UNPKG

@spacelift-io/pulumi-spacelift

Version:

A Pulumi package for creating and managing Spacelift resources.

spacelift.io

spacelift-io/pulumi-spacelift

109 lines (108 loc) 4.49 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
import * as pulumi from "@pulumi/pulumi"; /** * > **Note:** `spacelift.StackAwsRole` is deprecated. Please use `spacelift.AwsRole` instead. The functionality is identical. * * `spacelift.StackAwsRole` represents [cross-account IAM role delegation](https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html) between the Spacelift worker and an individual stack or module. If this is set, Spacelift will use AWS STS to assume the supplied IAM role and put its temporary credentials in the runtime environment. * * If you use private workers, you can also assume IAM role on the worker side using your own AWS credentials (e.g. from EC2 instance profile). * * Note: when assuming credentials for **shared worker**, Spacelift will use `$accountName@$stackID` or `$accountName@$moduleID` as [external ID](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) and `$runID@$stackID@$accountName` truncated to 64 characters as [session ID](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole). * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as spacelift from "@pulumi/spacelift"; * * const k8s-module = spacelift.getStackAwsRole({ * moduleId: "k8s-module", * }); * const k8s-core = spacelift.getStackAwsRole({ * stackId: "k8s-core", * }); * ``` */ export declare function getStackAwsRole(args?: GetStackAwsRoleArgs, opts?: pulumi.InvokeOptions): Promise<GetStackAwsRoleResult>; /** * A collection of arguments for invoking getStackAwsRole. */ export interface GetStackAwsRoleArgs { /** * ID of the module which assumes the AWS IAM role */ moduleId?: string; /** * ID of the stack which assumes the AWS IAM role */ stackId?: string; } /** * A collection of values returned by getStackAwsRole. */ export interface GetStackAwsRoleResult { /** * AWS IAM role session duration in seconds */ readonly durationSeconds: number; /** * Custom external ID (works only for private workers). */ readonly externalId: string; /** * Generate AWS credentials in the private worker */ readonly generateCredentialsInWorker: boolean; /** * The provider-assigned unique ID for this managed resource. */ readonly id: string; /** * ID of the module which assumes the AWS IAM role */ readonly moduleId?: string; /** * ARN of the AWS IAM role to attach */ readonly roleArn: string; /** * ID of the stack which assumes the AWS IAM role */ readonly stackId?: string; } /** * > **Note:** `spacelift.StackAwsRole` is deprecated. Please use `spacelift.AwsRole` instead. The functionality is identical. * * `spacelift.StackAwsRole` represents [cross-account IAM role delegation](https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html) between the Spacelift worker and an individual stack or module. If this is set, Spacelift will use AWS STS to assume the supplied IAM role and put its temporary credentials in the runtime environment. * * If you use private workers, you can also assume IAM role on the worker side using your own AWS credentials (e.g. from EC2 instance profile). * * Note: when assuming credentials for **shared worker**, Spacelift will use `$accountName@$stackID` or `$accountName@$moduleID` as [external ID](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) and `$runID@$stackID@$accountName` truncated to 64 characters as [session ID](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole). * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as spacelift from "@pulumi/spacelift"; * * const k8s-module = spacelift.getStackAwsRole({ * moduleId: "k8s-module", * }); * const k8s-core = spacelift.getStackAwsRole({ * stackId: "k8s-core", * }); * ``` */ export declare function getStackAwsRoleOutput(args?: GetStackAwsRoleOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output<GetStackAwsRoleResult>; /** * A collection of arguments for invoking getStackAwsRole. */ export interface GetStackAwsRoleOutputArgs { /** * ID of the module which assumes the AWS IAM role */ moduleId?: pulumi.Input<string>; /** * ID of the stack which assumes the AWS IAM role */ stackId?: pulumi.Input<string>; }