com.pulumi.aws.iam.kotlin.AccessKey.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-aws-kotlin Show documentation
Show all versions of pulumi-aws-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.aws.iam.kotlin
import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
/**
* Builder for [AccessKey].
*/
@PulumiTagMarker
public class AccessKeyResourceBuilder internal constructor() {
public var name: String? = null
public var args: AccessKeyArgs = AccessKeyArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend AccessKeyArgsBuilder.() -> Unit) {
val builder = AccessKeyArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): AccessKey {
val builtJavaResource = com.pulumi.aws.iam.AccessKey(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return AccessKey(builtJavaResource)
}
}
/**
* Provides an IAM access key. This is a set of credentials that allow API requests to be made as an IAM user.
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
* const lbUser = new aws.iam.User("lb", {
* name: "loadbalancer",
* path: "/system/",
* });
* const lb = new aws.iam.AccessKey("lb", {
* user: lbUser.name,
* pgpKey: "keybase:some_person_that_exists",
* });
* const lbRo = aws.iam.getPolicyDocument({
* statements: [{
* effect: "Allow",
* actions: ["ec2:Describe*"],
* resources: ["*"],
* }],
* });
* const lbRoUserPolicy = new aws.iam.UserPolicy("lb_ro", {
* name: "test",
* user: lbUser.name,
* policy: lbRo.then(lbRo => lbRo.json),
* });
* export const secret = lb.encryptedSecret;
* ```
* ```python
* import pulumi
* import pulumi_aws as aws
* lb_user = aws.iam.User("lb",
* name="loadbalancer",
* path="/system/")
* lb = aws.iam.AccessKey("lb",
* user=lb_user.name,
* pgp_key="keybase:some_person_that_exists")
* lb_ro = aws.iam.get_policy_document(statements=[{
* "effect": "Allow",
* "actions": ["ec2:Describe*"],
* "resources": ["*"],
* }])
* lb_ro_user_policy = aws.iam.UserPolicy("lb_ro",
* name="test",
* user=lb_user.name,
* policy=lb_ro.json)
* pulumi.export("secret", lb.encrypted_secret)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Aws = Pulumi.Aws;
* return await Deployment.RunAsync(() =>
* {
* var lbUser = new Aws.Iam.User("lb", new()
* {
* Name = "loadbalancer",
* Path = "/system/",
* });
* var lb = new Aws.Iam.AccessKey("lb", new()
* {
* User = lbUser.Name,
* PgpKey = "keybase:some_person_that_exists",
* });
* var lbRo = Aws.Iam.GetPolicyDocument.Invoke(new()
* {
* Statements = new[]
* {
* new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
* {
* Effect = "Allow",
* Actions = new[]
* {
* "ec2:Describe*",
* },
* Resources = new[]
* {
* "*",
* },
* },
* },
* });
* var lbRoUserPolicy = new Aws.Iam.UserPolicy("lb_ro", new()
* {
* Name = "test",
* User = lbUser.Name,
* Policy = lbRo.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
* });
* return new Dictionary
* {
* ["secret"] = lb.EncryptedSecret,
* };
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* lbUser, err := iam.NewUser(ctx, "lb", &iam.UserArgs{
* Name: pulumi.String("loadbalancer"),
* Path: pulumi.String("/system/"),
* })
* if err != nil {
* return err
* }
* lb, err := iam.NewAccessKey(ctx, "lb", &iam.AccessKeyArgs{
* User: lbUser.Name,
* PgpKey: pulumi.String("keybase:some_person_that_exists"),
* })
* if err != nil {
* return err
* }
* lbRo, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
* Statements: []iam.GetPolicyDocumentStatement{
* {
* Effect: pulumi.StringRef("Allow"),
* Actions: []string{
* "ec2:Describe*",
* },
* Resources: []string{
* "*",
* },
* },
* },
* }, nil)
* if err != nil {
* return err
* }
* _, err = iam.NewUserPolicy(ctx, "lb_ro", &iam.UserPolicyArgs{
* Name: pulumi.String("test"),
* User: lbUser.Name,
* Policy: pulumi.String(lbRo.Json),
* })
* if err != nil {
* return err
* }
* ctx.Export("secret", lb.EncryptedSecret)
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.aws.iam.User;
* import com.pulumi.aws.iam.UserArgs;
* import com.pulumi.aws.iam.AccessKey;
* import com.pulumi.aws.iam.AccessKeyArgs;
* import com.pulumi.aws.iam.IamFunctions;
* import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
* import com.pulumi.aws.iam.UserPolicy;
* import com.pulumi.aws.iam.UserPolicyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var lbUser = new User("lbUser", UserArgs.builder()
* .name("loadbalancer")
* .path("/system/")
* .build());
* var lb = new AccessKey("lb", AccessKeyArgs.builder()
* .user(lbUser.name())
* .pgpKey("keybase:some_person_that_exists")
* .build());
* final var lbRo = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
* .statements(GetPolicyDocumentStatementArgs.builder()
* .effect("Allow")
* .actions("ec2:Describe*")
* .resources("*")
* .build())
* .build());
* var lbRoUserPolicy = new UserPolicy("lbRoUserPolicy", UserPolicyArgs.builder()
* .name("test")
* .user(lbUser.name())
* .policy(lbRo.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
* .build());
* ctx.export("secret", lb.encryptedSecret());
* }
* }
* ```
* ```yaml
* resources:
* lb:
* type: aws:iam:AccessKey
* properties:
* user: ${lbUser.name}
* pgpKey: keybase:some_person_that_exists
* lbUser:
* type: aws:iam:User
* name: lb
* properties:
* name: loadbalancer
* path: /system/
* lbRoUserPolicy:
* type: aws:iam:UserPolicy
* name: lb_ro
* properties:
* name: test
* user: ${lbUser.name}
* policy: ${lbRo.json}
* variables:
* lbRo:
* fn::invoke:
* Function: aws:iam:getPolicyDocument
* Arguments:
* statements:
* - effect: Allow
* actions:
* - ec2:Describe*
* resources:
* - '*'
* outputs:
* secret: ${lb.encryptedSecret}
* ```
*
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
* const test = new aws.iam.User("test", {
* name: "test",
* path: "/test/",
* });
* const testAccessKey = new aws.iam.AccessKey("test", {user: test.name});
* export const awsIamSmtpPasswordV4 = testAccessKey.sesSmtpPasswordV4;
* ```
* ```python
* import pulumi
* import pulumi_aws as aws
* test = aws.iam.User("test",
* name="test",
* path="/test/")
* test_access_key = aws.iam.AccessKey("test", user=test.name)
* pulumi.export("awsIamSmtpPasswordV4", test_access_key.ses_smtp_password_v4)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Aws = Pulumi.Aws;
* return await Deployment.RunAsync(() =>
* {
* var test = new Aws.Iam.User("test", new()
* {
* Name = "test",
* Path = "/test/",
* });
* var testAccessKey = new Aws.Iam.AccessKey("test", new()
* {
* User = test.Name,
* });
* return new Dictionary
* {
* ["awsIamSmtpPasswordV4"] = testAccessKey.SesSmtpPasswordV4,
* };
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* test, err := iam.NewUser(ctx, "test", &iam.UserArgs{
* Name: pulumi.String("test"),
* Path: pulumi.String("/test/"),
* })
* if err != nil {
* return err
* }
* testAccessKey, err := iam.NewAccessKey(ctx, "test", &iam.AccessKeyArgs{
* User: test.Name,
* })
* if err != nil {
* return err
* }
* ctx.Export("awsIamSmtpPasswordV4", testAccessKey.SesSmtpPasswordV4)
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.aws.iam.User;
* import com.pulumi.aws.iam.UserArgs;
* import com.pulumi.aws.iam.AccessKey;
* import com.pulumi.aws.iam.AccessKeyArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var test = new User("test", UserArgs.builder()
* .name("test")
* .path("/test/")
* .build());
* var testAccessKey = new AccessKey("testAccessKey", AccessKeyArgs.builder()
* .user(test.name())
* .build());
* ctx.export("awsIamSmtpPasswordV4", testAccessKey.sesSmtpPasswordV4());
* }
* }
* ```
* ```yaml
* resources:
* test:
* type: aws:iam:User
* properties:
* name: test
* path: /test/
* testAccessKey:
* type: aws:iam:AccessKey
* name: test
* properties:
* user: ${test.name}
* outputs:
* awsIamSmtpPasswordV4: ${testAccessKey.sesSmtpPasswordV4}
* ```
*
* ## Import
* Using `pulumi import`, import IAM Access Keys using the identifier. For example:
* ```sh
* $ pulumi import aws:iam/accessKey:AccessKey example AKIA1234567890
* ```
* Resource attributes such as `encrypted_secret`, `key_fingerprint`, `pgp_key`, `secret`, `ses_smtp_password_v4`, and `encrypted_ses_smtp_password_v4` are not available for imported resources as this information cannot be read from the IAM API.
*/
public class AccessKey internal constructor(
override val javaResource: com.pulumi.aws.iam.AccessKey,
) : KotlinCustomResource(javaResource, AccessKeyMapper) {
/**
* Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) that the access key was created.
*/
public val createDate: Output
get() = javaResource.createDate().applyValue({ args0 -> args0 })
/**
* Encrypted secret, base64 encoded, if `pgp_key` was specified. This attribute is not available for imported resources. The encrypted secret may be decrypted using the command line.
*/
public val encryptedSecret: Output
get() = javaResource.encryptedSecret().applyValue({ args0 -> args0 })
/**
* Encrypted SES SMTP password, base64 encoded, if `pgp_key` was specified. This attribute is not available for imported resources. The encrypted password may be decrypted using the command line.
*/
public val encryptedSesSmtpPasswordV4: Output
get() = javaResource.encryptedSesSmtpPasswordV4().applyValue({ args0 -> args0 })
/**
* Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.
*/
public val keyFingerprint: Output
get() = javaResource.keyFingerprint().applyValue({ args0 -> args0 })
/**
* Either a base-64 encoded PGP public key, or a keybase username in the form `keybase:some_person_that_exists`, for use in the `encrypted_secret` output attribute. If providing a base-64 encoded PGP public key, make sure to provide the "raw" version and not the "armored" one (e.g. avoid passing the `-a` option to `gpg --export`).
*/
public val pgpKey: Output?
get() = javaResource.pgpKey().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a `pgp_key` instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.
*/
public val secret: Output
get() = javaResource.secret().applyValue({ args0 -> args0 })
/**
* Secret access key converted into an SES SMTP password by applying [AWS's documented Sigv4 conversion algorithm](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html#smtp-credentials-convert). This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are `ap-south-1`, `ap-southeast-2`, `eu-central-1`, `eu-west-1`, `us-east-1` and `us-west-2`. See current [AWS SES regions](https://docs.aws.amazon.com/general/latest/gr/rande.html#ses_region).
*/
public val sesSmtpPasswordV4: Output
get() = javaResource.sesSmtpPasswordV4().applyValue({ args0 -> args0 })
/**
* Access key status to apply. Defaults to `Active`. Valid values are `Active` and `Inactive`.
*/
public val status: Output?
get() = javaResource.status().applyValue({ args0 -> args0.map({ args0 -> args0 }).orElse(null) })
/**
* IAM user to associate with this access key.
*/
public val user: Output
get() = javaResource.user().applyValue({ args0 -> args0 })
}
public object AccessKeyMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.aws.iam.AccessKey::class == javaResource::class
override fun map(javaResource: Resource): AccessKey = AccessKey(
javaResource as
com.pulumi.aws.iam.AccessKey,
)
}
/**
* @see [AccessKey].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [AccessKey].
*/
public suspend fun accessKey(name: String, block: suspend AccessKeyResourceBuilder.() -> Unit): AccessKey {
val builder = AccessKeyResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [AccessKey].
* @param name The _unique_ name of the resulting resource.
*/
public fun accessKey(name: String): AccessKey {
val builder = AccessKeyResourceBuilder()
builder.name(name)
return builder.build()
}