UNPKG

@pulumi/aws

Version:

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.

pulumi.io

pulumi/pulumi-aws

181 lines (180 loc) 9.61 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
import * as pulumi from "@pulumi/pulumi"; /** * Provides an IAM Service Specific Credential. * * ## Example Usage * * ### Basic Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const example = new aws.iam.User("example", {name: "example"}); * const exampleServiceSpecificCredential = new aws.iam.ServiceSpecificCredential("example", { * serviceName: "codecommit.amazonaws.com", * userName: example.name, * }); * ``` * * ### Bedrock API Key with Expiration * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const example = new aws.iam.User("example", {name: "example"}); * const bedrock = new aws.iam.ServiceSpecificCredential("bedrock", { * serviceName: "bedrock.amazonaws.com", * userName: example.name, * credentialAgeDays: 30, * }); * ``` * * ## Import * * Using `pulumi import`, import IAM Service Specific Credentials using the `service_name:user_name:service_specific_credential_id`. For example: * * ```sh * $ pulumi import aws:iam/serviceSpecificCredential:ServiceSpecificCredential default `codecommit.amazonaws.com:example:some-id` * ``` */ export declare class ServiceSpecificCredential extends pulumi.CustomResource { /** * Get an existing ServiceSpecificCredential resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServiceSpecificCredentialState, opts?: pulumi.CustomResourceOptions): ServiceSpecificCredential; /** * Returns true if the given object is an instance of ServiceSpecificCredential. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ServiceSpecificCredential; /** * The date and time, in RFC3339 format, when the service-specific credential was created. */ readonly createDate: pulumi.Output<string>; /** * The number of days until the service specific credential expires. This field is only valid for Bedrock API keys and must be between 1 and 36600 (approximately 100 years). When not specified, the credential will not expire. */ readonly credentialAgeDays: pulumi.Output<number | undefined>; /** * The date and time, in RFC3339 format, when the service specific credential expires. This field is only present for Bedrock API keys that were created with an expiration period. */ readonly expirationDate: pulumi.Output<string>; /** * For Bedrock API keys, this is the public portion of the credential that includes the IAM user name and a suffix containing version and creation information. */ readonly serviceCredentialAlias: pulumi.Output<string>; /** * For Bedrock API keys, this is the secret portion of the credential that should be used to authenticate API calls. This value is only available when the credential is created. */ readonly serviceCredentialSecret: pulumi.Output<string>; /** * The name of the AWS service that is to be associated with the credentials. The service you specify here is the only service that can be accessed using these credentials. Supported services are `codecommit.amazonaws.com`, `bedrock.amazonaws.com`, and `cassandra.amazonaws.com`. */ readonly serviceName: pulumi.Output<string>; /** * The generated password for the service-specific credential. This value is only available when the credential is created. */ readonly servicePassword: pulumi.Output<string>; /** * The unique identifier for the service-specific credential. */ readonly serviceSpecificCredentialId: pulumi.Output<string>; /** * The generated user name for the service-specific credential. This value is generated by combining the IAM user's name combined with the ID number of the AWS account, as in `jane-at-123456789012`, for example. */ readonly serviceUserName: pulumi.Output<string>; /** * The status to be assigned to the service-specific credential. Valid values are `Active`, `Inactive`, and `Expired`. Default value is `Active`. Note that `Expired` is only used for read operations and cannot be set manually. */ readonly status: pulumi.Output<string | undefined>; /** * The name of the IAM user that is to be associated with the credentials. The new service-specific credentials have the same permissions as the associated user except that they can be used only to access the specified service. */ readonly userName: pulumi.Output<string>; /** * Create a ServiceSpecificCredential resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ServiceSpecificCredentialArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ServiceSpecificCredential resources. */ export interface ServiceSpecificCredentialState { /** * The date and time, in RFC3339 format, when the service-specific credential was created. */ createDate?: pulumi.Input<string>; /** * The number of days until the service specific credential expires. This field is only valid for Bedrock API keys and must be between 1 and 36600 (approximately 100 years). When not specified, the credential will not expire. */ credentialAgeDays?: pulumi.Input<number>; /** * The date and time, in RFC3339 format, when the service specific credential expires. This field is only present for Bedrock API keys that were created with an expiration period. */ expirationDate?: pulumi.Input<string>; /** * For Bedrock API keys, this is the public portion of the credential that includes the IAM user name and a suffix containing version and creation information. */ serviceCredentialAlias?: pulumi.Input<string>; /** * For Bedrock API keys, this is the secret portion of the credential that should be used to authenticate API calls. This value is only available when the credential is created. */ serviceCredentialSecret?: pulumi.Input<string>; /** * The name of the AWS service that is to be associated with the credentials. The service you specify here is the only service that can be accessed using these credentials. Supported services are `codecommit.amazonaws.com`, `bedrock.amazonaws.com`, and `cassandra.amazonaws.com`. */ serviceName?: pulumi.Input<string>; /** * The generated password for the service-specific credential. This value is only available when the credential is created. */ servicePassword?: pulumi.Input<string>; /** * The unique identifier for the service-specific credential. */ serviceSpecificCredentialId?: pulumi.Input<string>; /** * The generated user name for the service-specific credential. This value is generated by combining the IAM user's name combined with the ID number of the AWS account, as in `jane-at-123456789012`, for example. */ serviceUserName?: pulumi.Input<string>; /** * The status to be assigned to the service-specific credential. Valid values are `Active`, `Inactive`, and `Expired`. Default value is `Active`. Note that `Expired` is only used for read operations and cannot be set manually. */ status?: pulumi.Input<string>; /** * The name of the IAM user that is to be associated with the credentials. The new service-specific credentials have the same permissions as the associated user except that they can be used only to access the specified service. */ userName?: pulumi.Input<string>; } /** * The set of arguments for constructing a ServiceSpecificCredential resource. */ export interface ServiceSpecificCredentialArgs { /** * The number of days until the service specific credential expires. This field is only valid for Bedrock API keys and must be between 1 and 36600 (approximately 100 years). When not specified, the credential will not expire. */ credentialAgeDays?: pulumi.Input<number>; /** * The name of the AWS service that is to be associated with the credentials. The service you specify here is the only service that can be accessed using these credentials. Supported services are `codecommit.amazonaws.com`, `bedrock.amazonaws.com`, and `cassandra.amazonaws.com`. */ serviceName: pulumi.Input<string>; /** * The status to be assigned to the service-specific credential. Valid values are `Active`, `Inactive`, and `Expired`. Default value is `Active`. Note that `Expired` is only used for read operations and cannot be set manually. */ status?: pulumi.Input<string>; /** * The name of the IAM user that is to be associated with the credentials. The new service-specific credentials have the same permissions as the associated user except that they can be used only to access the specified service. */ userName: pulumi.Input<string>; }