Package com.pulumi.aws.iam

Class User

  • public class User
extends com.pulumi.resources.CustomResource
    Provides an IAM user. > *NOTE:* If policies are attached to the user via the `aws.iam.PolicyAttachment` resource and you are modifying the user `name` or `path`, the `force_destroy` argument must be set to `true` and applied before attempting the operation otherwise you will encounter a `DeleteConflict` error. The `aws.iam.UserPolicyAttachment` resource (recommended) does not have this requirement. ## Example Usage <!--Start PulumiCodeChooser --> 
     
 package generated_program;
 
 import com.pulumi.Context;
 import com.pulumi.Pulumi;
 import com.pulumi.core.Output;
 import com.pulumi.aws.iam.User;
 import com.pulumi.aws.iam.UserArgs;
 import com.pulumi.aws.iam.AccessKey;
 import com.pulumi.aws.iam.AccessKeyArgs;
 import com.pulumi.aws.iam.IamFunctions;
 import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
 import com.pulumi.aws.iam.UserPolicy;
 import com.pulumi.aws.iam.UserPolicyArgs;
 import java.util.List;
 import java.util.ArrayList;
 import java.util.Map;
 import java.io.File;
 import java.nio.file.Files;
 import java.nio.file.Paths;
 
 public class App {
     public static void main(String[] args) {
         Pulumi.run(App::stack);
     }
 
     public static void stack(Context ctx) {
         var lb = new User("lb", UserArgs.builder()        
             .name("loadbalancer")
             .path("/system/")
             .tags(Map.of("tag-key", "tag-value"))
             .build());
 
         var lbAccessKey = new AccessKey("lbAccessKey", AccessKeyArgs.builder()        
             .user(lb.name())
             .build());
 
         final var lbRo = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
             .statements(GetPolicyDocumentStatementArgs.builder()
                 .effect("Allow")
                 .actions("ec2:Describe*")
                 .resources("*")
                 .build())
             .build());
 
         var lbRoUserPolicy = new UserPolicy("lbRoUserPolicy", UserPolicyArgs.builder()        
             .name("test")
             .user(lb.name())
             .policy(lbRo.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
             .build());
 
     }
 }
    <!--End PulumiCodeChooser --> ## Import Using `pulumi import`, import IAM Users using the `name`. For example: ```sh $ pulumi import aws:iam/user:User lb loadbalancer ```

    • Nested Class Summary

      • Nested classes/interfaces inherited from class com.pulumi.resources.CustomResource

        com.pulumi.resources.CustomResource.CustomResourceInternal

      • Nested classes/interfaces inherited from class com.pulumi.resources.Resource

        com.pulumi.resources.Resource.LazyField<T extends java.lang.Object>, com.pulumi.resources.Resource.LazyFields, com.pulumi.resources.Resource.ResourceInternal

    • Field Summary

      • Fields inherited from class com.pulumi.resources.Resource

        childResources, remote

    • Constructor Summary

      Constructors 
      Constructor Description
      User​(java.lang.String name)  
      User​(java.lang.String name, UserArgs args)  
      User​(java.lang.String name, UserArgs args, com.pulumi.resources.CustomResourceOptions options)  

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      com.pulumi.core.Output<java.lang.String> arn()  
      com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> forceDestroy()  
      static User get​(java.lang.String name, com.pulumi.core.Output<java.lang.String> id, UserState state, com.pulumi.resources.CustomResourceOptions options)
      Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
      com.pulumi.core.Output<java.lang.String> name()  
      com.pulumi.core.Output<java.util.Optional<java.lang.String>> path()  
      com.pulumi.core.Output<java.util.Optional<java.lang.String>> permissionsBoundary()  
      com.pulumi.core.Output<java.util.Optional<java.util.Map<java.lang.String,​java.lang.String>>> tags()  
      com.pulumi.core.Output<java.util.Map<java.lang.String,​java.lang.String>> tagsAll()  
      com.pulumi.core.Output<java.lang.String> uniqueId()  

      • Methods inherited from class com.pulumi.resources.CustomResource

        getId, id, idFuture

      • Methods inherited from class com.pulumi.resources.Resource

        getChildResources, getResourceName, getResourceType, getUrn, pulumiChildResources, pulumiResourceName, pulumiResourceType, urn

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • User

        public User​(java.lang.String name)
        Parameters:
        name - The _unique_ name of the resulting resource.

      • User

        public User​(java.lang.String name,
            @Nullable
            UserArgs args)
        Parameters:
        name - The _unique_ name of the resulting resource.
        args - The arguments to use to populate this resource's properties.

      • User

        public User​(java.lang.String name,
            @Nullable
            UserArgs args,
            @Nullable
            com.pulumi.resources.CustomResourceOptions options)
        Parameters:
        name - The _unique_ name of the resulting resource.
        args - The arguments to use to populate this resource's properties.
        options - A bag of options that control this resource's behavior.

    • Method Detail

      • arn

        public com.pulumi.core.Output<java.lang.String> arn()
        Returns:
        The ARN assigned by AWS for this user.

      • forceDestroy

        public com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> forceDestroy()
        Returns:
        When destroying this user, destroy even if it has non-provider-managed IAM access keys, login profile or MFA devices. Without `force_destroy` a user with non-provider-managed access keys and login profile will fail to be destroyed.

      • name

        public com.pulumi.core.Output<java.lang.String> name()
        Returns:
        The user's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: `=,.@-_.`. User names are not distinguished by case. For example, you cannot create users named both "TESTUSER" and "testuser".

      • path

        public com.pulumi.core.Output<java.util.Optional<java.lang.String>> path()
        Returns:
        Path in which to create the user.

      • permissionsBoundary

        public com.pulumi.core.Output<java.util.Optional<java.lang.String>> permissionsBoundary()
        Returns:
        The ARN of the policy that is used to set the permissions boundary for the user.

      • tags

        public com.pulumi.core.Output<java.util.Optional<java.util.Map<java.lang.String,​java.lang.String>>> tags()
        Returns:
        Key-value mapping of tags for the IAM user. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.

      • tagsAll

        public com.pulumi.core.Output<java.util.Map<java.lang.String,​java.lang.String>> tagsAll()
        Returns:
        A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.

      • uniqueId

        public com.pulumi.core.Output<java.lang.String> uniqueId()
        Returns:
        The [unique ID][1] assigned by AWS.

      • get

        public static User get​(java.lang.String name,
                       com.pulumi.core.Output<java.lang.String> id,
                       @Nullable
                       UserState state,
                       @Nullable
                       com.pulumi.resources.CustomResourceOptions options)
        Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
        Parameters:
        name - The _unique_ name of the resulting resource.
        id - The _unique_ provider ID of the resource to lookup.
        state -
        options - Optional settings to control the behavior of the CustomResource.