aws

package
v4.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 11, 2021 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthBackendCert 

type AuthBackendCert struct {
	pulumi.CustomResourceState

	// The  Base64 encoded AWS Public key required to
	// verify PKCS7 signature of the EC2 instance metadata. You can find this key in
	// the [AWS
	// documentation](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html).
	AwsPublicCert pulumi.StringOutput `pulumi:"awsPublicCert"`
	// The path the AWS auth backend being configured was
	// mounted at.  Defaults to `aws`.
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// The name of the certificate.
	CertName pulumi.StringOutput `pulumi:"certName"`
	// Either "pkcs7" or "identity", indicating the type of
	// document which can be verified using the given certificate. Defaults to
	// "pkcs7".
	Type pulumi.StringPtrOutput `pulumi:"type"`
}

## Import

AWS auth backend certificates can be imported using `auth/`, the `backend` path, `/config/certificate/`, and the `cert_name` e.g.

```sh 

$ pulumi import vault:aws/authBackendCert:AuthBackendCert example auth/aws/config/certificate/my-cert

```

func GetAuthBackendCert 

func GetAuthBackendCert(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendCertState, opts ...pulumi.ResourceOption) (*AuthBackendCert, error)

GetAuthBackendCert gets an existing AuthBackendCert resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendCert 

func NewAuthBackendCert(ctx *pulumi.Context,
	name string, args *AuthBackendCertArgs, opts ...pulumi.ResourceOption) (*AuthBackendCert, error)

NewAuthBackendCert registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendCert) ElementType 

func (*AuthBackendCert) ElementType() reflect.Type

func (*AuthBackendCert) ToAuthBackendCertOutput 

func (i *AuthBackendCert) ToAuthBackendCertOutput() AuthBackendCertOutput

func (*AuthBackendCert) ToAuthBackendCertOutputWithContext 

func (i *AuthBackendCert) ToAuthBackendCertOutputWithContext(ctx context.Context) AuthBackendCertOutput

func (*AuthBackendCert) ToAuthBackendCertPtrOutput 

func (i *AuthBackendCert) ToAuthBackendCertPtrOutput() AuthBackendCertPtrOutput

func (*AuthBackendCert) ToAuthBackendCertPtrOutputWithContext 

func (i *AuthBackendCert) ToAuthBackendCertPtrOutputWithContext(ctx context.Context) AuthBackendCertPtrOutput

type AuthBackendCertArgs 

type AuthBackendCertArgs struct {
	// The  Base64 encoded AWS Public key required to
	// verify PKCS7 signature of the EC2 instance metadata. You can find this key in
	// the [AWS
	// documentation](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html).
	AwsPublicCert pulumi.StringInput
	// The path the AWS auth backend being configured was
	// mounted at.  Defaults to `aws`.
	Backend pulumi.StringPtrInput
	// The name of the certificate.
	CertName pulumi.StringInput
	// Either "pkcs7" or "identity", indicating the type of
	// document which can be verified using the given certificate. Defaults to
	// "pkcs7".
	Type pulumi.StringPtrInput
}

The set of arguments for constructing a AuthBackendCert resource.

func (AuthBackendCertArgs) ElementType 

func (AuthBackendCertArgs) ElementType() reflect.Type

type AuthBackendCertArray 

type AuthBackendCertArray []AuthBackendCertInput

func (AuthBackendCertArray) ElementType 

func (AuthBackendCertArray) ElementType() reflect.Type

func (AuthBackendCertArray) ToAuthBackendCertArrayOutput 

func (i AuthBackendCertArray) ToAuthBackendCertArrayOutput() AuthBackendCertArrayOutput

func (AuthBackendCertArray) ToAuthBackendCertArrayOutputWithContext 

func (i AuthBackendCertArray) ToAuthBackendCertArrayOutputWithContext(ctx context.Context) AuthBackendCertArrayOutput

type AuthBackendCertArrayInput 

type AuthBackendCertArrayInput interface {
	pulumi.Input

	ToAuthBackendCertArrayOutput() AuthBackendCertArrayOutput
	ToAuthBackendCertArrayOutputWithContext(context.Context) AuthBackendCertArrayOutput
}

AuthBackendCertArrayInput is an input type that accepts AuthBackendCertArray and AuthBackendCertArrayOutput values. You can construct a concrete instance of `AuthBackendCertArrayInput` via: 

AuthBackendCertArray{ AuthBackendCertArgs{...} }

type AuthBackendCertArrayOutput 

type AuthBackendCertArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendCertArrayOutput) ElementType 

func (AuthBackendCertArrayOutput) ElementType() reflect.Type

func (AuthBackendCertArrayOutput) Index 

func (o AuthBackendCertArrayOutput) Index(i pulumi.IntInput) AuthBackendCertOutput

func (AuthBackendCertArrayOutput) ToAuthBackendCertArrayOutput 

func (o AuthBackendCertArrayOutput) ToAuthBackendCertArrayOutput() AuthBackendCertArrayOutput

func (AuthBackendCertArrayOutput) ToAuthBackendCertArrayOutputWithContext 

func (o AuthBackendCertArrayOutput) ToAuthBackendCertArrayOutputWithContext(ctx context.Context) AuthBackendCertArrayOutput

type AuthBackendCertInput 

type AuthBackendCertInput interface {
	pulumi.Input

	ToAuthBackendCertOutput() AuthBackendCertOutput
	ToAuthBackendCertOutputWithContext(ctx context.Context) AuthBackendCertOutput
}

type AuthBackendCertMap 

type AuthBackendCertMap map[string]AuthBackendCertInput

func (AuthBackendCertMap) ElementType 

func (AuthBackendCertMap) ElementType() reflect.Type

func (AuthBackendCertMap) ToAuthBackendCertMapOutput 

func (i AuthBackendCertMap) ToAuthBackendCertMapOutput() AuthBackendCertMapOutput

func (AuthBackendCertMap) ToAuthBackendCertMapOutputWithContext 

func (i AuthBackendCertMap) ToAuthBackendCertMapOutputWithContext(ctx context.Context) AuthBackendCertMapOutput

type AuthBackendCertMapInput 

type AuthBackendCertMapInput interface {
	pulumi.Input

	ToAuthBackendCertMapOutput() AuthBackendCertMapOutput
	ToAuthBackendCertMapOutputWithContext(context.Context) AuthBackendCertMapOutput
}

AuthBackendCertMapInput is an input type that accepts AuthBackendCertMap and AuthBackendCertMapOutput values. You can construct a concrete instance of `AuthBackendCertMapInput` via: 

AuthBackendCertMap{ "key": AuthBackendCertArgs{...} }

type AuthBackendCertMapOutput 

type AuthBackendCertMapOutput struct{ *pulumi.OutputState }

func (AuthBackendCertMapOutput) ElementType 

func (AuthBackendCertMapOutput) ElementType() reflect.Type

func (AuthBackendCertMapOutput) MapIndex 

func (o AuthBackendCertMapOutput) MapIndex(k pulumi.StringInput) AuthBackendCertOutput

func (AuthBackendCertMapOutput) ToAuthBackendCertMapOutput 

func (o AuthBackendCertMapOutput) ToAuthBackendCertMapOutput() AuthBackendCertMapOutput

func (AuthBackendCertMapOutput) ToAuthBackendCertMapOutputWithContext 

func (o AuthBackendCertMapOutput) ToAuthBackendCertMapOutputWithContext(ctx context.Context) AuthBackendCertMapOutput

type AuthBackendCertOutput 

type AuthBackendCertOutput struct{ *pulumi.OutputState }

func (AuthBackendCertOutput) ElementType 

func (AuthBackendCertOutput) ElementType() reflect.Type

func (AuthBackendCertOutput) ToAuthBackendCertOutput 

func (o AuthBackendCertOutput) ToAuthBackendCertOutput() AuthBackendCertOutput

func (AuthBackendCertOutput) ToAuthBackendCertOutputWithContext 

func (o AuthBackendCertOutput) ToAuthBackendCertOutputWithContext(ctx context.Context) AuthBackendCertOutput

func (AuthBackendCertOutput) ToAuthBackendCertPtrOutput 

func (o AuthBackendCertOutput) ToAuthBackendCertPtrOutput() AuthBackendCertPtrOutput

func (AuthBackendCertOutput) ToAuthBackendCertPtrOutputWithContext 

func (o AuthBackendCertOutput) ToAuthBackendCertPtrOutputWithContext(ctx context.Context) AuthBackendCertPtrOutput

type AuthBackendCertPtrInput 

type AuthBackendCertPtrInput interface {
	pulumi.Input

	ToAuthBackendCertPtrOutput() AuthBackendCertPtrOutput
	ToAuthBackendCertPtrOutputWithContext(ctx context.Context) AuthBackendCertPtrOutput
}

type AuthBackendCertPtrOutput 

type AuthBackendCertPtrOutput struct{ *pulumi.OutputState }

func (AuthBackendCertPtrOutput) Elem added in v4.6.0 

func (o AuthBackendCertPtrOutput) Elem() AuthBackendCertOutput

func (AuthBackendCertPtrOutput) ElementType 

func (AuthBackendCertPtrOutput) ElementType() reflect.Type

func (AuthBackendCertPtrOutput) ToAuthBackendCertPtrOutput 

func (o AuthBackendCertPtrOutput) ToAuthBackendCertPtrOutput() AuthBackendCertPtrOutput

func (AuthBackendCertPtrOutput) ToAuthBackendCertPtrOutputWithContext 

func (o AuthBackendCertPtrOutput) ToAuthBackendCertPtrOutputWithContext(ctx context.Context) AuthBackendCertPtrOutput

type AuthBackendCertState 

type AuthBackendCertState struct {
	// The  Base64 encoded AWS Public key required to
	// verify PKCS7 signature of the EC2 instance metadata. You can find this key in
	// the [AWS
	// documentation](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-identity-documents.html).
	AwsPublicCert pulumi.StringPtrInput
	// The path the AWS auth backend being configured was
	// mounted at.  Defaults to `aws`.
	Backend pulumi.StringPtrInput
	// The name of the certificate.
	CertName pulumi.StringPtrInput
	// Either "pkcs7" or "identity", indicating the type of
	// document which can be verified using the given certificate. Defaults to
	// "pkcs7".
	Type pulumi.StringPtrInput
}

func (AuthBackendCertState) ElementType 

func (AuthBackendCertState) ElementType() reflect.Type

type AuthBackendClient 

type AuthBackendClient struct {
	pulumi.CustomResourceState

	// The AWS access key that Vault should use for the
	// auth backend.
	AccessKey pulumi.StringPtrOutput `pulumi:"accessKey"`
	// The path the AWS auth backend being configured was
	// mounted at.  Defaults to `aws`.
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// Override the URL Vault uses when making EC2 API
	// calls.
	Ec2Endpoint pulumi.StringPtrOutput `pulumi:"ec2Endpoint"`
	// Override the URL Vault uses when making IAM API
	// calls.
	IamEndpoint pulumi.StringPtrOutput `pulumi:"iamEndpoint"`
	// The value to require in the
	// `X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
	// that are used in the IAM auth method.
	IamServerIdHeaderValue pulumi.StringPtrOutput `pulumi:"iamServerIdHeaderValue"`
	// The AWS secret key that Vault should use for the
	// auth backend.
	SecretKey pulumi.StringPtrOutput `pulumi:"secretKey"`
	// Override the URL Vault uses when making STS API
	// calls.
	StsEndpoint pulumi.StringPtrOutput `pulumi:"stsEndpoint"`
	// Override the default region when making STS API
	// calls. The `stsEndpoint` argument must be set when using `stsRegion`.
	StsRegion pulumi.StringPtrOutput `pulumi:"stsRegion"`
}

## Import

AWS auth backend clients can be imported using `auth/`, the `backend` path, and `/config/client` e.g.

```sh 

$ pulumi import vault:aws/authBackendClient:AuthBackendClient example auth/aws/config/client

```

func GetAuthBackendClient 

func GetAuthBackendClient(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendClientState, opts ...pulumi.ResourceOption) (*AuthBackendClient, error)

GetAuthBackendClient gets an existing AuthBackendClient resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendClient 

func NewAuthBackendClient(ctx *pulumi.Context,
	name string, args *AuthBackendClientArgs, opts ...pulumi.ResourceOption) (*AuthBackendClient, error)

NewAuthBackendClient registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendClient) ElementType 

func (*AuthBackendClient) ElementType() reflect.Type

func (*AuthBackendClient) ToAuthBackendClientOutput 

func (i *AuthBackendClient) ToAuthBackendClientOutput() AuthBackendClientOutput

func (*AuthBackendClient) ToAuthBackendClientOutputWithContext 

func (i *AuthBackendClient) ToAuthBackendClientOutputWithContext(ctx context.Context) AuthBackendClientOutput

func (*AuthBackendClient) ToAuthBackendClientPtrOutput 

func (i *AuthBackendClient) ToAuthBackendClientPtrOutput() AuthBackendClientPtrOutput

func (*AuthBackendClient) ToAuthBackendClientPtrOutputWithContext 

func (i *AuthBackendClient) ToAuthBackendClientPtrOutputWithContext(ctx context.Context) AuthBackendClientPtrOutput

type AuthBackendClientArgs 

type AuthBackendClientArgs struct {
	// The AWS access key that Vault should use for the
	// auth backend.
	AccessKey pulumi.StringPtrInput
	// The path the AWS auth backend being configured was
	// mounted at.  Defaults to `aws`.
	Backend pulumi.StringPtrInput
	// Override the URL Vault uses when making EC2 API
	// calls.
	Ec2Endpoint pulumi.StringPtrInput
	// Override the URL Vault uses when making IAM API
	// calls.
	IamEndpoint pulumi.StringPtrInput
	// The value to require in the
	// `X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
	// that are used in the IAM auth method.
	IamServerIdHeaderValue pulumi.StringPtrInput
	// The AWS secret key that Vault should use for the
	// auth backend.
	SecretKey pulumi.StringPtrInput
	// Override the URL Vault uses when making STS API
	// calls.
	StsEndpoint pulumi.StringPtrInput
	// Override the default region when making STS API
	// calls. The `stsEndpoint` argument must be set when using `stsRegion`.
	StsRegion pulumi.StringPtrInput
}

The set of arguments for constructing a AuthBackendClient resource.

func (AuthBackendClientArgs) ElementType 

func (AuthBackendClientArgs) ElementType() reflect.Type

type AuthBackendClientArray 

type AuthBackendClientArray []AuthBackendClientInput

func (AuthBackendClientArray) ElementType 

func (AuthBackendClientArray) ElementType() reflect.Type

func (AuthBackendClientArray) ToAuthBackendClientArrayOutput 

func (i AuthBackendClientArray) ToAuthBackendClientArrayOutput() AuthBackendClientArrayOutput

func (AuthBackendClientArray) ToAuthBackendClientArrayOutputWithContext 

func (i AuthBackendClientArray) ToAuthBackendClientArrayOutputWithContext(ctx context.Context) AuthBackendClientArrayOutput

type AuthBackendClientArrayInput 

type AuthBackendClientArrayInput interface {
	pulumi.Input

	ToAuthBackendClientArrayOutput() AuthBackendClientArrayOutput
	ToAuthBackendClientArrayOutputWithContext(context.Context) AuthBackendClientArrayOutput
}

AuthBackendClientArrayInput is an input type that accepts AuthBackendClientArray and AuthBackendClientArrayOutput values. You can construct a concrete instance of `AuthBackendClientArrayInput` via: 

AuthBackendClientArray{ AuthBackendClientArgs{...} }

type AuthBackendClientArrayOutput 

type AuthBackendClientArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendClientArrayOutput) ElementType 

func (AuthBackendClientArrayOutput) ElementType() reflect.Type

func (AuthBackendClientArrayOutput) Index 

func (o AuthBackendClientArrayOutput) Index(i pulumi.IntInput) AuthBackendClientOutput

func (AuthBackendClientArrayOutput) ToAuthBackendClientArrayOutput 

func (o AuthBackendClientArrayOutput) ToAuthBackendClientArrayOutput() AuthBackendClientArrayOutput

func (AuthBackendClientArrayOutput) ToAuthBackendClientArrayOutputWithContext 

func (o AuthBackendClientArrayOutput) ToAuthBackendClientArrayOutputWithContext(ctx context.Context) AuthBackendClientArrayOutput

type AuthBackendClientInput 

type AuthBackendClientInput interface {
	pulumi.Input

	ToAuthBackendClientOutput() AuthBackendClientOutput
	ToAuthBackendClientOutputWithContext(ctx context.Context) AuthBackendClientOutput
}

type AuthBackendClientMap 

type AuthBackendClientMap map[string]AuthBackendClientInput

func (AuthBackendClientMap) ElementType 

func (AuthBackendClientMap) ElementType() reflect.Type

func (AuthBackendClientMap) ToAuthBackendClientMapOutput 

func (i AuthBackendClientMap) ToAuthBackendClientMapOutput() AuthBackendClientMapOutput

func (AuthBackendClientMap) ToAuthBackendClientMapOutputWithContext 

func (i AuthBackendClientMap) ToAuthBackendClientMapOutputWithContext(ctx context.Context) AuthBackendClientMapOutput

type AuthBackendClientMapInput 

type AuthBackendClientMapInput interface {
	pulumi.Input

	ToAuthBackendClientMapOutput() AuthBackendClientMapOutput
	ToAuthBackendClientMapOutputWithContext(context.Context) AuthBackendClientMapOutput
}

AuthBackendClientMapInput is an input type that accepts AuthBackendClientMap and AuthBackendClientMapOutput values. You can construct a concrete instance of `AuthBackendClientMapInput` via: 

AuthBackendClientMap{ "key": AuthBackendClientArgs{...} }

type AuthBackendClientMapOutput 

type AuthBackendClientMapOutput struct{ *pulumi.OutputState }

func (AuthBackendClientMapOutput) ElementType 

func (AuthBackendClientMapOutput) ElementType() reflect.Type

func (AuthBackendClientMapOutput) MapIndex 

func (o AuthBackendClientMapOutput) MapIndex(k pulumi.StringInput) AuthBackendClientOutput

func (AuthBackendClientMapOutput) ToAuthBackendClientMapOutput 

func (o AuthBackendClientMapOutput) ToAuthBackendClientMapOutput() AuthBackendClientMapOutput

func (AuthBackendClientMapOutput) ToAuthBackendClientMapOutputWithContext 

func (o AuthBackendClientMapOutput) ToAuthBackendClientMapOutputWithContext(ctx context.Context) AuthBackendClientMapOutput

type AuthBackendClientOutput 

type AuthBackendClientOutput struct{ *pulumi.OutputState }

func (AuthBackendClientOutput) ElementType 

func (AuthBackendClientOutput) ElementType() reflect.Type

func (AuthBackendClientOutput) ToAuthBackendClientOutput 

func (o AuthBackendClientOutput) ToAuthBackendClientOutput() AuthBackendClientOutput

func (AuthBackendClientOutput) ToAuthBackendClientOutputWithContext 

func (o AuthBackendClientOutput) ToAuthBackendClientOutputWithContext(ctx context.Context) AuthBackendClientOutput

func (AuthBackendClientOutput) ToAuthBackendClientPtrOutput 

func (o AuthBackendClientOutput) ToAuthBackendClientPtrOutput() AuthBackendClientPtrOutput

func (AuthBackendClientOutput) ToAuthBackendClientPtrOutputWithContext 

func (o AuthBackendClientOutput) ToAuthBackendClientPtrOutputWithContext(ctx context.Context) AuthBackendClientPtrOutput

type AuthBackendClientPtrInput 

type AuthBackendClientPtrInput interface {
	pulumi.Input

	ToAuthBackendClientPtrOutput() AuthBackendClientPtrOutput
	ToAuthBackendClientPtrOutputWithContext(ctx context.Context) AuthBackendClientPtrOutput
}

type AuthBackendClientPtrOutput 

type AuthBackendClientPtrOutput struct{ *pulumi.OutputState }

func (AuthBackendClientPtrOutput) Elem added in v4.6.0 

func (o AuthBackendClientPtrOutput) Elem() AuthBackendClientOutput

func (AuthBackendClientPtrOutput) ElementType 

func (AuthBackendClientPtrOutput) ElementType() reflect.Type

func (AuthBackendClientPtrOutput) ToAuthBackendClientPtrOutput 

func (o AuthBackendClientPtrOutput) ToAuthBackendClientPtrOutput() AuthBackendClientPtrOutput

func (AuthBackendClientPtrOutput) ToAuthBackendClientPtrOutputWithContext 

func (o AuthBackendClientPtrOutput) ToAuthBackendClientPtrOutputWithContext(ctx context.Context) AuthBackendClientPtrOutput

type AuthBackendClientState 

type AuthBackendClientState struct {
	// The AWS access key that Vault should use for the
	// auth backend.
	AccessKey pulumi.StringPtrInput
	// The path the AWS auth backend being configured was
	// mounted at.  Defaults to `aws`.
	Backend pulumi.StringPtrInput
	// Override the URL Vault uses when making EC2 API
	// calls.
	Ec2Endpoint pulumi.StringPtrInput
	// Override the URL Vault uses when making IAM API
	// calls.
	IamEndpoint pulumi.StringPtrInput
	// The value to require in the
	// `X-Vault-AWS-IAM-Server-ID` header as part of `GetCallerIdentity` requests
	// that are used in the IAM auth method.
	IamServerIdHeaderValue pulumi.StringPtrInput
	// The AWS secret key that Vault should use for the
	// auth backend.
	SecretKey pulumi.StringPtrInput
	// Override the URL Vault uses when making STS API
	// calls.
	StsEndpoint pulumi.StringPtrInput
	// Override the default region when making STS API
	// calls. The `stsEndpoint` argument must be set when using `stsRegion`.
	StsRegion pulumi.StringPtrInput
}

func (AuthBackendClientState) ElementType 

func (AuthBackendClientState) ElementType() reflect.Type

type AuthBackendIdentityWhitelist 

type AuthBackendIdentityWhitelist struct {
	pulumi.CustomResourceState

	// The path of the AWS backend being configured.
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// If set to true, disables the periodic
	// tidying of the identity-whitelist entries.
	DisablePeriodicTidy pulumi.BoolPtrOutput `pulumi:"disablePeriodicTidy"`
	// The amount of extra time, in minutes, that must
	// have passed beyond the roletag expiration, before it is removed from the
	// backend storage.
	SafetyBuffer pulumi.IntPtrOutput `pulumi:"safetyBuffer"`
}

Configures the periodic tidying operation of the whitelisted identity entries.

For more information, see the [Vault docs](https://www.vaultproject.io/api-docs/auth/aws#configure-identity-whitelist-tidy-operation).

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v4/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v4/go/vault/aws"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleAuthBackend, err := vault.NewAuthBackend(ctx, "exampleAuthBackend", &vault.AuthBackendArgs{
			Type: pulumi.String("aws"),
		})
		if err != nil {
			return err
		}
		_, err = aws.NewAuthBackendIdentityWhitelist(ctx, "exampleAuthBackendIdentityWhitelist", &aws.AuthBackendIdentityWhitelistArgs{
			Backend:      exampleAuthBackend.Path,
			SafetyBuffer: pulumi.Int(3600),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

AWS auth backend identity whitelists can be imported using `auth/`, the `backend` path, and `/config/tidy/identity-whitelist` e.g.

```sh 

$ pulumi import vault:aws/authBackendIdentityWhitelist:AuthBackendIdentityWhitelist example auth/aws/config/tidy/identity-whitelist

```

func GetAuthBackendIdentityWhitelist 

func GetAuthBackendIdentityWhitelist(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendIdentityWhitelistState, opts ...pulumi.ResourceOption) (*AuthBackendIdentityWhitelist, error)

GetAuthBackendIdentityWhitelist gets an existing AuthBackendIdentityWhitelist resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendIdentityWhitelist 

func NewAuthBackendIdentityWhitelist(ctx *pulumi.Context,
	name string, args *AuthBackendIdentityWhitelistArgs, opts ...pulumi.ResourceOption) (*AuthBackendIdentityWhitelist, error)

NewAuthBackendIdentityWhitelist registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendIdentityWhitelist) ElementType 

func (*AuthBackendIdentityWhitelist) ElementType() reflect.Type

func (*AuthBackendIdentityWhitelist) ToAuthBackendIdentityWhitelistOutput 

func (i *AuthBackendIdentityWhitelist) ToAuthBackendIdentityWhitelistOutput() AuthBackendIdentityWhitelistOutput

func (*AuthBackendIdentityWhitelist) ToAuthBackendIdentityWhitelistOutputWithContext 

func (i *AuthBackendIdentityWhitelist) ToAuthBackendIdentityWhitelistOutputWithContext(ctx context.Context) AuthBackendIdentityWhitelistOutput

func (*AuthBackendIdentityWhitelist) ToAuthBackendIdentityWhitelistPtrOutput 

func (i *AuthBackendIdentityWhitelist) ToAuthBackendIdentityWhitelistPtrOutput() AuthBackendIdentityWhitelistPtrOutput

func (*AuthBackendIdentityWhitelist) ToAuthBackendIdentityWhitelistPtrOutputWithContext 

func (i *AuthBackendIdentityWhitelist) ToAuthBackendIdentityWhitelistPtrOutputWithContext(ctx context.Context) AuthBackendIdentityWhitelistPtrOutput

type AuthBackendIdentityWhitelistArgs 

type AuthBackendIdentityWhitelistArgs struct {
	// The path of the AWS backend being configured.
	Backend pulumi.StringPtrInput
	// If set to true, disables the periodic
	// tidying of the identity-whitelist entries.
	DisablePeriodicTidy pulumi.BoolPtrInput
	// The amount of extra time, in minutes, that must
	// have passed beyond the roletag expiration, before it is removed from the
	// backend storage.
	SafetyBuffer pulumi.IntPtrInput
}

The set of arguments for constructing a AuthBackendIdentityWhitelist resource.

func (AuthBackendIdentityWhitelistArgs) ElementType 

func (AuthBackendIdentityWhitelistArgs) ElementType() reflect.Type

type AuthBackendIdentityWhitelistArray 

type AuthBackendIdentityWhitelistArray []AuthBackendIdentityWhitelistInput

func (AuthBackendIdentityWhitelistArray) ElementType 

func (AuthBackendIdentityWhitelistArray) ElementType() reflect.Type

func (AuthBackendIdentityWhitelistArray) ToAuthBackendIdentityWhitelistArrayOutput 

func (i AuthBackendIdentityWhitelistArray) ToAuthBackendIdentityWhitelistArrayOutput() AuthBackendIdentityWhitelistArrayOutput

func (AuthBackendIdentityWhitelistArray) ToAuthBackendIdentityWhitelistArrayOutputWithContext 

func (i AuthBackendIdentityWhitelistArray) ToAuthBackendIdentityWhitelistArrayOutputWithContext(ctx context.Context) AuthBackendIdentityWhitelistArrayOutput

type AuthBackendIdentityWhitelistArrayInput 

type AuthBackendIdentityWhitelistArrayInput interface {
	pulumi.Input

	ToAuthBackendIdentityWhitelistArrayOutput() AuthBackendIdentityWhitelistArrayOutput
	ToAuthBackendIdentityWhitelistArrayOutputWithContext(context.Context) AuthBackendIdentityWhitelistArrayOutput
}

AuthBackendIdentityWhitelistArrayInput is an input type that accepts AuthBackendIdentityWhitelistArray and AuthBackendIdentityWhitelistArrayOutput values. You can construct a concrete instance of `AuthBackendIdentityWhitelistArrayInput` via: 

AuthBackendIdentityWhitelistArray{ AuthBackendIdentityWhitelistArgs{...} }

type AuthBackendIdentityWhitelistArrayOutput 

type AuthBackendIdentityWhitelistArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendIdentityWhitelistArrayOutput) ElementType 

func (AuthBackendIdentityWhitelistArrayOutput) ElementType() reflect.Type

func (AuthBackendIdentityWhitelistArrayOutput) Index 

func (o AuthBackendIdentityWhitelistArrayOutput) Index(i pulumi.IntInput) AuthBackendIdentityWhitelistOutput

func (AuthBackendIdentityWhitelistArrayOutput) ToAuthBackendIdentityWhitelistArrayOutput 

func (o AuthBackendIdentityWhitelistArrayOutput) ToAuthBackendIdentityWhitelistArrayOutput() AuthBackendIdentityWhitelistArrayOutput

func (AuthBackendIdentityWhitelistArrayOutput) ToAuthBackendIdentityWhitelistArrayOutputWithContext 

func (o AuthBackendIdentityWhitelistArrayOutput) ToAuthBackendIdentityWhitelistArrayOutputWithContext(ctx context.Context) AuthBackendIdentityWhitelistArrayOutput

type AuthBackendIdentityWhitelistInput 

type AuthBackendIdentityWhitelistInput interface {
	pulumi.Input

	ToAuthBackendIdentityWhitelistOutput() AuthBackendIdentityWhitelistOutput
	ToAuthBackendIdentityWhitelistOutputWithContext(ctx context.Context) AuthBackendIdentityWhitelistOutput
}

type AuthBackendIdentityWhitelistMap 

type AuthBackendIdentityWhitelistMap map[string]AuthBackendIdentityWhitelistInput

func (AuthBackendIdentityWhitelistMap) ElementType 

func (AuthBackendIdentityWhitelistMap) ElementType() reflect.Type

func (AuthBackendIdentityWhitelistMap) ToAuthBackendIdentityWhitelistMapOutput 

func (i AuthBackendIdentityWhitelistMap) ToAuthBackendIdentityWhitelistMapOutput() AuthBackendIdentityWhitelistMapOutput

func (AuthBackendIdentityWhitelistMap) ToAuthBackendIdentityWhitelistMapOutputWithContext 

func (i AuthBackendIdentityWhitelistMap) ToAuthBackendIdentityWhitelistMapOutputWithContext(ctx context.Context) AuthBackendIdentityWhitelistMapOutput

type AuthBackendIdentityWhitelistMapInput 

type AuthBackendIdentityWhitelistMapInput interface {
	pulumi.Input

	ToAuthBackendIdentityWhitelistMapOutput() AuthBackendIdentityWhitelistMapOutput
	ToAuthBackendIdentityWhitelistMapOutputWithContext(context.Context) AuthBackendIdentityWhitelistMapOutput
}

AuthBackendIdentityWhitelistMapInput is an input type that accepts AuthBackendIdentityWhitelistMap and AuthBackendIdentityWhitelistMapOutput values. You can construct a concrete instance of `AuthBackendIdentityWhitelistMapInput` via: 

AuthBackendIdentityWhitelistMap{ "key": AuthBackendIdentityWhitelistArgs{...} }

type AuthBackendIdentityWhitelistMapOutput 

type AuthBackendIdentityWhitelistMapOutput struct{ *pulumi.OutputState }

func (AuthBackendIdentityWhitelistMapOutput) ElementType 

func (AuthBackendIdentityWhitelistMapOutput) ElementType() reflect.Type

func (AuthBackendIdentityWhitelistMapOutput) MapIndex 

func (o AuthBackendIdentityWhitelistMapOutput) MapIndex(k pulumi.StringInput) AuthBackendIdentityWhitelistOutput

func (AuthBackendIdentityWhitelistMapOutput) ToAuthBackendIdentityWhitelistMapOutput 

func (o AuthBackendIdentityWhitelistMapOutput) ToAuthBackendIdentityWhitelistMapOutput() AuthBackendIdentityWhitelistMapOutput

func (AuthBackendIdentityWhitelistMapOutput) ToAuthBackendIdentityWhitelistMapOutputWithContext 

func (o AuthBackendIdentityWhitelistMapOutput) ToAuthBackendIdentityWhitelistMapOutputWithContext(ctx context.Context) AuthBackendIdentityWhitelistMapOutput

type AuthBackendIdentityWhitelistOutput 

type AuthBackendIdentityWhitelistOutput struct{ *pulumi.OutputState }

func (AuthBackendIdentityWhitelistOutput) ElementType 

func (AuthBackendIdentityWhitelistOutput) ElementType() reflect.Type

func (AuthBackendIdentityWhitelistOutput) ToAuthBackendIdentityWhitelistOutput 

func (o AuthBackendIdentityWhitelistOutput) ToAuthBackendIdentityWhitelistOutput() AuthBackendIdentityWhitelistOutput

func (AuthBackendIdentityWhitelistOutput) ToAuthBackendIdentityWhitelistOutputWithContext 

func (o AuthBackendIdentityWhitelistOutput) ToAuthBackendIdentityWhitelistOutputWithContext(ctx context.Context) AuthBackendIdentityWhitelistOutput

func (AuthBackendIdentityWhitelistOutput) ToAuthBackendIdentityWhitelistPtrOutput 

func (o AuthBackendIdentityWhitelistOutput) ToAuthBackendIdentityWhitelistPtrOutput() AuthBackendIdentityWhitelistPtrOutput

func (AuthBackendIdentityWhitelistOutput) ToAuthBackendIdentityWhitelistPtrOutputWithContext 

func (o AuthBackendIdentityWhitelistOutput) ToAuthBackendIdentityWhitelistPtrOutputWithContext(ctx context.Context) AuthBackendIdentityWhitelistPtrOutput

type AuthBackendIdentityWhitelistPtrInput 

type AuthBackendIdentityWhitelistPtrInput interface {
	pulumi.Input

	ToAuthBackendIdentityWhitelistPtrOutput() AuthBackendIdentityWhitelistPtrOutput
	ToAuthBackendIdentityWhitelistPtrOutputWithContext(ctx context.Context) AuthBackendIdentityWhitelistPtrOutput
}

type AuthBackendIdentityWhitelistPtrOutput 

type AuthBackendIdentityWhitelistPtrOutput struct{ *pulumi.OutputState }

func (AuthBackendIdentityWhitelistPtrOutput) Elem added in v4.6.0 

func (o AuthBackendIdentityWhitelistPtrOutput) Elem() AuthBackendIdentityWhitelistOutput

func (AuthBackendIdentityWhitelistPtrOutput) ElementType 

func (AuthBackendIdentityWhitelistPtrOutput) ElementType() reflect.Type

func (AuthBackendIdentityWhitelistPtrOutput) ToAuthBackendIdentityWhitelistPtrOutput 

func (o AuthBackendIdentityWhitelistPtrOutput) ToAuthBackendIdentityWhitelistPtrOutput() AuthBackendIdentityWhitelistPtrOutput

func (AuthBackendIdentityWhitelistPtrOutput) ToAuthBackendIdentityWhitelistPtrOutputWithContext 

func (o AuthBackendIdentityWhitelistPtrOutput) ToAuthBackendIdentityWhitelistPtrOutputWithContext(ctx context.Context) AuthBackendIdentityWhitelistPtrOutput

type AuthBackendIdentityWhitelistState 

type AuthBackendIdentityWhitelistState struct {
	// The path of the AWS backend being configured.
	Backend pulumi.StringPtrInput
	// If set to true, disables the periodic
	// tidying of the identity-whitelist entries.
	DisablePeriodicTidy pulumi.BoolPtrInput
	// The amount of extra time, in minutes, that must
	// have passed beyond the roletag expiration, before it is removed from the
	// backend storage.
	SafetyBuffer pulumi.IntPtrInput
}

func (AuthBackendIdentityWhitelistState) ElementType 

func (AuthBackendIdentityWhitelistState) ElementType() reflect.Type

type AuthBackendLogin 

type AuthBackendLogin struct {
	pulumi.CustomResourceState

	// The token's accessor.
	Accessor pulumi.StringOutput `pulumi:"accessor"`
	// The authentication type used to generate this token.
	AuthType pulumi.StringOutput `pulumi:"authType"`
	// The unique name of the AWS auth backend. Defaults to
	// 'aws'.
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// The token returned by Vault.
	ClientToken pulumi.StringOutput `pulumi:"clientToken"`
	// The HTTP method used in the signed IAM
	// request.
	IamHttpRequestMethod pulumi.StringPtrOutput `pulumi:"iamHttpRequestMethod"`
	// The base64-encoded body of the signed
	// request.
	IamRequestBody pulumi.StringPtrOutput `pulumi:"iamRequestBody"`
	// The base64-encoded, JSON serialized
	// representation of the GetCallerIdentity HTTP request headers.
	IamRequestHeaders pulumi.StringPtrOutput `pulumi:"iamRequestHeaders"`
	// The base64-encoded HTTP URL used in the signed
	// request.
	IamRequestUrl pulumi.StringPtrOutput `pulumi:"iamRequestUrl"`
	// The base64-encoded EC2 instance identity document to
	// authenticate with. Can be retrieved from the EC2 metadata server.
	Identity pulumi.StringPtrOutput `pulumi:"identity"`
	// The duration in seconds the token will be valid, relative
	// to the time in `leaseStartTime`.
	LeaseDuration pulumi.IntOutput `pulumi:"leaseDuration"`
	// Time at which the lease was read, using the clock of the system where Terraform was running
	LeaseStartTime pulumi.StringOutput `pulumi:"leaseStartTime"`
	// A map of information returned by the Vault server about the
	// authentication used to generate this token.
	Metadata pulumi.MapOutput `pulumi:"metadata"`
	// The unique nonce to be used for login requests. Can be
	// set to a user-specified value, or will contain the server-generated value
	// once a token is issued. EC2 instances can only acquire a single token until
	// the whitelist is tidied again unless they keep track of this nonce.
	Nonce pulumi.StringOutput `pulumi:"nonce"`
	// The PKCS#7 signature of the identity document to
	// authenticate with, with all newline characters removed. Can be retrieved from
	// the EC2 metadata server.
	Pkcs7 pulumi.StringPtrOutput `pulumi:"pkcs7"`
	// The Vault policies assigned to this token.
	Policies pulumi.StringArrayOutput `pulumi:"policies"`
	// Set to true if the token can be extended through renewal.
	Renewable pulumi.BoolOutput `pulumi:"renewable"`
	// The name of the AWS auth backend role to create tokens
	// against.
	Role pulumi.StringOutput `pulumi:"role"`
	// The base64-encoded SHA256 RSA signature of the
	// instance identity document to authenticate with, with all newline characters
	// removed. Can be retrieved from the EC2 metadata server.
	Signature pulumi.StringPtrOutput `pulumi:"signature"`
}

Logs into a Vault server using an AWS auth backend. Login can be accomplished using a signed identity request from IAM or using ec2 instance metadata. For more information, see the [Vault documentation](https://www.vaultproject.io/docs/auth/aws.html).

func GetAuthBackendLogin 

func GetAuthBackendLogin(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendLoginState, opts ...pulumi.ResourceOption) (*AuthBackendLogin, error)

GetAuthBackendLogin gets an existing AuthBackendLogin resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendLogin 

func NewAuthBackendLogin(ctx *pulumi.Context,
	name string, args *AuthBackendLoginArgs, opts ...pulumi.ResourceOption) (*AuthBackendLogin, error)

NewAuthBackendLogin registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendLogin) ElementType 

func (*AuthBackendLogin) ElementType() reflect.Type

func (*AuthBackendLogin) ToAuthBackendLoginOutput 

func (i *AuthBackendLogin) ToAuthBackendLoginOutput() AuthBackendLoginOutput

func (*AuthBackendLogin) ToAuthBackendLoginOutputWithContext 

func (i *AuthBackendLogin) ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput

func (*AuthBackendLogin) ToAuthBackendLoginPtrOutput 

func (i *AuthBackendLogin) ToAuthBackendLoginPtrOutput() AuthBackendLoginPtrOutput

func (*AuthBackendLogin) ToAuthBackendLoginPtrOutputWithContext 

func (i *AuthBackendLogin) ToAuthBackendLoginPtrOutputWithContext(ctx context.Context) AuthBackendLoginPtrOutput

type AuthBackendLoginArgs 

type AuthBackendLoginArgs struct {
	// The unique name of the AWS auth backend. Defaults to
	// 'aws'.
	Backend pulumi.StringPtrInput
	// The HTTP method used in the signed IAM
	// request.
	IamHttpRequestMethod pulumi.StringPtrInput
	// The base64-encoded body of the signed
	// request.
	IamRequestBody pulumi.StringPtrInput
	// The base64-encoded, JSON serialized
	// representation of the GetCallerIdentity HTTP request headers.
	IamRequestHeaders pulumi.StringPtrInput
	// The base64-encoded HTTP URL used in the signed
	// request.
	IamRequestUrl pulumi.StringPtrInput
	// The base64-encoded EC2 instance identity document to
	// authenticate with. Can be retrieved from the EC2 metadata server.
	Identity pulumi.StringPtrInput
	// The unique nonce to be used for login requests. Can be
	// set to a user-specified value, or will contain the server-generated value
	// once a token is issued. EC2 instances can only acquire a single token until
	// the whitelist is tidied again unless they keep track of this nonce.
	Nonce pulumi.StringPtrInput
	// The PKCS#7 signature of the identity document to
	// authenticate with, with all newline characters removed. Can be retrieved from
	// the EC2 metadata server.
	Pkcs7 pulumi.StringPtrInput
	// The name of the AWS auth backend role to create tokens
	// against.
	Role pulumi.StringPtrInput
	// The base64-encoded SHA256 RSA signature of the
	// instance identity document to authenticate with, with all newline characters
	// removed. Can be retrieved from the EC2 metadata server.
	Signature pulumi.StringPtrInput
}

The set of arguments for constructing a AuthBackendLogin resource.

func (AuthBackendLoginArgs) ElementType 

func (AuthBackendLoginArgs) ElementType() reflect.Type

type AuthBackendLoginArray 

type AuthBackendLoginArray []AuthBackendLoginInput

func (AuthBackendLoginArray) ElementType 

func (AuthBackendLoginArray) ElementType() reflect.Type

func (AuthBackendLoginArray) ToAuthBackendLoginArrayOutput 

func (i AuthBackendLoginArray) ToAuthBackendLoginArrayOutput() AuthBackendLoginArrayOutput

func (AuthBackendLoginArray) ToAuthBackendLoginArrayOutputWithContext 

func (i AuthBackendLoginArray) ToAuthBackendLoginArrayOutputWithContext(ctx context.Context) AuthBackendLoginArrayOutput

type AuthBackendLoginArrayInput 

type AuthBackendLoginArrayInput interface {
	pulumi.Input

	ToAuthBackendLoginArrayOutput() AuthBackendLoginArrayOutput
	ToAuthBackendLoginArrayOutputWithContext(context.Context) AuthBackendLoginArrayOutput
}

AuthBackendLoginArrayInput is an input type that accepts AuthBackendLoginArray and AuthBackendLoginArrayOutput values. You can construct a concrete instance of `AuthBackendLoginArrayInput` via: 

AuthBackendLoginArray{ AuthBackendLoginArgs{...} }

type AuthBackendLoginArrayOutput 

type AuthBackendLoginArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendLoginArrayOutput) ElementType 

func (AuthBackendLoginArrayOutput) ElementType() reflect.Type

func (AuthBackendLoginArrayOutput) Index 

func (o AuthBackendLoginArrayOutput) Index(i pulumi.IntInput) AuthBackendLoginOutput

func (AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutput 

func (o AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutput() AuthBackendLoginArrayOutput

func (AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutputWithContext 

func (o AuthBackendLoginArrayOutput) ToAuthBackendLoginArrayOutputWithContext(ctx context.Context) AuthBackendLoginArrayOutput

type AuthBackendLoginInput 

type AuthBackendLoginInput interface {
	pulumi.Input

	ToAuthBackendLoginOutput() AuthBackendLoginOutput
	ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput
}

type AuthBackendLoginMap 

type AuthBackendLoginMap map[string]AuthBackendLoginInput

func (AuthBackendLoginMap) ElementType 

func (AuthBackendLoginMap) ElementType() reflect.Type

func (AuthBackendLoginMap) ToAuthBackendLoginMapOutput 

func (i AuthBackendLoginMap) ToAuthBackendLoginMapOutput() AuthBackendLoginMapOutput

func (AuthBackendLoginMap) ToAuthBackendLoginMapOutputWithContext 

func (i AuthBackendLoginMap) ToAuthBackendLoginMapOutputWithContext(ctx context.Context) AuthBackendLoginMapOutput

type AuthBackendLoginMapInput 

type AuthBackendLoginMapInput interface {
	pulumi.Input

	ToAuthBackendLoginMapOutput() AuthBackendLoginMapOutput
	ToAuthBackendLoginMapOutputWithContext(context.Context) AuthBackendLoginMapOutput
}

AuthBackendLoginMapInput is an input type that accepts AuthBackendLoginMap and AuthBackendLoginMapOutput values. You can construct a concrete instance of `AuthBackendLoginMapInput` via: 

AuthBackendLoginMap{ "key": AuthBackendLoginArgs{...} }

type AuthBackendLoginMapOutput 

type AuthBackendLoginMapOutput struct{ *pulumi.OutputState }

func (AuthBackendLoginMapOutput) ElementType 

func (AuthBackendLoginMapOutput) ElementType() reflect.Type

func (AuthBackendLoginMapOutput) MapIndex 

func (o AuthBackendLoginMapOutput) MapIndex(k pulumi.StringInput) AuthBackendLoginOutput

func (AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutput 

func (o AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutput() AuthBackendLoginMapOutput

func (AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutputWithContext 

func (o AuthBackendLoginMapOutput) ToAuthBackendLoginMapOutputWithContext(ctx context.Context) AuthBackendLoginMapOutput

type AuthBackendLoginOutput 

type AuthBackendLoginOutput struct{ *pulumi.OutputState }

func (AuthBackendLoginOutput) ElementType 

func (AuthBackendLoginOutput) ElementType() reflect.Type

func (AuthBackendLoginOutput) ToAuthBackendLoginOutput 

func (o AuthBackendLoginOutput) ToAuthBackendLoginOutput() AuthBackendLoginOutput

func (AuthBackendLoginOutput) ToAuthBackendLoginOutputWithContext 

func (o AuthBackendLoginOutput) ToAuthBackendLoginOutputWithContext(ctx context.Context) AuthBackendLoginOutput

func (AuthBackendLoginOutput) ToAuthBackendLoginPtrOutput 

func (o AuthBackendLoginOutput) ToAuthBackendLoginPtrOutput() AuthBackendLoginPtrOutput

func (AuthBackendLoginOutput) ToAuthBackendLoginPtrOutputWithContext 

func (o AuthBackendLoginOutput) ToAuthBackendLoginPtrOutputWithContext(ctx context.Context) AuthBackendLoginPtrOutput

type AuthBackendLoginPtrInput 

type AuthBackendLoginPtrInput interface {
	pulumi.Input

	ToAuthBackendLoginPtrOutput() AuthBackendLoginPtrOutput
	ToAuthBackendLoginPtrOutputWithContext(ctx context.Context) AuthBackendLoginPtrOutput
}

type AuthBackendLoginPtrOutput 

type AuthBackendLoginPtrOutput struct{ *pulumi.OutputState }

func (AuthBackendLoginPtrOutput) Elem added in v4.6.0 

func (o AuthBackendLoginPtrOutput) Elem() AuthBackendLoginOutput

func (AuthBackendLoginPtrOutput) ElementType 

func (AuthBackendLoginPtrOutput) ElementType() reflect.Type

func (AuthBackendLoginPtrOutput) ToAuthBackendLoginPtrOutput 

func (o AuthBackendLoginPtrOutput) ToAuthBackendLoginPtrOutput() AuthBackendLoginPtrOutput

func (AuthBackendLoginPtrOutput) ToAuthBackendLoginPtrOutputWithContext 

func (o AuthBackendLoginPtrOutput) ToAuthBackendLoginPtrOutputWithContext(ctx context.Context) AuthBackendLoginPtrOutput

type AuthBackendLoginState 

type AuthBackendLoginState struct {
	// The token's accessor.
	Accessor pulumi.StringPtrInput
	// The authentication type used to generate this token.
	AuthType pulumi.StringPtrInput
	// The unique name of the AWS auth backend. Defaults to
	// 'aws'.
	Backend pulumi.StringPtrInput
	// The token returned by Vault.
	ClientToken pulumi.StringPtrInput
	// The HTTP method used in the signed IAM
	// request.
	IamHttpRequestMethod pulumi.StringPtrInput
	// The base64-encoded body of the signed
	// request.
	IamRequestBody pulumi.StringPtrInput
	// The base64-encoded, JSON serialized
	// representation of the GetCallerIdentity HTTP request headers.
	IamRequestHeaders pulumi.StringPtrInput
	// The base64-encoded HTTP URL used in the signed
	// request.
	IamRequestUrl pulumi.StringPtrInput
	// The base64-encoded EC2 instance identity document to
	// authenticate with. Can be retrieved from the EC2 metadata server.
	Identity pulumi.StringPtrInput
	// The duration in seconds the token will be valid, relative
	// to the time in `leaseStartTime`.
	LeaseDuration pulumi.IntPtrInput
	// Time at which the lease was read, using the clock of the system where Terraform was running
	LeaseStartTime pulumi.StringPtrInput
	// A map of information returned by the Vault server about the
	// authentication used to generate this token.
	Metadata pulumi.MapInput
	// The unique nonce to be used for login requests. Can be
	// set to a user-specified value, or will contain the server-generated value
	// once a token is issued. EC2 instances can only acquire a single token until
	// the whitelist is tidied again unless they keep track of this nonce.
	Nonce pulumi.StringPtrInput
	// The PKCS#7 signature of the identity document to
	// authenticate with, with all newline characters removed. Can be retrieved from
	// the EC2 metadata server.
	Pkcs7 pulumi.StringPtrInput
	// The Vault policies assigned to this token.
	Policies pulumi.StringArrayInput
	// Set to true if the token can be extended through renewal.
	Renewable pulumi.BoolPtrInput
	// The name of the AWS auth backend role to create tokens
	// against.
	Role pulumi.StringPtrInput
	// The base64-encoded SHA256 RSA signature of the
	// instance identity document to authenticate with, with all newline characters
	// removed. Can be retrieved from the EC2 metadata server.
	Signature pulumi.StringPtrInput
}

func (AuthBackendLoginState) ElementType 

func (AuthBackendLoginState) ElementType() reflect.Type

type AuthBackendRole 

type AuthBackendRole struct {
	pulumi.CustomResourceState

	// If set to `true`, allows migration of
	// the underlying instance where the client resides.
	AllowInstanceMigration pulumi.BoolPtrOutput `pulumi:"allowInstanceMigration"`
	// The auth type permitted for this role. Valid choices
	// are `ec2` and `iam`. Defaults to `iam`.
	AuthType pulumi.StringPtrOutput `pulumi:"authType"`
	// Unique name of the auth backend to configure.
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// If set, defines a constraint on the EC2
	// instances that can perform the login operation that they should be using the
	// account ID specified by this field. `authType` must be set to `ec2` or
	// `inferredEntityType` must be set to `ec2Instance` to use this constraint.
	BoundAccountIds pulumi.StringArrayOutput `pulumi:"boundAccountIds"`
	// If set, defines a constraint on the EC2 instances
	// that can perform the login operation that they should be using the AMI ID
	// specified by this field. `authType` must be set to `ec2` or
	// `inferredEntityType` must be set to `ec2Instance` to use this constraint.
	BoundAmiIds pulumi.StringArrayOutput `pulumi:"boundAmiIds"`
	// Only EC2 instances that match this instance ID will be permitted to log in.
	BoundEc2InstanceIds pulumi.StringArrayOutput `pulumi:"boundEc2InstanceIds"`
	// If set, defines a constraint on
	// the EC2 instances that can perform the login operation that they must be
	// associated with an IAM instance profile ARN which has a prefix that matches
	// the value specified by this field. The value is prefix-matched as though it
	// were a glob ending in `*`. `authType` must be set to `ec2` or
	// `inferredEntityType` must be set to `ec2Instance` to use this constraint.
	BoundIamInstanceProfileArns pulumi.StringArrayOutput `pulumi:"boundIamInstanceProfileArns"`
	// If set, defines the IAM principal that
	// must be authenticated when `authType` is set to `iam`. Wildcards are
	// supported at the end of the ARN.
	BoundIamPrincipalArns pulumi.StringArrayOutput `pulumi:"boundIamPrincipalArns"`
	// If set, defines a constraint on the EC2
	// instances that can perform the login operation that they must match the IAM
	// role ARN specified by this field. `authType` must be set to `ec2` or
	// `inferredEntityType` must be set to `ec2Instance` to use this constraint.
	BoundIamRoleArns pulumi.StringArrayOutput `pulumi:"boundIamRoleArns"`
	// If set, defines a constraint on the EC2 instances
	// that can perform the login operation that the region in their identity
	// document must match the one specified by this field. `authType` must be set
	// to `ec2` or `inferredEntityType` must be set to `ec2Instance` to use this
	// constraint.
	BoundRegions pulumi.StringArrayOutput `pulumi:"boundRegions"`
	// If set, defines a constraint on the EC2
	// instances that can perform the login operation that they be associated with
	// the subnet ID that matches the value specified by this field. `authType`
	// must be set to `ec2` or `inferredEntityType` must be set to `ec2Instance`
	// to use this constraint.
	BoundSubnetIds pulumi.StringArrayOutput `pulumi:"boundSubnetIds"`
	// If set, defines a constraint on the EC2 instances
	// that can perform the login operation that they be associated with the VPC ID
	// that matches the value specified by this field. `authType` must be set to
	// `ec2` or `inferredEntityType` must be set to `ec2Instance` to use this
	// constraint.
	BoundVpcIds pulumi.StringArrayOutput `pulumi:"boundVpcIds"`
	// IF set to `true`, only allows a
	// single token to be granted per instance ID. This can only be set when
	// `authType` is set to `ec2`.
	DisallowReauthentication pulumi.BoolPtrOutput `pulumi:"disallowReauthentication"`
	// When `inferredEntityType` is set, this
	// is the region to search for the inferred entities. Required if
	// `inferredEntityType` is set. This only applies when `authType` is set to
	// `iam`.
	InferredAwsRegion pulumi.StringPtrOutput `pulumi:"inferredAwsRegion"`
	// If set, instructs Vault to turn on
	// inferencing. The only valid value is `ec2Instance`, which instructs Vault to
	// infer that the role comes from an EC2 instance in an IAM instance profile.
	// This only applies when `authType` is set to `iam`.
	InferredEntityType pulumi.StringPtrOutput `pulumi:"inferredEntityType"`
	// The maximum allowed lifetime of tokens
	// issued using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_max_ttl` instead if you are running Vault >= 1.2
	MaxTtl pulumi.IntPtrOutput `pulumi:"maxTtl"`
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	//
	// Deprecated: use `token_period` instead if you are running Vault >= 1.2
	Period pulumi.IntPtrOutput `pulumi:"period"`
	// An array of strings
	// specifying the policies to be set on tokens issued using this role.
	//
	// Deprecated: use `token_policies` instead if you are running Vault >= 1.2
	Policies pulumi.StringArrayOutput `pulumi:"policies"`
	// Only valid when
	// `authType` is `iam`. If set to `true`, the `boundIamPrincipalArns` are
	// resolved to [AWS Unique
	// IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)
	// for the bound principal ARN. This field is ignored when a
	// `boundIamPrincipalArn` ends in a wildcard. Resolving to unique IDs more
	// closely mimics the behavior of AWS services in that if an IAM user or role is
	// deleted and a new one is recreated with the same name, those new users or
	// roles won't get access to roles in Vault that were permissioned to the prior
	// principals of the same name. Defaults to `true`.
	// Once set to `true`, this cannot be changed to `false` without recreating the role.
	ResolveAwsUniqueIds pulumi.BoolPtrOutput `pulumi:"resolveAwsUniqueIds"`
	// The name of the role.
	Role pulumi.StringOutput `pulumi:"role"`
	// If set, enable role tags for this role. The value set
	// for this field should be the key of the tag on the EC2 instance. `authType`
	// must be set to `ec2` or `inferredEntityType` must be set to `ec2Instance`
	// to use this constraint.
	RoleTag pulumi.StringPtrOutput `pulumi:"roleTag"`
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayOutput `pulumi:"tokenBoundCidrs"`
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrOutput `pulumi:"tokenExplicitMaxTtl"`
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrOutput `pulumi:"tokenMaxTtl"`
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrOutput `pulumi:"tokenNoDefaultPolicy"`
	// The
	// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
	// if any, in number of seconds to set on the token.
	TokenNumUses pulumi.IntPtrOutput `pulumi:"tokenNumUses"`
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrOutput `pulumi:"tokenPeriod"`
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayOutput `pulumi:"tokenPolicies"`
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrOutput `pulumi:"tokenTtl"`
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrOutput `pulumi:"tokenType"`
	// The TTL period of tokens issued
	// using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_ttl` instead if you are running Vault >= 1.2
	Ttl pulumi.IntPtrOutput `pulumi:"ttl"`
}

Manages an AWS auth backend role in a Vault server. Roles constrain the instances or principals that can perform the login operation against the backend. See the [Vault documentation](https://www.vaultproject.io/docs/auth/aws.html) for more information.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v4/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v4/go/vault/aws"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		aws, err := vault.NewAuthBackend(ctx, "aws", &vault.AuthBackendArgs{
			Type: pulumi.String("aws"),
		})
		if err != nil {
			return err
		}
		_, err = aws.NewAuthBackendRole(ctx, "example", &aws.AuthBackendRoleArgs{
			Backend:  aws.Path,
			Role:     pulumi.String("test-role"),
			AuthType: pulumi.String("iam"),
			BoundAmiIds: pulumi.StringArray{
				pulumi.String("ami-8c1be5f6"),
			},
			BoundAccountIds: pulumi.StringArray{
				pulumi.String("123456789012"),
			},
			BoundVpcIds: pulumi.StringArray{
				pulumi.String("vpc-b61106d4"),
			},
			BoundSubnetIds: pulumi.StringArray{
				pulumi.String("vpc-133128f1"),
			},
			BoundIamRoleArns: pulumi.StringArray{
				pulumi.String("arn:aws:iam::123456789012:role/MyRole"),
			},
			BoundIamInstanceProfileArns: pulumi.StringArray{
				pulumi.String("arn:aws:iam::123456789012:instance-profile/MyProfile"),
			},
			InferredEntityType: pulumi.String("ec2_instance"),
			InferredAwsRegion:  pulumi.String("us-east-1"),
			TokenTtl:           pulumi.Int(60),
			TokenMaxTtl:        pulumi.Int(120),
			TokenPolicies: pulumi.StringArray{
				pulumi.String("default"),
				pulumi.String("dev"),
				pulumi.String("prod"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

AWS auth backend roles can be imported using `auth/`, the `backend` path, `/role/`, and the `role` name e.g.

```sh 

$ pulumi import vault:aws/authBackendRole:AuthBackendRole example auth/aws/role/test-role

```

func GetAuthBackendRole 

func GetAuthBackendRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendRoleState, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)

GetAuthBackendRole gets an existing AuthBackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendRole 

func NewAuthBackendRole(ctx *pulumi.Context,
	name string, args *AuthBackendRoleArgs, opts ...pulumi.ResourceOption) (*AuthBackendRole, error)

NewAuthBackendRole registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendRole) ElementType 

func (*AuthBackendRole) ElementType() reflect.Type

func (*AuthBackendRole) ToAuthBackendRoleOutput 

func (i *AuthBackendRole) ToAuthBackendRoleOutput() AuthBackendRoleOutput

func (*AuthBackendRole) ToAuthBackendRoleOutputWithContext 

func (i *AuthBackendRole) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput

func (*AuthBackendRole) ToAuthBackendRolePtrOutput 

func (i *AuthBackendRole) ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput

func (*AuthBackendRole) ToAuthBackendRolePtrOutputWithContext 

func (i *AuthBackendRole) ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput

type AuthBackendRoleArgs 

type AuthBackendRoleArgs struct {
	// If set to `true`, allows migration of
	// the underlying instance where the client resides.
	AllowInstanceMigration pulumi.BoolPtrInput
	// The auth type permitted for this role. Valid choices
	// are `ec2` and `iam`. Defaults to `iam`.
	AuthType pulumi.StringPtrInput
	// Unique name of the auth backend to configure.
	Backend pulumi.StringPtrInput
	// If set, defines a constraint on the EC2
	// instances that can perform the login operation that they should be using the
	// account ID specified by this field. `authType` must be set to `ec2` or
	// `inferredEntityType` must be set to `ec2Instance` to use this constraint.
	BoundAccountIds pulumi.StringArrayInput
	// If set, defines a constraint on the EC2 instances
	// that can perform the login operation that they should be using the AMI ID
	// specified by this field. `authType` must be set to `ec2` or
	// `inferredEntityType` must be set to `ec2Instance` to use this constraint.
	BoundAmiIds pulumi.StringArrayInput
	// Only EC2 instances that match this instance ID will be permitted to log in.
	BoundEc2InstanceIds pulumi.StringArrayInput
	// If set, defines a constraint on
	// the EC2 instances that can perform the login operation that they must be
	// associated with an IAM instance profile ARN which has a prefix that matches
	// the value specified by this field. The value is prefix-matched as though it
	// were a glob ending in `*`. `authType` must be set to `ec2` or
	// `inferredEntityType` must be set to `ec2Instance` to use this constraint.
	BoundIamInstanceProfileArns pulumi.StringArrayInput
	// If set, defines the IAM principal that
	// must be authenticated when `authType` is set to `iam`. Wildcards are
	// supported at the end of the ARN.
	BoundIamPrincipalArns pulumi.StringArrayInput
	// If set, defines a constraint on the EC2
	// instances that can perform the login operation that they must match the IAM
	// role ARN specified by this field. `authType` must be set to `ec2` or
	// `inferredEntityType` must be set to `ec2Instance` to use this constraint.
	BoundIamRoleArns pulumi.StringArrayInput
	// If set, defines a constraint on the EC2 instances
	// that can perform the login operation that the region in their identity
	// document must match the one specified by this field. `authType` must be set
	// to `ec2` or `inferredEntityType` must be set to `ec2Instance` to use this
	// constraint.
	BoundRegions pulumi.StringArrayInput
	// If set, defines a constraint on the EC2
	// instances that can perform the login operation that they be associated with
	// the subnet ID that matches the value specified by this field. `authType`
	// must be set to `ec2` or `inferredEntityType` must be set to `ec2Instance`
	// to use this constraint.
	BoundSubnetIds pulumi.StringArrayInput
	// If set, defines a constraint on the EC2 instances
	// that can perform the login operation that they be associated with the VPC ID
	// that matches the value specified by this field. `authType` must be set to
	// `ec2` or `inferredEntityType` must be set to `ec2Instance` to use this
	// constraint.
	BoundVpcIds pulumi.StringArrayInput
	// IF set to `true`, only allows a
	// single token to be granted per instance ID. This can only be set when
	// `authType` is set to `ec2`.
	DisallowReauthentication pulumi.BoolPtrInput
	// When `inferredEntityType` is set, this
	// is the region to search for the inferred entities. Required if
	// `inferredEntityType` is set. This only applies when `authType` is set to
	// `iam`.
	InferredAwsRegion pulumi.StringPtrInput
	// If set, instructs Vault to turn on
	// inferencing. The only valid value is `ec2Instance`, which instructs Vault to
	// infer that the role comes from an EC2 instance in an IAM instance profile.
	// This only applies when `authType` is set to `iam`.
	InferredEntityType pulumi.StringPtrInput
	// The maximum allowed lifetime of tokens
	// issued using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_max_ttl` instead if you are running Vault >= 1.2
	MaxTtl pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	//
	// Deprecated: use `token_period` instead if you are running Vault >= 1.2
	Period pulumi.IntPtrInput
	// An array of strings
	// specifying the policies to be set on tokens issued using this role.
	//
	// Deprecated: use `token_policies` instead if you are running Vault >= 1.2
	Policies pulumi.StringArrayInput
	// Only valid when
	// `authType` is `iam`. If set to `true`, the `boundIamPrincipalArns` are
	// resolved to [AWS Unique
	// IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)
	// for the bound principal ARN. This field is ignored when a
	// `boundIamPrincipalArn` ends in a wildcard. Resolving to unique IDs more
	// closely mimics the behavior of AWS services in that if an IAM user or role is
	// deleted and a new one is recreated with the same name, those new users or
	// roles won't get access to roles in Vault that were permissioned to the prior
	// principals of the same name. Defaults to `true`.
	// Once set to `true`, this cannot be changed to `false` without recreating the role.
	ResolveAwsUniqueIds pulumi.BoolPtrInput
	// The name of the role.
	Role pulumi.StringInput
	// If set, enable role tags for this role. The value set
	// for this field should be the key of the tag on the EC2 instance. `authType`
	// must be set to `ec2` or `inferredEntityType` must be set to `ec2Instance`
	// to use this constraint.
	RoleTag pulumi.StringPtrInput
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayInput
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrInput
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The
	// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
	// if any, in number of seconds to set on the token.
	TokenNumUses pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrInput
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayInput
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrInput
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrInput
	// The TTL period of tokens issued
	// using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_ttl` instead if you are running Vault >= 1.2
	Ttl pulumi.IntPtrInput
}

The set of arguments for constructing a AuthBackendRole resource.

func (AuthBackendRoleArgs) ElementType 

func (AuthBackendRoleArgs) ElementType() reflect.Type

type AuthBackendRoleArray 

type AuthBackendRoleArray []AuthBackendRoleInput

func (AuthBackendRoleArray) ElementType 

func (AuthBackendRoleArray) ElementType() reflect.Type

func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutput 

func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput

func (AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext 

func (i AuthBackendRoleArray) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput

type AuthBackendRoleArrayInput 

type AuthBackendRoleArrayInput interface {
	pulumi.Input

	ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput
	ToAuthBackendRoleArrayOutputWithContext(context.Context) AuthBackendRoleArrayOutput
}

AuthBackendRoleArrayInput is an input type that accepts AuthBackendRoleArray and AuthBackendRoleArrayOutput values. You can construct a concrete instance of `AuthBackendRoleArrayInput` via: 

AuthBackendRoleArray{ AuthBackendRoleArgs{...} }

type AuthBackendRoleArrayOutput 

type AuthBackendRoleArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleArrayOutput) ElementType 

func (AuthBackendRoleArrayOutput) ElementType() reflect.Type

func (AuthBackendRoleArrayOutput) Index 

func (o AuthBackendRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleOutput

func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput 

func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutput() AuthBackendRoleArrayOutput

func (AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext 

func (o AuthBackendRoleArrayOutput) ToAuthBackendRoleArrayOutputWithContext(ctx context.Context) AuthBackendRoleArrayOutput

type AuthBackendRoleInput 

type AuthBackendRoleInput interface {
	pulumi.Input

	ToAuthBackendRoleOutput() AuthBackendRoleOutput
	ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput
}

type AuthBackendRoleMap 

type AuthBackendRoleMap map[string]AuthBackendRoleInput

func (AuthBackendRoleMap) ElementType 

func (AuthBackendRoleMap) ElementType() reflect.Type

func (AuthBackendRoleMap) ToAuthBackendRoleMapOutput 

func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput

func (AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext 

func (i AuthBackendRoleMap) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput

type AuthBackendRoleMapInput 

type AuthBackendRoleMapInput interface {
	pulumi.Input

	ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput
	ToAuthBackendRoleMapOutputWithContext(context.Context) AuthBackendRoleMapOutput
}

AuthBackendRoleMapInput is an input type that accepts AuthBackendRoleMap and AuthBackendRoleMapOutput values. You can construct a concrete instance of `AuthBackendRoleMapInput` via: 

AuthBackendRoleMap{ "key": AuthBackendRoleArgs{...} }

type AuthBackendRoleMapOutput 

type AuthBackendRoleMapOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleMapOutput) ElementType 

func (AuthBackendRoleMapOutput) ElementType() reflect.Type

func (AuthBackendRoleMapOutput) MapIndex 

func (o AuthBackendRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleOutput

func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput 

func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutput() AuthBackendRoleMapOutput

func (AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext 

func (o AuthBackendRoleMapOutput) ToAuthBackendRoleMapOutputWithContext(ctx context.Context) AuthBackendRoleMapOutput

type AuthBackendRoleOutput 

type AuthBackendRoleOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleOutput) ElementType 

func (AuthBackendRoleOutput) ElementType() reflect.Type

func (AuthBackendRoleOutput) ToAuthBackendRoleOutput 

func (o AuthBackendRoleOutput) ToAuthBackendRoleOutput() AuthBackendRoleOutput

func (AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext 

func (o AuthBackendRoleOutput) ToAuthBackendRoleOutputWithContext(ctx context.Context) AuthBackendRoleOutput

func (AuthBackendRoleOutput) ToAuthBackendRolePtrOutput 

func (o AuthBackendRoleOutput) ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput

func (AuthBackendRoleOutput) ToAuthBackendRolePtrOutputWithContext 

func (o AuthBackendRoleOutput) ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput

type AuthBackendRolePtrInput 

type AuthBackendRolePtrInput interface {
	pulumi.Input

	ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput
	ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput
}

type AuthBackendRolePtrOutput 

type AuthBackendRolePtrOutput struct{ *pulumi.OutputState }

func (AuthBackendRolePtrOutput) Elem added in v4.6.0 

func (o AuthBackendRolePtrOutput) Elem() AuthBackendRoleOutput

func (AuthBackendRolePtrOutput) ElementType 

func (AuthBackendRolePtrOutput) ElementType() reflect.Type

func (AuthBackendRolePtrOutput) ToAuthBackendRolePtrOutput 

func (o AuthBackendRolePtrOutput) ToAuthBackendRolePtrOutput() AuthBackendRolePtrOutput

func (AuthBackendRolePtrOutput) ToAuthBackendRolePtrOutputWithContext 

func (o AuthBackendRolePtrOutput) ToAuthBackendRolePtrOutputWithContext(ctx context.Context) AuthBackendRolePtrOutput

type AuthBackendRoleState 

type AuthBackendRoleState struct {
	// If set to `true`, allows migration of
	// the underlying instance where the client resides.
	AllowInstanceMigration pulumi.BoolPtrInput
	// The auth type permitted for this role. Valid choices
	// are `ec2` and `iam`. Defaults to `iam`.
	AuthType pulumi.StringPtrInput
	// Unique name of the auth backend to configure.
	Backend pulumi.StringPtrInput
	// If set, defines a constraint on the EC2
	// instances that can perform the login operation that they should be using the
	// account ID specified by this field. `authType` must be set to `ec2` or
	// `inferredEntityType` must be set to `ec2Instance` to use this constraint.
	BoundAccountIds pulumi.StringArrayInput
	// If set, defines a constraint on the EC2 instances
	// that can perform the login operation that they should be using the AMI ID
	// specified by this field. `authType` must be set to `ec2` or
	// `inferredEntityType` must be set to `ec2Instance` to use this constraint.
	BoundAmiIds pulumi.StringArrayInput
	// Only EC2 instances that match this instance ID will be permitted to log in.
	BoundEc2InstanceIds pulumi.StringArrayInput
	// If set, defines a constraint on
	// the EC2 instances that can perform the login operation that they must be
	// associated with an IAM instance profile ARN which has a prefix that matches
	// the value specified by this field. The value is prefix-matched as though it
	// were a glob ending in `*`. `authType` must be set to `ec2` or
	// `inferredEntityType` must be set to `ec2Instance` to use this constraint.
	BoundIamInstanceProfileArns pulumi.StringArrayInput
	// If set, defines the IAM principal that
	// must be authenticated when `authType` is set to `iam`. Wildcards are
	// supported at the end of the ARN.
	BoundIamPrincipalArns pulumi.StringArrayInput
	// If set, defines a constraint on the EC2
	// instances that can perform the login operation that they must match the IAM
	// role ARN specified by this field. `authType` must be set to `ec2` or
	// `inferredEntityType` must be set to `ec2Instance` to use this constraint.
	BoundIamRoleArns pulumi.StringArrayInput
	// If set, defines a constraint on the EC2 instances
	// that can perform the login operation that the region in their identity
	// document must match the one specified by this field. `authType` must be set
	// to `ec2` or `inferredEntityType` must be set to `ec2Instance` to use this
	// constraint.
	BoundRegions pulumi.StringArrayInput
	// If set, defines a constraint on the EC2
	// instances that can perform the login operation that they be associated with
	// the subnet ID that matches the value specified by this field. `authType`
	// must be set to `ec2` or `inferredEntityType` must be set to `ec2Instance`
	// to use this constraint.
	BoundSubnetIds pulumi.StringArrayInput
	// If set, defines a constraint on the EC2 instances
	// that can perform the login operation that they be associated with the VPC ID
	// that matches the value specified by this field. `authType` must be set to
	// `ec2` or `inferredEntityType` must be set to `ec2Instance` to use this
	// constraint.
	BoundVpcIds pulumi.StringArrayInput
	// IF set to `true`, only allows a
	// single token to be granted per instance ID. This can only be set when
	// `authType` is set to `ec2`.
	DisallowReauthentication pulumi.BoolPtrInput
	// When `inferredEntityType` is set, this
	// is the region to search for the inferred entities. Required if
	// `inferredEntityType` is set. This only applies when `authType` is set to
	// `iam`.
	InferredAwsRegion pulumi.StringPtrInput
	// If set, instructs Vault to turn on
	// inferencing. The only valid value is `ec2Instance`, which instructs Vault to
	// infer that the role comes from an EC2 instance in an IAM instance profile.
	// This only applies when `authType` is set to `iam`.
	InferredEntityType pulumi.StringPtrInput
	// The maximum allowed lifetime of tokens
	// issued using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_max_ttl` instead if you are running Vault >= 1.2
	MaxTtl pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	//
	// Deprecated: use `token_period` instead if you are running Vault >= 1.2
	Period pulumi.IntPtrInput
	// An array of strings
	// specifying the policies to be set on tokens issued using this role.
	//
	// Deprecated: use `token_policies` instead if you are running Vault >= 1.2
	Policies pulumi.StringArrayInput
	// Only valid when
	// `authType` is `iam`. If set to `true`, the `boundIamPrincipalArns` are
	// resolved to [AWS Unique
	// IDs](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-unique-ids)
	// for the bound principal ARN. This field is ignored when a
	// `boundIamPrincipalArn` ends in a wildcard. Resolving to unique IDs more
	// closely mimics the behavior of AWS services in that if an IAM user or role is
	// deleted and a new one is recreated with the same name, those new users or
	// roles won't get access to roles in Vault that were permissioned to the prior
	// principals of the same name. Defaults to `true`.
	// Once set to `true`, this cannot be changed to `false` without recreating the role.
	ResolveAwsUniqueIds pulumi.BoolPtrInput
	// The name of the role.
	Role pulumi.StringPtrInput
	// If set, enable role tags for this role. The value set
	// for this field should be the key of the tag on the EC2 instance. `authType`
	// must be set to `ec2` or `inferredEntityType` must be set to `ec2Instance`
	// to use this constraint.
	RoleTag pulumi.StringPtrInput
	// List of CIDR blocks; if set, specifies blocks of IP
	// addresses which can authenticate successfully, and ties the resulting token to these blocks
	// as well.
	TokenBoundCidrs pulumi.StringArrayInput
	// If set, will encode an
	// [explicit max TTL](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls)
	// onto the token in number of seconds. This is a hard cap even if `tokenTtl` and
	// `tokenMaxTtl` would otherwise allow a renewal.
	TokenExplicitMaxTtl pulumi.IntPtrInput
	// The maximum lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenMaxTtl pulumi.IntPtrInput
	// If set, the default policy will not be set on
	// generated tokens; otherwise it will be added to the policies set in token_policies.
	TokenNoDefaultPolicy pulumi.BoolPtrInput
	// The
	// [period](https://www.vaultproject.io/docs/concepts/tokens.html#token-time-to-live-periodic-tokens-and-explicit-max-ttls),
	// if any, in number of seconds to set on the token.
	TokenNumUses pulumi.IntPtrInput
	// If set, indicates that the
	// token generated using this role should never expire. The token should be renewed within the
	// duration specified by this value. At each renewal, the token's TTL will be set to the
	// value of this field. Specified in seconds.
	TokenPeriod pulumi.IntPtrInput
	// List of policies to encode onto generated tokens. Depending
	// on the auth method, this list may be supplemented by user/group/other values.
	TokenPolicies pulumi.StringArrayInput
	// The incremental lifetime for generated tokens in number of seconds.
	// Its current value will be referenced at renewal time.
	TokenTtl pulumi.IntPtrInput
	// The type of token that should be generated. Can be `service`,
	// `batch`, or `default` to use the mount's tuned default (which unless changed will be
	// `service` tokens). For token store roles, there are two additional possibilities:
	// `default-service` and `default-batch` which specify the type to return unless the client
	// requests a different type at generation time.
	TokenType pulumi.StringPtrInput
	// The TTL period of tokens issued
	// using this role, provided as a number of seconds.
	//
	// Deprecated: use `token_ttl` instead if you are running Vault >= 1.2
	Ttl pulumi.IntPtrInput
}

func (AuthBackendRoleState) ElementType 

func (AuthBackendRoleState) ElementType() reflect.Type

type AuthBackendRoleTag 

type AuthBackendRoleTag struct {
	pulumi.CustomResourceState

	// If set, allows migration of the underlying instances where the client resides. Use with caution.
	AllowInstanceMigration pulumi.BoolPtrOutput `pulumi:"allowInstanceMigration"`
	// The path to the AWS auth backend to
	// read role tags from, with no leading or trailing `/`s. Defaults to "aws".
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// If set, only allows a single token to be granted per instance ID.
	DisallowReauthentication pulumi.BoolPtrOutput `pulumi:"disallowReauthentication"`
	// Instance ID for which this tag is intended for. If set, the created tag can only be used by the instance with the given ID.
	InstanceId pulumi.StringPtrOutput `pulumi:"instanceId"`
	// The maximum TTL of the tokens issued using this role.
	MaxTtl pulumi.StringPtrOutput `pulumi:"maxTtl"`
	// The policies to be associated with the tag. Must be a subset of the policies associated with the role.
	Policies pulumi.StringArrayOutput `pulumi:"policies"`
	// The name of the AWS auth backend role to read
	// role tags from, with no leading or trailing `/`s.
	Role pulumi.StringOutput `pulumi:"role"`
	// The key of the role tag.
	TagKey pulumi.StringOutput `pulumi:"tagKey"`
	// The value to set the role key.
	TagValue pulumi.StringOutput `pulumi:"tagValue"`
}

Reads role tag information from an AWS auth backend in Vault.

func GetAuthBackendRoleTag 

func GetAuthBackendRoleTag(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendRoleTagState, opts ...pulumi.ResourceOption) (*AuthBackendRoleTag, error)

GetAuthBackendRoleTag gets an existing AuthBackendRoleTag resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendRoleTag 

func NewAuthBackendRoleTag(ctx *pulumi.Context,
	name string, args *AuthBackendRoleTagArgs, opts ...pulumi.ResourceOption) (*AuthBackendRoleTag, error)

NewAuthBackendRoleTag registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendRoleTag) ElementType 

func (*AuthBackendRoleTag) ElementType() reflect.Type

func (*AuthBackendRoleTag) ToAuthBackendRoleTagOutput 

func (i *AuthBackendRoleTag) ToAuthBackendRoleTagOutput() AuthBackendRoleTagOutput

func (*AuthBackendRoleTag) ToAuthBackendRoleTagOutputWithContext 

func (i *AuthBackendRoleTag) ToAuthBackendRoleTagOutputWithContext(ctx context.Context) AuthBackendRoleTagOutput

func (*AuthBackendRoleTag) ToAuthBackendRoleTagPtrOutput 

func (i *AuthBackendRoleTag) ToAuthBackendRoleTagPtrOutput() AuthBackendRoleTagPtrOutput

func (*AuthBackendRoleTag) ToAuthBackendRoleTagPtrOutputWithContext 

func (i *AuthBackendRoleTag) ToAuthBackendRoleTagPtrOutputWithContext(ctx context.Context) AuthBackendRoleTagPtrOutput

type AuthBackendRoleTagArgs 

type AuthBackendRoleTagArgs struct {
	// If set, allows migration of the underlying instances where the client resides. Use with caution.
	AllowInstanceMigration pulumi.BoolPtrInput
	// The path to the AWS auth backend to
	// read role tags from, with no leading or trailing `/`s. Defaults to "aws".
	Backend pulumi.StringPtrInput
	// If set, only allows a single token to be granted per instance ID.
	DisallowReauthentication pulumi.BoolPtrInput
	// Instance ID for which this tag is intended for. If set, the created tag can only be used by the instance with the given ID.
	InstanceId pulumi.StringPtrInput
	// The maximum TTL of the tokens issued using this role.
	MaxTtl pulumi.StringPtrInput
	// The policies to be associated with the tag. Must be a subset of the policies associated with the role.
	Policies pulumi.StringArrayInput
	// The name of the AWS auth backend role to read
	// role tags from, with no leading or trailing `/`s.
	Role pulumi.StringInput
}

The set of arguments for constructing a AuthBackendRoleTag resource.

func (AuthBackendRoleTagArgs) ElementType 

func (AuthBackendRoleTagArgs) ElementType() reflect.Type

type AuthBackendRoleTagArray 

type AuthBackendRoleTagArray []AuthBackendRoleTagInput

func (AuthBackendRoleTagArray) ElementType 

func (AuthBackendRoleTagArray) ElementType() reflect.Type

func (AuthBackendRoleTagArray) ToAuthBackendRoleTagArrayOutput 

func (i AuthBackendRoleTagArray) ToAuthBackendRoleTagArrayOutput() AuthBackendRoleTagArrayOutput

func (AuthBackendRoleTagArray) ToAuthBackendRoleTagArrayOutputWithContext 

func (i AuthBackendRoleTagArray) ToAuthBackendRoleTagArrayOutputWithContext(ctx context.Context) AuthBackendRoleTagArrayOutput

type AuthBackendRoleTagArrayInput 

type AuthBackendRoleTagArrayInput interface {
	pulumi.Input

	ToAuthBackendRoleTagArrayOutput() AuthBackendRoleTagArrayOutput
	ToAuthBackendRoleTagArrayOutputWithContext(context.Context) AuthBackendRoleTagArrayOutput
}

AuthBackendRoleTagArrayInput is an input type that accepts AuthBackendRoleTagArray and AuthBackendRoleTagArrayOutput values. You can construct a concrete instance of `AuthBackendRoleTagArrayInput` via: 

AuthBackendRoleTagArray{ AuthBackendRoleTagArgs{...} }

type AuthBackendRoleTagArrayOutput 

type AuthBackendRoleTagArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleTagArrayOutput) ElementType 

func (AuthBackendRoleTagArrayOutput) ElementType() reflect.Type

func (AuthBackendRoleTagArrayOutput) Index 

func (o AuthBackendRoleTagArrayOutput) Index(i pulumi.IntInput) AuthBackendRoleTagOutput

func (AuthBackendRoleTagArrayOutput) ToAuthBackendRoleTagArrayOutput 

func (o AuthBackendRoleTagArrayOutput) ToAuthBackendRoleTagArrayOutput() AuthBackendRoleTagArrayOutput

func (AuthBackendRoleTagArrayOutput) ToAuthBackendRoleTagArrayOutputWithContext 

func (o AuthBackendRoleTagArrayOutput) ToAuthBackendRoleTagArrayOutputWithContext(ctx context.Context) AuthBackendRoleTagArrayOutput

type AuthBackendRoleTagInput 

type AuthBackendRoleTagInput interface {
	pulumi.Input

	ToAuthBackendRoleTagOutput() AuthBackendRoleTagOutput
	ToAuthBackendRoleTagOutputWithContext(ctx context.Context) AuthBackendRoleTagOutput
}

type AuthBackendRoleTagMap 

type AuthBackendRoleTagMap map[string]AuthBackendRoleTagInput

func (AuthBackendRoleTagMap) ElementType 

func (AuthBackendRoleTagMap) ElementType() reflect.Type

func (AuthBackendRoleTagMap) ToAuthBackendRoleTagMapOutput 

func (i AuthBackendRoleTagMap) ToAuthBackendRoleTagMapOutput() AuthBackendRoleTagMapOutput

func (AuthBackendRoleTagMap) ToAuthBackendRoleTagMapOutputWithContext 

func (i AuthBackendRoleTagMap) ToAuthBackendRoleTagMapOutputWithContext(ctx context.Context) AuthBackendRoleTagMapOutput

type AuthBackendRoleTagMapInput 

type AuthBackendRoleTagMapInput interface {
	pulumi.Input

	ToAuthBackendRoleTagMapOutput() AuthBackendRoleTagMapOutput
	ToAuthBackendRoleTagMapOutputWithContext(context.Context) AuthBackendRoleTagMapOutput
}

AuthBackendRoleTagMapInput is an input type that accepts AuthBackendRoleTagMap and AuthBackendRoleTagMapOutput values. You can construct a concrete instance of `AuthBackendRoleTagMapInput` via: 

AuthBackendRoleTagMap{ "key": AuthBackendRoleTagArgs{...} }

type AuthBackendRoleTagMapOutput 

type AuthBackendRoleTagMapOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleTagMapOutput) ElementType 

func (AuthBackendRoleTagMapOutput) ElementType() reflect.Type

func (AuthBackendRoleTagMapOutput) MapIndex 

func (o AuthBackendRoleTagMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoleTagOutput

func (AuthBackendRoleTagMapOutput) ToAuthBackendRoleTagMapOutput 

func (o AuthBackendRoleTagMapOutput) ToAuthBackendRoleTagMapOutput() AuthBackendRoleTagMapOutput

func (AuthBackendRoleTagMapOutput) ToAuthBackendRoleTagMapOutputWithContext 

func (o AuthBackendRoleTagMapOutput) ToAuthBackendRoleTagMapOutputWithContext(ctx context.Context) AuthBackendRoleTagMapOutput

type AuthBackendRoleTagOutput 

type AuthBackendRoleTagOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleTagOutput) ElementType 

func (AuthBackendRoleTagOutput) ElementType() reflect.Type

func (AuthBackendRoleTagOutput) ToAuthBackendRoleTagOutput 

func (o AuthBackendRoleTagOutput) ToAuthBackendRoleTagOutput() AuthBackendRoleTagOutput

func (AuthBackendRoleTagOutput) ToAuthBackendRoleTagOutputWithContext 

func (o AuthBackendRoleTagOutput) ToAuthBackendRoleTagOutputWithContext(ctx context.Context) AuthBackendRoleTagOutput

func (AuthBackendRoleTagOutput) ToAuthBackendRoleTagPtrOutput 

func (o AuthBackendRoleTagOutput) ToAuthBackendRoleTagPtrOutput() AuthBackendRoleTagPtrOutput

func (AuthBackendRoleTagOutput) ToAuthBackendRoleTagPtrOutputWithContext 

func (o AuthBackendRoleTagOutput) ToAuthBackendRoleTagPtrOutputWithContext(ctx context.Context) AuthBackendRoleTagPtrOutput

type AuthBackendRoleTagPtrInput 

type AuthBackendRoleTagPtrInput interface {
	pulumi.Input

	ToAuthBackendRoleTagPtrOutput() AuthBackendRoleTagPtrOutput
	ToAuthBackendRoleTagPtrOutputWithContext(ctx context.Context) AuthBackendRoleTagPtrOutput
}

type AuthBackendRoleTagPtrOutput 

type AuthBackendRoleTagPtrOutput struct{ *pulumi.OutputState }

func (AuthBackendRoleTagPtrOutput) Elem added in v4.6.0 

func (o AuthBackendRoleTagPtrOutput) Elem() AuthBackendRoleTagOutput

func (AuthBackendRoleTagPtrOutput) ElementType 

func (AuthBackendRoleTagPtrOutput) ElementType() reflect.Type

func (AuthBackendRoleTagPtrOutput) ToAuthBackendRoleTagPtrOutput 

func (o AuthBackendRoleTagPtrOutput) ToAuthBackendRoleTagPtrOutput() AuthBackendRoleTagPtrOutput

func (AuthBackendRoleTagPtrOutput) ToAuthBackendRoleTagPtrOutputWithContext 

func (o AuthBackendRoleTagPtrOutput) ToAuthBackendRoleTagPtrOutputWithContext(ctx context.Context) AuthBackendRoleTagPtrOutput

type AuthBackendRoleTagState 

type AuthBackendRoleTagState struct {
	// If set, allows migration of the underlying instances where the client resides. Use with caution.
	AllowInstanceMigration pulumi.BoolPtrInput
	// The path to the AWS auth backend to
	// read role tags from, with no leading or trailing `/`s. Defaults to "aws".
	Backend pulumi.StringPtrInput
	// If set, only allows a single token to be granted per instance ID.
	DisallowReauthentication pulumi.BoolPtrInput
	// Instance ID for which this tag is intended for. If set, the created tag can only be used by the instance with the given ID.
	InstanceId pulumi.StringPtrInput
	// The maximum TTL of the tokens issued using this role.
	MaxTtl pulumi.StringPtrInput
	// The policies to be associated with the tag. Must be a subset of the policies associated with the role.
	Policies pulumi.StringArrayInput
	// The name of the AWS auth backend role to read
	// role tags from, with no leading or trailing `/`s.
	Role pulumi.StringPtrInput
	// The key of the role tag.
	TagKey pulumi.StringPtrInput
	// The value to set the role key.
	TagValue pulumi.StringPtrInput
}

func (AuthBackendRoleTagState) ElementType 

func (AuthBackendRoleTagState) ElementType() reflect.Type

type AuthBackendRoletagBlacklist 

type AuthBackendRoletagBlacklist struct {
	pulumi.CustomResourceState

	// The path the AWS auth backend being configured was
	// mounted at.
	Backend pulumi.StringOutput `pulumi:"backend"`
	// If set to true, disables the periodic
	// tidying of the roletag blacklist entries. Defaults to false.
	DisablePeriodicTidy pulumi.BoolPtrOutput `pulumi:"disablePeriodicTidy"`
	// The amount of extra time that must have passed
	// beyond the roletag expiration, before it is removed from the backend storage.
	// Defaults to 259,200 seconds, or 72 hours.
	SafetyBuffer pulumi.IntPtrOutput `pulumi:"safetyBuffer"`
}

Configures the periodic tidying operation of the blacklisted role tag entries.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-vault/sdk/v4/go/vault"
"github.com/pulumi/pulumi-vault/sdk/v4/go/vault/aws"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleAuthBackend, err := vault.NewAuthBackend(ctx, "exampleAuthBackend", &vault.AuthBackendArgs{
			Type: pulumi.String("aws"),
		})
		if err != nil {
			return err
		}
		_, err = aws.NewAuthBackendRoletagBlacklist(ctx, "exampleAuthBackendRoletagBlacklist", &aws.AuthBackendRoletagBlacklistArgs{
			Backend:      exampleAuthBackend.Path,
			SafetyBuffer: pulumi.Int(360),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetAuthBackendRoletagBlacklist 

func GetAuthBackendRoletagBlacklist(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendRoletagBlacklistState, opts ...pulumi.ResourceOption) (*AuthBackendRoletagBlacklist, error)

GetAuthBackendRoletagBlacklist gets an existing AuthBackendRoletagBlacklist resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendRoletagBlacklist 

func NewAuthBackendRoletagBlacklist(ctx *pulumi.Context,
	name string, args *AuthBackendRoletagBlacklistArgs, opts ...pulumi.ResourceOption) (*AuthBackendRoletagBlacklist, error)

NewAuthBackendRoletagBlacklist registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendRoletagBlacklist) ElementType 

func (*AuthBackendRoletagBlacklist) ElementType() reflect.Type

func (*AuthBackendRoletagBlacklist) ToAuthBackendRoletagBlacklistOutput 

func (i *AuthBackendRoletagBlacklist) ToAuthBackendRoletagBlacklistOutput() AuthBackendRoletagBlacklistOutput

func (*AuthBackendRoletagBlacklist) ToAuthBackendRoletagBlacklistOutputWithContext 

func (i *AuthBackendRoletagBlacklist) ToAuthBackendRoletagBlacklistOutputWithContext(ctx context.Context) AuthBackendRoletagBlacklistOutput

func (*AuthBackendRoletagBlacklist) ToAuthBackendRoletagBlacklistPtrOutput 

func (i *AuthBackendRoletagBlacklist) ToAuthBackendRoletagBlacklistPtrOutput() AuthBackendRoletagBlacklistPtrOutput

func (*AuthBackendRoletagBlacklist) ToAuthBackendRoletagBlacklistPtrOutputWithContext 

func (i *AuthBackendRoletagBlacklist) ToAuthBackendRoletagBlacklistPtrOutputWithContext(ctx context.Context) AuthBackendRoletagBlacklistPtrOutput

type AuthBackendRoletagBlacklistArgs 

type AuthBackendRoletagBlacklistArgs struct {
	// The path the AWS auth backend being configured was
	// mounted at.
	Backend pulumi.StringInput
	// If set to true, disables the periodic
	// tidying of the roletag blacklist entries. Defaults to false.
	DisablePeriodicTidy pulumi.BoolPtrInput
	// The amount of extra time that must have passed
	// beyond the roletag expiration, before it is removed from the backend storage.
	// Defaults to 259,200 seconds, or 72 hours.
	SafetyBuffer pulumi.IntPtrInput
}

The set of arguments for constructing a AuthBackendRoletagBlacklist resource.

func (AuthBackendRoletagBlacklistArgs) ElementType 

func (AuthBackendRoletagBlacklistArgs) ElementType() reflect.Type

type AuthBackendRoletagBlacklistArray 

type AuthBackendRoletagBlacklistArray []AuthBackendRoletagBlacklistInput

func (AuthBackendRoletagBlacklistArray) ElementType 

func (AuthBackendRoletagBlacklistArray) ElementType() reflect.Type

func (AuthBackendRoletagBlacklistArray) ToAuthBackendRoletagBlacklistArrayOutput 

func (i AuthBackendRoletagBlacklistArray) ToAuthBackendRoletagBlacklistArrayOutput() AuthBackendRoletagBlacklistArrayOutput

func (AuthBackendRoletagBlacklistArray) ToAuthBackendRoletagBlacklistArrayOutputWithContext 

func (i AuthBackendRoletagBlacklistArray) ToAuthBackendRoletagBlacklistArrayOutputWithContext(ctx context.Context) AuthBackendRoletagBlacklistArrayOutput

type AuthBackendRoletagBlacklistArrayInput 

type AuthBackendRoletagBlacklistArrayInput interface {
	pulumi.Input

	ToAuthBackendRoletagBlacklistArrayOutput() AuthBackendRoletagBlacklistArrayOutput
	ToAuthBackendRoletagBlacklistArrayOutputWithContext(context.Context) AuthBackendRoletagBlacklistArrayOutput
}

AuthBackendRoletagBlacklistArrayInput is an input type that accepts AuthBackendRoletagBlacklistArray and AuthBackendRoletagBlacklistArrayOutput values. You can construct a concrete instance of `AuthBackendRoletagBlacklistArrayInput` via: 

AuthBackendRoletagBlacklistArray{ AuthBackendRoletagBlacklistArgs{...} }

type AuthBackendRoletagBlacklistArrayOutput 

type AuthBackendRoletagBlacklistArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendRoletagBlacklistArrayOutput) ElementType 

func (AuthBackendRoletagBlacklistArrayOutput) ElementType() reflect.Type

func (AuthBackendRoletagBlacklistArrayOutput) Index 

func (o AuthBackendRoletagBlacklistArrayOutput) Index(i pulumi.IntInput) AuthBackendRoletagBlacklistOutput

func (AuthBackendRoletagBlacklistArrayOutput) ToAuthBackendRoletagBlacklistArrayOutput 

func (o AuthBackendRoletagBlacklistArrayOutput) ToAuthBackendRoletagBlacklistArrayOutput() AuthBackendRoletagBlacklistArrayOutput

func (AuthBackendRoletagBlacklistArrayOutput) ToAuthBackendRoletagBlacklistArrayOutputWithContext 

func (o AuthBackendRoletagBlacklistArrayOutput) ToAuthBackendRoletagBlacklistArrayOutputWithContext(ctx context.Context) AuthBackendRoletagBlacklistArrayOutput

type AuthBackendRoletagBlacklistInput 

type AuthBackendRoletagBlacklistInput interface {
	pulumi.Input

	ToAuthBackendRoletagBlacklistOutput() AuthBackendRoletagBlacklistOutput
	ToAuthBackendRoletagBlacklistOutputWithContext(ctx context.Context) AuthBackendRoletagBlacklistOutput
}

type AuthBackendRoletagBlacklistMap 

type AuthBackendRoletagBlacklistMap map[string]AuthBackendRoletagBlacklistInput

func (AuthBackendRoletagBlacklistMap) ElementType 

func (AuthBackendRoletagBlacklistMap) ElementType() reflect.Type

func (AuthBackendRoletagBlacklistMap) ToAuthBackendRoletagBlacklistMapOutput 

func (i AuthBackendRoletagBlacklistMap) ToAuthBackendRoletagBlacklistMapOutput() AuthBackendRoletagBlacklistMapOutput

func (AuthBackendRoletagBlacklistMap) ToAuthBackendRoletagBlacklistMapOutputWithContext 

func (i AuthBackendRoletagBlacklistMap) ToAuthBackendRoletagBlacklistMapOutputWithContext(ctx context.Context) AuthBackendRoletagBlacklistMapOutput

type AuthBackendRoletagBlacklistMapInput 

type AuthBackendRoletagBlacklistMapInput interface {
	pulumi.Input

	ToAuthBackendRoletagBlacklistMapOutput() AuthBackendRoletagBlacklistMapOutput
	ToAuthBackendRoletagBlacklistMapOutputWithContext(context.Context) AuthBackendRoletagBlacklistMapOutput
}

AuthBackendRoletagBlacklistMapInput is an input type that accepts AuthBackendRoletagBlacklistMap and AuthBackendRoletagBlacklistMapOutput values. You can construct a concrete instance of `AuthBackendRoletagBlacklistMapInput` via: 

AuthBackendRoletagBlacklistMap{ "key": AuthBackendRoletagBlacklistArgs{...} }

type AuthBackendRoletagBlacklistMapOutput 

type AuthBackendRoletagBlacklistMapOutput struct{ *pulumi.OutputState }

func (AuthBackendRoletagBlacklistMapOutput) ElementType 

func (AuthBackendRoletagBlacklistMapOutput) ElementType() reflect.Type

func (AuthBackendRoletagBlacklistMapOutput) MapIndex 

func (o AuthBackendRoletagBlacklistMapOutput) MapIndex(k pulumi.StringInput) AuthBackendRoletagBlacklistOutput

func (AuthBackendRoletagBlacklistMapOutput) ToAuthBackendRoletagBlacklistMapOutput 

func (o AuthBackendRoletagBlacklistMapOutput) ToAuthBackendRoletagBlacklistMapOutput() AuthBackendRoletagBlacklistMapOutput

func (AuthBackendRoletagBlacklistMapOutput) ToAuthBackendRoletagBlacklistMapOutputWithContext 

func (o AuthBackendRoletagBlacklistMapOutput) ToAuthBackendRoletagBlacklistMapOutputWithContext(ctx context.Context) AuthBackendRoletagBlacklistMapOutput

type AuthBackendRoletagBlacklistOutput 

type AuthBackendRoletagBlacklistOutput struct{ *pulumi.OutputState }

func (AuthBackendRoletagBlacklistOutput) ElementType 

func (AuthBackendRoletagBlacklistOutput) ElementType() reflect.Type

func (AuthBackendRoletagBlacklistOutput) ToAuthBackendRoletagBlacklistOutput 

func (o AuthBackendRoletagBlacklistOutput) ToAuthBackendRoletagBlacklistOutput() AuthBackendRoletagBlacklistOutput

func (AuthBackendRoletagBlacklistOutput) ToAuthBackendRoletagBlacklistOutputWithContext 

func (o AuthBackendRoletagBlacklistOutput) ToAuthBackendRoletagBlacklistOutputWithContext(ctx context.Context) AuthBackendRoletagBlacklistOutput

func (AuthBackendRoletagBlacklistOutput) ToAuthBackendRoletagBlacklistPtrOutput 

func (o AuthBackendRoletagBlacklistOutput) ToAuthBackendRoletagBlacklistPtrOutput() AuthBackendRoletagBlacklistPtrOutput

func (AuthBackendRoletagBlacklistOutput) ToAuthBackendRoletagBlacklistPtrOutputWithContext 

func (o AuthBackendRoletagBlacklistOutput) ToAuthBackendRoletagBlacklistPtrOutputWithContext(ctx context.Context) AuthBackendRoletagBlacklistPtrOutput

type AuthBackendRoletagBlacklistPtrInput 

type AuthBackendRoletagBlacklistPtrInput interface {
	pulumi.Input

	ToAuthBackendRoletagBlacklistPtrOutput() AuthBackendRoletagBlacklistPtrOutput
	ToAuthBackendRoletagBlacklistPtrOutputWithContext(ctx context.Context) AuthBackendRoletagBlacklistPtrOutput
}

type AuthBackendRoletagBlacklistPtrOutput 

type AuthBackendRoletagBlacklistPtrOutput struct{ *pulumi.OutputState }

func (AuthBackendRoletagBlacklistPtrOutput) Elem added in v4.6.0 

func (o AuthBackendRoletagBlacklistPtrOutput) Elem() AuthBackendRoletagBlacklistOutput

func (AuthBackendRoletagBlacklistPtrOutput) ElementType 

func (AuthBackendRoletagBlacklistPtrOutput) ElementType() reflect.Type

func (AuthBackendRoletagBlacklistPtrOutput) ToAuthBackendRoletagBlacklistPtrOutput 

func (o AuthBackendRoletagBlacklistPtrOutput) ToAuthBackendRoletagBlacklistPtrOutput() AuthBackendRoletagBlacklistPtrOutput

func (AuthBackendRoletagBlacklistPtrOutput) ToAuthBackendRoletagBlacklistPtrOutputWithContext 

func (o AuthBackendRoletagBlacklistPtrOutput) ToAuthBackendRoletagBlacklistPtrOutputWithContext(ctx context.Context) AuthBackendRoletagBlacklistPtrOutput

type AuthBackendRoletagBlacklistState 

type AuthBackendRoletagBlacklistState struct {
	// The path the AWS auth backend being configured was
	// mounted at.
	Backend pulumi.StringPtrInput
	// If set to true, disables the periodic
	// tidying of the roletag blacklist entries. Defaults to false.
	DisablePeriodicTidy pulumi.BoolPtrInput
	// The amount of extra time that must have passed
	// beyond the roletag expiration, before it is removed from the backend storage.
	// Defaults to 259,200 seconds, or 72 hours.
	SafetyBuffer pulumi.IntPtrInput
}

func (AuthBackendRoletagBlacklistState) ElementType 

func (AuthBackendRoletagBlacklistState) ElementType() reflect.Type

type AuthBackendStsRole 

type AuthBackendStsRole struct {
	pulumi.CustomResourceState

	// The AWS account ID to configure the STS role for.
	AccountId pulumi.StringOutput `pulumi:"accountId"`
	// The path the AWS auth backend being configured was
	// mounted at.  Defaults to `aws`.
	Backend pulumi.StringPtrOutput `pulumi:"backend"`
	// The STS role to assume when verifying requests made
	// by EC2 instances in the account specified by `accountId`.
	StsRole pulumi.StringOutput `pulumi:"stsRole"`
}

## Import

AWS auth backend STS roles can be imported using `auth/`, the `backend` path, `/config/sts/`, and the `account_id` e.g.

```sh 

$ pulumi import vault:aws/authBackendStsRole:AuthBackendStsRole example auth/aws/config/sts/1234567890

```

func GetAuthBackendStsRole 

func GetAuthBackendStsRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AuthBackendStsRoleState, opts ...pulumi.ResourceOption) (*AuthBackendStsRole, error)

GetAuthBackendStsRole gets an existing AuthBackendStsRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAuthBackendStsRole 

func NewAuthBackendStsRole(ctx *pulumi.Context,
	name string, args *AuthBackendStsRoleArgs, opts ...pulumi.ResourceOption) (*AuthBackendStsRole, error)

NewAuthBackendStsRole registers a new resource with the given unique name, arguments, and options.

func (*AuthBackendStsRole) ElementType 

func (*AuthBackendStsRole) ElementType() reflect.Type

func (*AuthBackendStsRole) ToAuthBackendStsRoleOutput 

func (i *AuthBackendStsRole) ToAuthBackendStsRoleOutput() AuthBackendStsRoleOutput

func (*AuthBackendStsRole) ToAuthBackendStsRoleOutputWithContext 

func (i *AuthBackendStsRole) ToAuthBackendStsRoleOutputWithContext(ctx context.Context) AuthBackendStsRoleOutput

func (*AuthBackendStsRole) ToAuthBackendStsRolePtrOutput 

func (i *AuthBackendStsRole) ToAuthBackendStsRolePtrOutput() AuthBackendStsRolePtrOutput

func (*AuthBackendStsRole) ToAuthBackendStsRolePtrOutputWithContext 

func (i *AuthBackendStsRole) ToAuthBackendStsRolePtrOutputWithContext(ctx context.Context) AuthBackendStsRolePtrOutput

type AuthBackendStsRoleArgs 

type AuthBackendStsRoleArgs struct {
	// The AWS account ID to configure the STS role for.
	AccountId pulumi.StringInput
	// The path the AWS auth backend being configured was
	// mounted at.  Defaults to `aws`.
	Backend pulumi.StringPtrInput
	// The STS role to assume when verifying requests made
	// by EC2 instances in the account specified by `accountId`.
	StsRole pulumi.StringInput
}

The set of arguments for constructing a AuthBackendStsRole resource.

func (AuthBackendStsRoleArgs) ElementType 

func (AuthBackendStsRoleArgs) ElementType() reflect.Type

type AuthBackendStsRoleArray 

type AuthBackendStsRoleArray []AuthBackendStsRoleInput

func (AuthBackendStsRoleArray) ElementType 

func (AuthBackendStsRoleArray) ElementType() reflect.Type

func (AuthBackendStsRoleArray) ToAuthBackendStsRoleArrayOutput 

func (i AuthBackendStsRoleArray) ToAuthBackendStsRoleArrayOutput() AuthBackendStsRoleArrayOutput

func (AuthBackendStsRoleArray) ToAuthBackendStsRoleArrayOutputWithContext 

func (i AuthBackendStsRoleArray) ToAuthBackendStsRoleArrayOutputWithContext(ctx context.Context) AuthBackendStsRoleArrayOutput

type AuthBackendStsRoleArrayInput 

type AuthBackendStsRoleArrayInput interface {
	pulumi.Input

	ToAuthBackendStsRoleArrayOutput() AuthBackendStsRoleArrayOutput
	ToAuthBackendStsRoleArrayOutputWithContext(context.Context) AuthBackendStsRoleArrayOutput
}

AuthBackendStsRoleArrayInput is an input type that accepts AuthBackendStsRoleArray and AuthBackendStsRoleArrayOutput values. You can construct a concrete instance of `AuthBackendStsRoleArrayInput` via: 

AuthBackendStsRoleArray{ AuthBackendStsRoleArgs{...} }

type AuthBackendStsRoleArrayOutput 

type AuthBackendStsRoleArrayOutput struct{ *pulumi.OutputState }

func (AuthBackendStsRoleArrayOutput) ElementType 

func (AuthBackendStsRoleArrayOutput) ElementType() reflect.Type

func (AuthBackendStsRoleArrayOutput) Index 

func (o AuthBackendStsRoleArrayOutput) Index(i pulumi.IntInput) AuthBackendStsRoleOutput

func (AuthBackendStsRoleArrayOutput) ToAuthBackendStsRoleArrayOutput 

func (o AuthBackendStsRoleArrayOutput) ToAuthBackendStsRoleArrayOutput() AuthBackendStsRoleArrayOutput

func (AuthBackendStsRoleArrayOutput) ToAuthBackendStsRoleArrayOutputWithContext 

func (o AuthBackendStsRoleArrayOutput) ToAuthBackendStsRoleArrayOutputWithContext(ctx context.Context) AuthBackendStsRoleArrayOutput

type AuthBackendStsRoleInput 

type AuthBackendStsRoleInput interface {
	pulumi.Input

	ToAuthBackendStsRoleOutput() AuthBackendStsRoleOutput
	ToAuthBackendStsRoleOutputWithContext(ctx context.Context) AuthBackendStsRoleOutput
}

type AuthBackendStsRoleMap 

type AuthBackendStsRoleMap map[string]AuthBackendStsRoleInput

func (AuthBackendStsRoleMap) ElementType 

func (AuthBackendStsRoleMap) ElementType() reflect.Type

func (AuthBackendStsRoleMap) ToAuthBackendStsRoleMapOutput 

func (i AuthBackendStsRoleMap) ToAuthBackendStsRoleMapOutput() AuthBackendStsRoleMapOutput

func (AuthBackendStsRoleMap) ToAuthBackendStsRoleMapOutputWithContext 

func (i AuthBackendStsRoleMap) ToAuthBackendStsRoleMapOutputWithContext(ctx context.Context) AuthBackendStsRoleMapOutput

type AuthBackendStsRoleMapInput 

type AuthBackendStsRoleMapInput interface {
	pulumi.Input

	ToAuthBackendStsRoleMapOutput() AuthBackendStsRoleMapOutput
	ToAuthBackendStsRoleMapOutputWithContext(context.Context) AuthBackendStsRoleMapOutput
}

AuthBackendStsRoleMapInput is an input type that accepts AuthBackendStsRoleMap and AuthBackendStsRoleMapOutput values. You can construct a concrete instance of `AuthBackendStsRoleMapInput` via: 

AuthBackendStsRoleMap{ "key": AuthBackendStsRoleArgs{...} }

type AuthBackendStsRoleMapOutput 

type AuthBackendStsRoleMapOutput struct{ *pulumi.OutputState }

func (AuthBackendStsRoleMapOutput) ElementType 

func (AuthBackendStsRoleMapOutput) ElementType() reflect.Type

func (AuthBackendStsRoleMapOutput) MapIndex 

func (o AuthBackendStsRoleMapOutput) MapIndex(k pulumi.StringInput) AuthBackendStsRoleOutput

func (AuthBackendStsRoleMapOutput) ToAuthBackendStsRoleMapOutput 

func (o AuthBackendStsRoleMapOutput) ToAuthBackendStsRoleMapOutput() AuthBackendStsRoleMapOutput

func (AuthBackendStsRoleMapOutput) ToAuthBackendStsRoleMapOutputWithContext 

func (o AuthBackendStsRoleMapOutput) ToAuthBackendStsRoleMapOutputWithContext(ctx context.Context) AuthBackendStsRoleMapOutput

type AuthBackendStsRoleOutput 

type AuthBackendStsRoleOutput struct{ *pulumi.OutputState }

func (AuthBackendStsRoleOutput) ElementType 

func (AuthBackendStsRoleOutput) ElementType() reflect.Type

func (AuthBackendStsRoleOutput) ToAuthBackendStsRoleOutput 

func (o AuthBackendStsRoleOutput) ToAuthBackendStsRoleOutput() AuthBackendStsRoleOutput

func (AuthBackendStsRoleOutput) ToAuthBackendStsRoleOutputWithContext 

func (o AuthBackendStsRoleOutput) ToAuthBackendStsRoleOutputWithContext(ctx context.Context) AuthBackendStsRoleOutput

func (AuthBackendStsRoleOutput) ToAuthBackendStsRolePtrOutput 

func (o AuthBackendStsRoleOutput) ToAuthBackendStsRolePtrOutput() AuthBackendStsRolePtrOutput

func (AuthBackendStsRoleOutput) ToAuthBackendStsRolePtrOutputWithContext 

func (o AuthBackendStsRoleOutput) ToAuthBackendStsRolePtrOutputWithContext(ctx context.Context) AuthBackendStsRolePtrOutput

type AuthBackendStsRolePtrInput 

type AuthBackendStsRolePtrInput interface {
	pulumi.Input

	ToAuthBackendStsRolePtrOutput() AuthBackendStsRolePtrOutput
	ToAuthBackendStsRolePtrOutputWithContext(ctx context.Context) AuthBackendStsRolePtrOutput
}

type AuthBackendStsRolePtrOutput 

type AuthBackendStsRolePtrOutput struct{ *pulumi.OutputState }

func (AuthBackendStsRolePtrOutput) Elem added in v4.6.0 

func (o AuthBackendStsRolePtrOutput) Elem() AuthBackendStsRoleOutput

func (AuthBackendStsRolePtrOutput) ElementType 

func (AuthBackendStsRolePtrOutput) ElementType() reflect.Type

func (AuthBackendStsRolePtrOutput) ToAuthBackendStsRolePtrOutput 

func (o AuthBackendStsRolePtrOutput) ToAuthBackendStsRolePtrOutput() AuthBackendStsRolePtrOutput

func (AuthBackendStsRolePtrOutput) ToAuthBackendStsRolePtrOutputWithContext 

func (o AuthBackendStsRolePtrOutput) ToAuthBackendStsRolePtrOutputWithContext(ctx context.Context) AuthBackendStsRolePtrOutput

type AuthBackendStsRoleState 

type AuthBackendStsRoleState struct {
	// The AWS account ID to configure the STS role for.
	AccountId pulumi.StringPtrInput
	// The path the AWS auth backend being configured was
	// mounted at.  Defaults to `aws`.
	Backend pulumi.StringPtrInput
	// The STS role to assume when verifying requests made
	// by EC2 instances in the account specified by `accountId`.
	StsRole pulumi.StringPtrInput
}

func (AuthBackendStsRoleState) ElementType 

func (AuthBackendStsRoleState) ElementType() reflect.Type

type GetAccessCredentialsArgs 

type GetAccessCredentialsArgs struct {
	// The path to the AWS secret backend to
	// read credentials from, with no leading or trailing `/`s.
	Backend string  `pulumi:"backend"`
	Region  *string `pulumi:"region"`
	// The name of the AWS secret backend role to read
	// credentials from, with no leading or trailing `/`s.
	Role string `pulumi:"role"`
	// The specific AWS ARN to use
	// from the configured role. If the role does not have multiple ARNs, this does
	// not need to be specified.
	RoleArn *string `pulumi:"roleArn"`
	// Specifies the TTL for the use of the STS token. This
	// is specified as a string with a duration suffix. Valid only when
	// `credentialType` is `assumedRole` or `federationToken`
	Ttl *string `pulumi:"ttl"`
	// The type of credentials to read. Defaults
	// to `"creds"`, which just returns an AWS Access Key ID and Secret
	// Key. Can also be set to `"sts"`, which will return a security token
	// in addition to the keys.
	Type *string `pulumi:"type"`
}

A collection of arguments for invoking getAccessCredentials.

type GetAccessCredentialsOutputArgs added in v4.6.0 

type GetAccessCredentialsOutputArgs struct {
	// The path to the AWS secret backend to
	// read credentials from, with no leading or trailing `/`s.
	Backend pulumi.StringInput    `pulumi:"backend"`
	Region  pulumi.StringPtrInput `pulumi:"region"`
	// The name of the AWS secret backend role to read
	// credentials from, with no leading or trailing `/`s.
	Role pulumi.StringInput `pulumi:"role"`
	// The specific AWS ARN to use
	// from the configured role. If the role does not have multiple ARNs, this does
	// not need to be specified.
	RoleArn pulumi.StringPtrInput `pulumi:"roleArn"`
	// Specifies the TTL for the use of the STS token. This
	// is specified as a string with a duration suffix. Valid only when
	// `credentialType` is `assumedRole` or `federationToken`
	Ttl pulumi.StringPtrInput `pulumi:"ttl"`
	// The type of credentials to read. Defaults
	// to `"creds"`, which just returns an AWS Access Key ID and Secret
	// Key. Can also be set to `"sts"`, which will return a security token
	// in addition to the keys.
	Type pulumi.StringPtrInput `pulumi:"type"`
}

A collection of arguments for invoking getAccessCredentials.

func (GetAccessCredentialsOutputArgs) ElementType added in v4.6.0 

func (GetAccessCredentialsOutputArgs) ElementType() reflect.Type

type GetAccessCredentialsResult 

type GetAccessCredentialsResult struct {
	// The AWS Access Key ID returned by Vault.
	AccessKey string `pulumi:"accessKey"`
	Backend   string `pulumi:"backend"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// The duration of the secret lease, in seconds relative
	// to the time the data was requested. Once this time has passed any plan
	// generated with this data may fail to apply.
	LeaseDuration int `pulumi:"leaseDuration"`
	// The lease identifier assigned by Vault.
	LeaseId        string  `pulumi:"leaseId"`
	LeaseRenewable bool    `pulumi:"leaseRenewable"`
	LeaseStartTime string  `pulumi:"leaseStartTime"`
	Region         *string `pulumi:"region"`
	Role           string  `pulumi:"role"`
	RoleArn        *string `pulumi:"roleArn"`
	// The AWS Secret Key returned by Vault.
	SecretKey string `pulumi:"secretKey"`
	// The STS token returned by Vault, if any.
	SecurityToken string  `pulumi:"securityToken"`
	Ttl           *string `pulumi:"ttl"`
	Type          *string `pulumi:"type"`
}

A collection of values returned by getAccessCredentials.

func GetAccessCredentials 

func GetAccessCredentials(ctx *pulumi.Context, args *GetAccessCredentialsArgs, opts ...pulumi.InvokeOption) (*GetAccessCredentialsResult, error)

type GetAccessCredentialsResultOutput added in v4.6.0 

type GetAccessCredentialsResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getAccessCredentials.

func GetAccessCredentialsOutput added in v4.6.0 

func GetAccessCredentialsOutput(ctx *pulumi.Context, args GetAccessCredentialsOutputArgs, opts ...pulumi.InvokeOption) GetAccessCredentialsResultOutput

func (GetAccessCredentialsResultOutput) AccessKey added in v4.6.0 

func (o GetAccessCredentialsResultOutput) AccessKey() pulumi.StringOutput

The AWS Access Key ID returned by Vault.

func (GetAccessCredentialsResultOutput) Backend added in v4.6.0 

func (o GetAccessCredentialsResultOutput) Backend() pulumi.StringOutput

func (GetAccessCredentialsResultOutput) ElementType added in v4.6.0 

func (GetAccessCredentialsResultOutput) ElementType() reflect.Type

func (GetAccessCredentialsResultOutput) Id added in v4.6.0 

func (o GetAccessCredentialsResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (GetAccessCredentialsResultOutput) LeaseDuration added in v4.6.0 

func (o GetAccessCredentialsResultOutput) LeaseDuration() pulumi.IntOutput

The duration of the secret lease, in seconds relative to the time the data was requested. Once this time has passed any plan generated with this data may fail to apply.

func (GetAccessCredentialsResultOutput) LeaseId added in v4.6.0 

func (o GetAccessCredentialsResultOutput) LeaseId() pulumi.StringOutput

The lease identifier assigned by Vault.

func (GetAccessCredentialsResultOutput) LeaseRenewable added in v4.6.0 

func (o GetAccessCredentialsResultOutput) LeaseRenewable() pulumi.BoolOutput

func (GetAccessCredentialsResultOutput) LeaseStartTime added in v4.6.0 

func (o GetAccessCredentialsResultOutput) LeaseStartTime() pulumi.StringOutput

func (GetAccessCredentialsResultOutput) Region added in v4.6.0 

func (o GetAccessCredentialsResultOutput) Region() pulumi.StringPtrOutput

func (GetAccessCredentialsResultOutput) Role added in v4.6.0 

func (o GetAccessCredentialsResultOutput) Role() pulumi.StringOutput

func (GetAccessCredentialsResultOutput) RoleArn added in v4.6.0 

func (o GetAccessCredentialsResultOutput) RoleArn() pulumi.StringPtrOutput

func (GetAccessCredentialsResultOutput) SecretKey added in v4.6.0 

func (o GetAccessCredentialsResultOutput) SecretKey() pulumi.StringOutput

The AWS Secret Key returned by Vault.

func (GetAccessCredentialsResultOutput) SecurityToken added in v4.6.0 

func (o GetAccessCredentialsResultOutput) SecurityToken() pulumi.StringOutput

The STS token returned by Vault, if any.

func (GetAccessCredentialsResultOutput) ToGetAccessCredentialsResultOutput added in v4.6.0 

func (o GetAccessCredentialsResultOutput) ToGetAccessCredentialsResultOutput() GetAccessCredentialsResultOutput

func (GetAccessCredentialsResultOutput) ToGetAccessCredentialsResultOutputWithContext added in v4.6.0 

func (o GetAccessCredentialsResultOutput) ToGetAccessCredentialsResultOutputWithContext(ctx context.Context) GetAccessCredentialsResultOutput

func (GetAccessCredentialsResultOutput) Ttl added in v4.6.0 

func (o GetAccessCredentialsResultOutput) Ttl() pulumi.StringPtrOutput

func (GetAccessCredentialsResultOutput) Type added in v4.6.0 

func (o GetAccessCredentialsResultOutput) Type() pulumi.StringPtrOutput

type SecretBackend 

type SecretBackend struct {
	pulumi.CustomResourceState

	// The AWS Access Key ID this backend should use to
	// issue new credentials. Vault uses the official AWS SDK to authenticate, and thus can also use standard AWS environment credentials, shared file credentials or IAM role/ECS task credentials.
	AccessKey pulumi.StringPtrOutput `pulumi:"accessKey"`
	// The default TTL for credentials
	// issued by this backend.
	DefaultLeaseTtlSeconds pulumi.IntOutput `pulumi:"defaultLeaseTtlSeconds"`
	// A human-friendly description for this backend.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Specifies a custom HTTP IAM endpoint to use.
	IamEndpoint pulumi.StringPtrOutput `pulumi:"iamEndpoint"`
	// The maximum TTL that can be requested
	// for credentials issued by this backend.
	MaxLeaseTtlSeconds pulumi.IntOutput `pulumi:"maxLeaseTtlSeconds"`
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `aws`.
	Path pulumi.StringPtrOutput `pulumi:"path"`
	// The AWS region for API calls. Defaults to `us-east-1`.
	Region pulumi.StringOutput `pulumi:"region"`
	// The AWS Secret Key this backend should use to
	// issue new credentials. Vault uses the official AWS SDK to authenticate, and thus can also use standard AWS environment credentials, shared file credentials or IAM role/ECS task credentials.
	SecretKey pulumi.StringPtrOutput `pulumi:"secretKey"`
	// Specifies a custom HTTP STS endpoint to use.
	StsEndpoint pulumi.StringPtrOutput `pulumi:"stsEndpoint"`
}

## Import

AWS secret backends can be imported using the `path`, e.g.

```sh 

$ pulumi import vault:aws/secretBackend:SecretBackend aws aws

```

func GetSecretBackend 

func GetSecretBackend(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretBackendState, opts ...pulumi.ResourceOption) (*SecretBackend, error)

GetSecretBackend gets an existing SecretBackend resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretBackend 

func NewSecretBackend(ctx *pulumi.Context,
	name string, args *SecretBackendArgs, opts ...pulumi.ResourceOption) (*SecretBackend, error)

NewSecretBackend registers a new resource with the given unique name, arguments, and options.

func (*SecretBackend) ElementType 

func (*SecretBackend) ElementType() reflect.Type

func (*SecretBackend) ToSecretBackendOutput 

func (i *SecretBackend) ToSecretBackendOutput() SecretBackendOutput

func (*SecretBackend) ToSecretBackendOutputWithContext 

func (i *SecretBackend) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput

func (*SecretBackend) ToSecretBackendPtrOutput 

func (i *SecretBackend) ToSecretBackendPtrOutput() SecretBackendPtrOutput

func (*SecretBackend) ToSecretBackendPtrOutputWithContext 

func (i *SecretBackend) ToSecretBackendPtrOutputWithContext(ctx context.Context) SecretBackendPtrOutput

type SecretBackendArgs 

type SecretBackendArgs struct {
	// The AWS Access Key ID this backend should use to
	// issue new credentials. Vault uses the official AWS SDK to authenticate, and thus can also use standard AWS environment credentials, shared file credentials or IAM role/ECS task credentials.
	AccessKey pulumi.StringPtrInput
	// The default TTL for credentials
	// issued by this backend.
	DefaultLeaseTtlSeconds pulumi.IntPtrInput
	// A human-friendly description for this backend.
	Description pulumi.StringPtrInput
	// Specifies a custom HTTP IAM endpoint to use.
	IamEndpoint pulumi.StringPtrInput
	// The maximum TTL that can be requested
	// for credentials issued by this backend.
	MaxLeaseTtlSeconds pulumi.IntPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `aws`.
	Path pulumi.StringPtrInput
	// The AWS region for API calls. Defaults to `us-east-1`.
	Region pulumi.StringPtrInput
	// The AWS Secret Key this backend should use to
	// issue new credentials. Vault uses the official AWS SDK to authenticate, and thus can also use standard AWS environment credentials, shared file credentials or IAM role/ECS task credentials.
	SecretKey pulumi.StringPtrInput
	// Specifies a custom HTTP STS endpoint to use.
	StsEndpoint pulumi.StringPtrInput
}

The set of arguments for constructing a SecretBackend resource.

func (SecretBackendArgs) ElementType 

func (SecretBackendArgs) ElementType() reflect.Type

type SecretBackendArray 

type SecretBackendArray []SecretBackendInput

func (SecretBackendArray) ElementType 

func (SecretBackendArray) ElementType() reflect.Type

func (SecretBackendArray) ToSecretBackendArrayOutput 

func (i SecretBackendArray) ToSecretBackendArrayOutput() SecretBackendArrayOutput

func (SecretBackendArray) ToSecretBackendArrayOutputWithContext 

func (i SecretBackendArray) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput

type SecretBackendArrayInput 

type SecretBackendArrayInput interface {
	pulumi.Input

	ToSecretBackendArrayOutput() SecretBackendArrayOutput
	ToSecretBackendArrayOutputWithContext(context.Context) SecretBackendArrayOutput
}

SecretBackendArrayInput is an input type that accepts SecretBackendArray and SecretBackendArrayOutput values. You can construct a concrete instance of `SecretBackendArrayInput` via: 

SecretBackendArray{ SecretBackendArgs{...} }

type SecretBackendArrayOutput 

type SecretBackendArrayOutput struct{ *pulumi.OutputState }

func (SecretBackendArrayOutput) ElementType 

func (SecretBackendArrayOutput) ElementType() reflect.Type

func (SecretBackendArrayOutput) Index 

func (o SecretBackendArrayOutput) Index(i pulumi.IntInput) SecretBackendOutput

func (SecretBackendArrayOutput) ToSecretBackendArrayOutput 

func (o SecretBackendArrayOutput) ToSecretBackendArrayOutput() SecretBackendArrayOutput

func (SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext 

func (o SecretBackendArrayOutput) ToSecretBackendArrayOutputWithContext(ctx context.Context) SecretBackendArrayOutput

type SecretBackendInput 

type SecretBackendInput interface {
	pulumi.Input

	ToSecretBackendOutput() SecretBackendOutput
	ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput
}

type SecretBackendMap 

type SecretBackendMap map[string]SecretBackendInput

func (SecretBackendMap) ElementType 

func (SecretBackendMap) ElementType() reflect.Type

func (SecretBackendMap) ToSecretBackendMapOutput 

func (i SecretBackendMap) ToSecretBackendMapOutput() SecretBackendMapOutput

func (SecretBackendMap) ToSecretBackendMapOutputWithContext 

func (i SecretBackendMap) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput

type SecretBackendMapInput 

type SecretBackendMapInput interface {
	pulumi.Input

	ToSecretBackendMapOutput() SecretBackendMapOutput
	ToSecretBackendMapOutputWithContext(context.Context) SecretBackendMapOutput
}

SecretBackendMapInput is an input type that accepts SecretBackendMap and SecretBackendMapOutput values. You can construct a concrete instance of `SecretBackendMapInput` via: 

SecretBackendMap{ "key": SecretBackendArgs{...} }

type SecretBackendMapOutput 

type SecretBackendMapOutput struct{ *pulumi.OutputState }

func (SecretBackendMapOutput) ElementType 

func (SecretBackendMapOutput) ElementType() reflect.Type

func (SecretBackendMapOutput) MapIndex 

func (o SecretBackendMapOutput) MapIndex(k pulumi.StringInput) SecretBackendOutput

func (SecretBackendMapOutput) ToSecretBackendMapOutput 

func (o SecretBackendMapOutput) ToSecretBackendMapOutput() SecretBackendMapOutput

func (SecretBackendMapOutput) ToSecretBackendMapOutputWithContext 

func (o SecretBackendMapOutput) ToSecretBackendMapOutputWithContext(ctx context.Context) SecretBackendMapOutput

type SecretBackendOutput 

type SecretBackendOutput struct{ *pulumi.OutputState }

func (SecretBackendOutput) ElementType 

func (SecretBackendOutput) ElementType() reflect.Type

func (SecretBackendOutput) ToSecretBackendOutput 

func (o SecretBackendOutput) ToSecretBackendOutput() SecretBackendOutput

func (SecretBackendOutput) ToSecretBackendOutputWithContext 

func (o SecretBackendOutput) ToSecretBackendOutputWithContext(ctx context.Context) SecretBackendOutput

func (SecretBackendOutput) ToSecretBackendPtrOutput 

func (o SecretBackendOutput) ToSecretBackendPtrOutput() SecretBackendPtrOutput

func (SecretBackendOutput) ToSecretBackendPtrOutputWithContext 

func (o SecretBackendOutput) ToSecretBackendPtrOutputWithContext(ctx context.Context) SecretBackendPtrOutput

type SecretBackendPtrInput 

type SecretBackendPtrInput interface {
	pulumi.Input

	ToSecretBackendPtrOutput() SecretBackendPtrOutput
	ToSecretBackendPtrOutputWithContext(ctx context.Context) SecretBackendPtrOutput
}

type SecretBackendPtrOutput 

type SecretBackendPtrOutput struct{ *pulumi.OutputState }

func (SecretBackendPtrOutput) Elem added in v4.6.0 

func (o SecretBackendPtrOutput) Elem() SecretBackendOutput

func (SecretBackendPtrOutput) ElementType 

func (SecretBackendPtrOutput) ElementType() reflect.Type

func (SecretBackendPtrOutput) ToSecretBackendPtrOutput 

func (o SecretBackendPtrOutput) ToSecretBackendPtrOutput() SecretBackendPtrOutput

func (SecretBackendPtrOutput) ToSecretBackendPtrOutputWithContext 

func (o SecretBackendPtrOutput) ToSecretBackendPtrOutputWithContext(ctx context.Context) SecretBackendPtrOutput

type SecretBackendRole 

type SecretBackendRole struct {
	pulumi.CustomResourceState

	// The path the AWS secret backend is mounted at,
	// with no leading or trailing `/`s.
	Backend pulumi.StringOutput `pulumi:"backend"`
	// Specifies the type of credential to be used when
	// retrieving credentials from the role. Must be one of `iamUser`, `assumedRole`, or
	// `federationToken`.
	CredentialType pulumi.StringOutput `pulumi:"credentialType"`
	// The default TTL in seconds for STS credentials.
	// When a TTL is not specified when STS credentials are requested,
	// and a default TTL is specified on the role,
	// then this default TTL will be used. Valid only when `credentialType` is one of
	// `assumedRole` or `federationToken`.
	DefaultStsTtl pulumi.IntOutput `pulumi:"defaultStsTtl"`
	// A list of IAM group names. IAM users generated
	// against this vault role will be added to these IAM Groups. For a credential
	// type of `assumedRole` or `federationToken`, the policies sent to the
	// corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
	// policies from each group in `iamGroups` combined with the `policyDocument`
	// and `policyArns` parameters.
	IamGroups pulumi.StringArrayOutput `pulumi:"iamGroups"`
	// The max allowed TTL in seconds for STS credentials
	// (credentials TTL are capped to `maxStsTtl`). Valid only when `credentialType` is
	// one of `assumedRole` or `federationToken`.
	MaxStsTtl pulumi.IntOutput `pulumi:"maxStsTtl"`
	// The name to identify this role within the backend.
	// Must be unique within the backend.
	Name pulumi.StringOutput `pulumi:"name"`
	// Specifies a list of AWS managed policy ARNs. The
	// behavior depends on the credential type. With `iamUser`, the policies will be
	// attached to IAM users when they are requested. With `assumedRole` and
	// `federationToken`, the policy ARNs will act as a filter on what the credentials
	// can do, similar to `policyDocument`. When `credentialType` is `iamUser` or
	// `federationToken`, at least one of `policyDocument` or `policyArns` must
	// be specified.
	PolicyArns pulumi.StringArrayOutput `pulumi:"policyArns"`
	// The IAM policy document for the role. The
	// behavior depends on the credential type. With `iamUser`, the policy document
	// will be attached to the IAM user generated and augment the permissions the IAM
	// user has. With `assumedRole` and `federationToken`, the policy document will
	// act as a filter on what the credentials can do, similar to `policyArns`.
	PolicyDocument pulumi.StringPtrOutput `pulumi:"policyDocument"`
	// Specifies the ARNs of the AWS roles this Vault role
	// is allowed to assume. Required when `credentialType` is `assumedRole` and
	// prohibited otherwise.
	RoleArns pulumi.StringArrayOutput `pulumi:"roleArns"`
}

## Import

AWS secret backend roles can be imported using the `path`, e.g.

```sh 

$ pulumi import vault:aws/secretBackendRole:SecretBackendRole role aws/roles/deploy

```

func GetSecretBackendRole 

func GetSecretBackendRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *SecretBackendRoleState, opts ...pulumi.ResourceOption) (*SecretBackendRole, error)

GetSecretBackendRole gets an existing SecretBackendRole resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewSecretBackendRole 

func NewSecretBackendRole(ctx *pulumi.Context,
	name string, args *SecretBackendRoleArgs, opts ...pulumi.ResourceOption) (*SecretBackendRole, error)

NewSecretBackendRole registers a new resource with the given unique name, arguments, and options.

func (*SecretBackendRole) ElementType 

func (*SecretBackendRole) ElementType() reflect.Type

func (*SecretBackendRole) ToSecretBackendRoleOutput 

func (i *SecretBackendRole) ToSecretBackendRoleOutput() SecretBackendRoleOutput

func (*SecretBackendRole) ToSecretBackendRoleOutputWithContext 

func (i *SecretBackendRole) ToSecretBackendRoleOutputWithContext(ctx context.Context) SecretBackendRoleOutput

func (*SecretBackendRole) ToSecretBackendRolePtrOutput 

func (i *SecretBackendRole) ToSecretBackendRolePtrOutput() SecretBackendRolePtrOutput

func (*SecretBackendRole) ToSecretBackendRolePtrOutputWithContext 

func (i *SecretBackendRole) ToSecretBackendRolePtrOutputWithContext(ctx context.Context) SecretBackendRolePtrOutput

type SecretBackendRoleArgs 

type SecretBackendRoleArgs struct {
	// The path the AWS secret backend is mounted at,
	// with no leading or trailing `/`s.
	Backend pulumi.StringInput
	// Specifies the type of credential to be used when
	// retrieving credentials from the role. Must be one of `iamUser`, `assumedRole`, or
	// `federationToken`.
	CredentialType pulumi.StringInput
	// The default TTL in seconds for STS credentials.
	// When a TTL is not specified when STS credentials are requested,
	// and a default TTL is specified on the role,
	// then this default TTL will be used. Valid only when `credentialType` is one of
	// `assumedRole` or `federationToken`.
	DefaultStsTtl pulumi.IntPtrInput
	// A list of IAM group names. IAM users generated
	// against this vault role will be added to these IAM Groups. For a credential
	// type of `assumedRole` or `federationToken`, the policies sent to the
	// corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
	// policies from each group in `iamGroups` combined with the `policyDocument`
	// and `policyArns` parameters.
	IamGroups pulumi.StringArrayInput
	// The max allowed TTL in seconds for STS credentials
	// (credentials TTL are capped to `maxStsTtl`). Valid only when `credentialType` is
	// one of `assumedRole` or `federationToken`.
	MaxStsTtl pulumi.IntPtrInput
	// The name to identify this role within the backend.
	// Must be unique within the backend.
	Name pulumi.StringPtrInput
	// Specifies a list of AWS managed policy ARNs. The
	// behavior depends on the credential type. With `iamUser`, the policies will be
	// attached to IAM users when they are requested. With `assumedRole` and
	// `federationToken`, the policy ARNs will act as a filter on what the credentials
	// can do, similar to `policyDocument`. When `credentialType` is `iamUser` or
	// `federationToken`, at least one of `policyDocument` or `policyArns` must
	// be specified.
	PolicyArns pulumi.StringArrayInput
	// The IAM policy document for the role. The
	// behavior depends on the credential type. With `iamUser`, the policy document
	// will be attached to the IAM user generated and augment the permissions the IAM
	// user has. With `assumedRole` and `federationToken`, the policy document will
	// act as a filter on what the credentials can do, similar to `policyArns`.
	PolicyDocument pulumi.StringPtrInput
	// Specifies the ARNs of the AWS roles this Vault role
	// is allowed to assume. Required when `credentialType` is `assumedRole` and
	// prohibited otherwise.
	RoleArns pulumi.StringArrayInput
}

The set of arguments for constructing a SecretBackendRole resource.

func (SecretBackendRoleArgs) ElementType 

func (SecretBackendRoleArgs) ElementType() reflect.Type

type SecretBackendRoleArray 

type SecretBackendRoleArray []SecretBackendRoleInput

func (SecretBackendRoleArray) ElementType 

func (SecretBackendRoleArray) ElementType() reflect.Type

func (SecretBackendRoleArray) ToSecretBackendRoleArrayOutput 

func (i SecretBackendRoleArray) ToSecretBackendRoleArrayOutput() SecretBackendRoleArrayOutput

func (SecretBackendRoleArray) ToSecretBackendRoleArrayOutputWithContext 

func (i SecretBackendRoleArray) ToSecretBackendRoleArrayOutputWithContext(ctx context.Context) SecretBackendRoleArrayOutput

type SecretBackendRoleArrayInput 

type SecretBackendRoleArrayInput interface {
	pulumi.Input

	ToSecretBackendRoleArrayOutput() SecretBackendRoleArrayOutput
	ToSecretBackendRoleArrayOutputWithContext(context.Context) SecretBackendRoleArrayOutput
}

SecretBackendRoleArrayInput is an input type that accepts SecretBackendRoleArray and SecretBackendRoleArrayOutput values. You can construct a concrete instance of `SecretBackendRoleArrayInput` via: 

SecretBackendRoleArray{ SecretBackendRoleArgs{...} }

type SecretBackendRoleArrayOutput 

type SecretBackendRoleArrayOutput struct{ *pulumi.OutputState }

func (SecretBackendRoleArrayOutput) ElementType 

func (SecretBackendRoleArrayOutput) ElementType() reflect.Type

func (SecretBackendRoleArrayOutput) Index 

func (o SecretBackendRoleArrayOutput) Index(i pulumi.IntInput) SecretBackendRoleOutput

func (SecretBackendRoleArrayOutput) ToSecretBackendRoleArrayOutput 

func (o SecretBackendRoleArrayOutput) ToSecretBackendRoleArrayOutput() SecretBackendRoleArrayOutput

func (SecretBackendRoleArrayOutput) ToSecretBackendRoleArrayOutputWithContext 

func (o SecretBackendRoleArrayOutput) ToSecretBackendRoleArrayOutputWithContext(ctx context.Context) SecretBackendRoleArrayOutput

type SecretBackendRoleInput 

type SecretBackendRoleInput interface {
	pulumi.Input

	ToSecretBackendRoleOutput() SecretBackendRoleOutput
	ToSecretBackendRoleOutputWithContext(ctx context.Context) SecretBackendRoleOutput
}

type SecretBackendRoleMap 

type SecretBackendRoleMap map[string]SecretBackendRoleInput

func (SecretBackendRoleMap) ElementType 

func (SecretBackendRoleMap) ElementType() reflect.Type

func (SecretBackendRoleMap) ToSecretBackendRoleMapOutput 

func (i SecretBackendRoleMap) ToSecretBackendRoleMapOutput() SecretBackendRoleMapOutput

func (SecretBackendRoleMap) ToSecretBackendRoleMapOutputWithContext 

func (i SecretBackendRoleMap) ToSecretBackendRoleMapOutputWithContext(ctx context.Context) SecretBackendRoleMapOutput

type SecretBackendRoleMapInput 

type SecretBackendRoleMapInput interface {
	pulumi.Input

	ToSecretBackendRoleMapOutput() SecretBackendRoleMapOutput
	ToSecretBackendRoleMapOutputWithContext(context.Context) SecretBackendRoleMapOutput
}

SecretBackendRoleMapInput is an input type that accepts SecretBackendRoleMap and SecretBackendRoleMapOutput values. You can construct a concrete instance of `SecretBackendRoleMapInput` via: 

SecretBackendRoleMap{ "key": SecretBackendRoleArgs{...} }

type SecretBackendRoleMapOutput 

type SecretBackendRoleMapOutput struct{ *pulumi.OutputState }

func (SecretBackendRoleMapOutput) ElementType 

func (SecretBackendRoleMapOutput) ElementType() reflect.Type

func (SecretBackendRoleMapOutput) MapIndex 

func (o SecretBackendRoleMapOutput) MapIndex(k pulumi.StringInput) SecretBackendRoleOutput

func (SecretBackendRoleMapOutput) ToSecretBackendRoleMapOutput 

func (o SecretBackendRoleMapOutput) ToSecretBackendRoleMapOutput() SecretBackendRoleMapOutput

func (SecretBackendRoleMapOutput) ToSecretBackendRoleMapOutputWithContext 

func (o SecretBackendRoleMapOutput) ToSecretBackendRoleMapOutputWithContext(ctx context.Context) SecretBackendRoleMapOutput

type SecretBackendRoleOutput 

type SecretBackendRoleOutput struct{ *pulumi.OutputState }

func (SecretBackendRoleOutput) ElementType 

func (SecretBackendRoleOutput) ElementType() reflect.Type

func (SecretBackendRoleOutput) ToSecretBackendRoleOutput 

func (o SecretBackendRoleOutput) ToSecretBackendRoleOutput() SecretBackendRoleOutput

func (SecretBackendRoleOutput) ToSecretBackendRoleOutputWithContext 

func (o SecretBackendRoleOutput) ToSecretBackendRoleOutputWithContext(ctx context.Context) SecretBackendRoleOutput

func (SecretBackendRoleOutput) ToSecretBackendRolePtrOutput 

func (o SecretBackendRoleOutput) ToSecretBackendRolePtrOutput() SecretBackendRolePtrOutput

func (SecretBackendRoleOutput) ToSecretBackendRolePtrOutputWithContext 

func (o SecretBackendRoleOutput) ToSecretBackendRolePtrOutputWithContext(ctx context.Context) SecretBackendRolePtrOutput

type SecretBackendRolePtrInput 

type SecretBackendRolePtrInput interface {
	pulumi.Input

	ToSecretBackendRolePtrOutput() SecretBackendRolePtrOutput
	ToSecretBackendRolePtrOutputWithContext(ctx context.Context) SecretBackendRolePtrOutput
}

type SecretBackendRolePtrOutput 

type SecretBackendRolePtrOutput struct{ *pulumi.OutputState }

func (SecretBackendRolePtrOutput) Elem added in v4.6.0 

func (o SecretBackendRolePtrOutput) Elem() SecretBackendRoleOutput

func (SecretBackendRolePtrOutput) ElementType 

func (SecretBackendRolePtrOutput) ElementType() reflect.Type

func (SecretBackendRolePtrOutput) ToSecretBackendRolePtrOutput 

func (o SecretBackendRolePtrOutput) ToSecretBackendRolePtrOutput() SecretBackendRolePtrOutput

func (SecretBackendRolePtrOutput) ToSecretBackendRolePtrOutputWithContext 

func (o SecretBackendRolePtrOutput) ToSecretBackendRolePtrOutputWithContext(ctx context.Context) SecretBackendRolePtrOutput

type SecretBackendRoleState 

type SecretBackendRoleState struct {
	// The path the AWS secret backend is mounted at,
	// with no leading or trailing `/`s.
	Backend pulumi.StringPtrInput
	// Specifies the type of credential to be used when
	// retrieving credentials from the role. Must be one of `iamUser`, `assumedRole`, or
	// `federationToken`.
	CredentialType pulumi.StringPtrInput
	// The default TTL in seconds for STS credentials.
	// When a TTL is not specified when STS credentials are requested,
	// and a default TTL is specified on the role,
	// then this default TTL will be used. Valid only when `credentialType` is one of
	// `assumedRole` or `federationToken`.
	DefaultStsTtl pulumi.IntPtrInput
	// A list of IAM group names. IAM users generated
	// against this vault role will be added to these IAM Groups. For a credential
	// type of `assumedRole` or `federationToken`, the policies sent to the
	// corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the
	// policies from each group in `iamGroups` combined with the `policyDocument`
	// and `policyArns` parameters.
	IamGroups pulumi.StringArrayInput
	// The max allowed TTL in seconds for STS credentials
	// (credentials TTL are capped to `maxStsTtl`). Valid only when `credentialType` is
	// one of `assumedRole` or `federationToken`.
	MaxStsTtl pulumi.IntPtrInput
	// The name to identify this role within the backend.
	// Must be unique within the backend.
	Name pulumi.StringPtrInput
	// Specifies a list of AWS managed policy ARNs. The
	// behavior depends on the credential type. With `iamUser`, the policies will be
	// attached to IAM users when they are requested. With `assumedRole` and
	// `federationToken`, the policy ARNs will act as a filter on what the credentials
	// can do, similar to `policyDocument`. When `credentialType` is `iamUser` or
	// `federationToken`, at least one of `policyDocument` or `policyArns` must
	// be specified.
	PolicyArns pulumi.StringArrayInput
	// The IAM policy document for the role. The
	// behavior depends on the credential type. With `iamUser`, the policy document
	// will be attached to the IAM user generated and augment the permissions the IAM
	// user has. With `assumedRole` and `federationToken`, the policy document will
	// act as a filter on what the credentials can do, similar to `policyArns`.
	PolicyDocument pulumi.StringPtrInput
	// Specifies the ARNs of the AWS roles this Vault role
	// is allowed to assume. Required when `credentialType` is `assumedRole` and
	// prohibited otherwise.
	RoleArns pulumi.StringArrayInput
}

func (SecretBackendRoleState) ElementType 

func (SecretBackendRoleState) ElementType() reflect.Type

type SecretBackendState 

type SecretBackendState struct {
	// The AWS Access Key ID this backend should use to
	// issue new credentials. Vault uses the official AWS SDK to authenticate, and thus can also use standard AWS environment credentials, shared file credentials or IAM role/ECS task credentials.
	AccessKey pulumi.StringPtrInput
	// The default TTL for credentials
	// issued by this backend.
	DefaultLeaseTtlSeconds pulumi.IntPtrInput
	// A human-friendly description for this backend.
	Description pulumi.StringPtrInput
	// Specifies a custom HTTP IAM endpoint to use.
	IamEndpoint pulumi.StringPtrInput
	// The maximum TTL that can be requested
	// for credentials issued by this backend.
	MaxLeaseTtlSeconds pulumi.IntPtrInput
	// The unique path this backend should be mounted at. Must
	// not begin or end with a `/`. Defaults to `aws`.
	Path pulumi.StringPtrInput
	// The AWS region for API calls. Defaults to `us-east-1`.
	Region pulumi.StringPtrInput
	// The AWS Secret Key this backend should use to
	// issue new credentials. Vault uses the official AWS SDK to authenticate, and thus can also use standard AWS environment credentials, shared file credentials or IAM role/ECS task credentials.
	SecretKey pulumi.StringPtrInput
	// Specifies a custom HTTP STS endpoint to use.
	StsEndpoint pulumi.StringPtrInput
}

func (SecretBackendState) ElementType 

func (SecretBackendState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.