tb_pulumi.iam

Infrastrucutural patterns related to AWS IAM.

class tb_pulumi.iam.UserWithAccessKey(name: str, project: ThunderbirdPulumiProject, user_name: str, policies: list[Policy] = [], exclude_from_project: bool = False, opts: ResourceOptions = None, tags: dict = {}, **kwargs)

Bases: ThunderbirdComponentResource

Pulumi Type: tb:iam:UserWithAccessKey

Builds an IAM user with a set of access key credentials, stores those values in a Secrets Manager secret, and creates an IAM policy granting access to that secret. The IAM user gets that policy attached as well as any additional policies provided.

Produces the following resources:

• user - The aws.iam.User.

• access_key - An aws.iam.AccessKey the user can authenticate with.

• secret - A tb_pulumi.secrets.SecretsManagerSecret containing the secret authentication details.

• policy - An aws.iam.Policy granting the ability to retrieve this secret and its metadata.

• policy_attachments A list of aws.iam.PolicyAttachments to include the policy created here and any additional policies provided wiht the policies parameter.

Parameters:

• name (str) – A string identifying this set of resources.

• project (tb_pulumi.ThunderbirdPulumiProject) – The ThunderbirdPulumiProject to add these resources to.

• user_name (str) – _description_

• policies (list[aws.iam.Policy], optional) – _description_, defaults to []

• opts (pulumi.ResourceOptions, optional) – Additional pulumi.ResourceOptions to apply to these resources. Defaults to None.

• tags (dict, optional) – Key/value pairs to merge with the default tags which get applied to all resources in this group. Defaults to {}.