: {
* maxConcurrentRuns: 2,
* },
* maxRetries: 0,
* name: "cf-job1",
* role: myJobRole.id,
* });
*
* ```
* ### Example
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws_native from "@pulumi/aws-native";
*
* const myJobRole = new aws_native.iam.Role("myJobRole", {
* assumeRolePolicyDocument: {
* version: "2012-10-17",
* statement: [{
* effect: "Allow",
* principal: {
* service: ["glue.amazonaws.com"],
* },
* action: ["sts:AssumeRole"],
* }],
* },
* path: "/",
* policies: [{
* policyName: "root",
* policyDocument: {
* version: "2012-10-17",
* statement: [{
* effect: "Allow",
* action: "*",
* resource: "*",
* }],
* },
* }],
* });
* const myJob = new aws_native.glue.Job("myJob", {
* command: {
* name: "glueetl",
* scriptLocation: "s3://<your-S3-script-uri>",
* },
* defaultArguments: {
* "--job-bookmark-option": "job-bookmark-enable",
* },
* executionProperty: {
* maxConcurrentRuns: 2,
* },
* maxRetries: 0,
* name: "cf-job1",
* role: myJobRole.id,
* });
*
* ```
* ### Example
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws_native from "@pulumi/aws-native";
*
* const myJobTriggerRole = new aws_native.iam.Role("myJobTriggerRole", {
* assumeRolePolicyDocument: {
* version: "2012-10-17",
* statement: [{
* effect: "Allow",
* principal: {
* service: ["glue.amazonaws.com"],
* },
* action: ["sts:AssumeRole"],
* }],
* },
* path: "/",
* policies: [{
* policyName: "root",
* policyDocument: {
* version: "2012-10-17",
* statement: [{
* effect: "Allow",
* action: "*",
* resource: "*",
* }],
* },
* }],
* });
* const myJob = new aws_native.glue.Job("myJob", {
* name: "MyJobTriggerJob",
* logUri: "wikiData",
* role: myJobTriggerRole.id,
* command: {
* name: "glueetl",
* scriptLocation: "s3://testdata-bucket/s3-target/create-delete-job-xtf-ETL-s3-json-to-csv.py",
* },
* defaultArguments: {
* "--job-bookmark-option": "job-bookmark-enable",
* },
* maxRetries: 0,
* });
* const myJobTrigger = new aws_native.glue.Trigger("myJobTrigger", {
* name: "MyJobTrigger",
* type: "CONDITIONAL",
* description: "Description for a conditional job trigger",
* actions: [{
* jobName: myJob.id,
* arguments: {
* "--job-bookmark-option": "job-bookmark-enable",
* },
* }],
* predicate: {
* conditions: [{
* logicalOperator: "EQUALS",
* jobName: myJob.id,
* state: "SUCCEEDED",
* }],
* },
* });
*
* ```
* ### Example
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws_native from "@pulumi/aws-native";
*
* const myJobTriggerRole = new aws_native.iam.Role("myJobTriggerRole", {
* assumeRolePolicyDocument: {
* version: "2012-10-17",
* statement: [{
* effect: "Allow",
* principal: {
* service: ["glue.amazonaws.com"],
* },
* action: ["sts:AssumeRole"],
* }],
* },
* path: "/",
* policies: [{
* policyName: "root",
* policyDocument: {
* version: "2012-10-17",
* statement: [{
* effect: "Allow",
* action: "*",
* resource: "*",
* }],
* },
* }],
* });
* const myJob = new aws_native.glue.Job("myJob", {
* name: "MyJobTriggerJob",
* logUri: "wikiData",
* role: myJobTriggerRole.id,
* command: {
* name: "glueetl",
* scriptLocation: "s3://testdata-bucket/s3-target/create-delete-job-xtf-ETL-s3-json-to-csv.py",
* },
* defaultArguments: {
* "--job-bookmark-option": "job-bookmark-enable",
* },
* maxRetries: 0,
* });
* const myJobTrigger = new aws_native.glue.Trigger("myJobTrigger", {
* name: "MyJobTrigger",
* type: "CONDITIONAL",
* description: "Description for a conditional job trigger",
* actions: [{
* jobName: myJob.id,
* arguments: {
* "--job-bookmark-option": "job-bookmark-enable",
* },
* }],
* predicate: {
* conditions: [{
* logicalOperator: "EQUALS",
* jobName: myJob.id,
* state: "SUCCEEDED",
* }],
* },
* });
*
* ```
* ### Example
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws_native from "@pulumi/aws-native";
*
* const amazonGrafanaWorkspaceIAMRole = new aws_native.iam.Role("amazonGrafanaWorkspaceIAMRole", {
* managedPolicyArns: ["arn:aws:iam::aws:policy/service-role/AmazonGrafanaAthenaAccess"],
* assumeRolePolicyDocument: {
* version: "2012-10-17",
* statement: [{
* effect: "Allow",
* principal: {
* service: ["grafana.amazonaws.com"],
* },
* action: ["sts:AssumeRole"],
* }],
* },
* });
* const amazonGrafanaWorkspace = new aws_native.grafana.Workspace("amazonGrafanaWorkspace", {
* accountAccessType: aws_native.grafana.WorkspaceAccountAccessType.CurrentAccount,
* name: "AmazonGrafanaWorkspace",
* description: "Amazon Grafana Workspace",
* authenticationProviders: [aws_native.grafana.WorkspaceAuthenticationProviderTypes.Saml],
* permissionType: aws_native.grafana.WorkspacePermissionType.CustomerManaged,
* grafanaVersion: "9.4",
* roleArn: amazonGrafanaWorkspaceIAMRole.arn,
* samlConfiguration: {
* idpMetadata: {
* xml: "<md:EntityDescriptor xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata' entityID='entityId'>DATA</md:EntityDescriptor>",
* },
* assertionAttributes: {
* name: "displayName",
* login: "login",
* email: "email",
* groups: "group",
* role: "role",
* org: "org",
* },
* roleValues: {
* editor: ["editor1"],
* admin: ["admin1"],
* },
* allowedOrganizations: ["org1"],
* loginValidityDuration: 60,
* },
* });
* export const workspaceEndpoint = amazonGrafanaWorkspace.endpoint;
* export const workspaceStatus = amazonGrafanaWorkspace.status;
* export const workspaceId = amazonGrafanaWorkspace.id;
* export const grafanaVersion = amazonGrafanaWorkspace.grafanaVersion;
*
* ```
* ### Example
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws_native from "@pulumi/aws-native";
*
* const amazonGrafanaWorkspaceIAMRole = new aws_native.iam.Role("amazonGrafanaWorkspaceIAMRole", {
* managedPolicyArns: ["arn:aws:iam::aws:policy/service-role/AmazonGrafanaAthenaAccess"],
* assumeRolePolicyDocument: {
* version: "2012-10-17",
* statement: [{
* effect: "Allow",
* principal: {
* service: ["grafana.amazonaws.com"],
* },
* action: ["sts:AssumeRole"],
* }],
* },
* });
* const amazonGrafanaWorkspace = new aws_native.grafana.Workspace("amazonGrafanaWorkspace", {
* accountAccessType: aws_native.grafana.WorkspaceAccountAccessType.CurrentAccount,
* name: "AmazonGrafanaWorkspace",
* description: "Amazon Grafana Workspace",
* authenticationProviders: [aws_native.grafana.WorkspaceAuthenticationProviderTypes.Saml],
* permissionType: aws_native.grafana.WorkspacePermissionType.CustomerManaged,
* grafanaVersion: "9.4",
* roleArn: amazonGrafanaWorkspaceIAMRole.arn,
* samlConfiguration: {
* idpMetadata: {
* xml: "<md:EntityDescriptor xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata' entityID='entityId'>DATA</md:EntityDescriptor>",
* },
* assertionAttributes: {
* name: "displayName",
* login: "login",
* email: "email",
* groups: "group",
* role: "role",
* org: "org",
* },
* roleValues: {
* editor: ["editor1"],
* admin: ["admin1"],
* },
* allowedOrganizations: ["org1"],
* loginValidityDuration: 60,
* },
* });
* export const workspaceEndpoint = amazonGrafanaWorkspace.endpoint;
* export const workspaceStatus = amazonGrafanaWorkspace.status;
* export const workspaceId = amazonGrafanaWorkspace.id;
* export const grafanaVersion = amazonGrafanaWorkspace.grafanaVersion;
*
* ```
* ### Example
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws_native from "@pulumi/aws-native";
*
* const rootRole = new aws_native.iam.Role("rootRole", {
* assumeRolePolicyDocument: {
* version: "2012-10-17",
* statement: [{
* effect: "Allow",
* principal: {
* service: ["ec2.amazonaws.com"],
* },
* action: ["sts:AssumeRole"],
* }],
* },
* path: "/",
* policies: [{
* policyName: "root",
* policyDocument: {
* version: "2012-10-17",
* statement: [{
* effect: "Allow",
* action: "*",
* resource: "*",
* }],
* },
* }],
* });
* const rootInstanceProfile = new aws_native.iam.InstanceProfile("rootInstanceProfile", {
* path: "/",
* roles: [rootRole.id],
* });
*
* ```
* ### Example
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws_native from "@pulumi/aws-native";
*
* const rootRole = new aws_native.iam.Role("rootRole", {
* assumeRolePolicyDocument: {
* version: "2012-10-17",
* statement: [{
* effect: "Allow",
* principal: {
* service: ["ec2.amazonaws.com"],
* },
* action: ["sts:AssumeRole"],
* }],
* },
* path: "/",
* policies: [{
* policyName: "root",
* policyDocument: {
* version: "2012-10-17",
* statement: [{
* effect: "Allow",
* action: "*",
* resource: "*",
* }],
* },
* }],
* });
* const rootInstanceProfile = new aws_native.iam.InstanceProfile("rootInstanceProfile", {
* path: "/",
* roles: [rootRole.id],
* });
*
* ```
* ### Example
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws_native from "@pulumi/aws-native";
*
* const automationExecutionRole = new aws_native.iam.Role("automationExecutionRole", {
* assumeRolePolicyDocument: {
* version: "2012-10-17",
* statement: [{
* effect: "Allow",
* principal: {
* service: "ssm.amazonaws.com",
* },
* action: ["sts:AssumeRole"],
* }],
* },
* path: "/",
* managedPolicyArns: ["arn:${AWS::Partition}:iam::aws:policy/AmazonEC2FullAccess"],
* });
* const automationAssociation = new aws_native.ssm.Association("automationAssociation", {
* name: "AWS-StopEC2Instance",
* parameters: {
* automationAssumeRole: ["AutomationExecutionRole.Arn"],
* },
* targets: [{
* key: "ParameterValues",
* values: ["i-1234567890abcdef0"],
* }],
* automationTargetParameterName: "InstanceId",
* });
*
* ```
*/
class Role extends pulumi.CustomResource {
/**
* Get an existing Role resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name, id, opts) {
return new Role(name, undefined, { ...opts, id: id });
}
/**
* Returns true if the given object is an instance of Role. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj) {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === Role.__pulumiType;
}
/**
* Create a Role resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name, args, opts) {
let resourceInputs = {};
opts = opts || {};
if (!opts.id) {
if (args?.assumeRolePolicyDocument === undefined && !opts.urn) {
throw new Error("Missing required property 'assumeRolePolicyDocument'");
}
resourceInputs["assumeRolePolicyDocument"] = args?.assumeRolePolicyDocument;
resourceInputs["description"] = args?.description;
resourceInputs["managedPolicyArns"] = args?.managedPolicyArns;
resourceInputs["maxSessionDuration"] = args?.maxSessionDuration;
resourceInputs["path"] = args?.path;
resourceInputs["permissionsBoundary"] = args?.permissionsBoundary;
resourceInputs["policies"] = args?.policies;
resourceInputs["roleName"] = args?.roleName;
resourceInputs["tags"] = args?.tags;
resourceInputs["arn"] = undefined /*out*/;
resourceInputs["roleId"] = undefined /*out*/;
}
else {
resourceInputs["arn"] = undefined /*out*/;
resourceInputs["assumeRolePolicyDocument"] = undefined /*out*/;
resourceInputs["description"] = undefined /*out*/;
resourceInputs["managedPolicyArns"] = undefined /*out*/;
resourceInputs["maxSessionDuration"] = undefined /*out*/;
resourceInputs["path"] = undefined /*out*/;
resourceInputs["permissionsBoundary"] = undefined /*out*/;
resourceInputs["policies"] = undefined /*out*/;
resourceInputs["roleId"] = undefined /*out*/;
resourceInputs["roleName"] = undefined /*out*/;
resourceInputs["tags"] = undefined /*out*/;
}
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
const replaceOnChanges = { replaceOnChanges: ["path", "roleName"] };
opts = pulumi.mergeOptions(opts, replaceOnChanges);
super(Role.__pulumiType, name, resourceInputs, opts);
}
}
exports.Role = Role;
/** @internal */
Role.__pulumiType = 'aws-native:iam:Role';
//# sourceMappingURL=role.js.map