`awsSecretBackendRole` Submodule

Constructs

AwsSecretBackendRole

Represents a {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role vault_aws_secret_backend_role}.

Initializers

from cdktf_cdktf_provider_vault import aws_secret_backend_role

awsSecretBackendRole.AwsSecretBackendRole(
  scope: Construct,
  id: str,
  connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection] = None,
  count: typing.Union[typing.Union[int, float], TerraformCount] = None,
  depends_on: typing.List[ITerraformDependable] = None,
  for_each: ITerraformIterator = None,
  lifecycle: TerraformResourceLifecycle = None,
  provider: TerraformProvider = None,
  provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]] = None,
  backend: str,
  credential_type: str,
  name: str,
  default_sts_ttl: typing.Union[int, float] = None,
  external_id: str = None,
  iam_groups: typing.List[str] = None,
  iam_tags: typing.Mapping[str] = None,
  id: str = None,
  max_sts_ttl: typing.Union[int, float] = None,
  namespace: str = None,
  permissions_boundary_arn: str = None,
  policy_arns: typing.List[str] = None,
  policy_document: str = None,
  role_arns: typing.List[str] = None,
  session_tags: typing.Mapping[str] = None,
  user_path: str = None
)

Name	Type	Description
`scope`	`constructs.Construct`	The scope in which to define this construct.
`id`	`str`	The scoped construct ID.
`connection`	`typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]`	No description.
`count`	`typing.Union[typing.Union[int, float], cdktf.TerraformCount]`	No description.
`depends_on`	`typing.List[cdktf.ITerraformDependable]`	No description.
`for_each`	`cdktf.ITerraformIterator`	No description.
`lifecycle`	`cdktf.TerraformResourceLifecycle`	No description.
`provider`	`cdktf.TerraformProvider`	No description.
`provisioners`	`typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]`	No description.
`backend`	`str`	The path of the AWS Secret Backend the role belongs to.
`credential_type`	`str`	Role credential type.
`name`	`str`	Unique name for the role.
`default_sts_ttl`	`typing.Union[int, float]`	The default TTL in seconds for STS credentials.
`external_id`	`str`	External ID to set for assume role creds.
`iam_groups`	`typing.List[str]`	A list of IAM group names.
`iam_tags`	`typing.Mapping[str]`	A map of strings representing key/value pairs used as tags for any IAM user created by this role.
`id`	`str`	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#id AwsSecretBackendRole#id}.
`max_sts_ttl`	`typing.Union[int, float]`	The max allowed TTL in seconds for STS credentials (credentials TTL are capped to max_sts_ttl).
`namespace`	`str`	Target namespace. (requires Enterprise).
`permissions_boundary_arn`	`str`	The ARN of the AWS Permissions Boundary to attach to IAM users created in the role.
`policy_arns`	`typing.List[str]`	ARN for an existing IAM policy the role should use.
`policy_document`	`str`	IAM policy the role should use in JSON format.
`role_arns`	`typing.List[str]`	ARNs of AWS roles allowed to be assumed. Only valid when credential_type is 'assumed_role'.
`session_tags`	`typing.Mapping[str]`	Session tags to be set for assume role creds created.
`user_path`	`str`	The path for the user name. Valid only when credential_type is iam_user. Default is /.

`scope`^Required

Type: constructs.Construct

The scope in which to define this construct.

`id`^Required

Type: str

The scoped construct ID.

Must be unique amongst siblings in the same scope

`connection`^Optional

Type: typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]

`count`^Optional

Type: typing.Union[typing.Union[int, float], cdktf.TerraformCount]

`depends_on`^Optional

Type: typing.List[cdktf.ITerraformDependable]

`for_each`^Optional

Type: cdktf.ITerraformIterator

`lifecycle`^Optional

Type: cdktf.TerraformResourceLifecycle

`provider`^Optional

Type: cdktf.TerraformProvider

`provisioners`^Optional

Type: typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]

`backend`^Required

Type: str

The path of the AWS Secret Backend the role belongs to.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#backend AwsSecretBackendRole#backend}

`credential_type`^Required

Type: str

Role credential type.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#credential_type AwsSecretBackendRole#credential_type}

`name`^Required

Type: str

Unique name for the role.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#name AwsSecretBackendRole#name}

`default_sts_ttl`^Optional

Type: typing.Union[int, float]

The default TTL in seconds for STS credentials.

When a TTL is not specified when STS credentials are requested, and a default TTL is specified on the role, then this default TTL will be used. Valid only when credential_type is one of assumed_role or federation_token.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#default_sts_ttl AwsSecretBackendRole#default_sts_ttl}

`external_id`^Optional

Type: str

External ID to set for assume role creds.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#external_id AwsSecretBackendRole#external_id}

`iam_groups`^Optional

Type: typing.List[str]

A list of IAM group names.

IAM users generated against this vault role will be added to these IAM Groups. For a credential type of assumed_role or federation_token, the policies sent to the corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the policies from each group in iam_groups combined with the policy_document and policy_arns parameters.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#iam_groups AwsSecretBackendRole#iam_groups}

`iam_tags`^Optional

Type: typing.Mapping[str]

A map of strings representing key/value pairs used as tags for any IAM user created by this role.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#iam_tags AwsSecretBackendRole#iam_tags}

`id`^Optional

Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#id AwsSecretBackendRole#id}.

Please be aware that the id field is automatically added to all resources in Terraform providers using a Terraform provider SDK version below 2. If you experience problems setting this value it might not be settable. Please take a look at the provider documentation to ensure it should be settable.

`max_sts_ttl`^Optional

Type: typing.Union[int, float]

The max allowed TTL in seconds for STS credentials (credentials TTL are capped to max_sts_ttl).

Valid only when credential_type is one of assumed_role or federation_token.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#max_sts_ttl AwsSecretBackendRole#max_sts_ttl}

`namespace`^Optional

Type: str

Target namespace. (requires Enterprise).

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#namespace AwsSecretBackendRole#namespace}

`permissions_boundary_arn`^Optional

Type: str

The ARN of the AWS Permissions Boundary to attach to IAM users created in the role.

Valid only when credential_type is iam_user. If not specified, then no permissions boundary policy will be attached.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#permissions_boundary_arn AwsSecretBackendRole#permissions_boundary_arn}

`policy_arns`^Optional

Type: typing.List[str]

ARN for an existing IAM policy the role should use.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#policy_arns AwsSecretBackendRole#policy_arns}

`policy_document`^Optional

Type: str

IAM policy the role should use in JSON format.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#policy_document AwsSecretBackendRole#policy_document}

`role_arns`^Optional

Type: typing.List[str]

ARNs of AWS roles allowed to be assumed. Only valid when credential_type is 'assumed_role'.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#role_arns AwsSecretBackendRole#role_arns}

`session_tags`^Optional

Type: typing.Mapping[str]

Session tags to be set for assume role creds created.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#session_tags AwsSecretBackendRole#session_tags}

`user_path`^Optional

Type: str

The path for the user name. Valid only when credential_type is iam_user. Default is /.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#user_path AwsSecretBackendRole#user_path}

Methods

Name	Description
`to_string`	Returns a string representation of this construct.
`add_override`	No description.
`override_logical_id`	Overrides the auto-generated logical ID with a specific ID.
`reset_override_logical_id`	Resets a previously passed logical Id to use the auto-generated logical id again.
`to_hcl_terraform`	No description.
`to_metadata`	No description.
`to_terraform`	Adds this resource to the terraform JSON output.
`add_move_target`	Adds a user defined moveTarget string to this resource to be later used in .moveTo(moveTarget) to resolve the location of the move.
`get_any_map_attribute`	No description.
`get_boolean_attribute`	No description.
`get_boolean_map_attribute`	No description.
`get_list_attribute`	No description.
`get_number_attribute`	No description.
`get_number_list_attribute`	No description.
`get_number_map_attribute`	No description.
`get_string_attribute`	No description.
`get_string_map_attribute`	No description.
`has_resource_move`	No description.
`import_from`	No description.
`interpolation_for_attribute`	No description.
`move_from_id`	Move the resource corresponding to "id" to this resource.
`move_to`	Moves this resource to the target resource given by moveTarget.
`move_to_id`	Moves this resource to the resource corresponding to "id".
`reset_default_sts_ttl`	No description.
`reset_external_id`	No description.
`reset_iam_groups`	No description.
`reset_iam_tags`	No description.
`reset_id`	No description.
`reset_max_sts_ttl`	No description.
`reset_namespace`	No description.
`reset_permissions_boundary_arn`	No description.
`reset_policy_arns`	No description.
`reset_policy_document`	No description.
`reset_role_arns`	No description.
`reset_session_tags`	No description.
`reset_user_path`	No description.

`to_string`

def to_string() -> str

Returns a string representation of this construct.

`add_override`

def add_override(
  path: str,
  value: typing.Any
) -> None

`path`^Required

Type: str

`value`^Required

Type: typing.Any

`override_logical_id`

def override_logical_id(
  new_logical_id: str
) -> None

Overrides the auto-generated logical ID with a specific ID.

`new_logical_id`^Required

Type: str

The new logical ID to use for this stack element.

`reset_override_logical_id`

def reset_override_logical_id() -> None

Resets a previously passed logical Id to use the auto-generated logical id again.

`to_hcl_terraform`

def to_hcl_terraform() -> typing.Any

`to_metadata`

def to_metadata() -> typing.Any

`to_terraform`

def to_terraform() -> typing.Any

Adds this resource to the terraform JSON output.

`add_move_target`

def add_move_target(
  move_target: str
) -> None

Adds a user defined moveTarget string to this resource to be later used in .moveTo(moveTarget) to resolve the location of the move.

`move_target`^Required

Type: str

The string move target that will correspond to this resource.

`get_any_map_attribute`

def get_any_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Any]

`terraform_attribute`^Required

Type: str

`get_boolean_attribute`

def get_boolean_attribute(
  terraform_attribute: str
) -> IResolvable

`terraform_attribute`^Required

Type: str

`get_boolean_map_attribute`

def get_boolean_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[bool]

`terraform_attribute`^Required

Type: str

`get_list_attribute`

def get_list_attribute(
  terraform_attribute: str
) -> typing.List[str]

`terraform_attribute`^Required

Type: str

`get_number_attribute`

def get_number_attribute(
  terraform_attribute: str
) -> typing.Union[int, float]

`terraform_attribute`^Required

Type: str

`get_number_list_attribute`

def get_number_list_attribute(
  terraform_attribute: str
) -> typing.List[typing.Union[int, float]]

`terraform_attribute`^Required

Type: str

`get_number_map_attribute`

def get_number_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Union[int, float]]

`terraform_attribute`^Required

Type: str

`get_string_attribute`

def get_string_attribute(
  terraform_attribute: str
) -> str

`terraform_attribute`^Required

Type: str

`get_string_map_attribute`

def get_string_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[str]

`terraform_attribute`^Required

Type: str

`has_resource_move`

def has_resource_move() -> typing.Union[TerraformResourceMoveByTarget, TerraformResourceMoveById]

`import_from`

def import_from(
  id: str,
  provider: TerraformProvider = None
) -> None

`id`^Required

Type: str

`provider`^Optional

Type: cdktf.TerraformProvider

`interpolation_for_attribute`

def interpolation_for_attribute(
  terraform_attribute: str
) -> IResolvable

`terraform_attribute`^Required

Type: str

`move_from_id`

def move_from_id(
  id: str
) -> None

Move the resource corresponding to "id" to this resource.

Note that the resource being moved from must be marked as moved using it's instance function.

`id`^Required

Type: str

Full id of resource being moved from, e.g. "aws_s3_bucket.example".

`move_to`

def move_to(
  move_target: str,
  index: typing.Union[str, typing.Union[int, float]] = None
) -> None

Moves this resource to the target resource given by moveTarget.

`move_target`^Required

Type: str

The previously set user defined string set by .addMoveTarget() corresponding to the resource to move to.

`index`^Optional

Type: typing.Union[str, typing.Union[int, float]]

Optional The index corresponding to the key the resource is to appear in the foreach of a resource to move to.

`move_to_id`

def move_to_id(
  id: str
) -> None

Moves this resource to the resource corresponding to "id".

`id`^Required

Type: str

Full id of resource to move to, e.g. "aws_s3_bucket.example".

`reset_default_sts_ttl`

def reset_default_sts_ttl() -> None

`reset_external_id`

def reset_external_id() -> None

`reset_iam_groups`

def reset_iam_groups() -> None

`reset_iam_tags`

def reset_iam_tags() -> None

`reset_id`

def reset_id() -> None

`reset_max_sts_ttl`

def reset_max_sts_ttl() -> None

`reset_namespace`

def reset_namespace() -> None

`reset_permissions_boundary_arn`

def reset_permissions_boundary_arn() -> None

`reset_policy_arns`

def reset_policy_arns() -> None

`reset_policy_document`

def reset_policy_document() -> None

`reset_role_arns`

def reset_role_arns() -> None

`reset_session_tags`

def reset_session_tags() -> None

`reset_user_path`

def reset_user_path() -> None

Static Functions

Name	Description
`is_construct`	Checks if `x` is a construct.
`is_terraform_element`	No description.
`is_terraform_resource`	No description.
`generate_config_for_import`	Generates CDKTF code for importing a AwsSecretBackendRole resource upon running "cdktf plan ".

`is_construct`

from cdktf_cdktf_provider_vault import aws_secret_backend_role

awsSecretBackendRole.AwsSecretBackendRole.is_construct(
  x: typing.Any
)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: typing.Any

Any object.

`is_terraform_element`

from cdktf_cdktf_provider_vault import aws_secret_backend_role

awsSecretBackendRole.AwsSecretBackendRole.is_terraform_element(
  x: typing.Any
)

`x`^Required

Type: typing.Any

`is_terraform_resource`

from cdktf_cdktf_provider_vault import aws_secret_backend_role

awsSecretBackendRole.AwsSecretBackendRole.is_terraform_resource(
  x: typing.Any
)

`x`^Required

Type: typing.Any

`generate_config_for_import`

from cdktf_cdktf_provider_vault import aws_secret_backend_role

awsSecretBackendRole.AwsSecretBackendRole.generate_config_for_import(
  scope: Construct,
  import_to_id: str,
  import_from_id: str,
  provider: TerraformProvider = None
)

Generates CDKTF code for importing a AwsSecretBackendRole resource upon running "cdktf plan ".

`scope`^Required

Type: constructs.Construct

The scope in which to define this construct.

`import_to_id`^Required

Type: str

The construct id used in the generated config for the AwsSecretBackendRole to import.

`import_from_id`^Required

Type: str

The id of the existing AwsSecretBackendRole that should be imported.

Refer to the {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#import import section} in the documentation of this resource for the id to use

`provider`^Optional

Type: cdktf.TerraformProvider

? Optional instance of the provider where the AwsSecretBackendRole to import is found.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`cdktf_stack`	`cdktf.TerraformStack`	No description.
`fqn`	`str`	No description.
`friendly_unique_id`	`str`	No description.
`terraform_meta_arguments`	`typing.Mapping[typing.Any]`	No description.
`terraform_resource_type`	`str`	No description.
`terraform_generator_metadata`	`cdktf.TerraformProviderGeneratorMetadata`	No description.
`connection`	`typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]`	No description.
`count`	`typing.Union[typing.Union[int, float], cdktf.TerraformCount]`	No description.
`depends_on`	`typing.List[str]`	No description.
`for_each`	`cdktf.ITerraformIterator`	No description.
`lifecycle`	`cdktf.TerraformResourceLifecycle`	No description.
`provider`	`cdktf.TerraformProvider`	No description.
`provisioners`	`typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]`	No description.
`backend_input`	`str`	No description.
`credential_type_input`	`str`	No description.
`default_sts_ttl_input`	`typing.Union[int, float]`	No description.
`external_id_input`	`str`	No description.
`iam_groups_input`	`typing.List[str]`	No description.
`iam_tags_input`	`typing.Mapping[str]`	No description.
`id_input`	`str`	No description.
`max_sts_ttl_input`	`typing.Union[int, float]`	No description.
`name_input`	`str`	No description.
`namespace_input`	`str`	No description.
`permissions_boundary_arn_input`	`str`	No description.
`policy_arns_input`	`typing.List[str]`	No description.
`policy_document_input`	`str`	No description.
`role_arns_input`	`typing.List[str]`	No description.
`session_tags_input`	`typing.Mapping[str]`	No description.
`user_path_input`	`str`	No description.
`backend`	`str`	No description.
`credential_type`	`str`	No description.
`default_sts_ttl`	`typing.Union[int, float]`	No description.
`external_id`	`str`	No description.
`iam_groups`	`typing.List[str]`	No description.
`iam_tags`	`typing.Mapping[str]`	No description.
`id`	`str`	No description.
`max_sts_ttl`	`typing.Union[int, float]`	No description.
`name`	`str`	No description.
`namespace`	`str`	No description.
`permissions_boundary_arn`	`str`	No description.
`policy_arns`	`typing.List[str]`	No description.
`policy_document`	`str`	No description.
`role_arns`	`typing.List[str]`	No description.
`session_tags`	`typing.Mapping[str]`	No description.
`user_path`	`str`	No description.

`node`^Required

node: Node

Type: constructs.Node

The tree node.

`cdktf_stack`^Required

cdktf_stack: TerraformStack

Type: cdktf.TerraformStack

`fqn`^Required

fqn: str

Type: str

`friendly_unique_id`^Required

friendly_unique_id: str

Type: str

`terraform_meta_arguments`^Required

terraform_meta_arguments: typing.Mapping[typing.Any]

Type: typing.Mapping[typing.Any]

`terraform_resource_type`^Required

terraform_resource_type: str

Type: str

`terraform_generator_metadata`^Optional

terraform_generator_metadata: TerraformProviderGeneratorMetadata

Type: cdktf.TerraformProviderGeneratorMetadata

`connection`^Optional

connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection]

Type: typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]

`count`^Optional

count: typing.Union[typing.Union[int, float], TerraformCount]

Type: typing.Union[typing.Union[int, float], cdktf.TerraformCount]

`depends_on`^Optional

depends_on: typing.List[str]

Type: typing.List[str]

`for_each`^Optional

for_each: ITerraformIterator

Type: cdktf.ITerraformIterator

`lifecycle`^Optional

lifecycle: TerraformResourceLifecycle

Type: cdktf.TerraformResourceLifecycle

`provider`^Optional

provider: TerraformProvider

Type: cdktf.TerraformProvider

`provisioners`^Optional

provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]]

Type: typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]

`backend_input`^Optional

backend_input: str

Type: str

`credential_type_input`^Optional

credential_type_input: str

Type: str

`default_sts_ttl_input`^Optional

default_sts_ttl_input: typing.Union[int, float]

Type: typing.Union[int, float]

`external_id_input`^Optional

external_id_input: str

Type: str

`iam_groups_input`^Optional

iam_groups_input: typing.List[str]

Type: typing.List[str]

`iam_tags_input`^Optional

iam_tags_input: typing.Mapping[str]

Type: typing.Mapping[str]

`id_input`^Optional

id_input: str

Type: str

`max_sts_ttl_input`^Optional

max_sts_ttl_input: typing.Union[int, float]

Type: typing.Union[int, float]

`name_input`^Optional

name_input: str

Type: str

`namespace_input`^Optional

namespace_input: str

Type: str

`permissions_boundary_arn_input`^Optional

permissions_boundary_arn_input: str

Type: str

`policy_arns_input`^Optional

policy_arns_input: typing.List[str]

Type: typing.List[str]

`policy_document_input`^Optional

policy_document_input: str

Type: str

`role_arns_input`^Optional

role_arns_input: typing.List[str]

Type: typing.List[str]

`session_tags_input`^Optional

session_tags_input: typing.Mapping[str]

Type: typing.Mapping[str]

`user_path_input`^Optional

user_path_input: str

Type: str

`backend`^Required

backend: str

Type: str

`credential_type`^Required

credential_type: str

Type: str

`default_sts_ttl`^Required

default_sts_ttl: typing.Union[int, float]

Type: typing.Union[int, float]

`external_id`^Required

external_id: str

Type: str

`iam_groups`^Required

iam_groups: typing.List[str]

Type: typing.List[str]

`iam_tags`^Required

iam_tags: typing.Mapping[str]

Type: typing.Mapping[str]

`id`^Required

id: str

Type: str

`max_sts_ttl`^Required

max_sts_ttl: typing.Union[int, float]

Type: typing.Union[int, float]

`name`^Required

name: str

Type: str

`namespace`^Required

namespace: str

Type: str

`permissions_boundary_arn`^Required

permissions_boundary_arn: str

Type: str

`policy_arns`^Required

policy_arns: typing.List[str]

Type: typing.List[str]

`policy_document`^Required

policy_document: str

Type: str

`role_arns`^Required

role_arns: typing.List[str]

Type: typing.List[str]

`session_tags`^Required

session_tags: typing.Mapping[str]

Type: typing.Mapping[str]

`user_path`^Required

user_path: str

Type: str

Constants

Name	Type	Description
`tfResourceType`	`str`	No description.

`tfResourceType`^Required

tfResourceType: str

Type: str

Structs

AwsSecretBackendRoleConfig

Initializer

from cdktf_cdktf_provider_vault import aws_secret_backend_role

awsSecretBackendRole.AwsSecretBackendRoleConfig(
  connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection] = None,
  count: typing.Union[typing.Union[int, float], TerraformCount] = None,
  depends_on: typing.List[ITerraformDependable] = None,
  for_each: ITerraformIterator = None,
  lifecycle: TerraformResourceLifecycle = None,
  provider: TerraformProvider = None,
  provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]] = None,
  backend: str,
  credential_type: str,
  name: str,
  default_sts_ttl: typing.Union[int, float] = None,
  external_id: str = None,
  iam_groups: typing.List[str] = None,
  iam_tags: typing.Mapping[str] = None,
  id: str = None,
  max_sts_ttl: typing.Union[int, float] = None,
  namespace: str = None,
  permissions_boundary_arn: str = None,
  policy_arns: typing.List[str] = None,
  policy_document: str = None,
  role_arns: typing.List[str] = None,
  session_tags: typing.Mapping[str] = None,
  user_path: str = None
)

Properties

Name	Type	Description
`connection`	`typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]`	No description.
`count`	`typing.Union[typing.Union[int, float], cdktf.TerraformCount]`	No description.
`depends_on`	`typing.List[cdktf.ITerraformDependable]`	No description.
`for_each`	`cdktf.ITerraformIterator`	No description.
`lifecycle`	`cdktf.TerraformResourceLifecycle`	No description.
`provider`	`cdktf.TerraformProvider`	No description.
`provisioners`	`typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]`	No description.
`backend`	`str`	The path of the AWS Secret Backend the role belongs to.
`credential_type`	`str`	Role credential type.
`name`	`str`	Unique name for the role.
`default_sts_ttl`	`typing.Union[int, float]`	The default TTL in seconds for STS credentials.
`external_id`	`str`	External ID to set for assume role creds.
`iam_groups`	`typing.List[str]`	A list of IAM group names.
`iam_tags`	`typing.Mapping[str]`	A map of strings representing key/value pairs used as tags for any IAM user created by this role.
`id`	`str`	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#id AwsSecretBackendRole#id}.
`max_sts_ttl`	`typing.Union[int, float]`	The max allowed TTL in seconds for STS credentials (credentials TTL are capped to max_sts_ttl).
`namespace`	`str`	Target namespace. (requires Enterprise).
`permissions_boundary_arn`	`str`	The ARN of the AWS Permissions Boundary to attach to IAM users created in the role.
`policy_arns`	`typing.List[str]`	ARN for an existing IAM policy the role should use.
`policy_document`	`str`	IAM policy the role should use in JSON format.
`role_arns`	`typing.List[str]`	ARNs of AWS roles allowed to be assumed. Only valid when credential_type is 'assumed_role'.
`session_tags`	`typing.Mapping[str]`	Session tags to be set for assume role creds created.
`user_path`	`str`	The path for the user name. Valid only when credential_type is iam_user. Default is /.

`connection`^Optional

connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection]

Type: typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]

`count`^Optional

count: typing.Union[typing.Union[int, float], TerraformCount]

Type: typing.Union[typing.Union[int, float], cdktf.TerraformCount]

`depends_on`^Optional

depends_on: typing.List[ITerraformDependable]

Type: typing.List[cdktf.ITerraformDependable]

`for_each`^Optional

for_each: ITerraformIterator

Type: cdktf.ITerraformIterator

`lifecycle`^Optional

lifecycle: TerraformResourceLifecycle

Type: cdktf.TerraformResourceLifecycle

`provider`^Optional

provider: TerraformProvider

Type: cdktf.TerraformProvider

`provisioners`^Optional

provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]]

Type: typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]

`backend`^Required

backend: str

Type: str

The path of the AWS Secret Backend the role belongs to.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#backend AwsSecretBackendRole#backend}

`credential_type`^Required

credential_type: str

Type: str

Role credential type.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#credential_type AwsSecretBackendRole#credential_type}

`name`^Required

name: str

Type: str

Unique name for the role.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#name AwsSecretBackendRole#name}

`default_sts_ttl`^Optional

default_sts_ttl: typing.Union[int, float]

Type: typing.Union[int, float]

The default TTL in seconds for STS credentials.

When a TTL is not specified when STS credentials are requested, and a default TTL is specified on the role, then this default TTL will be used. Valid only when credential_type is one of assumed_role or federation_token.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#default_sts_ttl AwsSecretBackendRole#default_sts_ttl}

`external_id`^Optional

external_id: str

Type: str

External ID to set for assume role creds.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#external_id AwsSecretBackendRole#external_id}

`iam_groups`^Optional

iam_groups: typing.List[str]

Type: typing.List[str]

A list of IAM group names.

IAM users generated against this vault role will be added to these IAM Groups. For a credential type of assumed_role or federation_token, the policies sent to the corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the policies from each group in iam_groups combined with the policy_document and policy_arns parameters.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#iam_groups AwsSecretBackendRole#iam_groups}

`iam_tags`^Optional

iam_tags: typing.Mapping[str]

Type: typing.Mapping[str]

A map of strings representing key/value pairs used as tags for any IAM user created by this role.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#iam_tags AwsSecretBackendRole#iam_tags}

`id`^Optional

id: str

Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#id AwsSecretBackendRole#id}.

Please be aware that the id field is automatically added to all resources in Terraform providers using a Terraform provider SDK version below 2. If you experience problems setting this value it might not be settable. Please take a look at the provider documentation to ensure it should be settable.

`max_sts_ttl`^Optional

max_sts_ttl: typing.Union[int, float]

Type: typing.Union[int, float]

The max allowed TTL in seconds for STS credentials (credentials TTL are capped to max_sts_ttl).

Valid only when credential_type is one of assumed_role or federation_token.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#max_sts_ttl AwsSecretBackendRole#max_sts_ttl}

`namespace`^Optional

namespace: str

Type: str

Target namespace. (requires Enterprise).

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#namespace AwsSecretBackendRole#namespace}

`permissions_boundary_arn`^Optional

permissions_boundary_arn: str

Type: str

The ARN of the AWS Permissions Boundary to attach to IAM users created in the role.

Valid only when credential_type is iam_user. If not specified, then no permissions boundary policy will be attached.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#permissions_boundary_arn AwsSecretBackendRole#permissions_boundary_arn}

`policy_arns`^Optional

policy_arns: typing.List[str]

Type: typing.List[str]

ARN for an existing IAM policy the role should use.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#policy_arns AwsSecretBackendRole#policy_arns}

`policy_document`^Optional

policy_document: str

Type: str

IAM policy the role should use in JSON format.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#policy_document AwsSecretBackendRole#policy_document}

`role_arns`^Optional

role_arns: typing.List[str]

Type: typing.List[str]

ARNs of AWS roles allowed to be assumed. Only valid when credential_type is 'assumed_role'.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#role_arns AwsSecretBackendRole#role_arns}

`session_tags`^Optional

session_tags: typing.Mapping[str]

Type: typing.Mapping[str]

Session tags to be set for assume role creds created.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#session_tags AwsSecretBackendRole#session_tags}

`user_path`^Optional

user_path: str

Type: str

The path for the user name. Valid only when credential_type is iam_user. Default is /.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.4.0/docs/resources/aws_secret_backend_role#user_path AwsSecretBackendRole#user_path}

Files

awsSecretBackendRole.python.md

Latest commit

History

awsSecretBackendRole.python.md

File metadata and controls

awsSecretBackendRole Submodule

Constructs