Skip to content

Resource: awsRolesanywhereProfile

Terraform resource for managing a Roles Anywhere Profile.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsIamRoleTest = new aws.iamRole.IamRole(this, "test", {
  assumeRolePolicy:
    '${jsonencode({\n    Version = "2012-10-17"\n    Statement = [{\n      Action = [\n        "sts:AssumeRole",\n        "sts:TagSession",\n        "sts:SetSourceIdentity"\n      ]\n      Principal = {\n        Service = "rolesanywhere.amazonaws.com",\n      }\n      Effect = "Allow"\n      Sid    = ""\n    }]\n  })}',
  name: "test",
  path: "/",
});
const awsRolesanywhereProfileTest =
  new aws.rolesanywhereProfile.RolesanywhereProfile(this, "test_1", {
    name: "example",
    roleArns: [awsIamRoleTest.arn],
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsRolesanywhereProfileTest.overrideLogicalId("test");

Argument Reference

The following arguments are supported:

  • durationSeconds - (Optional) The number of seconds the vended session credentials are valid for. Defaults to 3600.
  • enabled - (Optional) Whether or not the Profile is enabled.
  • managedPolicyArns - (Optional) A list of managed policy ARNs that apply to the vended session credentials.
  • name - (Required) The name of the Profile.
  • requireInstanceProperties - (Optional) Specifies whether instance properties are required in CreateSession requests with this profile.
  • roleArns - (Required) A list of IAM roles that this profile can assume
  • sessionPolicy - (Optional) A session policy that applies to the trust boundary of the vended session credentials.
  • tags - (Optional) A map of tags to assign to the resource. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • arn - Amazon Resource Name (ARN) of the Profile
  • id - The Profile ID.
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Import

awsRolesanywhereProfile can be imported using its id, e.g.

$ terraform import aws_rolesanywhere_profile.example db138a85-8925-4f9f-a409-08231233cacf