UNPKG

@pulumi/aws

Version:

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.

pulumi.io

pulumi/pulumi-aws

116 lines (115 loc) 4.9 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
import * as pulumi from "@pulumi/pulumi"; /** * This data source provides information on the IAM source role of an STS assumed role. For non-role ARNs, this data source simply passes the ARN through in `issuerArn`. * * For some AWS resources, multiple types of principals are allowed in the same argument (e.g., IAM users and IAM roles). However, these arguments often do not allow assumed-role (i.e., STS, temporary credential) principals. Given an STS ARN, this data source provides the ARN for the source IAM role. * * ## Example Usage * * ### Basic Example * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const example = aws.iam.getSessionContext({ * arn: "arn:aws:sts::123456789012:assumed-role/Audien-Heaven/MatyNoyes", * }); * ``` * * ### Find the Runner's Source Role * * Combined with `aws.getCallerIdentity`, you can get the current user's source IAM role ARN (`issuerArn`) if you're using an assumed role. If you're not using an assumed role, the caller's (e.g., an IAM user's) ARN will simply be passed through. In environments where both IAM users and individuals using assumed roles need to apply the same configurations, this data source enables seamless use. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const current = aws.getCallerIdentity({}); * const example = current.then(current => aws.iam.getSessionContext({ * arn: current.arn, * })); * ``` */ export declare function getSessionContext(args: GetSessionContextArgs, opts?: pulumi.InvokeOptions): Promise<GetSessionContextResult>; /** * A collection of arguments for invoking getSessionContext. */ export interface GetSessionContextArgs { /** * ARN for an assumed role. * * > If `arn` is a non-role ARN, Pulumi gives no error and `issuerArn` will be equal to the `arn` value. For STS assumed-role ARNs, Pulumi gives an error if the identified IAM role does not exist. */ arn: string; } /** * A collection of values returned by getSessionContext. */ export interface GetSessionContextResult { readonly arn: string; /** * The provider-assigned unique ID for this managed resource. */ readonly id: string; /** * IAM source role ARN if `arn` corresponds to an STS assumed role. Otherwise, `issuerArn` is equal to `arn`. */ readonly issuerArn: string; /** * Unique identifier of the IAM role that issues the STS assumed role. */ readonly issuerId: string; /** * Name of the source role. Only available if `arn` corresponds to an STS assumed role. */ readonly issuerName: string; /** * Name of the STS session. Only available if `arn` corresponds to an STS assumed role. */ readonly sessionName: string; } /** * This data source provides information on the IAM source role of an STS assumed role. For non-role ARNs, this data source simply passes the ARN through in `issuerArn`. * * For some AWS resources, multiple types of principals are allowed in the same argument (e.g., IAM users and IAM roles). However, these arguments often do not allow assumed-role (i.e., STS, temporary credential) principals. Given an STS ARN, this data source provides the ARN for the source IAM role. * * ## Example Usage * * ### Basic Example * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const example = aws.iam.getSessionContext({ * arn: "arn:aws:sts::123456789012:assumed-role/Audien-Heaven/MatyNoyes", * }); * ``` * * ### Find the Runner's Source Role * * Combined with `aws.getCallerIdentity`, you can get the current user's source IAM role ARN (`issuerArn`) if you're using an assumed role. If you're not using an assumed role, the caller's (e.g., an IAM user's) ARN will simply be passed through. In environments where both IAM users and individuals using assumed roles need to apply the same configurations, this data source enables seamless use. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const current = aws.getCallerIdentity({}); * const example = current.then(current => aws.iam.getSessionContext({ * arn: current.arn, * })); * ``` */ export declare function getSessionContextOutput(args: GetSessionContextOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<GetSessionContextResult>; /** * A collection of arguments for invoking getSessionContext. */ export interface GetSessionContextOutputArgs { /** * ARN for an assumed role. * * > If `arn` is a non-role ARN, Pulumi gives no error and `issuerArn` will be equal to the `arn` value. For STS assumed-role ARNs, Pulumi gives an error if the identified IAM role does not exist. */ arn: pulumi.Input<string>; }