Docs Home Pulumi IaC Pulumi ESC Pulumi Cloud Packages Tutorials
  1. Packages
  2. AWS
  3. API Docs
  4. iam
  5. Role
AWS v6.54.0 published on Friday, Sep 27, 2024 by Pulumi
pulumi/pulumi-aws

aws.iam.Role

Explore with Pulumi AI

aws logo
AWS v6.54.0 published on Friday, Sep 27, 2024 by Pulumi
pulumi/pulumi-aws

    Import

    Using pulumi import, import IAM Roles using the name. For example:

    $ pulumi import aws:iam/role:Role developer developer_name

    Create Role Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Role(name: string, args: RoleArgs, opts?: CustomResourceOptions);
    @overload
def Role(resource_name: str,
         args: RoleArgs,
         opts: Optional[ResourceOptions] = None)

@overload
def Role(resource_name: str,
         opts: Optional[ResourceOptions] = None,
         assume_role_policy: Optional[str] = None,
         description: Optional[str] = None,
         force_detach_policies: Optional[bool] = None,
         inline_policies: Optional[Sequence[RoleInlinePolicyArgs]] = None,
         managed_policy_arns: Optional[Sequence[str]] = None,
         max_session_duration: Optional[int] = None,
         name: Optional[str] = None,
         name_prefix: Optional[str] = None,
         path: Optional[str] = None,
         permissions_boundary: Optional[str] = None,
         tags: Optional[Mapping[str, str]] = None)
    func NewRole(ctx *Context, name string, args RoleArgs, opts ...ResourceOption) (*Role, error)
    public Role(string name, RoleArgs args, CustomResourceOptions? opts = null)
    public Role(String name, RoleArgs args)
public Role(String name, RoleArgs args, CustomResourceOptions options)

    type: aws:iam:Role
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

    Parameters

    name string
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var roleResource = new Aws.Iam.Role("roleResource", new()
{
    AssumeRolePolicy = "string",
    Description = "string",
    ForceDetachPolicies = false,
    ManagedPolicyArns = new[]
    {
        "string",
    },
    MaxSessionDuration = 0,
    Name = "string",
    NamePrefix = "string",
    Path = "string",
    PermissionsBoundary = "string",
    Tags = 
    {
        { "string", "string" },
    },
});

    example, err := iam.NewRole(ctx, "roleResource", &iam.RoleArgs{
	AssumeRolePolicy:    pulumi.Any("string"),
	Description:         pulumi.String("string"),
	ForceDetachPolicies: pulumi.Bool(false),
	ManagedPolicyArns: pulumi.StringArray{
		pulumi.String("string"),
	},
	MaxSessionDuration:  pulumi.Int(0),
	Name:                pulumi.String("string"),
	NamePrefix:          pulumi.String("string"),
	Path:                pulumi.String("string"),
	PermissionsBoundary: pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})

    var roleResource = new Role("roleResource", RoleArgs.builder()
    .assumeRolePolicy("string")
    .description("string")
    .forceDetachPolicies(false)
    .managedPolicyArns("string")
    .maxSessionDuration(0)
    .name("string")
    .namePrefix("string")
    .path("string")
    .permissionsBoundary("string")
    .tags(Map.of("string", "string"))
    .build());

    role_resource = aws.iam.Role("roleResource",
    assume_role_policy="string",
    description="string",
    force_detach_policies=False,
    managed_policy_arns=["string"],
    max_session_duration=0,
    name="string",
    name_prefix="string",
    path="string",
    permissions_boundary="string",
    tags={
        "string": "string",
    })

    const roleResource = new aws.iam.Role("roleResource", {
    assumeRolePolicy: "string",
    description: "string",
    forceDetachPolicies: false,
    managedPolicyArns: ["string"],
    maxSessionDuration: 0,
    name: "string",
    namePrefix: "string",
    path: "string",
    permissionsBoundary: "string",
    tags: {
        string: "string",
    },
});

    type: aws:iam:Role
properties:
    assumeRolePolicy: string
    description: string
    forceDetachPolicies: false
    managedPolicyArns:
        - string
    maxSessionDuration: 0
    name: string
    namePrefix: string
    path: string
    permissionsBoundary: string
    tags:
        string: string

    Role Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Role resource accepts the following input properties:

    AssumeRolePolicy string | string

    Policy that grants an entity permission to assume the role.

    NOTE: The assume_role_policy is very similar to but slightly different than a standard IAM policy and cannot use an aws.iam.Policy resource. However, it can use an aws.iam.getPolicyDocument data source. See the example above of how this works.

    The following arguments are optional:

    Description string
    Description of the role.
    ForceDetachPolicies bool
    Whether to force detaching any policies the role has before destroying it. Defaults to false.
    InlinePolicies List<RoleInlinePolicy>

    Deprecated: The inline_policy argument is deprecated. Use the aws.iam.RolePolicy resource instead. If Terraform should exclusively manage all inline policy associations (the current behavior of this argument), use the aws.iam.RolePoliciesExclusive resource as well.

    ManagedPolicyArns List<string>
    MaxSessionDuration int
    Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
    Name string
    Friendly name of the role. If omitted, the provider will assign a random, unique name. See IAM Identifiers for more information.
    NamePrefix string
    Creates a unique friendly name beginning with the specified prefix. Conflicts with name.
    Path string
    Path to the role. See IAM Identifiers for more information.
    PermissionsBoundary string
    ARN of the policy that is used to set the permissions boundary for the role.
    Tags Dictionary<string, string>
    Key-value mapping of tags for the IAM role. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    AssumeRolePolicy string | string

    Policy that grants an entity permission to assume the role.

    NOTE: The assume_role_policy is very similar to but slightly different than a standard IAM policy and cannot use an aws.iam.Policy resource. However, it can use an aws.iam.getPolicyDocument data source. See the example above of how this works.

    The following arguments are optional:

    Description string
    Description of the role.
    ForceDetachPolicies bool
    Whether to force detaching any policies the role has before destroying it. Defaults to false.
    InlinePolicies []RoleInlinePolicyArgs

    Deprecated: The inline_policy argument is deprecated. Use the aws.iam.RolePolicy resource instead. If Terraform should exclusively manage all inline policy associations (the current behavior of this argument), use the aws.iam.RolePoliciesExclusive resource as well.

    ManagedPolicyArns []string
    MaxSessionDuration int
    Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
    Name string
    Friendly name of the role. If omitted, the provider will assign a random, unique name. See IAM Identifiers for more information.
    NamePrefix string
    Creates a unique friendly name beginning with the specified prefix. Conflicts with name.
    Path string
    Path to the role. See IAM Identifiers for more information.
    PermissionsBoundary string
    ARN of the policy that is used to set the permissions boundary for the role.
    Tags map[string]string
    Key-value mapping of tags for the IAM role. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    assumeRolePolicy String | String

    Policy that grants an entity permission to assume the role.

    NOTE: The assume_role_policy is very similar to but slightly different than a standard IAM policy and cannot use an aws.iam.Policy resource. However, it can use an aws.iam.getPolicyDocument data source. See the example above of how this works.

    The following arguments are optional:

    description String
    Description of the role.
    forceDetachPolicies Boolean
    Whether to force detaching any policies the role has before destroying it. Defaults to false.
    inlinePolicies List<RoleInlinePolicy>

    Deprecated: The inline_policy argument is deprecated. Use the aws.iam.RolePolicy resource instead. If Terraform should exclusively manage all inline policy associations (the current behavior of this argument), use the aws.iam.RolePoliciesExclusive resource as well.

    managedPolicyArns List<String>
    maxSessionDuration Integer
    Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
    name String
    Friendly name of the role. If omitted, the provider will assign a random, unique name. See IAM Identifiers for more information.
    namePrefix String
    Creates a unique friendly name beginning with the specified prefix. Conflicts with name.
    path String
    Path to the role. See IAM Identifiers for more information.
    permissionsBoundary String
    ARN of the policy that is used to set the permissions boundary for the role.
    tags Map<String,String>
    Key-value mapping of tags for the IAM role. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    assumeRolePolicy string | PolicyDocument

    Policy that grants an entity permission to assume the role.

    NOTE: The assume_role_policy is very similar to but slightly different than a standard IAM policy and cannot use an aws.iam.Policy resource. However, it can use an aws.iam.getPolicyDocument data source. See the example above of how this works.

    The following arguments are optional:

    description string
    Description of the role.
    forceDetachPolicies boolean
    Whether to force detaching any policies the role has before destroying it. Defaults to false.
    inlinePolicies RoleInlinePolicy[]

    Deprecated: The inline_policy argument is deprecated. Use the aws.iam.RolePolicy resource instead. If Terraform should exclusively manage all inline policy associations (the current behavior of this argument), use the aws.iam.RolePoliciesExclusive resource as well.

    managedPolicyArns string[]
    maxSessionDuration number
    Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
    name string
    Friendly name of the role. If omitted, the provider will assign a random, unique name. See IAM Identifiers for more information.
    namePrefix string
    Creates a unique friendly name beginning with the specified prefix. Conflicts with name.
    path string
    Path to the role. See IAM Identifiers for more information.
    permissionsBoundary string
    ARN of the policy that is used to set the permissions boundary for the role.
    tags {[key: string]: string}
    Key-value mapping of tags for the IAM role. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    assume_role_policy str | str

    Policy that grants an entity permission to assume the role.

    NOTE: The assume_role_policy is very similar to but slightly different than a standard IAM policy and cannot use an aws.iam.Policy resource. However, it can use an aws.iam.getPolicyDocument data source. See the example above of how this works.

    The following arguments are optional:

    description str
    Description of the role.
    force_detach_policies bool
    Whether to force detaching any policies the role has before destroying it. Defaults to false.
    inline_policies Sequence[RoleInlinePolicyArgs]

    Deprecated: The inline_policy argument is deprecated. Use the aws.iam.RolePolicy resource instead. If Terraform should exclusively manage all inline policy associations (the current behavior of this argument), use the aws.iam.RolePoliciesExclusive resource as well.

    managed_policy_arns Sequence[str]
    max_session_duration int
    Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
    name str
    Friendly name of the role. If omitted, the provider will assign a random, unique name. See IAM Identifiers for more information.
    name_prefix str
    Creates a unique friendly name beginning with the specified prefix. Conflicts with name.
    path str
    Path to the role. See IAM Identifiers for more information.
    permissions_boundary str
    ARN of the policy that is used to set the permissions boundary for the role.
    tags Mapping[str, str]
    Key-value mapping of tags for the IAM role. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    assumeRolePolicy String |

    Policy that grants an entity permission to assume the role.

    NOTE: The assume_role_policy is very similar to but slightly different than a standard IAM policy and cannot use an aws.iam.Policy resource. However, it can use an aws.iam.getPolicyDocument data source. See the example above of how this works.

    The following arguments are optional:

    description String
    Description of the role.
    forceDetachPolicies Boolean
    Whether to force detaching any policies the role has before destroying it. Defaults to false.
    inlinePolicies List<Property Map>

    Deprecated: The inline_policy argument is deprecated. Use the aws.iam.RolePolicy resource instead. If Terraform should exclusively manage all inline policy associations (the current behavior of this argument), use the aws.iam.RolePoliciesExclusive resource as well.

    managedPolicyArns List<String>
    maxSessionDuration Number
    Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
    name String
    Friendly name of the role. If omitted, the provider will assign a random, unique name. See IAM Identifiers for more information.
    namePrefix String
    Creates a unique friendly name beginning with the specified prefix. Conflicts with name.
    path String
    Path to the role. See IAM Identifiers for more information.
    permissionsBoundary String
    ARN of the policy that is used to set the permissions boundary for the role.
    tags Map<String>
    Key-value mapping of tags for the IAM role. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Role resource produces the following output properties:

    Arn string
    Amazon Resource Name (ARN) specifying the role.
    CreateDate string
    Creation date of the IAM role.
    Id string
    The provider-assigned unique ID for this managed resource.
    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    UniqueId string
    Stable and unique string identifying the role.
    Arn string
    Amazon Resource Name (ARN) specifying the role.
    CreateDate string
    Creation date of the IAM role.
    Id string
    The provider-assigned unique ID for this managed resource.
    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    UniqueId string
    Stable and unique string identifying the role.
    arn String
    Amazon Resource Name (ARN) specifying the role.
    createDate String
    Creation date of the IAM role.
    id String
    The provider-assigned unique ID for this managed resource.
    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    uniqueId String
    Stable and unique string identifying the role.
    arn string
    Amazon Resource Name (ARN) specifying the role.
    createDate string
    Creation date of the IAM role.
    id string
    The provider-assigned unique ID for this managed resource.
    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    uniqueId string
    Stable and unique string identifying the role.
    arn str
    Amazon Resource Name (ARN) specifying the role.
    create_date str
    Creation date of the IAM role.
    id str
    The provider-assigned unique ID for this managed resource.
    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    unique_id str
    Stable and unique string identifying the role.
    arn String
    Amazon Resource Name (ARN) specifying the role.
    createDate String
    Creation date of the IAM role.
    id String
    The provider-assigned unique ID for this managed resource.
    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    uniqueId String
    Stable and unique string identifying the role.

    Look up Existing Role Resource

    Get an existing Role resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: RoleState, opts?: CustomResourceOptions): Role
    @staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        assume_role_policy: Optional[str] = None,
        create_date: Optional[str] = None,
        description: Optional[str] = None,
        force_detach_policies: Optional[bool] = None,
        inline_policies: Optional[Sequence[RoleInlinePolicyArgs]] = None,
        managed_policy_arns: Optional[Sequence[str]] = None,
        max_session_duration: Optional[int] = None,
        name: Optional[str] = None,
        name_prefix: Optional[str] = None,
        path: Optional[str] = None,
        permissions_boundary: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        unique_id: Optional[str] = None) -> Role
    func GetRole(ctx *Context, name string, id IDInput, state *RoleState, opts ...ResourceOption) (*Role, error)
    public static Role Get(string name, Input<string> id, RoleState? state, CustomResourceOptions? opts = null)
    public static Role get(String name, Output<String> id, RoleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Arn string
    Amazon Resource Name (ARN) specifying the role.
    AssumeRolePolicy string | string

    Policy that grants an entity permission to assume the role.

    NOTE: The assume_role_policy is very similar to but slightly different than a standard IAM policy and cannot use an aws.iam.Policy resource. However, it can use an aws.iam.getPolicyDocument data source. See the example above of how this works.

    The following arguments are optional:

    CreateDate string
    Creation date of the IAM role.
    Description string
    Description of the role.
    ForceDetachPolicies bool
    Whether to force detaching any policies the role has before destroying it. Defaults to false.
    InlinePolicies List<RoleInlinePolicy>

    Deprecated: The inline_policy argument is deprecated. Use the aws.iam.RolePolicy resource instead. If Terraform should exclusively manage all inline policy associations (the current behavior of this argument), use the aws.iam.RolePoliciesExclusive resource as well.

    ManagedPolicyArns List<string>
    MaxSessionDuration int
    Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
    Name string
    Friendly name of the role. If omitted, the provider will assign a random, unique name. See IAM Identifiers for more information.
    NamePrefix string
    Creates a unique friendly name beginning with the specified prefix. Conflicts with name.
    Path string
    Path to the role. See IAM Identifiers for more information.
    PermissionsBoundary string
    ARN of the policy that is used to set the permissions boundary for the role.
    Tags Dictionary<string, string>
    Key-value mapping of tags for the IAM role. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    UniqueId string
    Stable and unique string identifying the role.
    Arn string
    Amazon Resource Name (ARN) specifying the role.
    AssumeRolePolicy string | string

    Policy that grants an entity permission to assume the role.

    NOTE: The assume_role_policy is very similar to but slightly different than a standard IAM policy and cannot use an aws.iam.Policy resource. However, it can use an aws.iam.getPolicyDocument data source. See the example above of how this works.

    The following arguments are optional:

    CreateDate string
    Creation date of the IAM role.
    Description string
    Description of the role.
    ForceDetachPolicies bool
    Whether to force detaching any policies the role has before destroying it. Defaults to false.
    InlinePolicies []RoleInlinePolicyArgs

    Deprecated: The inline_policy argument is deprecated. Use the aws.iam.RolePolicy resource instead. If Terraform should exclusively manage all inline policy associations (the current behavior of this argument), use the aws.iam.RolePoliciesExclusive resource as well.

    ManagedPolicyArns []string
    MaxSessionDuration int
    Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
    Name string
    Friendly name of the role. If omitted, the provider will assign a random, unique name. See IAM Identifiers for more information.
    NamePrefix string
    Creates a unique friendly name beginning with the specified prefix. Conflicts with name.
    Path string
    Path to the role. See IAM Identifiers for more information.
    PermissionsBoundary string
    ARN of the policy that is used to set the permissions boundary for the role.
    Tags map[string]string
    Key-value mapping of tags for the IAM role. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    UniqueId string
    Stable and unique string identifying the role.
    arn String
    Amazon Resource Name (ARN) specifying the role.
    assumeRolePolicy String | String

    Policy that grants an entity permission to assume the role.

    NOTE: The assume_role_policy is very similar to but slightly different than a standard IAM policy and cannot use an aws.iam.Policy resource. However, it can use an aws.iam.getPolicyDocument data source. See the example above of how this works.

    The following arguments are optional:

    createDate String
    Creation date of the IAM role.
    description String
    Description of the role.
    forceDetachPolicies Boolean
    Whether to force detaching any policies the role has before destroying it. Defaults to false.
    inlinePolicies List<RoleInlinePolicy>

    Deprecated: The inline_policy argument is deprecated. Use the aws.iam.RolePolicy resource instead. If Terraform should exclusively manage all inline policy associations (the current behavior of this argument), use the aws.iam.RolePoliciesExclusive resource as well.

    managedPolicyArns List<String>
    maxSessionDuration Integer
    Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
    name String
    Friendly name of the role. If omitted, the provider will assign a random, unique name. See IAM Identifiers for more information.
    namePrefix String
    Creates a unique friendly name beginning with the specified prefix. Conflicts with name.
    path String
    Path to the role. See IAM Identifiers for more information.
    permissionsBoundary String
    ARN of the policy that is used to set the permissions boundary for the role.
    tags Map<String,String>
    Key-value mapping of tags for the IAM role. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    uniqueId String
    Stable and unique string identifying the role.
    arn string
    Amazon Resource Name (ARN) specifying the role.
    assumeRolePolicy string | PolicyDocument

    Policy that grants an entity permission to assume the role.

    NOTE: The assume_role_policy is very similar to but slightly different than a standard IAM policy and cannot use an aws.iam.Policy resource. However, it can use an aws.iam.getPolicyDocument data source. See the example above of how this works.

    The following arguments are optional:

    createDate string
    Creation date of the IAM role.
    description string
    Description of the role.
    forceDetachPolicies boolean
    Whether to force detaching any policies the role has before destroying it. Defaults to false.
    inlinePolicies RoleInlinePolicy[]

    Deprecated: The inline_policy argument is deprecated. Use the aws.iam.RolePolicy resource instead. If Terraform should exclusively manage all inline policy associations (the current behavior of this argument), use the aws.iam.RolePoliciesExclusive resource as well.

    managedPolicyArns string[]
    maxSessionDuration number
    Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
    name string
    Friendly name of the role. If omitted, the provider will assign a random, unique name. See IAM Identifiers for more information.
    namePrefix string
    Creates a unique friendly name beginning with the specified prefix. Conflicts with name.
    path string
    Path to the role. See IAM Identifiers for more information.
    permissionsBoundary string
    ARN of the policy that is used to set the permissions boundary for the role.
    tags {[key: string]: string}
    Key-value mapping of tags for the IAM role. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    uniqueId string
    Stable and unique string identifying the role.
    arn str
    Amazon Resource Name (ARN) specifying the role.
    assume_role_policy str | str

    Policy that grants an entity permission to assume the role.

    NOTE: The assume_role_policy is very similar to but slightly different than a standard IAM policy and cannot use an aws.iam.Policy resource. However, it can use an aws.iam.getPolicyDocument data source. See the example above of how this works.

    The following arguments are optional:

    create_date str
    Creation date of the IAM role.
    description str
    Description of the role.
    force_detach_policies bool
    Whether to force detaching any policies the role has before destroying it. Defaults to false.
    inline_policies Sequence[RoleInlinePolicyArgs]

    Deprecated: The inline_policy argument is deprecated. Use the aws.iam.RolePolicy resource instead. If Terraform should exclusively manage all inline policy associations (the current behavior of this argument), use the aws.iam.RolePoliciesExclusive resource as well.

    managed_policy_arns Sequence[str]
    max_session_duration int
    Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
    name str
    Friendly name of the role. If omitted, the provider will assign a random, unique name. See IAM Identifiers for more information.
    name_prefix str
    Creates a unique friendly name beginning with the specified prefix. Conflicts with name.
    path str
    Path to the role. See IAM Identifiers for more information.
    permissions_boundary str
    ARN of the policy that is used to set the permissions boundary for the role.
    tags Mapping[str, str]
    Key-value mapping of tags for the IAM role. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    unique_id str
    Stable and unique string identifying the role.
    arn String
    Amazon Resource Name (ARN) specifying the role.
    assumeRolePolicy String |

    Policy that grants an entity permission to assume the role.

    NOTE: The assume_role_policy is very similar to but slightly different than a standard IAM policy and cannot use an aws.iam.Policy resource. However, it can use an aws.iam.getPolicyDocument data source. See the example above of how this works.

    The following arguments are optional:

    createDate String
    Creation date of the IAM role.
    description String
    Description of the role.
    forceDetachPolicies Boolean
    Whether to force detaching any policies the role has before destroying it. Defaults to false.
    inlinePolicies List<Property Map>

    Deprecated: The inline_policy argument is deprecated. Use the aws.iam.RolePolicy resource instead. If Terraform should exclusively manage all inline policy associations (the current behavior of this argument), use the aws.iam.RolePoliciesExclusive resource as well.

    managedPolicyArns List<String>
    maxSessionDuration Number
    Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
    name String
    Friendly name of the role. If omitted, the provider will assign a random, unique name. See IAM Identifiers for more information.
    namePrefix String
    Creates a unique friendly name beginning with the specified prefix. Conflicts with name.
    path String
    Path to the role. See IAM Identifiers for more information.
    permissionsBoundary String
    ARN of the policy that is used to set the permissions boundary for the role.
    tags Map<String>
    Key-value mapping of tags for the IAM role. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    uniqueId String
    Stable and unique string identifying the role.

    Supporting Types

    RoleInlinePolicy, RoleInlinePolicyArgs

    Name string
    Name of the role policy.
    Policy string
    Policy document as a JSON formatted string.
    Name string
    Name of the role policy.
    Policy string
    Policy document as a JSON formatted string.
    name String
    Name of the role policy.
    policy String
    Policy document as a JSON formatted string.
    name string
    Name of the role policy.
    policy string
    Policy document as a JSON formatted string.
    name str
    Name of the role policy.
    policy str
    Policy document as a JSON formatted string.
    name String
    Name of the role policy.
    policy String
    Policy document as a JSON formatted string.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo
    AWS v6.54.0 published on Friday, Sep 27, 2024 by Pulumi
    pulumi/pulumi-aws