UNPKG

@spacelift-io/pulumi-spacelift

Version:

A Pulumi package for creating and managing Spacelift resources.

spacelift.io

spacelift-io/pulumi-spacelift

120 lines (119 loc) 5.08 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
import * as pulumi from "@pulumi/pulumi"; /** * > **Note:** `spacelift.StackAwsRole` is deprecated. Please use `spacelift.AwsRole` instead. The functionality is identical. * * **NOTE:** while this resource continues to work, we have replaced it with the `spacelift.AwsIntegration` resource. The new resource allows integrations to be shared by multiple stacks/modules and also supports separate read vs write roles. Please use the `spacelift.AwsIntegration` resource instead. * * `spacelift.StackAwsRole` represents [cross-account IAM role delegation](https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html) between the Spacelift worker and an individual stack or module. If this is set, Spacelift will use AWS STS to assume the supplied IAM role and put its temporary credentials in the runtime environment. * * If you use private workers, you can also assume IAM role on the worker side using your own AWS credentials (e.g. from EC2 instance profile). * * Note: when assuming credentials for **shared worker**, Spacelift will use `$accountName@$stackID` or `$accountName@$moduleID` as [external ID](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) and `$runID@$stackID@$accountName` truncated to 64 characters as [session ID](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole). */ export declare class StackAwsRole extends pulumi.CustomResource { /** * Get an existing StackAwsRole resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: StackAwsRoleState, opts?: pulumi.CustomResourceOptions): StackAwsRole; /** * Returns true if the given object is an instance of StackAwsRole. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is StackAwsRole; /** * AWS IAM role session duration in seconds */ readonly durationSeconds: pulumi.Output<number>; /** * Custom external ID (works only for private workers). */ readonly externalId: pulumi.Output<string | undefined>; /** * Generate AWS credentials in the private worker. Defaults to `false`. */ readonly generateCredentialsInWorker: pulumi.Output<boolean | undefined>; /** * ID of the module which assumes the AWS IAM role */ readonly moduleId: pulumi.Output<string | undefined>; /** * ARN of the AWS IAM role to attach */ readonly roleArn: pulumi.Output<string>; /** * ID of the stack which assumes the AWS IAM role */ readonly stackId: pulumi.Output<string | undefined>; /** * Create a StackAwsRole resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: StackAwsRoleArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering StackAwsRole resources. */ export interface StackAwsRoleState { /** * AWS IAM role session duration in seconds */ durationSeconds?: pulumi.Input<number>; /** * Custom external ID (works only for private workers). */ externalId?: pulumi.Input<string>; /** * Generate AWS credentials in the private worker. Defaults to `false`. */ generateCredentialsInWorker?: pulumi.Input<boolean>; /** * ID of the module which assumes the AWS IAM role */ moduleId?: pulumi.Input<string>; /** * ARN of the AWS IAM role to attach */ roleArn?: pulumi.Input<string>; /** * ID of the stack which assumes the AWS IAM role */ stackId?: pulumi.Input<string>; } /** * The set of arguments for constructing a StackAwsRole resource. */ export interface StackAwsRoleArgs { /** * AWS IAM role session duration in seconds */ durationSeconds?: pulumi.Input<number>; /** * Custom external ID (works only for private workers). */ externalId?: pulumi.Input<string>; /** * Generate AWS credentials in the private worker. Defaults to `false`. */ generateCredentialsInWorker?: pulumi.Input<boolean>; /** * ID of the module which assumes the AWS IAM role */ moduleId?: pulumi.Input<string>; /** * ARN of the AWS IAM role to attach */ roleArn: pulumi.Input<string>; /** * ID of the stack which assumes the AWS IAM role */ stackId?: pulumi.Input<string>; }