All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.pulumi.aws.iam.RolePolicyAttachmentsExclusive Maven / Gradle / Ivy

// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***

package com.pulumi.aws.iam;

import com.pulumi.aws.Utilities;
import com.pulumi.aws.iam.RolePolicyAttachmentsExclusiveArgs;
import com.pulumi.aws.iam.inputs.RolePolicyAttachmentsExclusiveState;
import com.pulumi.core.Output;
import com.pulumi.core.annotations.Export;
import com.pulumi.core.annotations.ResourceType;
import com.pulumi.core.internal.Codegen;
import java.lang.String;
import java.util.List;
import javax.annotation.Nullable;

/**
 * > **NOTE:**: To reliably detect drift between customer managed policies listed in this resource and actual policies attached to the role in the cloud, you currently need to run Pulumi with `pulumi up --refresh`. See [#4766](https://github.com/pulumi/pulumi-aws/issues/4766) for tracking making this work with regular `pulumi up`
 * 
 * Resource for maintaining exclusive management of managed IAM policies assigned to an AWS IAM (Identity & Access Management) role.
 * 
 * !> This resource takes exclusive ownership over managed IAM policies attached to a role. This includes removal of managed IAM policies which are not explicitly configured. To prevent persistent drift, ensure any `aws.iam.RolePolicyAttachment` resources managed alongside this resource are included in the `policy_arns` argument.
 * 
 * > Destruction of this resource means Pulumi will no longer manage reconciliation of the configured policy attachments. It **will not** detach the configured policies from the role.
 * 
 * ## Example Usage
 * 
 * ### Basic Usage
 * 
 * <!--Start PulumiCodeChooser -->
 * 
 * {@code
 * package generated_program;
 * 
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.aws.iam.RolePolicyAttachmentsExclusive;
 * import com.pulumi.aws.iam.RolePolicyAttachmentsExclusiveArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * 
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 * 
 *     public static void stack(Context ctx) {
 *         var example = new RolePolicyAttachmentsExclusive("example", RolePolicyAttachmentsExclusiveArgs.builder()
 *             .roleName(exampleAwsIamRole.name())
 *             .policyArns(exampleAwsIamPolicy.arn())
 *             .build());
 * 
 *     }
 * }
 * }
 * 
* <!--End PulumiCodeChooser --> * * ### Disallow Managed IAM Policies * * To automatically remove any configured managed IAM policies, set the `policy_arns` argument to an empty list. * * > This will not **prevent** managed IAM policies from being assigned to a role via Pulumi (or any other interface). This resource enables bringing managed IAM policy assignments into a configured state, however, this reconciliation happens only when `apply` is proactively run. * * <!--Start PulumiCodeChooser --> *
 * {@code
 * package generated_program;
 * 
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.aws.iam.RolePolicyAttachmentsExclusive;
 * import com.pulumi.aws.iam.RolePolicyAttachmentsExclusiveArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * 
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 * 
 *     public static void stack(Context ctx) {
 *         var example = new RolePolicyAttachmentsExclusive("example", RolePolicyAttachmentsExclusiveArgs.builder()
 *             .roleName(exampleAwsIamRole.name())
 *             .policyArns()
 *             .build());
 * 
 *     }
 * }
 * }
 * 
* <!--End PulumiCodeChooser --> * * ## Import * * Using `pulumi import`, import exclusive management of managed IAM policy assignments using the `role_name`. For example: * * ```sh * $ pulumi import aws:iam/rolePolicyAttachmentsExclusive:RolePolicyAttachmentsExclusive example MyRole * ``` * */ @ResourceType(type="aws:iam/rolePolicyAttachmentsExclusive:RolePolicyAttachmentsExclusive") public class RolePolicyAttachmentsExclusive extends com.pulumi.resources.CustomResource { /** * A list of managed IAM policy ARNs to be attached to the role. Policies attached to this role but not configured in this argument will be removed. * */ @Export(name="policyArns", refs={List.class,String.class}, tree="[0,1]") private Output> policyArns; /** * @return A list of managed IAM policy ARNs to be attached to the role. Policies attached to this role but not configured in this argument will be removed. * */ public Output> policyArns() { return this.policyArns; } /** * IAM role name. * */ @Export(name="roleName", refs={String.class}, tree="[0]") private Output roleName; /** * @return IAM role name. * */ public Output roleName() { return this.roleName; } /** * * @param name The _unique_ name of the resulting resource. */ public RolePolicyAttachmentsExclusive(java.lang.String name) { this(name, RolePolicyAttachmentsExclusiveArgs.Empty); } /** * * @param name The _unique_ name of the resulting resource. * @param args The arguments to use to populate this resource's properties. */ public RolePolicyAttachmentsExclusive(java.lang.String name, RolePolicyAttachmentsExclusiveArgs args) { this(name, args, null); } /** * * @param name The _unique_ name of the resulting resource. * @param args The arguments to use to populate this resource's properties. * @param options A bag of options that control this resource's behavior. */ public RolePolicyAttachmentsExclusive(java.lang.String name, RolePolicyAttachmentsExclusiveArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { super("aws:iam/rolePolicyAttachmentsExclusive:RolePolicyAttachmentsExclusive", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false); } private RolePolicyAttachmentsExclusive(java.lang.String name, Output id, @Nullable RolePolicyAttachmentsExclusiveState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { super("aws:iam/rolePolicyAttachmentsExclusive:RolePolicyAttachmentsExclusive", name, state, makeResourceOptions(options, id), false); } private static RolePolicyAttachmentsExclusiveArgs makeArgs(RolePolicyAttachmentsExclusiveArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) { if (options != null && options.getUrn().isPresent()) { return null; } return args == null ? RolePolicyAttachmentsExclusiveArgs.Empty : args; } private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) { var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder() .version(Utilities.getVersion()) .build(); return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id); } /** * Get an existing Host resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state * @param options Optional settings to control the behavior of the CustomResource. */ public static RolePolicyAttachmentsExclusive get(java.lang.String name, Output id, @Nullable RolePolicyAttachmentsExclusiveState state, @Nullable com.pulumi.resources.CustomResourceOptions options) { return new RolePolicyAttachmentsExclusive(name, id, state, options); } }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy