com.pulumi.aws.iam.RoleArgs Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of aws Show documentation
Show all versions of aws Show documentation
A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.
// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package com.pulumi.aws.iam;
import com.pulumi.aws.iam.inputs.RoleInlinePolicyArgs;
import com.pulumi.core.Output;
import com.pulumi.core.annotations.Import;
import com.pulumi.exceptions.MissingRequiredPropertyException;
import java.lang.Boolean;
import java.lang.Integer;
import java.lang.String;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nullable;
public final class RoleArgs extends com.pulumi.resources.ResourceArgs {
public static final RoleArgs Empty = new RoleArgs();
/**
* Policy that grants an entity permission to assume the role.
*
* > **NOTE:** The `assume_role_policy` is very similar to but slightly different than a standard IAM policy and cannot use an `aws.iam.Policy` resource. However, it _can_ use an `aws.iam.getPolicyDocument` data source. See the example above of how this works.
*
* The following arguments are optional:
*
*/
@Import(name="assumeRolePolicy", required=true)
private Output assumeRolePolicy;
/**
* @return Policy that grants an entity permission to assume the role.
*
* > **NOTE:** The `assume_role_policy` is very similar to but slightly different than a standard IAM policy and cannot use an `aws.iam.Policy` resource. However, it _can_ use an `aws.iam.getPolicyDocument` data source. See the example above of how this works.
*
* The following arguments are optional:
*
*/
public Output assumeRolePolicy() {
return this.assumeRolePolicy;
}
/**
* Description of the role.
*
*/
@Import(name="description")
private @Nullable Output description;
/**
* @return Description of the role.
*
*/
public Optional> description() {
return Optional.ofNullable(this.description);
}
/**
* Whether to force detaching any policies the role has before destroying it. Defaults to `false`.
*
*/
@Import(name="forceDetachPolicies")
private @Nullable Output forceDetachPolicies;
/**
* @return Whether to force detaching any policies the role has before destroying it. Defaults to `false`.
*
*/
public Optional> forceDetachPolicies() {
return Optional.ofNullable(this.forceDetachPolicies);
}
/**
* Configuration block defining an exclusive set of IAM inline policies associated with the IAM role. See below. If no blocks are configured, Pulumi will not manage any inline policies in this resource. Configuring one empty block (i.e., `inline_policy {}`) will cause Pulumi to remove _all_ inline policies added out of band on `apply`.
*
*/
@Import(name="inlinePolicies")
private @Nullable Output> inlinePolicies;
/**
* @return Configuration block defining an exclusive set of IAM inline policies associated with the IAM role. See below. If no blocks are configured, Pulumi will not manage any inline policies in this resource. Configuring one empty block (i.e., `inline_policy {}`) will cause Pulumi to remove _all_ inline policies added out of band on `apply`.
*
*/
public Optional>> inlinePolicies() {
return Optional.ofNullable(this.inlinePolicies);
}
/**
* Set of exclusive IAM managed policy ARNs to attach to the IAM role. If this attribute is not configured, Pulumi will ignore policy attachments to this resource. When configured, Pulumi will align the role's managed policy attachments with this set by attaching or detaching managed policies. Configuring an empty set (i.e., `managed_policy_arns = []`) will cause Pulumi to remove _all_ managed policy attachments.
*
*/
@Import(name="managedPolicyArns")
private @Nullable Output> managedPolicyArns;
/**
* @return Set of exclusive IAM managed policy ARNs to attach to the IAM role. If this attribute is not configured, Pulumi will ignore policy attachments to this resource. When configured, Pulumi will align the role's managed policy attachments with this set by attaching or detaching managed policies. Configuring an empty set (i.e., `managed_policy_arns = []`) will cause Pulumi to remove _all_ managed policy attachments.
*
*/
public Optional>> managedPolicyArns() {
return Optional.ofNullable(this.managedPolicyArns);
}
/**
* Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
*
*/
@Import(name="maxSessionDuration")
private @Nullable Output maxSessionDuration;
/**
* @return Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
*
*/
public Optional> maxSessionDuration() {
return Optional.ofNullable(this.maxSessionDuration);
}
/**
* Friendly name of the role. If omitted, the provider will assign a random, unique name. See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information.
*
*/
@Import(name="name")
private @Nullable Output name;
/**
* @return Friendly name of the role. If omitted, the provider will assign a random, unique name. See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information.
*
*/
public Optional> name() {
return Optional.ofNullable(this.name);
}
/**
* Creates a unique friendly name beginning with the specified prefix. Conflicts with `name`.
*
*/
@Import(name="namePrefix")
private @Nullable Output namePrefix;
/**
* @return Creates a unique friendly name beginning with the specified prefix. Conflicts with `name`.
*
*/
public Optional> namePrefix() {
return Optional.ofNullable(this.namePrefix);
}
/**
* Path to the role. See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information.
*
*/
@Import(name="path")
private @Nullable Output path;
/**
* @return Path to the role. See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information.
*
*/
public Optional> path() {
return Optional.ofNullable(this.path);
}
/**
* ARN of the policy that is used to set the permissions boundary for the role.
*
*/
@Import(name="permissionsBoundary")
private @Nullable Output permissionsBoundary;
/**
* @return ARN of the policy that is used to set the permissions boundary for the role.
*
*/
public Optional> permissionsBoundary() {
return Optional.ofNullable(this.permissionsBoundary);
}
/**
* Key-value mapping of tags for the IAM role. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*
*/
@Import(name="tags")
private @Nullable Output> tags;
/**
* @return Key-value mapping of tags for the IAM role. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*
*/
public Optional>> tags() {
return Optional.ofNullable(this.tags);
}
private RoleArgs() {}
private RoleArgs(RoleArgs $) {
this.assumeRolePolicy = $.assumeRolePolicy;
this.description = $.description;
this.forceDetachPolicies = $.forceDetachPolicies;
this.inlinePolicies = $.inlinePolicies;
this.managedPolicyArns = $.managedPolicyArns;
this.maxSessionDuration = $.maxSessionDuration;
this.name = $.name;
this.namePrefix = $.namePrefix;
this.path = $.path;
this.permissionsBoundary = $.permissionsBoundary;
this.tags = $.tags;
}
public static Builder builder() {
return new Builder();
}
public static Builder builder(RoleArgs defaults) {
return new Builder(defaults);
}
public static final class Builder {
private RoleArgs $;
public Builder() {
$ = new RoleArgs();
}
public Builder(RoleArgs defaults) {
$ = new RoleArgs(Objects.requireNonNull(defaults));
}
/**
* @param assumeRolePolicy Policy that grants an entity permission to assume the role.
*
* > **NOTE:** The `assume_role_policy` is very similar to but slightly different than a standard IAM policy and cannot use an `aws.iam.Policy` resource. However, it _can_ use an `aws.iam.getPolicyDocument` data source. See the example above of how this works.
*
* The following arguments are optional:
*
* @return builder
*
*/
public Builder assumeRolePolicy(Output assumeRolePolicy) {
$.assumeRolePolicy = assumeRolePolicy;
return this;
}
/**
* @param assumeRolePolicy Policy that grants an entity permission to assume the role.
*
* > **NOTE:** The `assume_role_policy` is very similar to but slightly different than a standard IAM policy and cannot use an `aws.iam.Policy` resource. However, it _can_ use an `aws.iam.getPolicyDocument` data source. See the example above of how this works.
*
* The following arguments are optional:
*
* @return builder
*
*/
public Builder assumeRolePolicy(String assumeRolePolicy) {
return assumeRolePolicy(Output.of(assumeRolePolicy));
}
/**
* @param description Description of the role.
*
* @return builder
*
*/
public Builder description(@Nullable Output description) {
$.description = description;
return this;
}
/**
* @param description Description of the role.
*
* @return builder
*
*/
public Builder description(String description) {
return description(Output.of(description));
}
/**
* @param forceDetachPolicies Whether to force detaching any policies the role has before destroying it. Defaults to `false`.
*
* @return builder
*
*/
public Builder forceDetachPolicies(@Nullable Output forceDetachPolicies) {
$.forceDetachPolicies = forceDetachPolicies;
return this;
}
/**
* @param forceDetachPolicies Whether to force detaching any policies the role has before destroying it. Defaults to `false`.
*
* @return builder
*
*/
public Builder forceDetachPolicies(Boolean forceDetachPolicies) {
return forceDetachPolicies(Output.of(forceDetachPolicies));
}
/**
* @param inlinePolicies Configuration block defining an exclusive set of IAM inline policies associated with the IAM role. See below. If no blocks are configured, Pulumi will not manage any inline policies in this resource. Configuring one empty block (i.e., `inline_policy {}`) will cause Pulumi to remove _all_ inline policies added out of band on `apply`.
*
* @return builder
*
*/
public Builder inlinePolicies(@Nullable Output> inlinePolicies) {
$.inlinePolicies = inlinePolicies;
return this;
}
/**
* @param inlinePolicies Configuration block defining an exclusive set of IAM inline policies associated with the IAM role. See below. If no blocks are configured, Pulumi will not manage any inline policies in this resource. Configuring one empty block (i.e., `inline_policy {}`) will cause Pulumi to remove _all_ inline policies added out of band on `apply`.
*
* @return builder
*
*/
public Builder inlinePolicies(List inlinePolicies) {
return inlinePolicies(Output.of(inlinePolicies));
}
/**
* @param inlinePolicies Configuration block defining an exclusive set of IAM inline policies associated with the IAM role. See below. If no blocks are configured, Pulumi will not manage any inline policies in this resource. Configuring one empty block (i.e., `inline_policy {}`) will cause Pulumi to remove _all_ inline policies added out of band on `apply`.
*
* @return builder
*
*/
public Builder inlinePolicies(RoleInlinePolicyArgs... inlinePolicies) {
return inlinePolicies(List.of(inlinePolicies));
}
/**
* @param managedPolicyArns Set of exclusive IAM managed policy ARNs to attach to the IAM role. If this attribute is not configured, Pulumi will ignore policy attachments to this resource. When configured, Pulumi will align the role's managed policy attachments with this set by attaching or detaching managed policies. Configuring an empty set (i.e., `managed_policy_arns = []`) will cause Pulumi to remove _all_ managed policy attachments.
*
* @return builder
*
*/
public Builder managedPolicyArns(@Nullable Output> managedPolicyArns) {
$.managedPolicyArns = managedPolicyArns;
return this;
}
/**
* @param managedPolicyArns Set of exclusive IAM managed policy ARNs to attach to the IAM role. If this attribute is not configured, Pulumi will ignore policy attachments to this resource. When configured, Pulumi will align the role's managed policy attachments with this set by attaching or detaching managed policies. Configuring an empty set (i.e., `managed_policy_arns = []`) will cause Pulumi to remove _all_ managed policy attachments.
*
* @return builder
*
*/
public Builder managedPolicyArns(List managedPolicyArns) {
return managedPolicyArns(Output.of(managedPolicyArns));
}
/**
* @param managedPolicyArns Set of exclusive IAM managed policy ARNs to attach to the IAM role. If this attribute is not configured, Pulumi will ignore policy attachments to this resource. When configured, Pulumi will align the role's managed policy attachments with this set by attaching or detaching managed policies. Configuring an empty set (i.e., `managed_policy_arns = []`) will cause Pulumi to remove _all_ managed policy attachments.
*
* @return builder
*
*/
public Builder managedPolicyArns(String... managedPolicyArns) {
return managedPolicyArns(List.of(managedPolicyArns));
}
/**
* @param maxSessionDuration Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
*
* @return builder
*
*/
public Builder maxSessionDuration(@Nullable Output maxSessionDuration) {
$.maxSessionDuration = maxSessionDuration;
return this;
}
/**
* @param maxSessionDuration Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
*
* @return builder
*
*/
public Builder maxSessionDuration(Integer maxSessionDuration) {
return maxSessionDuration(Output.of(maxSessionDuration));
}
/**
* @param name Friendly name of the role. If omitted, the provider will assign a random, unique name. See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information.
*
* @return builder
*
*/
public Builder name(@Nullable Output name) {
$.name = name;
return this;
}
/**
* @param name Friendly name of the role. If omitted, the provider will assign a random, unique name. See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information.
*
* @return builder
*
*/
public Builder name(String name) {
return name(Output.of(name));
}
/**
* @param namePrefix Creates a unique friendly name beginning with the specified prefix. Conflicts with `name`.
*
* @return builder
*
*/
public Builder namePrefix(@Nullable Output namePrefix) {
$.namePrefix = namePrefix;
return this;
}
/**
* @param namePrefix Creates a unique friendly name beginning with the specified prefix. Conflicts with `name`.
*
* @return builder
*
*/
public Builder namePrefix(String namePrefix) {
return namePrefix(Output.of(namePrefix));
}
/**
* @param path Path to the role. See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information.
*
* @return builder
*
*/
public Builder path(@Nullable Output path) {
$.path = path;
return this;
}
/**
* @param path Path to the role. See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information.
*
* @return builder
*
*/
public Builder path(String path) {
return path(Output.of(path));
}
/**
* @param permissionsBoundary ARN of the policy that is used to set the permissions boundary for the role.
*
* @return builder
*
*/
public Builder permissionsBoundary(@Nullable Output permissionsBoundary) {
$.permissionsBoundary = permissionsBoundary;
return this;
}
/**
* @param permissionsBoundary ARN of the policy that is used to set the permissions boundary for the role.
*
* @return builder
*
*/
public Builder permissionsBoundary(String permissionsBoundary) {
return permissionsBoundary(Output.of(permissionsBoundary));
}
/**
* @param tags Key-value mapping of tags for the IAM role. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*
* @return builder
*
*/
public Builder tags(@Nullable Output> tags) {
$.tags = tags;
return this;
}
/**
* @param tags Key-value mapping of tags for the IAM role. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*
* @return builder
*
*/
public Builder tags(Map tags) {
return tags(Output.of(tags));
}
public RoleArgs build() {
if ($.assumeRolePolicy == null) {
throw new MissingRequiredPropertyException("RoleArgs", "assumeRolePolicy");
}
return $;
}
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy