@pulumi/aws 6.60.0 → 6.61.0-alpha.1732150623
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/iam/rolePoliciesExclusive.d.ts +38 -0
- package/iam/rolePoliciesExclusive.js +38 -0
- package/iam/rolePoliciesExclusive.js.map +1 -1
- package/iam/rolePolicyAttachmentsExclusive.d.ts +38 -0
- package/iam/rolePolicyAttachmentsExclusive.js +38 -0
- package/iam/rolePolicyAttachmentsExclusive.js.map +1 -1
- package/package.json +2 -2
|
@@ -1,5 +1,43 @@
|
|
|
1
1
|
import * as pulumi from "@pulumi/pulumi";
|
|
2
2
|
/**
|
|
3
|
+
* > **NOTE:**: To reliably detect drift between customer managed inline policies listed in this resource and actual policies attached to the role in the cloud, you currently need to run Pulumi with `pulumi up --refresh`. See [#4766](https://github.com/pulumi/pulumi-aws/issues/4766) for tracking making this work with regular `pulumi up` invocations.
|
|
4
|
+
*
|
|
5
|
+
* Resource for maintaining exclusive management of inline policies assigned to an AWS IAM (Identity & Access Management) role.
|
|
6
|
+
*
|
|
7
|
+
* !> This resource takes exclusive ownership over inline policies assigned to a role. This includes removal of inline policies which are not explicitly configured. To prevent persistent drift, ensure any `aws.iam.RolePolicy` resources managed alongside this resource are included in the `policyNames` argument.
|
|
8
|
+
*
|
|
9
|
+
* > Destruction of this resource means Pulumi will no longer manage reconciliation of the configured inline policy assignments. It __will not__ delete the configured policies from the role.
|
|
10
|
+
*
|
|
11
|
+
* ## Example Usage
|
|
12
|
+
*
|
|
13
|
+
* ### Basic Usage
|
|
14
|
+
*
|
|
15
|
+
* ```typescript
|
|
16
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
17
|
+
* import * as aws from "@pulumi/aws";
|
|
18
|
+
*
|
|
19
|
+
* const example = new aws.iam.RolePoliciesExclusive("example", {
|
|
20
|
+
* roleName: exampleAwsIamRole.name,
|
|
21
|
+
* policyNames: [exampleAwsIamRolePolicy.name],
|
|
22
|
+
* });
|
|
23
|
+
* ```
|
|
24
|
+
*
|
|
25
|
+
* ### Disallow Inline Policies
|
|
26
|
+
*
|
|
27
|
+
* To automatically remove any configured inline policies, set the `policyNames` argument to an empty list.
|
|
28
|
+
*
|
|
29
|
+
* > This will not __prevent__ inline policies from being assigned to a role via Pulumi (or any other interface). This resource enables bringing inline policy assignments into a configured state, however, this reconciliation happens only when `apply` is proactively run.
|
|
30
|
+
*
|
|
31
|
+
* ```typescript
|
|
32
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
33
|
+
* import * as aws from "@pulumi/aws";
|
|
34
|
+
*
|
|
35
|
+
* const example = new aws.iam.RolePoliciesExclusive("example", {
|
|
36
|
+
* roleName: exampleAwsIamRole.name,
|
|
37
|
+
* policyNames: [],
|
|
38
|
+
* });
|
|
39
|
+
* ```
|
|
40
|
+
*
|
|
3
41
|
* ## Import
|
|
4
42
|
*
|
|
5
43
|
* Using `pulumi import`, import exclusive management of inline policy assignments using the `role_name`. For example:
|
|
@@ -6,6 +6,44 @@ exports.RolePoliciesExclusive = void 0;
|
|
|
6
6
|
const pulumi = require("@pulumi/pulumi");
|
|
7
7
|
const utilities = require("../utilities");
|
|
8
8
|
/**
|
|
9
|
+
* > **NOTE:**: To reliably detect drift between customer managed inline policies listed in this resource and actual policies attached to the role in the cloud, you currently need to run Pulumi with `pulumi up --refresh`. See [#4766](https://github.com/pulumi/pulumi-aws/issues/4766) for tracking making this work with regular `pulumi up` invocations.
|
|
10
|
+
*
|
|
11
|
+
* Resource for maintaining exclusive management of inline policies assigned to an AWS IAM (Identity & Access Management) role.
|
|
12
|
+
*
|
|
13
|
+
* !> This resource takes exclusive ownership over inline policies assigned to a role. This includes removal of inline policies which are not explicitly configured. To prevent persistent drift, ensure any `aws.iam.RolePolicy` resources managed alongside this resource are included in the `policyNames` argument.
|
|
14
|
+
*
|
|
15
|
+
* > Destruction of this resource means Pulumi will no longer manage reconciliation of the configured inline policy assignments. It __will not__ delete the configured policies from the role.
|
|
16
|
+
*
|
|
17
|
+
* ## Example Usage
|
|
18
|
+
*
|
|
19
|
+
* ### Basic Usage
|
|
20
|
+
*
|
|
21
|
+
* ```typescript
|
|
22
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
23
|
+
* import * as aws from "@pulumi/aws";
|
|
24
|
+
*
|
|
25
|
+
* const example = new aws.iam.RolePoliciesExclusive("example", {
|
|
26
|
+
* roleName: exampleAwsIamRole.name,
|
|
27
|
+
* policyNames: [exampleAwsIamRolePolicy.name],
|
|
28
|
+
* });
|
|
29
|
+
* ```
|
|
30
|
+
*
|
|
31
|
+
* ### Disallow Inline Policies
|
|
32
|
+
*
|
|
33
|
+
* To automatically remove any configured inline policies, set the `policyNames` argument to an empty list.
|
|
34
|
+
*
|
|
35
|
+
* > This will not __prevent__ inline policies from being assigned to a role via Pulumi (or any other interface). This resource enables bringing inline policy assignments into a configured state, however, this reconciliation happens only when `apply` is proactively run.
|
|
36
|
+
*
|
|
37
|
+
* ```typescript
|
|
38
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
39
|
+
* import * as aws from "@pulumi/aws";
|
|
40
|
+
*
|
|
41
|
+
* const example = new aws.iam.RolePoliciesExclusive("example", {
|
|
42
|
+
* roleName: exampleAwsIamRole.name,
|
|
43
|
+
* policyNames: [],
|
|
44
|
+
* });
|
|
45
|
+
* ```
|
|
46
|
+
*
|
|
9
47
|
* ## Import
|
|
10
48
|
*
|
|
11
49
|
* Using `pulumi import`, import exclusive management of inline policy assignments using the `role_name`. For example:
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rolePoliciesExclusive.js","sourceRoot":"","sources":["../../iam/rolePoliciesExclusive.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAE1C
|
|
1
|
+
{"version":3,"file":"rolePoliciesExclusive.js","sourceRoot":"","sources":["../../iam/rolePoliciesExclusive.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8CG;AACH,MAAa,qBAAsB,SAAQ,MAAM,CAAC,cAAc;IAC5D;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAkC,EAAE,IAAmC;QAChI,OAAO,IAAI,qBAAqB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC5E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,qBAAqB,CAAC,YAAY,CAAC;IACtE,CAAC;IAmBD,YAAY,IAAY,EAAE,WAAoE,EAAE,IAAmC;QAC/H,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAqD,CAAC;YACpE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;SACnE;aAAM;YACH,MAAM,IAAI,GAAG,WAAoD,CAAC;YAClE,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACxD,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;aAC9D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACrD,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;aAC3D;YACD,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;SACjE;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,qBAAqB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC1E,CAAC;;AAjEL,sDAkEC;AApDG,gBAAgB;AACO,kCAAY,GAAG,qDAAqD,CAAC"}
|
|
@@ -1,5 +1,43 @@
|
|
|
1
1
|
import * as pulumi from "@pulumi/pulumi";
|
|
2
2
|
/**
|
|
3
|
+
* > **NOTE:**: To reliably detect drift between customer managed policies listed in this resource and actual policies attached to the role in the cloud, you currently need to run Pulumi with `pulumi up --refresh`. See [#4766](https://github.com/pulumi/pulumi-aws/issues/4766) for tracking making this work with regular `pulumi up`
|
|
4
|
+
*
|
|
5
|
+
* Resource for maintaining exclusive management of customer managed policies assigned to an AWS IAM (Identity & Access Management) role.
|
|
6
|
+
*
|
|
7
|
+
* !> This resource takes exclusive ownership over customer managed policies attached to a role. This includes removal of customer managed policies which are not explicitly configured. To prevent persistent drift, ensure any `aws.iam.RolePolicyAttachment` resources managed alongside this resource are included in the `policyArns` argument.
|
|
8
|
+
*
|
|
9
|
+
* > Destruction of this resource means Pulumi will no longer manage reconciliation of the configured policy attachments. It __will not__ detach the configured policies from the role.
|
|
10
|
+
*
|
|
11
|
+
* ## Example Usage
|
|
12
|
+
*
|
|
13
|
+
* ### Basic Usage
|
|
14
|
+
*
|
|
15
|
+
* ```typescript
|
|
16
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
17
|
+
* import * as aws from "@pulumi/aws";
|
|
18
|
+
*
|
|
19
|
+
* const example = new aws.iam.RolePolicyAttachmentsExclusive("example", {
|
|
20
|
+
* roleName: exampleAwsIamRole.name,
|
|
21
|
+
* policyArns: [exampleAwsIamPolicy.arn],
|
|
22
|
+
* });
|
|
23
|
+
* ```
|
|
24
|
+
*
|
|
25
|
+
* ### Disallow Customer Managed Policies
|
|
26
|
+
*
|
|
27
|
+
* To automatically remove any configured customer managed policies, set the `policyArns` argument to an empty list.
|
|
28
|
+
*
|
|
29
|
+
* > This will not __prevent__ customer managed policies from being assigned to a role via Pulumi (or any other interface). This resource enables bringing customer managed policy assignments into a configured state, however, this reconciliation happens only when `apply` is proactively run.
|
|
30
|
+
*
|
|
31
|
+
* ```typescript
|
|
32
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
33
|
+
* import * as aws from "@pulumi/aws";
|
|
34
|
+
*
|
|
35
|
+
* const example = new aws.iam.RolePolicyAttachmentsExclusive("example", {
|
|
36
|
+
* roleName: exampleAwsIamRole.name,
|
|
37
|
+
* policyArns: [],
|
|
38
|
+
* });
|
|
39
|
+
* ```
|
|
40
|
+
*
|
|
3
41
|
* ## Import
|
|
4
42
|
*
|
|
5
43
|
* Using `pulumi import`, import exclusive management of customer managed policy assignments using the `role_name`. For example:
|
|
@@ -6,6 +6,44 @@ exports.RolePolicyAttachmentsExclusive = void 0;
|
|
|
6
6
|
const pulumi = require("@pulumi/pulumi");
|
|
7
7
|
const utilities = require("../utilities");
|
|
8
8
|
/**
|
|
9
|
+
* > **NOTE:**: To reliably detect drift between customer managed policies listed in this resource and actual policies attached to the role in the cloud, you currently need to run Pulumi with `pulumi up --refresh`. See [#4766](https://github.com/pulumi/pulumi-aws/issues/4766) for tracking making this work with regular `pulumi up`
|
|
10
|
+
*
|
|
11
|
+
* Resource for maintaining exclusive management of customer managed policies assigned to an AWS IAM (Identity & Access Management) role.
|
|
12
|
+
*
|
|
13
|
+
* !> This resource takes exclusive ownership over customer managed policies attached to a role. This includes removal of customer managed policies which are not explicitly configured. To prevent persistent drift, ensure any `aws.iam.RolePolicyAttachment` resources managed alongside this resource are included in the `policyArns` argument.
|
|
14
|
+
*
|
|
15
|
+
* > Destruction of this resource means Pulumi will no longer manage reconciliation of the configured policy attachments. It __will not__ detach the configured policies from the role.
|
|
16
|
+
*
|
|
17
|
+
* ## Example Usage
|
|
18
|
+
*
|
|
19
|
+
* ### Basic Usage
|
|
20
|
+
*
|
|
21
|
+
* ```typescript
|
|
22
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
23
|
+
* import * as aws from "@pulumi/aws";
|
|
24
|
+
*
|
|
25
|
+
* const example = new aws.iam.RolePolicyAttachmentsExclusive("example", {
|
|
26
|
+
* roleName: exampleAwsIamRole.name,
|
|
27
|
+
* policyArns: [exampleAwsIamPolicy.arn],
|
|
28
|
+
* });
|
|
29
|
+
* ```
|
|
30
|
+
*
|
|
31
|
+
* ### Disallow Customer Managed Policies
|
|
32
|
+
*
|
|
33
|
+
* To automatically remove any configured customer managed policies, set the `policyArns` argument to an empty list.
|
|
34
|
+
*
|
|
35
|
+
* > This will not __prevent__ customer managed policies from being assigned to a role via Pulumi (or any other interface). This resource enables bringing customer managed policy assignments into a configured state, however, this reconciliation happens only when `apply` is proactively run.
|
|
36
|
+
*
|
|
37
|
+
* ```typescript
|
|
38
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
39
|
+
* import * as aws from "@pulumi/aws";
|
|
40
|
+
*
|
|
41
|
+
* const example = new aws.iam.RolePolicyAttachmentsExclusive("example", {
|
|
42
|
+
* roleName: exampleAwsIamRole.name,
|
|
43
|
+
* policyArns: [],
|
|
44
|
+
* });
|
|
45
|
+
* ```
|
|
46
|
+
*
|
|
9
47
|
* ## Import
|
|
10
48
|
*
|
|
11
49
|
* Using `pulumi import`, import exclusive management of customer managed policy assignments using the `role_name`. For example:
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rolePolicyAttachmentsExclusive.js","sourceRoot":"","sources":["../../iam/rolePolicyAttachmentsExclusive.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAE1C
|
|
1
|
+
{"version":3,"file":"rolePolicyAttachmentsExclusive.js","sourceRoot":"","sources":["../../iam/rolePolicyAttachmentsExclusive.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8CG;AACH,MAAa,8BAA+B,SAAQ,MAAM,CAAC,cAAc;IACrE;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA2C,EAAE,IAAmC;QACzI,OAAO,IAAI,8BAA8B,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACrF,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,8BAA8B,CAAC,YAAY,CAAC;IAC/E,CAAC;IAmBD,YAAY,IAAY,EAAE,WAAsF,EAAE,IAAmC;QACjJ,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA8D,CAAC;YAC7E,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;SACnE;aAAM;YACH,MAAM,IAAI,GAAG,WAA6D,CAAC;YAC3E,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACvD,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;aAC7D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACrD,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;aAC3D;YACD,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;SACjE;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,8BAA8B,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACnF,CAAC;;AAjEL,wEAkEC;AApDG,gBAAgB;AACO,2CAAY,GAAG,uEAAuE,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@pulumi/aws",
|
|
3
|
-
"version": "6.
|
|
3
|
+
"version": "6.61.0-alpha.1732150623",
|
|
4
4
|
"description": "A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"pulumi",
|
|
@@ -26,6 +26,6 @@
|
|
|
26
26
|
"pulumi": {
|
|
27
27
|
"resource": true,
|
|
28
28
|
"name": "aws",
|
|
29
|
-
"version": "6.
|
|
29
|
+
"version": "6.61.0-alpha.1732150623"
|
|
30
30
|
}
|
|
31
31
|
}
|