AWS v6.54.0, Sep 27 24

AWS v6.54.0 published on Friday, Sep 27, 2024 by Pulumi

aws.iam.getSessionContext

Explore with Pulumi AI

AWS v6.54.0 published on Friday, Sep 27, 2024 by Pulumi

pulumi/pulumi-aws

Example Usage

Basic Example

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = aws.iam.getSessionContext({
    arn: "arn:aws:sts::123456789012:assumed-role/Audien-Heaven/MatyNoyes",
});

import pulumi
import pulumi_aws as aws

example = aws.iam.get_session_context(arn="arn:aws:sts::123456789012:assumed-role/Audien-Heaven/MatyNoyes")

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.GetSessionContext(ctx, &iam.GetSessionContextArgs{
			Arn: "arn:aws:sts::123456789012:assumed-role/Audien-Heaven/MatyNoyes",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = Aws.Iam.GetSessionContext.Invoke(new()
    {
        Arn = "arn:aws:sts::123456789012:assumed-role/Audien-Heaven/MatyNoyes",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetSessionContextArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = IamFunctions.getSessionContext(GetSessionContextArgs.builder()
            .arn("arn:aws:sts::123456789012:assumed-role/Audien-Heaven/MatyNoyes")
            .build());

    }
}

variables:
  example:
    fn::invoke:
      Function: aws:iam:getSessionContext
      Arguments:
        arn: arn:aws:sts::123456789012:assumed-role/Audien-Heaven/MatyNoyes

Find the Runner’s Source Role

Combined with aws.getCallerIdentity, you can get the current user’s source IAM role ARN (issuer_arn) if you’re using an assumed role. If you’re not using an assumed role, the caller’s (e.g., an IAM user’s) ARN will simply be passed through. In environments where both IAM users and individuals using assumed roles need to apply the same configurations, this data source enables seamless use.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const current = aws.getCallerIdentity({});
const example = current.then(current => aws.iam.getSessionContext({
    arn: current.arn,
}));

import pulumi
import pulumi_aws as aws

current = aws.get_caller_identity()
example = aws.iam.get_session_context(arn=current.arn)

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		current, err := aws.GetCallerIdentity(ctx, nil, nil)
		if err != nil {
			return err
		}
		_, err = iam.GetSessionContext(ctx, &iam.GetSessionContextArgs{
			Arn: current.Arn,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var current = Aws.GetCallerIdentity.Invoke();

    var example = Aws.Iam.GetSessionContext.Invoke(new()
    {
        Arn = current.Apply(getCallerIdentityResult => getCallerIdentityResult.Arn),
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetSessionContextArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var current = AwsFunctions.getCallerIdentity();

        final var example = IamFunctions.getSessionContext(GetSessionContextArgs.builder()
            .arn(current.applyValue(getCallerIdentityResult -> getCallerIdentityResult.arn()))
            .build());

    }
}

variables:
  current:
    fn::invoke:
      Function: aws:getCallerIdentity
      Arguments: {}
  example:
    fn::invoke:
      Function: aws:iam:getSessionContext
      Arguments:
        arn: ${current.arn}

Using getSessionContext

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getSessionContext(args: GetSessionContextArgs, opts?: InvokeOptions): Promise<GetSessionContextResult>
function getSessionContextOutput(args: GetSessionContextOutputArgs, opts?: InvokeOptions): Output<GetSessionContextResult>

def get_session_context(arn: Optional[str] = None,
                        opts: Optional[InvokeOptions] = None) -> GetSessionContextResult
def get_session_context_output(arn: Optional[pulumi.Input[str]] = None,
                        opts: Optional[InvokeOptions] = None) -> Output[GetSessionContextResult]

func GetSessionContext(ctx *Context, args *GetSessionContextArgs, opts ...InvokeOption) (*GetSessionContextResult, error)
func GetSessionContextOutput(ctx *Context, args *GetSessionContextOutputArgs, opts ...InvokeOption) GetSessionContextResultOutput

> Note: This function is named GetSessionContext in the Go SDK.

public static class GetSessionContext 
{
    public static Task<GetSessionContextResult> InvokeAsync(GetSessionContextArgs args, InvokeOptions? opts = null)
    public static Output<GetSessionContextResult> Invoke(GetSessionContextInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetSessionContextResult> getSessionContext(GetSessionContextArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

fn::invoke:
  function: aws:iam/getSessionContext:getSessionContext
  arguments:
    # arguments dictionary

The following arguments are supported:

Arn string: ARN for an assumed role.
If arn is a non-role ARN, Pulumi gives no error and issuer_arn will be equal to the arn value. For STS assumed-role ARNs, Pulumi gives an error if the identified IAM role does not exist.

Arn string: ARN for an assumed role.
If arn is a non-role ARN, Pulumi gives no error and issuer_arn will be equal to the arn value. For STS assumed-role ARNs, Pulumi gives an error if the identified IAM role does not exist.

arn String: ARN for an assumed role.
If arn is a non-role ARN, Pulumi gives no error and issuer_arn will be equal to the arn value. For STS assumed-role ARNs, Pulumi gives an error if the identified IAM role does not exist.

arn string: ARN for an assumed role.
If arn is a non-role ARN, Pulumi gives no error and issuer_arn will be equal to the arn value. For STS assumed-role ARNs, Pulumi gives an error if the identified IAM role does not exist.

arn str: ARN for an assumed role.
If arn is a non-role ARN, Pulumi gives no error and issuer_arn will be equal to the arn value. For STS assumed-role ARNs, Pulumi gives an error if the identified IAM role does not exist.

arn String: ARN for an assumed role.
If arn is a non-role ARN, Pulumi gives no error and issuer_arn will be equal to the arn value. For STS assumed-role ARNs, Pulumi gives an error if the identified IAM role does not exist.

getSessionContext Result

The following output properties are available:

Arn string
Id string: The provider-assigned unique ID for this managed resource.
IssuerArn string: IAM source role ARN if arn corresponds to an STS assumed role. Otherwise, issuer_arn is equal to arn.
IssuerId string: Unique identifier of the IAM role that issues the STS assumed role.
IssuerName string: Name of the source role. Only available if arn corresponds to an STS assumed role.
SessionName string: Name of the STS session. Only available if arn corresponds to an STS assumed role.

Arn string
Id string: The provider-assigned unique ID for this managed resource.
IssuerArn string: IAM source role ARN if arn corresponds to an STS assumed role. Otherwise, issuer_arn is equal to arn.
IssuerId string: Unique identifier of the IAM role that issues the STS assumed role.
IssuerName string: Name of the source role. Only available if arn corresponds to an STS assumed role.
SessionName string: Name of the STS session. Only available if arn corresponds to an STS assumed role.

arn String
id String: The provider-assigned unique ID for this managed resource.
issuerArn String: IAM source role ARN if arn corresponds to an STS assumed role. Otherwise, issuer_arn is equal to arn.
issuerId String: Unique identifier of the IAM role that issues the STS assumed role.
issuerName String: Name of the source role. Only available if arn corresponds to an STS assumed role.
sessionName String: Name of the STS session. Only available if arn corresponds to an STS assumed role.

arn string
id string: The provider-assigned unique ID for this managed resource.
issuerArn string: IAM source role ARN if arn corresponds to an STS assumed role. Otherwise, issuer_arn is equal to arn.
issuerId string: Unique identifier of the IAM role that issues the STS assumed role.
issuerName string: Name of the source role. Only available if arn corresponds to an STS assumed role.
sessionName string: Name of the STS session. Only available if arn corresponds to an STS assumed role.

arn str
id str: The provider-assigned unique ID for this managed resource.
issuer_arn str: IAM source role ARN if arn corresponds to an STS assumed role. Otherwise, issuer_arn is equal to arn.
issuer_id str: Unique identifier of the IAM role that issues the STS assumed role.
issuer_name str: Name of the source role. Only available if arn corresponds to an STS assumed role.
session_name str: Name of the STS session. Only available if arn corresponds to an STS assumed role.

arn String
id String: The provider-assigned unique ID for this managed resource.
issuerArn String: IAM source role ARN if arn corresponds to an STS assumed role. Otherwise, issuer_arn is equal to arn.
issuerId String: Unique identifier of the IAM role that issues the STS assumed role.
issuerName String: Name of the source role. Only available if arn corresponds to an STS assumed role.
sessionName String: Name of the STS session. Only available if arn corresponds to an STS assumed role.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

AWS v6.54.0 published on Friday, Sep 27, 2024 by Pulumi

pulumi/pulumi-aws

aws.iam.getSessionContext

On this page

On this page

Example Usage

Basic Example

Find the Runner’s Source Role

Using getSessionContext

getSessionContext Result

Package Details

On this page

On this page