Upgrade upstream to v5.69.0 #4571
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Does the PR have any schema changes?Looking good! No breaking changes found. Maintainer note: consult the runbook for dealing with any breaking changes. |
rquitales
approved these changes
Sep 27, 2024
|
This PR has been shipped in release v6.54.0. |
This was referenced Sep 28, 2024
t0yv0
commented
Oct 1, 2024
| @@ -275029,7 +275182,7 @@ | |||
| } | |||
| }, | |||
| "aws:iam/role:Role": { | |||
| "description": "Provides an IAM role.\n\n\u003e **NOTE:** If policies are attached to the role via the `aws.iam.PolicyAttachment` resource and you are modifying the role `name` or `path`, the `force_detach_policies` argument must be set to `true` and applied before attempting the operation otherwise you will encounter a `DeleteConflict` error. The `aws.iam.RolePolicyAttachment` resource (recommended) does not have this requirement.\n\n\u003e **NOTE:** If you use this resource's `managed_policy_arns` argument or `inline_policy` configuration blocks, this resource will take over exclusive management of the role's respective policy types (e.g., both policy types if both arguments are used). These arguments are incompatible with other ways of managing a role's policies, such as `aws.iam.PolicyAttachment`, `aws.iam.RolePolicyAttachment`, and `aws.iam.RolePolicy`. If you attempt to manage a role's policies by multiple means, you will get resource cycling and/or errors.\n\n\u003e **NOTE:** We suggest using explicit JSON encoding or `aws.iam.getPolicyDocument` when assigning a value to `policy`. They seamlessly translate configuration to JSON, enabling you to maintain consistency within your configuration without the need for context switches. Also, you can sidestep potential complications arising from formatting discrepancies, whitespace inconsistencies, and other nuances inherent to JSON.\n\n## Example Usage\n\n### Basic Example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testRole = new aws.iam.Role(\"test_role\", {\n name: \"test_role\",\n assumeRolePolicy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: \"sts:AssumeRole\",\n Effect: \"Allow\",\n Sid: \"\",\n Principal: {\n Service: \"ec2.amazonaws.com\",\n },\n }],\n }),\n tags: {\n \"tag-key\": \"tag-value\",\n },\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ntest_role = aws.iam.Role(\"test_role\",\n name=\"test_role\",\n assume_role_policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": \"sts:AssumeRole\",\n \"Effect\": \"Allow\",\n \"Sid\": \"\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\",\n },\n }],\n }),\n tags={\n \"tag-key\": \"tag-value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testRole = new Aws.Iam.Role(\"test_role\", new()\n {\n Name = \"test_role\",\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Version\"] = \"2012-10-17\",\n [\"Statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Action\"] = \"sts:AssumeRole\",\n [\"Effect\"] = \"Allow\",\n [\"Sid\"] = \"\",\n [\"Principal\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"Service\"] = \"ec2.amazonaws.com\",\n },\n },\n },\n }),\n Tags = \n {\n { \"tag-key\", \"tag-value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": \"sts:AssumeRole\",\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Sid\": \"\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"Service\": \"ec2.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = iam.NewRole(ctx, \"test_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"test_role\"),\n\t\t\tAssumeRolePolicy: pulumi.String(json0),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"tag-key\": pulumi.String(\"tag-value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testRole = new Role(\"testRole\", RoleArgs.builder()\n .name(\"test_role\")\n .assumeRolePolicy(serializeJson(\n jsonObject(\n jsonProperty(\"Version\", \"2012-10-17\"),\n jsonProperty(\"Statement\", jsonArray(jsonObject(\n jsonProperty(\"Action\", \"sts:AssumeRole\"),\n jsonProperty(\"Effect\", \"Allow\"),\n jsonProperty(\"Sid\", \"\"),\n jsonProperty(\"Principal\", jsonObject(\n jsonProperty(\"Service\", \"ec2.amazonaws.com\")\n ))\n )))\n )))\n .tags(Map.of(\"tag-key\", \"tag-value\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testRole:\n type: aws:iam:Role\n name: test_role\n properties:\n name: test_role\n assumeRolePolicy:\n fn::toJSON:\n Version: 2012-10-17\n Statement:\n - Action: sts:AssumeRole\n Effect: Allow\n Sid:\n Principal:\n Service: ec2.amazonaws.com\n tags:\n tag-key: tag-value\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example of Using Data Source for Assume Role Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst instanceAssumeRolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"ec2.amazonaws.com\"],\n }],\n }],\n});\nconst instance = new aws.iam.Role(\"instance\", {\n name: \"instance_role\",\n path: \"/system/\",\n assumeRolePolicy: instanceAssumeRolePolicy.then(instanceAssumeRolePolicy =\u003e instanceAssumeRolePolicy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ninstance_assume_role_policy = aws.iam.get_policy_document(statements=[{\n \"actions\": [\"sts:AssumeRole\"],\n \"principals\": [{\n \"type\": \"Service\",\n \"identifiers\": [\"ec2.amazonaws.com\"],\n }],\n}])\ninstance = aws.iam.Role(\"instance\",\n name=\"instance_role\",\n path=\"/system/\",\n assume_role_policy=instance_assume_role_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instanceAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"ec2.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var instance = new Aws.Iam.Role(\"instance\", new()\n {\n Name = \"instance_role\",\n Path = \"/system/\",\n AssumeRolePolicy = instanceAssumeRolePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstanceAssumeRolePolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"ec2.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"instance\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"instance_role\"),\n\t\t\tPath: pulumi.String(\"/system/\"),\n\t\t\tAssumeRolePolicy: pulumi.String(instanceAssumeRolePolicy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var instanceAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"ec2.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var instance = new Role(\"instance\", RoleArgs.builder()\n .name(\"instance_role\")\n .path(\"/system/\")\n .assumeRolePolicy(instanceAssumeRolePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: aws:iam:Role\n properties:\n name: instance_role\n path: /system/\n assumeRolePolicy: ${instanceAssumeRolePolicy.json}\nvariables:\n instanceAssumeRolePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - ec2.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example of Exclusive Inline Policies\n\nThis example creates an IAM role with two inline IAM policies. If someone adds another inline policy out-of-band, on the next apply, this provider will remove that policy. If someone deletes these policies out-of-band, this provider will recreate them.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst inlinePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"ec2:DescribeAccountAttributes\"],\n resources: [\"*\"],\n }],\n});\nconst example = new aws.iam.Role(\"example\", {\n name: \"yak_role\",\n assumeRolePolicy: instanceAssumeRolePolicy.json,\n inlinePolicies: [\n {\n name: \"my_inline_policy\",\n policy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: [\"ec2:Describe*\"],\n Effect: \"Allow\",\n Resource: \"*\",\n }],\n }),\n },\n {\n name: \"policy-8675309\",\n policy: inlinePolicy.then(inlinePolicy =\u003e inlinePolicy.json),\n },\n ],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ninline_policy = aws.iam.get_policy_document(statements=[{\n \"actions\": [\"ec2:DescribeAccountAttributes\"],\n \"resources\": [\"*\"],\n}])\nexample = aws.iam.Role(\"example\",\n name=\"yak_role\",\n assume_role_policy=instance_assume_role_policy[\"json\"],\n inline_policies=[\n {\n \"name\": \"my_inline_policy\",\n \"policy\": json.dumps({\n \"version\": \"2012-10-17\",\n \"statement\": [{\n \"action\": [\"ec2:Describe*\"],\n \"effect\": \"Allow\",\n \"resource\": \"*\",\n }],\n }),\n },\n {\n \"name\": \"policy-8675309\",\n \"policy\": inline_policy.json,\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var inlinePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"ec2:DescribeAccountAttributes\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var example = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"yak_role\",\n AssumeRolePolicy = instanceAssumeRolePolicy.Json,\n InlinePolicies = new[]\n {\n new Aws.Iam.Inputs.RoleInlinePolicyArgs\n {\n Name = \"my_inline_policy\",\n Policy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Version\"] = \"2012-10-17\",\n [\"Statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Action\"] = new[]\n {\n \"ec2:Describe*\",\n },\n [\"Effect\"] = \"Allow\",\n [\"Resource\"] = \"*\",\n },\n },\n }),\n },\n new Aws.Iam.Inputs.RoleInlinePolicyArgs\n {\n Name = \"policy-8675309\",\n Policy = inlinePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinlinePolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ec2:DescribeAccountAttributes\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"ec2:Describe*\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Resource\": \"*\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"yak_role\"),\n\t\t\tAssumeRolePolicy: pulumi.Any(instanceAssumeRolePolicy.Json),\n\t\t\tInlinePolicies: iam.RoleInlinePolicyArray{\n\t\t\t\t\u0026iam.RoleInlinePolicyArgs{\n\t\t\t\t\tName: pulumi.String(\"my_inline_policy\"),\n\t\t\t\t\tPolicy: pulumi.String(json0),\n\t\t\t\t},\n\t\t\t\t\u0026iam.RoleInlinePolicyArgs{\n\t\t\t\t\tName: pulumi.String(\"policy-8675309\"),\n\t\t\t\t\tPolicy: pulumi.String(inlinePolicy.Json),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.inputs.RoleInlinePolicyArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var inlinePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"ec2:DescribeAccountAttributes\")\n .resources(\"*\")\n .build())\n .build());\n\n var example = new Role(\"example\", RoleArgs.builder()\n .name(\"yak_role\")\n .assumeRolePolicy(instanceAssumeRolePolicy.json())\n .inlinePolicies( \n RoleInlinePolicyArgs.builder()\n .name(\"my_inline_policy\")\n .policy(serializeJson(\n jsonObject(\n jsonProperty(\"Version\", \"2012-10-17\"),\n jsonProperty(\"Statement\", jsonArray(jsonObject(\n jsonProperty(\"Action\", jsonArray(\"ec2:Describe*\")),\n jsonProperty(\"Effect\", \"Allow\"),\n jsonProperty(\"Resource\", \"*\")\n )))\n )))\n .build(),\n RoleInlinePolicyArgs.builder()\n .name(\"policy-8675309\")\n .policy(inlinePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n name: yak_role\n assumeRolePolicy: ${instanceAssumeRolePolicy.json}\n inlinePolicies:\n - name: my_inline_policy\n policy:\n fn::toJSON:\n Version: 2012-10-17\n Statement:\n - Action:\n - ec2:Describe*\n Effect: Allow\n Resource: '*'\n - name: policy-8675309\n policy: ${inlinePolicy.json}\nvariables:\n inlinePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - ec2:DescribeAccountAttributes\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example of Removing Inline Policies\n\nThis example creates an IAM role with what appears to be empty IAM `inline_policy` argument instead of using `inline_policy` as a configuration block. The result is that if someone were to add an inline policy out-of-band, on the next apply, this provider will remove that policy.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iam.Role(\"example\", {\n inlinePolicies: [{}],\n name: \"yak_role\",\n assumeRolePolicy: instanceAssumeRolePolicy.json,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.Role(\"example\",\n inline_policies=[{}],\n name=\"yak_role\",\n assume_role_policy=instance_assume_role_policy[\"json\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Iam.Role(\"example\", new()\n {\n InlinePolicies = new[]\n {\n null,\n },\n Name = \"yak_role\",\n AssumeRolePolicy = instanceAssumeRolePolicy.Json,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tInlinePolicies: iam.RoleInlinePolicyArray{\n\t\t\t\tnil,\n\t\t\t},\n\t\t\tName: pulumi.String(\"yak_role\"),\n\t\t\tAssumeRolePolicy: pulumi.Any(instanceAssumeRolePolicy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.inputs.RoleInlinePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Role(\"example\", RoleArgs.builder()\n .inlinePolicies()\n .name(\"yak_role\")\n .assumeRolePolicy(instanceAssumeRolePolicy.json())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n inlinePolicies:\n - {}\n name: yak_role\n assumeRolePolicy: ${instanceAssumeRolePolicy.json}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example of Exclusive Managed Policies\n\nThis example creates an IAM role and attaches two managed IAM policies. If someone attaches another managed policy out-of-band, on the next apply, this provider will detach that policy. If someone detaches these policies out-of-band, this provider will attach them again.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst policyOne = new aws.iam.Policy(\"policy_one\", {\n name: \"policy-618033\",\n policy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: [\"ec2:Describe*\"],\n Effect: \"Allow\",\n Resource: \"*\",\n }],\n }),\n});\nconst policyTwo = new aws.iam.Policy(\"policy_two\", {\n name: \"policy-381966\",\n policy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: [\n \"s3:ListAllMyBuckets\",\n \"s3:ListBucket\",\n \"s3:HeadBucket\",\n ],\n Effect: \"Allow\",\n Resource: \"*\",\n }],\n }),\n});\nconst example = new aws.iam.Role(\"example\", {\n name: \"yak_role\",\n assumeRolePolicy: instanceAssumeRolePolicy.json,\n managedPolicyArns: [\n policyOne.arn,\n policyTwo.arn,\n ],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\npolicy_one = aws.iam.Policy(\"policy_one\",\n name=\"policy-618033\",\n policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": [\"ec2:Describe*\"],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\",\n }],\n }))\npolicy_two = aws.iam.Policy(\"policy_two\",\n name=\"policy-381966\",\n policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": [\n \"s3:ListAllMyBuckets\",\n \"s3:ListBucket\",\n \"s3:HeadBucket\",\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\",\n }],\n }))\nexample = aws.iam.Role(\"example\",\n name=\"yak_role\",\n assume_role_policy=instance_assume_role_policy[\"json\"],\n managed_policy_arns=[\n policy_one.arn,\n policy_two.arn,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policyOne = new Aws.Iam.Policy(\"policy_one\", new()\n {\n Name = \"policy-618033\",\n PolicyDocument = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Version\"] = \"2012-10-17\",\n [\"Statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Action\"] = new[]\n {\n \"ec2:Describe*\",\n },\n [\"Effect\"] = \"Allow\",\n [\"Resource\"] = \"*\",\n },\n },\n }),\n });\n\n var policyTwo = new Aws.Iam.Policy(\"policy_two\", new()\n {\n Name = \"policy-381966\",\n PolicyDocument = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Version\"] = \"2012-10-17\",\n [\"Statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Action\"] = new[]\n {\n \"s3:ListAllMyBuckets\",\n \"s3:ListBucket\",\n \"s3:HeadBucket\",\n },\n [\"Effect\"] = \"Allow\",\n [\"Resource\"] = \"*\",\n },\n },\n }),\n });\n\n var example = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"yak_role\",\n AssumeRolePolicy = instanceAssumeRolePolicy.Json,\n ManagedPolicyArns = new[]\n {\n policyOne.Arn,\n policyTwo.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"ec2:Describe*\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Resource\": \"*\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\tpolicyOne, err := iam.NewPolicy(ctx, \"policy_one\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"policy-618033\"),\n\t\t\tPolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON1, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"s3:ListAllMyBuckets\",\n\t\t\t\t\t\t\"s3:ListBucket\",\n\t\t\t\t\t\t\"s3:HeadBucket\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Resource\": \"*\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson1 := string(tmpJSON1)\n\t\tpolicyTwo, err := iam.NewPolicy(ctx, \"policy_two\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"policy-381966\"),\n\t\t\tPolicy: pulumi.String(json1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"yak_role\"),\n\t\t\tAssumeRolePolicy: pulumi.Any(instanceAssumeRolePolicy.Json),\n\t\t\tManagedPolicyArns: pulumi.StringArray{\n\t\t\t\tpolicyOne.Arn,\n\t\t\t\tpolicyTwo.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var policyOne = new Policy(\"policyOne\", PolicyArgs.builder()\n .name(\"policy-618033\")\n .policy(serializeJson(\n jsonObject(\n jsonProperty(\"Version\", \"2012-10-17\"),\n jsonProperty(\"Statement\", jsonArray(jsonObject(\n jsonProperty(\"Action\", jsonArray(\"ec2:Describe*\")),\n jsonProperty(\"Effect\", \"Allow\"),\n jsonProperty(\"Resource\", \"*\")\n )))\n )))\n .build());\n\n var policyTwo = new Policy(\"policyTwo\", PolicyArgs.builder()\n .name(\"policy-381966\")\n .policy(serializeJson(\n jsonObject(\n jsonProperty(\"Version\", \"2012-10-17\"),\n jsonProperty(\"Statement\", jsonArray(jsonObject(\n jsonProperty(\"Action\", jsonArray(\n \"s3:ListAllMyBuckets\", \n \"s3:ListBucket\", \n \"s3:HeadBucket\"\n )),\n jsonProperty(\"Effect\", \"Allow\"),\n jsonProperty(\"Resource\", \"*\")\n )))\n )))\n .build());\n\n var example = new Role(\"example\", RoleArgs.builder()\n .name(\"yak_role\")\n .assumeRolePolicy(instanceAssumeRolePolicy.json())\n .managedPolicyArns( \n policyOne.arn(),\n policyTwo.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n name: yak_role\n assumeRolePolicy: ${instanceAssumeRolePolicy.json}\n managedPolicyArns:\n - ${policyOne.arn}\n - ${policyTwo.arn}\n policyOne:\n type: aws:iam:Policy\n name: policy_one\n properties:\n name: policy-618033\n policy:\n fn::toJSON:\n Version: 2012-10-17\n Statement:\n - Action:\n - ec2:Describe*\n Effect: Allow\n Resource: '*'\n policyTwo:\n type: aws:iam:Policy\n name: policy_two\n properties:\n name: policy-381966\n policy:\n fn::toJSON:\n Version: 2012-10-17\n Statement:\n - Action:\n - s3:ListAllMyBuckets\n - s3:ListBucket\n - s3:HeadBucket\n Effect: Allow\n Resource: '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example of Removing Managed Policies\n\nThis example creates an IAM role with an empty `managed_policy_arns` argument. If someone attaches a policy out-of-band, on the next apply, this provider will detach that policy.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iam.Role(\"example\", {\n name: \"yak_role\",\n assumeRolePolicy: instanceAssumeRolePolicy.json,\n managedPolicyArns: [],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.Role(\"example\",\n name=\"yak_role\",\n assume_role_policy=instance_assume_role_policy[\"json\"],\n managed_policy_arns=[])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"yak_role\",\n AssumeRolePolicy = instanceAssumeRolePolicy.Json,\n ManagedPolicyArns = new[] {},\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"yak_role\"),\n\t\t\tAssumeRolePolicy: pulumi.Any(instanceAssumeRolePolicy.Json),\n\t\t\tManagedPolicyArns: pulumi.StringArray{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Role(\"example\", RoleArgs.builder()\n .name(\"yak_role\")\n .assumeRolePolicy(instanceAssumeRolePolicy.json())\n .managedPolicyArns()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n name: yak_role\n assumeRolePolicy: ${instanceAssumeRolePolicy.json}\n managedPolicyArns: []\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IAM Roles using the `name`. For example:\n\n```sh\n$ pulumi import aws:iam/role:Role developer developer_name\n```\n", | |||
| "description": "\n\n## Import\n\nUsing `pulumi import`, import IAM Roles using the `name`. For example:\n\n```sh\n$ pulumi import aws:iam/role:Role developer developer_name\n```\n", | |||
There was a problem hiding this comment.
We missed this, curiously this is not good.
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Upstream is updated to v5.69.0
There are no new resources or functions but the update is expected to propagate bug fixes. Notably this update also propagates updating to
Go 1.23.1for the provider builds.Fixes #4563
Fixes #4465
Fixes #4362
Taking this opportunity to remove modifications from upstream/go.mod so that the Pulumi provider uses a consistent Go tool-chain and dependency set with upstream.