com.pulumi.aws.iam.RolePolicyAttachmentsExclusive Maven / Gradle / Ivy
// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package com.pulumi.aws.iam;
import com.pulumi.aws.Utilities;
import com.pulumi.aws.iam.RolePolicyAttachmentsExclusiveArgs;
import com.pulumi.aws.iam.inputs.RolePolicyAttachmentsExclusiveState;
import com.pulumi.core.Output;
import com.pulumi.core.annotations.Export;
import com.pulumi.core.annotations.ResourceType;
import com.pulumi.core.internal.Codegen;
import java.lang.String;
import java.util.List;
import javax.annotation.Nullable;
/**
* > **NOTE:**: To reliably detect drift between customer managed policies listed in this resource and actual policies attached to the role in the cloud, you currently need to run Pulumi with `pulumi up --refresh`. See [#4766](https://github.com/pulumi/pulumi-aws/issues/4766) for tracking making this work with regular `pulumi up`
*
* Resource for maintaining exclusive management of managed IAM policies assigned to an AWS IAM (Identity & Access Management) role.
*
* !> This resource takes exclusive ownership over managed IAM policies attached to a role. This includes removal of managed IAM policies which are not explicitly configured. To prevent persistent drift, ensure any `aws.iam.RolePolicyAttachment` resources managed alongside this resource are included in the `policy_arns` argument.
*
* > Destruction of this resource means Pulumi will no longer manage reconciliation of the configured policy attachments. It **will not** detach the configured policies from the role.
*
* ## Example Usage
*
* ### Basic Usage
*
* <!--Start PulumiCodeChooser -->
*
* {@code
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.aws.iam.RolePolicyAttachmentsExclusive;
* import com.pulumi.aws.iam.RolePolicyAttachmentsExclusiveArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
*
* public static void stack(Context ctx) {
* var example = new RolePolicyAttachmentsExclusive("example", RolePolicyAttachmentsExclusiveArgs.builder()
* .roleName(exampleAwsIamRole.name())
* .policyArns(exampleAwsIamPolicy.arn())
* .build());
*
* }
* }
* }
*
* <!--End PulumiCodeChooser -->
*
* ### Disallow Managed IAM Policies
*
* To automatically remove any configured managed IAM policies, set the `policy_arns` argument to an empty list.
*
* > This will not **prevent** managed IAM policies from being assigned to a role via Pulumi (or any other interface). This resource enables bringing managed IAM policy assignments into a configured state, however, this reconciliation happens only when `apply` is proactively run.
*
* <!--Start PulumiCodeChooser -->
*
* {@code
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.aws.iam.RolePolicyAttachmentsExclusive;
* import com.pulumi.aws.iam.RolePolicyAttachmentsExclusiveArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
*
* public static void stack(Context ctx) {
* var example = new RolePolicyAttachmentsExclusive("example", RolePolicyAttachmentsExclusiveArgs.builder()
* .roleName(exampleAwsIamRole.name())
* .policyArns()
* .build());
*
* }
* }
* }
*
* <!--End PulumiCodeChooser -->
*
* ## Import
*
* Using `pulumi import`, import exclusive management of managed IAM policy assignments using the `role_name`. For example:
*
* ```sh
* $ pulumi import aws:iam/rolePolicyAttachmentsExclusive:RolePolicyAttachmentsExclusive example MyRole
* ```
*
*/
@ResourceType(type="aws:iam/rolePolicyAttachmentsExclusive:RolePolicyAttachmentsExclusive")
public class RolePolicyAttachmentsExclusive extends com.pulumi.resources.CustomResource {
/**
* A list of managed IAM policy ARNs to be attached to the role. Policies attached to this role but not configured in this argument will be removed.
*
*/
@Export(name="policyArns", refs={List.class,String.class}, tree="[0,1]")
private Output> policyArns;
/**
* @return A list of managed IAM policy ARNs to be attached to the role. Policies attached to this role but not configured in this argument will be removed.
*
*/
public Output> policyArns() {
return this.policyArns;
}
/**
* IAM role name.
*
*/
@Export(name="roleName", refs={String.class}, tree="[0]")
private Output roleName;
/**
* @return IAM role name.
*
*/
public Output roleName() {
return this.roleName;
}
/**
*
* @param name The _unique_ name of the resulting resource.
*/
public RolePolicyAttachmentsExclusive(java.lang.String name) {
this(name, RolePolicyAttachmentsExclusiveArgs.Empty);
}
/**
*
* @param name The _unique_ name of the resulting resource.
* @param args The arguments to use to populate this resource's properties.
*/
public RolePolicyAttachmentsExclusive(java.lang.String name, RolePolicyAttachmentsExclusiveArgs args) {
this(name, args, null);
}
/**
*
* @param name The _unique_ name of the resulting resource.
* @param args The arguments to use to populate this resource's properties.
* @param options A bag of options that control this resource's behavior.
*/
public RolePolicyAttachmentsExclusive(java.lang.String name, RolePolicyAttachmentsExclusiveArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
super("aws:iam/rolePolicyAttachmentsExclusive:RolePolicyAttachmentsExclusive", name, makeArgs(args, options), makeResourceOptions(options, Codegen.empty()), false);
}
private RolePolicyAttachmentsExclusive(java.lang.String name, Output id, @Nullable RolePolicyAttachmentsExclusiveState state, @Nullable com.pulumi.resources.CustomResourceOptions options) {
super("aws:iam/rolePolicyAttachmentsExclusive:RolePolicyAttachmentsExclusive", name, state, makeResourceOptions(options, id), false);
}
private static RolePolicyAttachmentsExclusiveArgs makeArgs(RolePolicyAttachmentsExclusiveArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options) {
if (options != null && options.getUrn().isPresent()) {
return null;
}
return args == null ? RolePolicyAttachmentsExclusiveArgs.Empty : args;
}
private static com.pulumi.resources.CustomResourceOptions makeResourceOptions(@Nullable com.pulumi.resources.CustomResourceOptions options, @Nullable Output id) {
var defaultOptions = com.pulumi.resources.CustomResourceOptions.builder()
.version(Utilities.getVersion())
.build();
return com.pulumi.resources.CustomResourceOptions.merge(defaultOptions, options, id);
}
/**
* Get an existing Host resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state
* @param options Optional settings to control the behavior of the CustomResource.
*/
public static RolePolicyAttachmentsExclusive get(java.lang.String name, Output id, @Nullable RolePolicyAttachmentsExclusiveState state, @Nullable com.pulumi.resources.CustomResourceOptions options) {
return new RolePolicyAttachmentsExclusive(name, id, state, options);
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy