Docs Home Pulumi IaC Pulumi ESC Pulumi Cloud Packages Tutorials
  1. Packages
  2. AWS IAM
  3. API Docs
  4. User
AWS IAM v0.0.3 published on Wednesday, Jun 1, 2022 by Pulumi
pulumi/pulumi-aws-iam

aws-iam.User

Explore with Pulumi AI

AWS IAM v0.0.3 published on Wednesday, Jun 1, 2022 by Pulumi
pulumi/pulumi-aws-iam

This resources helps you create an IAM User, Login Profile, and Access Key. Additionally you can optionally upload an IAM SSH User Public Key.

Example Usage

User

using Pulumi;
using Pulumi.AwsIam;
using Pulumi.AwsIam.Inputs;

class MyStack : Stack
{
    public MyStack()
    {
        var user = new User("user", new UserArgs
        {
            Name = "pulumipus",
            ForceDestroy = true,
            PgpKey = "keybase:test",
            PasswordResetRequired = false,
        });

        this.User = Output.Create<User>(user);
    }

    [Output]
    public Output<User> User { get; set; }
}
Copy
package main

import (
    iam "github.com/pulumi/pulumi-aws-iam/sdk/go/aws-iam"
    "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        user, err := iam.NewUser(ctx, "user", &iam.UserArgs{
            Name:                  pulumi.String("pulumipus"),
            ForceDestroy:          pulumi.BoolPtr(true),
            PgpKey:                pulumi.String("keybase:test"),
            PasswordResetRequired: pulumi.BoolPtr(false),
        })
        if err != nil {
            return err
        }

        ctx.Export("user", user)

        return nil
    })
}
Copy

Coming soon!

import * as iam from "@pulumi/aws-iam";

export const user = new iam.User("aws-iam-example-user", {
    name: "pulumipus",
    forceDestroy: true,
    pgpKey: "keybase:test",
    passwordResetRequired: false,
});
Copy
import pulumi
import pulumi_aws_iam as iam

user = iam.User(
    'user',
    name='pulumipus',
    force_destroy=True,
    pgp_key='keybase:test',
    password_reset_required=False,
)

pulumi.export('user', user)
Copy
name: awsiam-yaml
runtime: yaml
resources:
    user:
        type: "aws-iam:index:User"
        properties:
            name: "pulumipus"
            forceDestroy: true
            pgpKey: "keybase:test"
            passwordResetRequired: false
outputs:
    user: ${user}
Copy

Create User Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new User(name: string, args: UserArgs, opts?: ComponentResourceOptions);
@overload
def User(resource_name: str,
         args: UserArgs,
         opts: Optional[ResourceOptions] = None)

@overload
def User(resource_name: str,
         opts: Optional[ResourceOptions] = None,
         name: Optional[str] = None,
         force_destroy: Optional[bool] = None,
         password_length: Optional[int] = None,
         password_reset_required: Optional[bool] = None,
         path: Optional[str] = None,
         permissions_boundary: Optional[str] = None,
         pgp_key: Optional[str] = None,
         ssh_key_encoding: Optional[str] = None,
         ssh_public_key: Optional[str] = None,
         tags: Optional[Mapping[str, str]] = None,
         upload_iam_user_ssh_key: Optional[bool] = None)
func NewUser(ctx *Context, name string, args UserArgs, opts ...ResourceOption) (*User, error)
public User(string name, UserArgs args, ComponentResourceOptions? opts = null)
public User(String name, UserArgs args)
public User(String name, UserArgs args, ComponentResourceOptions options)

type: aws-iam:User
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. UserArgs
The arguments to resource properties.
opts ComponentResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. UserArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. UserArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. UserArgs
The arguments to resource properties.
opts ComponentResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. UserArgs
The arguments to resource properties.
options ComponentResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var userResource = new AwsIam.User("userResource", new()
{
    Name = "string",
    ForceDestroy = false,
    PasswordLength = 0,
    PasswordResetRequired = false,
    Path = "string",
    PermissionsBoundary = "string",
    PgpKey = "string",
    SshKeyEncoding = "string",
    SshPublicKey = "string",
    Tags = 
    {
        { "string", "string" },
    },
    UploadIamUserSshKey = false,
});
Copy
example, err := awsiam.NewUser(ctx, "userResource", &awsiam.UserArgs{
	Name:                  pulumi.String("string"),
	ForceDestroy:          pulumi.Bool(false),
	PasswordLength:        pulumi.Int(0),
	PasswordResetRequired: pulumi.Bool(false),
	Path:                  pulumi.String("string"),
	PermissionsBoundary:   pulumi.String("string"),
	PgpKey:                pulumi.String("string"),
	SshKeyEncoding:        pulumi.String("string"),
	SshPublicKey:          pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	UploadIamUserSshKey: pulumi.Bool(false),
})
Copy
var userResource = new User("userResource", UserArgs.builder()
    .name("string")
    .forceDestroy(false)
    .passwordLength(0)
    .passwordResetRequired(false)
    .path("string")
    .permissionsBoundary("string")
    .pgpKey("string")
    .sshKeyEncoding("string")
    .sshPublicKey("string")
    .tags(Map.of("string", "string"))
    .uploadIamUserSshKey(false)
    .build());
Copy
user_resource = aws_iam.User("userResource",
    name="string",
    force_destroy=False,
    password_length=0,
    password_reset_required=False,
    path="string",
    permissions_boundary="string",
    pgp_key="string",
    ssh_key_encoding="string",
    ssh_public_key="string",
    tags={
        "string": "string",
    },
    upload_iam_user_ssh_key=False)
Copy
const userResource = new aws_iam.User("userResource", {
    name: "string",
    forceDestroy: false,
    passwordLength: 0,
    passwordResetRequired: false,
    path: "string",
    permissionsBoundary: "string",
    pgpKey: "string",
    sshKeyEncoding: "string",
    sshPublicKey: "string",
    tags: {
        string: "string",
    },
    uploadIamUserSshKey: false,
});
Copy
type: aws-iam:User
properties:
    forceDestroy: false
    name: string
    passwordLength: 0
    passwordResetRequired: false
    path: string
    permissionsBoundary: string
    pgpKey: string
    sshKeyEncoding: string
    sshPublicKey: string
    tags:
        string: string
    uploadIamUserSshKey: false
Copy

User Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The User resource accepts the following input properties:

Name This property is required. string
Desired name for the IAM user.
ForceDestroy bool
When destroying this user, destroy even if it has non-Pulumi-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-Pulumi-managed access keys and login profile will fail to be destroyed.
PasswordLength int
The length of the generated password
PasswordResetRequired bool
Whether the user should be forced to reset the generated password on first login.
Path string
Desired path for the IAM user.
PermissionsBoundary string
The ARN of the policy that is used to set the permissions boundary for the user.
PgpKey string
Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Used to encrypt password and access key.
SshKeyEncoding string
Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.
SshPublicKey string
The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
Tags Dictionary<string, string>
A map of tags to add.
UploadIamUserSshKey bool
Whether to upload a public ssh key to the IAM user.
Name This property is required. string
Desired name for the IAM user.
ForceDestroy bool
When destroying this user, destroy even if it has non-Pulumi-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-Pulumi-managed access keys and login profile will fail to be destroyed.
PasswordLength int
The length of the generated password
PasswordResetRequired bool
Whether the user should be forced to reset the generated password on first login.
Path string
Desired path for the IAM user.
PermissionsBoundary string
The ARN of the policy that is used to set the permissions boundary for the user.
PgpKey string
Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Used to encrypt password and access key.
SshKeyEncoding string
Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.
SshPublicKey string
The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
Tags map[string]string
A map of tags to add.
UploadIamUserSshKey bool
Whether to upload a public ssh key to the IAM user.
name This property is required. String
Desired name for the IAM user.
forceDestroy Boolean
When destroying this user, destroy even if it has non-Pulumi-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-Pulumi-managed access keys and login profile will fail to be destroyed.
passwordLength Integer
The length of the generated password
passwordResetRequired Boolean
Whether the user should be forced to reset the generated password on first login.
path String
Desired path for the IAM user.
permissionsBoundary String
The ARN of the policy that is used to set the permissions boundary for the user.
pgpKey String
Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Used to encrypt password and access key.
sshKeyEncoding String
Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.
sshPublicKey String
The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
tags Map<String,String>
A map of tags to add.
uploadIamUserSshKey Boolean
Whether to upload a public ssh key to the IAM user.
name This property is required. string
Desired name for the IAM user.
forceDestroy boolean
When destroying this user, destroy even if it has non-Pulumi-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-Pulumi-managed access keys and login profile will fail to be destroyed.
passwordLength number
The length of the generated password
passwordResetRequired boolean
Whether the user should be forced to reset the generated password on first login.
path string
Desired path for the IAM user.
permissionsBoundary string
The ARN of the policy that is used to set the permissions boundary for the user.
pgpKey string
Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Used to encrypt password and access key.
sshKeyEncoding string
Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.
sshPublicKey string
The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
tags {[key: string]: string}
A map of tags to add.
uploadIamUserSshKey boolean
Whether to upload a public ssh key to the IAM user.
name This property is required. str
Desired name for the IAM user.
force_destroy bool
When destroying this user, destroy even if it has non-Pulumi-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-Pulumi-managed access keys and login profile will fail to be destroyed.
password_length int
The length of the generated password
password_reset_required bool
Whether the user should be forced to reset the generated password on first login.
path str
Desired path for the IAM user.
permissions_boundary str
The ARN of the policy that is used to set the permissions boundary for the user.
pgp_key str
Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Used to encrypt password and access key.
ssh_key_encoding str
Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.
ssh_public_key str
The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
tags Mapping[str, str]
A map of tags to add.
upload_iam_user_ssh_key bool
Whether to upload a public ssh key to the IAM user.
name This property is required. String
Desired name for the IAM user.
forceDestroy Boolean
When destroying this user, destroy even if it has non-Pulumi-managed IAM access keys, login profile or MFA devices. Without forceDestroy a user with non-Pulumi-managed access keys and login profile will fail to be destroyed.
passwordLength Number
The length of the generated password
passwordResetRequired Boolean
Whether the user should be forced to reset the generated password on first login.
path String
Desired path for the IAM user.
permissionsBoundary String
The ARN of the policy that is used to set the permissions boundary for the user.
pgpKey String
Either a base-64 encoded PGP public key, or a keybase username in the form keybase:username. Used to encrypt password and access key.
sshKeyEncoding String
Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use SSH. To retrieve the public key in PEM format, use PEM.
sshPublicKey String
The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.
tags Map<String>
A map of tags to add.
uploadIamUserSshKey Boolean
Whether to upload a public ssh key to the IAM user.

Outputs

All input properties are implicitly available as output properties. Additionally, the User resource produces the following output properties:

Supporting Types

AccessKeyOutput
, AccessKeyOutputArgs

EncryptedSecret string
The encrypted secret, base64 encoded.
Id string
The access key ID.
KeyFingerprint string
The fingerprint of the PGP key used to encrypt the secret.
Secret string
The access key secret.
SesSmtpPasswordV4 string
The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm.
Status string
Active or Inactive. Keys are initially active, but can be made inactive by other means.
EncryptedSecret string
The encrypted secret, base64 encoded.
Id string
The access key ID.
KeyFingerprint string
The fingerprint of the PGP key used to encrypt the secret.
Secret string
The access key secret.
SesSmtpPasswordV4 string
The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm.
Status string
Active or Inactive. Keys are initially active, but can be made inactive by other means.
encryptedSecret String
The encrypted secret, base64 encoded.
id String
The access key ID.
keyFingerprint String
The fingerprint of the PGP key used to encrypt the secret.
secret String
The access key secret.
sesSmtpPasswordV4 String
The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm.
status String
Active or Inactive. Keys are initially active, but can be made inactive by other means.
encryptedSecret string
The encrypted secret, base64 encoded.
id string
The access key ID.
keyFingerprint string
The fingerprint of the PGP key used to encrypt the secret.
secret string
The access key secret.
sesSmtpPasswordV4 string
The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm.
status string
Active or Inactive. Keys are initially active, but can be made inactive by other means.
encrypted_secret str
The encrypted secret, base64 encoded.
id str
The access key ID.
key_fingerprint str
The fingerprint of the PGP key used to encrypt the secret.
secret str
The access key secret.
ses_smtp_password_v4 str
The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm.
status str
Active or Inactive. Keys are initially active, but can be made inactive by other means.
encryptedSecret String
The encrypted secret, base64 encoded.
id String
The access key ID.
keyFingerprint String
The fingerprint of the PGP key used to encrypt the secret.
secret String
The access key secret.
sesSmtpPasswordV4 String
The secret access key converted into an SES SMTP password by applying AWS's Sigv4 conversion algorithm.
status String
Active or Inactive. Keys are initially active, but can be made inactive by other means.

KeybaseOutput
, KeybaseOutputArgs

PasswordDecryptCommand string
Decrypt user password command.
PasswordPgpMessage string
Encrypted password
SecretKeyDecryptCommand string
Decrypt access secret key command.
SecretKeyPgpMessage string
Encrypted access secret key.
PasswordDecryptCommand string
Decrypt user password command.
PasswordPgpMessage string
Encrypted password
SecretKeyDecryptCommand string
Decrypt access secret key command.
SecretKeyPgpMessage string
Encrypted access secret key.
passwordDecryptCommand String
Decrypt user password command.
passwordPgpMessage String
Encrypted password
secretKeyDecryptCommand String
Decrypt access secret key command.
secretKeyPgpMessage String
Encrypted access secret key.
passwordDecryptCommand string
Decrypt user password command.
passwordPgpMessage string
Encrypted password
secretKeyDecryptCommand string
Decrypt access secret key command.
secretKeyPgpMessage string
Encrypted access secret key.
password_decrypt_command str
Decrypt user password command.
password_pgp_message str
Encrypted password
secret_key_decrypt_command str
Decrypt access secret key command.
secret_key_pgp_message str
Encrypted access secret key.
passwordDecryptCommand String
Decrypt user password command.
passwordPgpMessage String
Encrypted password
secretKeyDecryptCommand String
Decrypt access secret key command.
secretKeyPgpMessage String
Encrypted access secret key.

UserOutput
, UserOutputArgs

Arn This property is required. string
The ARN assigned by AWS for this user.
Name This property is required. string
The user's name.
UniqueId This property is required. string
The unique ID assigned by AWS.
LoginProfileEncryptedPassword string
The encrypted password, base64 encoded.
LoginProfileKeyFingerprint string
The fingerprint of the PGP key used to encrypt the password.
LoginProfilePassword string
The user password.
SshKeyFingerprint string
The unique identifier for the SSH public key.
SshKeySshPublicKeyId string
The unique identifier for the SSH public key
Arn This property is required. string
The ARN assigned by AWS for this user.
Name This property is required. string
The user's name.
UniqueId This property is required. string
The unique ID assigned by AWS.
LoginProfileEncryptedPassword string
The encrypted password, base64 encoded.
LoginProfileKeyFingerprint string
The fingerprint of the PGP key used to encrypt the password.
LoginProfilePassword string
The user password.
SshKeyFingerprint string
The unique identifier for the SSH public key.
SshKeySshPublicKeyId string
The unique identifier for the SSH public key
arn This property is required. String
The ARN assigned by AWS for this user.
name This property is required. String
The user's name.
uniqueId This property is required. String
The unique ID assigned by AWS.
loginProfileEncryptedPassword String
The encrypted password, base64 encoded.
loginProfileKeyFingerprint String
The fingerprint of the PGP key used to encrypt the password.
loginProfilePassword String
The user password.
sshKeyFingerprint String
The unique identifier for the SSH public key.
sshKeySshPublicKeyId String
The unique identifier for the SSH public key
arn This property is required. string
The ARN assigned by AWS for this user.
name This property is required. string
The user's name.
uniqueId This property is required. string
The unique ID assigned by AWS.
loginProfileEncryptedPassword string
The encrypted password, base64 encoded.
loginProfileKeyFingerprint string
The fingerprint of the PGP key used to encrypt the password.
loginProfilePassword string
The user password.
sshKeyFingerprint string
The unique identifier for the SSH public key.
sshKeySshPublicKeyId string
The unique identifier for the SSH public key
arn This property is required. str
The ARN assigned by AWS for this user.
name This property is required. str
The user's name.
unique_id This property is required. str
The unique ID assigned by AWS.
login_profile_encrypted_password str
The encrypted password, base64 encoded.
login_profile_key_fingerprint str
The fingerprint of the PGP key used to encrypt the password.
login_profile_password str
The user password.
ssh_key_fingerprint str
The unique identifier for the SSH public key.
ssh_key_ssh_public_key_id str
The unique identifier for the SSH public key
arn This property is required. String
The ARN assigned by AWS for this user.
name This property is required. String
The user's name.
uniqueId This property is required. String
The unique ID assigned by AWS.
loginProfileEncryptedPassword String
The encrypted password, base64 encoded.
loginProfileKeyFingerprint String
The fingerprint of the PGP key used to encrypt the password.
loginProfilePassword String
The user password.
sshKeyFingerprint String
The unique identifier for the SSH public key.
sshKeySshPublicKeyId String
The unique identifier for the SSH public key

Package Details

Repository
aws-iam
License
AWS IAM v0.0.3 published on Wednesday, Jun 1, 2022 by Pulumi
pulumi/pulumi-aws-iam