com.pulumi.aws.iam.kotlin.RolePoliciesExclusiveArgs.kt Maven / Gradle / Ivy

Go to download
@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.aws.iam.kotlin

import com.pulumi.aws.iam.RolePoliciesExclusiveArgs.builder
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import kotlin.String
import kotlin.Suppress
import kotlin.collections.List
import kotlin.jvm.JvmName

/**
 * > **NOTE:**: To reliably detect drift between customer managed inline policies listed in this resource and actual policies attached to the role in the cloud, you currently need to run Pulumi with `pulumi up --refresh`. See [#4766](https://github.com/pulumi/pulumi-aws/issues/4766) for tracking making this work with regular `pulumi up` invocations.
 * Resource for maintaining exclusive management of inline policies assigned to an AWS IAM (Identity & Access Management) role.
 * !> This resource takes exclusive ownership over inline policies assigned to a role. This includes removal of inline policies which are not explicitly configured. To prevent persistent drift, ensure any `aws.iam.RolePolicy` resources managed alongside this resource are included in the `policy_names` argument.
 * > Destruction of this resource means Pulumi will no longer manage reconciliation of the configured inline policy assignments. It __will not__ delete the configured policies from the role.
 * ## Example Usage
 * ### Basic Usage
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as aws from "@pulumi/aws";
 * const example = new aws.iam.RolePoliciesExclusive("example", {
 *     roleName: exampleAwsIamRole.name,
 *     policyNames: [exampleAwsIamRolePolicy.name],
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_aws as aws
 * example = aws.iam.RolePoliciesExclusive("example",
 *     role_name=example_aws_iam_role["name"],
 *     policy_names=[example_aws_iam_role_policy["name"]])
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Aws = Pulumi.Aws;
 * return await Deployment.RunAsync(() =>
 * {
 *     var example = new Aws.Iam.RolePoliciesExclusive("example", new()
 *     {
 *         RoleName = exampleAwsIamRole.Name,
 *         PolicyNames = new[]
 *         {
 *             exampleAwsIamRolePolicy.Name,
 *         },
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := iam.NewRolePoliciesExclusive(ctx, "example", &iam.RolePoliciesExclusiveArgs{
 * 			RoleName: pulumi.Any(exampleAwsIamRole.Name),
 * 			PolicyNames: pulumi.StringArray{
 * 				exampleAwsIamRolePolicy.Name,
 * 			},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.aws.iam.RolePoliciesExclusive;
 * import com.pulumi.aws.iam.RolePoliciesExclusiveArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var example = new RolePoliciesExclusive("example", RolePoliciesExclusiveArgs.builder()
 *             .roleName(exampleAwsIamRole.name())
 *             .policyNames(exampleAwsIamRolePolicy.name())
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   example:
 *     type: aws:iam:RolePoliciesExclusive
 *     properties:
 *       roleName: ${exampleAwsIamRole.name}
 *       policyNames:
 *         - ${exampleAwsIamRolePolicy.name}
 * ```
 * 
 * ### Disallow Inline Policies
 * To automatically remove any configured inline policies, set the `policy_names` argument to an empty list.
 * > This will not __prevent__ inline policies from being assigned to a role via Pulumi (or any other interface). This resource enables bringing inline policy assignments into a configured state, however, this reconciliation happens only when `apply` is proactively run.
 * 
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as aws from "@pulumi/aws";
 * const example = new aws.iam.RolePoliciesExclusive("example", {
 *     roleName: exampleAwsIamRole.name,
 *     policyNames: [],
 * });
 * ```
 * ```python
 * import pulumi
 * import pulumi_aws as aws
 * example = aws.iam.RolePoliciesExclusive("example",
 *     role_name=example_aws_iam_role["name"],
 *     policy_names=[])
 * ```
 * ```csharp
 * using System.Collections.Generic;
 * using System.Linq;
 * using Pulumi;
 * using Aws = Pulumi.Aws;
 * return await Deployment.RunAsync(() =>
 * {
 *     var example = new Aws.Iam.RolePoliciesExclusive("example", new()
 *     {
 *         RoleName = exampleAwsIamRole.Name,
 *         PolicyNames = new[] {},
 *     });
 * });
 * ```
 * ```go
 * package main
 * import (
 * 	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
 * 	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
 * )
 * func main() {
 * 	pulumi.Run(func(ctx *pulumi.Context) error {
 * 		_, err := iam.NewRolePoliciesExclusive(ctx, "example", &iam.RolePoliciesExclusiveArgs{
 * 			RoleName:    pulumi.Any(exampleAwsIamRole.Name),
 * 			PolicyNames: pulumi.StringArray{},
 * 		})
 * 		if err != nil {
 * 			return err
 * 		}
 * 		return nil
 * 	})
 * }
 * ```
 * ```java
 * package generated_program;
 * import com.pulumi.Context;
 * import com.pulumi.Pulumi;
 * import com.pulumi.core.Output;
 * import com.pulumi.aws.iam.RolePoliciesExclusive;
 * import com.pulumi.aws.iam.RolePoliciesExclusiveArgs;
 * import java.util.List;
 * import java.util.ArrayList;
 * import java.util.Map;
 * import java.io.File;
 * import java.nio.file.Files;
 * import java.nio.file.Paths;
 * public class App {
 *     public static void main(String[] args) {
 *         Pulumi.run(App::stack);
 *     }
 *     public static void stack(Context ctx) {
 *         var example = new RolePoliciesExclusive("example", RolePoliciesExclusiveArgs.builder()
 *             .roleName(exampleAwsIamRole.name())
 *             .policyNames()
 *             .build());
 *     }
 * }
 * ```
 * ```yaml
 * resources:
 *   example:
 *     type: aws:iam:RolePoliciesExclusive
 *     properties:
 *       roleName: ${exampleAwsIamRole.name}
 *       policyNames: []
 * ```
 * 
 * ## Import
 * Using `pulumi import`, import exclusive management of inline policy assignments using the `role_name`. For example:
 * ```sh
 * $ pulumi import aws:iam/rolePoliciesExclusive:RolePoliciesExclusive example MyRole
 * ```
 * @property policyNames A list of inline policy names to be assigned to the role. Policies attached to this role but not configured in this argument will be removed.
 * @property roleName IAM role name.
 */
public data class RolePoliciesExclusiveArgs(
    public val policyNames: Output>? = null,
    public val roleName: Output? = null,
) : ConvertibleToJava {
    override fun toJava(): com.pulumi.aws.iam.RolePoliciesExclusiveArgs =
        com.pulumi.aws.iam.RolePoliciesExclusiveArgs.builder()
            .policyNames(policyNames?.applyValue({ args0 -> args0.map({ args0 -> args0 }) }))
            .roleName(roleName?.applyValue({ args0 -> args0 })).build()
}

/**
 * Builder for [RolePoliciesExclusiveArgs].
 */
@PulumiTagMarker
public class RolePoliciesExclusiveArgsBuilder internal constructor() {
    private var policyNames: Output>? = null

    private var roleName: Output? = null

    /**
     * @param value A list of inline policy names to be assigned to the role. Policies attached to this role but not configured in this argument will be removed.
     */
    @JvmName("ahbsrinxdbfvnjhx")
    public suspend fun policyNames(`value`: Output>) {
        this.policyNames = value
    }

    @JvmName("lmuscxgjcqddqbea")
    public suspend fun policyNames(vararg values: Output) {
        this.policyNames = Output.all(values.asList())
    }

    /**
     * @param values A list of inline policy names to be assigned to the role. Policies attached to this role but not configured in this argument will be removed.
     */
    @JvmName("jyufxatmllhnfiub")
    public suspend fun policyNames(values: List>) {
        this.policyNames = Output.all(values)
    }

    /**
     * @param value IAM role name.
     */
    @JvmName("qrogyuywkoafyqec")
    public suspend fun roleName(`value`: Output) {
        this.roleName = value
    }

    /**
     * @param value A list of inline policy names to be assigned to the role. Policies attached to this role but not configured in this argument will be removed.
     */
    @JvmName("bcycduogreimosjx")
    public suspend fun policyNames(`value`: List?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.policyNames = mapped
    }

    /**
     * @param values A list of inline policy names to be assigned to the role. Policies attached to this role but not configured in this argument will be removed.
     */
    @JvmName("lqpexmleujmksgug")
    public suspend fun policyNames(vararg values: String) {
        val toBeMapped = values.toList()
        val mapped = toBeMapped.let({ args0 -> of(args0) })
        this.policyNames = mapped
    }

    /**
     * @param value IAM role name.
     */
    @JvmName("sutuavgrkfcnqkrc")
    public suspend fun roleName(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.roleName = mapped
    }

    internal fun build(): RolePoliciesExclusiveArgs = RolePoliciesExclusiveArgs(
        policyNames = policyNames,
        roleName = roleName,
    )
}