Represents a {@link https://registry.terraform.io/providers/hashicorp/vault/4.6.0/docs/resources/aws_secret_backend_role vault_aws_secret_backend_role}.
import { awsSecretBackendRole } from '@cdktf/provider-vault'
new awsSecretBackendRole.AwsSecretBackendRole(scope: Construct, id: string, config: AwsSecretBackendRoleConfig)| Name | Type | Description |
|---|---|---|
scope |
constructs.Construct |
The scope in which to define this construct. |
id |
string |
The scoped construct ID. |
config |
AwsSecretBackendRoleConfig |
No description. |
- Type: constructs.Construct
The scope in which to define this construct.
- Type: string
The scoped construct ID.
Must be unique amongst siblings in the same scope
| Name | Description |
|---|---|
toString |
Returns a string representation of this construct. |
addOverride |
No description. |
overrideLogicalId |
Overrides the auto-generated logical ID with a specific ID. |
resetOverrideLogicalId |
Resets a previously passed logical Id to use the auto-generated logical id again. |
toHclTerraform |
No description. |
toMetadata |
No description. |
toTerraform |
Adds this resource to the terraform JSON output. |
addMoveTarget |
Adds a user defined moveTarget string to this resource to be later used in .moveTo(moveTarget) to resolve the location of the move. |
getAnyMapAttribute |
No description. |
getBooleanAttribute |
No description. |
getBooleanMapAttribute |
No description. |
getListAttribute |
No description. |
getNumberAttribute |
No description. |
getNumberListAttribute |
No description. |
getNumberMapAttribute |
No description. |
getStringAttribute |
No description. |
getStringMapAttribute |
No description. |
hasResourceMove |
No description. |
importFrom |
No description. |
interpolationForAttribute |
No description. |
moveFromId |
Move the resource corresponding to "id" to this resource. |
moveTo |
Moves this resource to the target resource given by moveTarget. |
moveToId |
Moves this resource to the resource corresponding to "id". |
resetDefaultStsTtl |
No description. |
resetExternalId |
No description. |
resetIamGroups |
No description. |
resetIamTags |
No description. |
resetId |
No description. |
resetMaxStsTtl |
No description. |
resetNamespace |
No description. |
resetPermissionsBoundaryArn |
No description. |
resetPolicyArns |
No description. |
resetPolicyDocument |
No description. |
resetRoleArns |
No description. |
resetSessionTags |
No description. |
resetUserPath |
No description. |
public toString(): stringReturns a string representation of this construct.
public addOverride(path: string, value: any): void- Type: string
- Type: any
public overrideLogicalId(newLogicalId: string): voidOverrides the auto-generated logical ID with a specific ID.
- Type: string
The new logical ID to use for this stack element.
public resetOverrideLogicalId(): voidResets a previously passed logical Id to use the auto-generated logical id again.
public toHclTerraform(): anypublic toMetadata(): anypublic toTerraform(): anyAdds this resource to the terraform JSON output.
public addMoveTarget(moveTarget: string): voidAdds a user defined moveTarget string to this resource to be later used in .moveTo(moveTarget) to resolve the location of the move.
- Type: string
The string move target that will correspond to this resource.
public getAnyMapAttribute(terraformAttribute: string): {[ key: string ]: any}- Type: string
public getBooleanAttribute(terraformAttribute: string): IResolvable- Type: string
public getBooleanMapAttribute(terraformAttribute: string): {[ key: string ]: boolean}- Type: string
public getListAttribute(terraformAttribute: string): string[]- Type: string
public getNumberAttribute(terraformAttribute: string): number- Type: string
public getNumberListAttribute(terraformAttribute: string): number[]- Type: string
public getNumberMapAttribute(terraformAttribute: string): {[ key: string ]: number}- Type: string
public getStringAttribute(terraformAttribute: string): string- Type: string
public getStringMapAttribute(terraformAttribute: string): {[ key: string ]: string}- Type: string
public hasResourceMove(): TerraformResourceMoveByTarget | TerraformResourceMoveByIdpublic importFrom(id: string, provider?: TerraformProvider): void- Type: string
- Type: cdktf.TerraformProvider
public interpolationForAttribute(terraformAttribute: string): IResolvable- Type: string
public moveFromId(id: string): voidMove the resource corresponding to "id" to this resource.
Note that the resource being moved from must be marked as moved using it's instance function.
- Type: string
Full id of resource being moved from, e.g. "aws_s3_bucket.example".
public moveTo(moveTarget: string, index?: string | number): voidMoves this resource to the target resource given by moveTarget.
- Type: string
The previously set user defined string set by .addMoveTarget() corresponding to the resource to move to.
- Type: string | number
Optional The index corresponding to the key the resource is to appear in the foreach of a resource to move to.
public moveToId(id: string): voidMoves this resource to the resource corresponding to "id".
- Type: string
Full id of resource to move to, e.g. "aws_s3_bucket.example".
public resetDefaultStsTtl(): voidpublic resetExternalId(): voidpublic resetIamGroups(): voidpublic resetIamTags(): voidpublic resetId(): voidpublic resetMaxStsTtl(): voidpublic resetNamespace(): voidpublic resetPermissionsBoundaryArn(): voidpublic resetPolicyArns(): voidpublic resetPolicyDocument(): voidpublic resetRoleArns(): voidpublic resetSessionTags(): voidpublic resetUserPath(): void| Name | Description |
|---|---|
isConstruct |
Checks if x is a construct. |
isTerraformElement |
No description. |
isTerraformResource |
No description. |
generateConfigForImport |
Generates CDKTF code for importing a AwsSecretBackendRole resource upon running "cdktf plan ". |
import { awsSecretBackendRole } from '@cdktf/provider-vault'
awsSecretBackendRole.AwsSecretBackendRole.isConstruct(x: any)Checks if x is a construct.
Use this method instead of instanceof to properly detect Construct
instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the constructs library on
disk are seen as independent, completely different libraries. As a
consequence, the class Construct in each copy of the constructs library
is seen as a different class, and an instance of one class will not test as
instanceof the other class. npm install will not create installations
like this, but users may manually symlink construct libraries together or
use a monorepo tool: in those cases, multiple copies of the constructs
library can be accidentally installed, and instanceof will behave
unpredictably. It is safest to avoid using instanceof, and using
this type-testing method instead.
- Type: any
Any object.
import { awsSecretBackendRole } from '@cdktf/provider-vault'
awsSecretBackendRole.AwsSecretBackendRole.isTerraformElement(x: any)- Type: any
import { awsSecretBackendRole } from '@cdktf/provider-vault'
awsSecretBackendRole.AwsSecretBackendRole.isTerraformResource(x: any)- Type: any
import { awsSecretBackendRole } from '@cdktf/provider-vault'
awsSecretBackendRole.AwsSecretBackendRole.generateConfigForImport(scope: Construct, importToId: string, importFromId: string, provider?: TerraformProvider)Generates CDKTF code for importing a AwsSecretBackendRole resource upon running "cdktf plan ".
- Type: constructs.Construct
The scope in which to define this construct.
- Type: string
The construct id used in the generated config for the AwsSecretBackendRole to import.
- Type: string
The id of the existing AwsSecretBackendRole that should be imported.
Refer to the {@link https://registry.terraform.io/providers/hashicorp/vault/4.6.0/docs/resources/aws_secret_backend_role#import import section} in the documentation of this resource for the id to use
- Type: cdktf.TerraformProvider
? Optional instance of the provider where the AwsSecretBackendRole to import is found.
| Name | Type | Description |
|---|---|---|
node |
constructs.Node |
The tree node. |
cdktfStack |
cdktf.TerraformStack |
No description. |
fqn |
string |
No description. |
friendlyUniqueId |
string |
No description. |
terraformMetaArguments |
{[ key: string ]: any} |
No description. |
terraformResourceType |
string |
No description. |
terraformGeneratorMetadata |
cdktf.TerraformProviderGeneratorMetadata |
No description. |
connection |
cdktf.SSHProvisionerConnection | cdktf.WinrmProvisionerConnection |
No description. |
count |
number | cdktf.TerraformCount |
No description. |
dependsOn |
string[] |
No description. |
forEach |
cdktf.ITerraformIterator |
No description. |
lifecycle |
cdktf.TerraformResourceLifecycle |
No description. |
provider |
cdktf.TerraformProvider |
No description. |
provisioners |
cdktf.FileProvisioner | cdktf.LocalExecProvisioner | cdktf.RemoteExecProvisioner[] |
No description. |
backendInput |
string |
No description. |
credentialTypeInput |
string |
No description. |
defaultStsTtlInput |
number |
No description. |
externalIdInput |
string |
No description. |
iamGroupsInput |
string[] |
No description. |
iamTagsInput |
{[ key: string ]: string} |
No description. |
idInput |
string |
No description. |
maxStsTtlInput |
number |
No description. |
nameInput |
string |
No description. |
namespaceInput |
string |
No description. |
permissionsBoundaryArnInput |
string |
No description. |
policyArnsInput |
string[] |
No description. |
policyDocumentInput |
string |
No description. |
roleArnsInput |
string[] |
No description. |
sessionTagsInput |
{[ key: string ]: string} |
No description. |
userPathInput |
string |
No description. |
backend |
string |
No description. |
credentialType |
string |
No description. |
defaultStsTtl |
number |
No description. |
externalId |
string |
No description. |
iamGroups |
string[] |
No description. |
iamTags |
{[ key: string ]: string} |
No description. |
id |
string |
No description. |
maxStsTtl |
number |
No description. |
name |
string |
No description. |
namespace |
string |
No description. |
permissionsBoundaryArn |
string |
No description. |
policyArns |
string[] |
No description. |
policyDocument |
string |
No description. |
roleArns |
string[] |
No description. |
sessionTags |
{[ key: string ]: string} |
No description. |
userPath |
string |
No description. |
public readonly node: Node;- Type: constructs.Node
The tree node.
public readonly cdktfStack: TerraformStack;- Type: cdktf.TerraformStack
public readonly fqn: string;- Type: string
public readonly friendlyUniqueId: string;- Type: string
public readonly terraformMetaArguments: {[ key: string ]: any};- Type: {[ key: string ]: any}
public readonly terraformResourceType: string;- Type: string
public readonly terraformGeneratorMetadata: TerraformProviderGeneratorMetadata;- Type: cdktf.TerraformProviderGeneratorMetadata
public readonly connection: SSHProvisionerConnection | WinrmProvisionerConnection;- Type: cdktf.SSHProvisionerConnection | cdktf.WinrmProvisionerConnection
public readonly count: number | TerraformCount;- Type: number | cdktf.TerraformCount
public readonly dependsOn: string[];- Type: string[]
public readonly forEach: ITerraformIterator;- Type: cdktf.ITerraformIterator
public readonly lifecycle: TerraformResourceLifecycle;- Type: cdktf.TerraformResourceLifecycle
public readonly provider: TerraformProvider;- Type: cdktf.TerraformProvider
public readonly provisioners: FileProvisioner | LocalExecProvisioner | RemoteExecProvisioner[];- Type: cdktf.FileProvisioner | cdktf.LocalExecProvisioner | cdktf.RemoteExecProvisioner[]
public readonly backendInput: string;- Type: string
public readonly credentialTypeInput: string;- Type: string
public readonly defaultStsTtlInput: number;- Type: number
public readonly externalIdInput: string;- Type: string
public readonly iamGroupsInput: string[];- Type: string[]
public readonly iamTagsInput: {[ key: string ]: string};- Type: {[ key: string ]: string}
public readonly idInput: string;- Type: string
public readonly maxStsTtlInput: number;- Type: number
public readonly nameInput: string;- Type: string
public readonly namespaceInput: string;- Type: string
public readonly permissionsBoundaryArnInput: string;- Type: string
public readonly policyArnsInput: string[];- Type: string[]
public readonly policyDocumentInput: string;- Type: string
public readonly roleArnsInput: string[];- Type: string[]
public readonly sessionTagsInput: {[ key: string ]: string};- Type: {[ key: string ]: string}
public readonly userPathInput: string;- Type: string
public readonly backend: string;- Type: string
public readonly credentialType: string;- Type: string
public readonly defaultStsTtl: number;- Type: number
public readonly externalId: string;- Type: string
public readonly iamGroups: string[];- Type: string[]
public readonly iamTags: {[ key: string ]: string};- Type: {[ key: string ]: string}
public readonly id: string;- Type: string
public readonly maxStsTtl: number;- Type: number
public readonly name: string;- Type: string
public readonly namespace: string;- Type: string
public readonly permissionsBoundaryArn: string;- Type: string
public readonly policyArns: string[];- Type: string[]
public readonly policyDocument: string;- Type: string
public readonly roleArns: string[];- Type: string[]
public readonly sessionTags: {[ key: string ]: string};- Type: {[ key: string ]: string}
public readonly userPath: string;- Type: string
| Name | Type | Description |
|---|---|---|
tfResourceType |
string |
No description. |
public readonly tfResourceType: string;- Type: string
import { awsSecretBackendRole } from '@cdktf/provider-vault'
const awsSecretBackendRoleConfig: awsSecretBackendRole.AwsSecretBackendRoleConfig = { ... }| Name | Type | Description |
|---|---|---|
connection |
cdktf.SSHProvisionerConnection | cdktf.WinrmProvisionerConnection |
No description. |
count |
number | cdktf.TerraformCount |
No description. |
dependsOn |
cdktf.ITerraformDependable[] |
No description. |
forEach |
cdktf.ITerraformIterator |
No description. |
lifecycle |
cdktf.TerraformResourceLifecycle |
No description. |
provider |
cdktf.TerraformProvider |
No description. |
provisioners |
cdktf.FileProvisioner | cdktf.LocalExecProvisioner | cdktf.RemoteExecProvisioner[] |
No description. |
backend |
string |
The path of the AWS Secret Backend the role belongs to. |
credentialType |
string |
Role credential type. |
name |
string |
Unique name for the role. |
defaultStsTtl |
number |
The default TTL in seconds for STS credentials. |
externalId |
string |
External ID to set for assume role creds. |
iamGroups |
string[] |
A list of IAM group names. |
iamTags |
{[ key: string ]: string} |
A map of strings representing key/value pairs used as tags for any IAM user created by this role. |
id |
string |
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.6.0/docs/resources/aws_secret_backend_role#id AwsSecretBackendRole#id}. |
maxStsTtl |
number |
The max allowed TTL in seconds for STS credentials (credentials TTL are capped to max_sts_ttl). |
namespace |
string |
Target namespace. (requires Enterprise). |
permissionsBoundaryArn |
string |
The ARN of the AWS Permissions Boundary to attach to IAM users created in the role. |
policyArns |
string[] |
ARN for an existing IAM policy the role should use. |
policyDocument |
string |
IAM policy the role should use in JSON format. |
roleArns |
string[] |
ARNs of AWS roles allowed to be assumed. Only valid when credential_type is 'assumed_role'. |
sessionTags |
{[ key: string ]: string} |
Session tags to be set for assume role creds created. |
userPath |
string |
The path for the user name. Valid only when credential_type is iam_user. Default is /. |
public readonly connection: SSHProvisionerConnection | WinrmProvisionerConnection;- Type: cdktf.SSHProvisionerConnection | cdktf.WinrmProvisionerConnection
public readonly count: number | TerraformCount;- Type: number | cdktf.TerraformCount
public readonly dependsOn: ITerraformDependable[];- Type: cdktf.ITerraformDependable[]
public readonly forEach: ITerraformIterator;- Type: cdktf.ITerraformIterator
public readonly lifecycle: TerraformResourceLifecycle;- Type: cdktf.TerraformResourceLifecycle
public readonly provider: TerraformProvider;- Type: cdktf.TerraformProvider
public readonly provisioners: FileProvisioner | LocalExecProvisioner | RemoteExecProvisioner[];- Type: cdktf.FileProvisioner | cdktf.LocalExecProvisioner | cdktf.RemoteExecProvisioner[]
public readonly backend: string;- Type: string
The path of the AWS Secret Backend the role belongs to.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.6.0/docs/resources/aws_secret_backend_role#backend AwsSecretBackendRole#backend}
public readonly credentialType: string;- Type: string
Role credential type.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.6.0/docs/resources/aws_secret_backend_role#credential_type AwsSecretBackendRole#credential_type}
public readonly name: string;- Type: string
Unique name for the role.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.6.0/docs/resources/aws_secret_backend_role#name AwsSecretBackendRole#name}
public readonly defaultStsTtl: number;- Type: number
The default TTL in seconds for STS credentials.
When a TTL is not specified when STS credentials are requested, and a default TTL is specified on the role, then this default TTL will be used. Valid only when credential_type is one of assumed_role or federation_token.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.6.0/docs/resources/aws_secret_backend_role#default_sts_ttl AwsSecretBackendRole#default_sts_ttl}
public readonly externalId: string;- Type: string
External ID to set for assume role creds.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.6.0/docs/resources/aws_secret_backend_role#external_id AwsSecretBackendRole#external_id}
public readonly iamGroups: string[];- Type: string[]
A list of IAM group names.
IAM users generated against this vault role will be added to these IAM Groups. For a credential type of assumed_role or federation_token, the policies sent to the corresponding AWS call (sts:AssumeRole or sts:GetFederation) will be the policies from each group in iam_groups combined with the policy_document and policy_arns parameters.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.6.0/docs/resources/aws_secret_backend_role#iam_groups AwsSecretBackendRole#iam_groups}
public readonly iamTags: {[ key: string ]: string};- Type: {[ key: string ]: string}
A map of strings representing key/value pairs used as tags for any IAM user created by this role.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.6.0/docs/resources/aws_secret_backend_role#iam_tags AwsSecretBackendRole#iam_tags}
public readonly id: string;- Type: string
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.6.0/docs/resources/aws_secret_backend_role#id AwsSecretBackendRole#id}.
Please be aware that the id field is automatically added to all resources in Terraform providers using a Terraform provider SDK version below 2. If you experience problems setting this value it might not be settable. Please take a look at the provider documentation to ensure it should be settable.
public readonly maxStsTtl: number;- Type: number
The max allowed TTL in seconds for STS credentials (credentials TTL are capped to max_sts_ttl).
Valid only when credential_type is one of assumed_role or federation_token.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.6.0/docs/resources/aws_secret_backend_role#max_sts_ttl AwsSecretBackendRole#max_sts_ttl}
public readonly namespace: string;- Type: string
Target namespace. (requires Enterprise).
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.6.0/docs/resources/aws_secret_backend_role#namespace AwsSecretBackendRole#namespace}
public readonly permissionsBoundaryArn: string;- Type: string
The ARN of the AWS Permissions Boundary to attach to IAM users created in the role.
Valid only when credential_type is iam_user. If not specified, then no permissions boundary policy will be attached.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.6.0/docs/resources/aws_secret_backend_role#permissions_boundary_arn AwsSecretBackendRole#permissions_boundary_arn}
public readonly policyArns: string[];- Type: string[]
ARN for an existing IAM policy the role should use.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.6.0/docs/resources/aws_secret_backend_role#policy_arns AwsSecretBackendRole#policy_arns}
public readonly policyDocument: string;- Type: string
IAM policy the role should use in JSON format.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.6.0/docs/resources/aws_secret_backend_role#policy_document AwsSecretBackendRole#policy_document}
public readonly roleArns: string[];- Type: string[]
ARNs of AWS roles allowed to be assumed. Only valid when credential_type is 'assumed_role'.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.6.0/docs/resources/aws_secret_backend_role#role_arns AwsSecretBackendRole#role_arns}
public readonly sessionTags: {[ key: string ]: string};- Type: {[ key: string ]: string}
Session tags to be set for assume role creds created.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.6.0/docs/resources/aws_secret_backend_role#session_tags AwsSecretBackendRole#session_tags}
public readonly userPath: string;- Type: string
The path for the user name. Valid only when credential_type is iam_user. Default is /.
Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.6.0/docs/resources/aws_secret_backend_role#user_path AwsSecretBackendRole#user_path}