AWS Cloud Control v1.26.0, Mar 12 25

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

aws-native.Provider

Explore with Pulumi AI

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

The provider type for the AWS Cloud Control package. By default, resources use package-wide configuration settings, however an explicit Provider instance may be created and passed during resource construction to achieve fine-grained programmatic control over provider settings. See the documentation for more information.

Create Provider Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

new Provider(name: string, args: ProviderArgs, opts?: CustomResourceOptions);

@overload
def Provider(resource_name: str,
             args: ProviderArgs,
             opts: Optional[ResourceOptions] = None)

@overload
def Provider(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             access_key: Optional[str] = None,
             allowed_account_ids: Optional[Sequence[str]] = None,
             assume_role: Optional[ProviderAssumeRoleArgs] = None,
             auto_naming: Optional[ProviderAutoNamingArgs] = None,
             default_tags: Optional[ProviderDefaultTagsArgs] = None,
             endpoints: Optional[Sequence[ProviderEndpointArgs]] = None,
             forbidden_account_ids: Optional[Sequence[str]] = None,
             ignore_tags: Optional[ProviderIgnoreTagsArgs] = None,
             insecure: Optional[bool] = None,
             max_retries: Optional[int] = None,
             profile: Optional[str] = None,
             region: Optional[str] = None,
             role_arn: Optional[str] = None,
             s3_force_path_style: Optional[bool] = None,
             secret_key: Optional[str] = None,
             shared_credentials_file: Optional[str] = None,
             skip_credentials_validation: Optional[bool] = None,
             skip_get_ec2_platforms: Optional[bool] = None,
             skip_metadata_api_check: Optional[bool] = None,
             skip_region_validation: Optional[bool] = None,
             skip_requesting_account_id: Optional[bool] = None,
             token: Optional[str] = None)

func NewProvider(ctx *Context, name string, args ProviderArgs, opts ...ResourceOption) (*Provider, error)

public Provider(string name, ProviderArgs args, CustomResourceOptions? opts = null)

public Provider(String name, ProviderArgs args)
public Provider(String name, ProviderArgs args, CustomResourceOptions options)

type: pulumi:providers:aws-native
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ProviderArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ProviderArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ProviderArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ProviderArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ProviderArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Provider Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Provider resource accepts the following input properties:

Region string: The region where AWS operations will take place. Examples are us-east-1, us-west-2, etc. It can also be sourced from the following environment variables: AWS_REGION, AWS_DEFAULT_REGION
AccessKey string: The access key for API operations. You can retrieve this from the ‘Security & Credentials’ section of the AWS console.
AllowedAccountIds List<string>: List of allowed AWS account IDs to prevent you from mistakenly using an incorrect one. Conflicts with forbiddenAccountIds.
AssumeRole Pulumi.AwsNative.Inputs.ProviderAssumeRole: Configuration for retrieving temporary credentials from the STS service.
AutoNaming Pulumi.AwsNative.Inputs.ProviderAutoNaming: The configuration for automatically naming resources.
DefaultTags Pulumi.AwsNative.Inputs.ProviderDefaultTags: Configuration block with resource tag settings to apply across all resources handled by this provider. This is designed to replace redundant per-resource tags configurations. Provider tags can be overridden with new values, but not excluded from specific resources. To override provider tag values, use the tags argument within a resource to configure new tag values for matching keys.
Endpoints List<Pulumi.AwsNative.Inputs.ProviderEndpoint>: Configuration block for customizing service endpoints.
ForbiddenAccountIds List<string>: List of forbidden AWS account IDs to prevent you from mistakenly using the wrong one (and potentially end up destroying a live environment). Conflicts with allowedAccountIds.
IgnoreTags Pulumi.AwsNative.Inputs.ProviderIgnoreTags: Configuration block with resource tag settings to ignore across all resources handled by this provider (except any individual service tag resources such as ec2.Tag) for situations where external systems are managing certain resource tags.
Insecure bool: Explicitly allow the provider to perform "insecure" SSL requests. If omitted,default value is false.
MaxRetries int: The maximum number of times an AWS API request is being executed. If the API request still fails, an error is thrown.
Profile string: The profile for API operations. If not set, the default profile created with aws configure will be used. It can also be sourced from the following environment variable: AWS_PROFILE
RoleArn string: The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role for Cloud Control API to use when performing this resource operation. Note, this is a unique feature for server side security enforcement, not to be confused with assumeRole, which is used to obtain temporary client credentials. If you do not specify a role, Cloud Control API uses a temporary session created using your AWS user credentials instead.
S3ForcePathStyle bool: Set this to true to force the request to use path-style addressing, i.e., http://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will use virtual hosted bucket addressing when possible (http://BUCKET.s3.amazonaws.com/KEY). Specific to the Amazon S3 service.
SecretKey string: The secret key for API operations. You can retrieve this from the 'Security & Credentials' section of the AWS console.
SharedCredentialsFile string: The path to the shared credentials file. If not set this defaults to ~/.aws/credentials. It can also be sourced from the following environment variable: AWS_SHARED_CREDENTIALS_FILE
SkipCredentialsValidation bool: Skip the credentials validation via STS API. Used for AWS API implementations that do not have STS available/implemented.
SkipGetEc2Platforms bool: Skip getting the supported EC2 platforms. Used by users that don't have ec2:DescribeAccountAttributes permissions.
SkipMetadataApiCheck bool: Skip the AWS Metadata API check. Useful for AWS API implementations that do not have a metadata API endpoint. Setting to true prevents Pulumi from authenticating via the Metadata API. You may need to use other authentication methods like static credentials, configuration variables, or environment variables.
SkipRegionValidation bool: Skip static validation of region name. Used by users of alternative AWS-like APIs or users with access to regions that are not public.
SkipRequestingAccountId bool: Skip requesting the account ID. Used for AWS API implementations that do not have IAM/STS API and/or metadata API.
Token string: Session token for validating temporary credentials. Typically provided after successful identity federation or Multi-Factor Authentication (MFA) login. With MFA login, this is the session token provided afterward, not the 6 digit MFA code used to get temporary credentials.

Region string: The region where AWS operations will take place. Examples are us-east-1, us-west-2, etc. It can also be sourced from the following environment variables: AWS_REGION, AWS_DEFAULT_REGION
AccessKey string: The access key for API operations. You can retrieve this from the ‘Security & Credentials’ section of the AWS console.
AllowedAccountIds []string: List of allowed AWS account IDs to prevent you from mistakenly using an incorrect one. Conflicts with forbiddenAccountIds.
AssumeRole ProviderAssumeRoleArgs: Configuration for retrieving temporary credentials from the STS service.
AutoNaming ProviderAutoNamingArgs: The configuration for automatically naming resources.
DefaultTags ProviderDefaultTagsArgs: Configuration block with resource tag settings to apply across all resources handled by this provider. This is designed to replace redundant per-resource tags configurations. Provider tags can be overridden with new values, but not excluded from specific resources. To override provider tag values, use the tags argument within a resource to configure new tag values for matching keys.
Endpoints []ProviderEndpointArgs: Configuration block for customizing service endpoints.
ForbiddenAccountIds []string: List of forbidden AWS account IDs to prevent you from mistakenly using the wrong one (and potentially end up destroying a live environment). Conflicts with allowedAccountIds.
IgnoreTags ProviderIgnoreTagsArgs: Configuration block with resource tag settings to ignore across all resources handled by this provider (except any individual service tag resources such as ec2.Tag) for situations where external systems are managing certain resource tags.
Insecure bool: Explicitly allow the provider to perform "insecure" SSL requests. If omitted,default value is false.
MaxRetries int: The maximum number of times an AWS API request is being executed. If the API request still fails, an error is thrown.
Profile string: The profile for API operations. If not set, the default profile created with aws configure will be used. It can also be sourced from the following environment variable: AWS_PROFILE
RoleArn string: The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role for Cloud Control API to use when performing this resource operation. Note, this is a unique feature for server side security enforcement, not to be confused with assumeRole, which is used to obtain temporary client credentials. If you do not specify a role, Cloud Control API uses a temporary session created using your AWS user credentials instead.
S3ForcePathStyle bool: Set this to true to force the request to use path-style addressing, i.e., http://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will use virtual hosted bucket addressing when possible (http://BUCKET.s3.amazonaws.com/KEY). Specific to the Amazon S3 service.
SecretKey string: The secret key for API operations. You can retrieve this from the 'Security & Credentials' section of the AWS console.
SharedCredentialsFile string: The path to the shared credentials file. If not set this defaults to ~/.aws/credentials. It can also be sourced from the following environment variable: AWS_SHARED_CREDENTIALS_FILE
SkipCredentialsValidation bool: Skip the credentials validation via STS API. Used for AWS API implementations that do not have STS available/implemented.
SkipGetEc2Platforms bool: Skip getting the supported EC2 platforms. Used by users that don't have ec2:DescribeAccountAttributes permissions.
SkipMetadataApiCheck bool: Skip the AWS Metadata API check. Useful for AWS API implementations that do not have a metadata API endpoint. Setting to true prevents Pulumi from authenticating via the Metadata API. You may need to use other authentication methods like static credentials, configuration variables, or environment variables.
SkipRegionValidation bool: Skip static validation of region name. Used by users of alternative AWS-like APIs or users with access to regions that are not public.
SkipRequestingAccountId bool: Skip requesting the account ID. Used for AWS API implementations that do not have IAM/STS API and/or metadata API.
Token string: Session token for validating temporary credentials. Typically provided after successful identity federation or Multi-Factor Authentication (MFA) login. With MFA login, this is the session token provided afterward, not the 6 digit MFA code used to get temporary credentials.

region String: The region where AWS operations will take place. Examples are us-east-1, us-west-2, etc. It can also be sourced from the following environment variables: AWS_REGION, AWS_DEFAULT_REGION
accessKey String: The access key for API operations. You can retrieve this from the ‘Security & Credentials’ section of the AWS console.
allowedAccountIds List<String>: List of allowed AWS account IDs to prevent you from mistakenly using an incorrect one. Conflicts with forbiddenAccountIds.
assumeRole ProviderAssumeRole: Configuration for retrieving temporary credentials from the STS service.
autoNaming ProviderAutoNaming: The configuration for automatically naming resources.
defaultTags ProviderDefaultTags: Configuration block with resource tag settings to apply across all resources handled by this provider. This is designed to replace redundant per-resource tags configurations. Provider tags can be overridden with new values, but not excluded from specific resources. To override provider tag values, use the tags argument within a resource to configure new tag values for matching keys.
endpoints List<ProviderEndpoint>: Configuration block for customizing service endpoints.
forbiddenAccountIds List<String>: List of forbidden AWS account IDs to prevent you from mistakenly using the wrong one (and potentially end up destroying a live environment). Conflicts with allowedAccountIds.
ignoreTags ProviderIgnoreTags: Configuration block with resource tag settings to ignore across all resources handled by this provider (except any individual service tag resources such as ec2.Tag) for situations where external systems are managing certain resource tags.
insecure Boolean: Explicitly allow the provider to perform "insecure" SSL requests. If omitted,default value is false.
maxRetries Integer: The maximum number of times an AWS API request is being executed. If the API request still fails, an error is thrown.
profile String: The profile for API operations. If not set, the default profile created with aws configure will be used. It can also be sourced from the following environment variable: AWS_PROFILE
roleArn String: The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role for Cloud Control API to use when performing this resource operation. Note, this is a unique feature for server side security enforcement, not to be confused with assumeRole, which is used to obtain temporary client credentials. If you do not specify a role, Cloud Control API uses a temporary session created using your AWS user credentials instead.
s3ForcePathStyle Boolean: Set this to true to force the request to use path-style addressing, i.e., http://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will use virtual hosted bucket addressing when possible (http://BUCKET.s3.amazonaws.com/KEY). Specific to the Amazon S3 service.
secretKey String: The secret key for API operations. You can retrieve this from the 'Security & Credentials' section of the AWS console.
sharedCredentialsFile String: The path to the shared credentials file. If not set this defaults to ~/.aws/credentials. It can also be sourced from the following environment variable: AWS_SHARED_CREDENTIALS_FILE
skipCredentialsValidation Boolean: Skip the credentials validation via STS API. Used for AWS API implementations that do not have STS available/implemented.
skipGetEc2Platforms Boolean: Skip getting the supported EC2 platforms. Used by users that don't have ec2:DescribeAccountAttributes permissions.
skipMetadataApiCheck Boolean: Skip the AWS Metadata API check. Useful for AWS API implementations that do not have a metadata API endpoint. Setting to true prevents Pulumi from authenticating via the Metadata API. You may need to use other authentication methods like static credentials, configuration variables, or environment variables.
skipRegionValidation Boolean: Skip static validation of region name. Used by users of alternative AWS-like APIs or users with access to regions that are not public.
skipRequestingAccountId Boolean: Skip requesting the account ID. Used for AWS API implementations that do not have IAM/STS API and/or metadata API.
token String: Session token for validating temporary credentials. Typically provided after successful identity federation or Multi-Factor Authentication (MFA) login. With MFA login, this is the session token provided afterward, not the 6 digit MFA code used to get temporary credentials.

region Region: The region where AWS operations will take place. Examples are us-east-1, us-west-2, etc. It can also be sourced from the following environment variables: AWS_REGION, AWS_DEFAULT_REGION
accessKey string: The access key for API operations. You can retrieve this from the ‘Security & Credentials’ section of the AWS console.
allowedAccountIds string[]: List of allowed AWS account IDs to prevent you from mistakenly using an incorrect one. Conflicts with forbiddenAccountIds.
assumeRole ProviderAssumeRole: Configuration for retrieving temporary credentials from the STS service.
autoNaming ProviderAutoNaming: The configuration for automatically naming resources.
defaultTags ProviderDefaultTags: Configuration block with resource tag settings to apply across all resources handled by this provider. This is designed to replace redundant per-resource tags configurations. Provider tags can be overridden with new values, but not excluded from specific resources. To override provider tag values, use the tags argument within a resource to configure new tag values for matching keys.
endpoints ProviderEndpoint[]: Configuration block for customizing service endpoints.
forbiddenAccountIds string[]: List of forbidden AWS account IDs to prevent you from mistakenly using the wrong one (and potentially end up destroying a live environment). Conflicts with allowedAccountIds.
ignoreTags ProviderIgnoreTags: Configuration block with resource tag settings to ignore across all resources handled by this provider (except any individual service tag resources such as ec2.Tag) for situations where external systems are managing certain resource tags.
insecure boolean: Explicitly allow the provider to perform "insecure" SSL requests. If omitted,default value is false.
maxRetries number: The maximum number of times an AWS API request is being executed. If the API request still fails, an error is thrown.
profile string: The profile for API operations. If not set, the default profile created with aws configure will be used. It can also be sourced from the following environment variable: AWS_PROFILE
roleArn string: The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role for Cloud Control API to use when performing this resource operation. Note, this is a unique feature for server side security enforcement, not to be confused with assumeRole, which is used to obtain temporary client credentials. If you do not specify a role, Cloud Control API uses a temporary session created using your AWS user credentials instead.
s3ForcePathStyle boolean: Set this to true to force the request to use path-style addressing, i.e., http://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will use virtual hosted bucket addressing when possible (http://BUCKET.s3.amazonaws.com/KEY). Specific to the Amazon S3 service.
secretKey string: The secret key for API operations. You can retrieve this from the 'Security & Credentials' section of the AWS console.
sharedCredentialsFile string: The path to the shared credentials file. If not set this defaults to ~/.aws/credentials. It can also be sourced from the following environment variable: AWS_SHARED_CREDENTIALS_FILE
skipCredentialsValidation boolean: Skip the credentials validation via STS API. Used for AWS API implementations that do not have STS available/implemented.
skipGetEc2Platforms boolean: Skip getting the supported EC2 platforms. Used by users that don't have ec2:DescribeAccountAttributes permissions.
skipMetadataApiCheck boolean: Skip the AWS Metadata API check. Useful for AWS API implementations that do not have a metadata API endpoint. Setting to true prevents Pulumi from authenticating via the Metadata API. You may need to use other authentication methods like static credentials, configuration variables, or environment variables.
skipRegionValidation boolean: Skip static validation of region name. Used by users of alternative AWS-like APIs or users with access to regions that are not public.
skipRequestingAccountId boolean: Skip requesting the account ID. Used for AWS API implementations that do not have IAM/STS API and/or metadata API.
token string: Session token for validating temporary credentials. Typically provided after successful identity federation or Multi-Factor Authentication (MFA) login. With MFA login, this is the session token provided afterward, not the 6 digit MFA code used to get temporary credentials.

region str: The region where AWS operations will take place. Examples are us-east-1, us-west-2, etc. It can also be sourced from the following environment variables: AWS_REGION, AWS_DEFAULT_REGION
access_key str: The access key for API operations. You can retrieve this from the ‘Security & Credentials’ section of the AWS console.
allowed_account_ids Sequence[str]: List of allowed AWS account IDs to prevent you from mistakenly using an incorrect one. Conflicts with forbiddenAccountIds.
assume_role ProviderAssumeRoleArgs: Configuration for retrieving temporary credentials from the STS service.
auto_naming ProviderAutoNamingArgs: The configuration for automatically naming resources.
default_tags ProviderDefaultTagsArgs: Configuration block with resource tag settings to apply across all resources handled by this provider. This is designed to replace redundant per-resource tags configurations. Provider tags can be overridden with new values, but not excluded from specific resources. To override provider tag values, use the tags argument within a resource to configure new tag values for matching keys.
endpoints Sequence[ProviderEndpointArgs]: Configuration block for customizing service endpoints.
forbidden_account_ids Sequence[str]: List of forbidden AWS account IDs to prevent you from mistakenly using the wrong one (and potentially end up destroying a live environment). Conflicts with allowedAccountIds.
ignore_tags ProviderIgnoreTagsArgs: Configuration block with resource tag settings to ignore across all resources handled by this provider (except any individual service tag resources such as ec2.Tag) for situations where external systems are managing certain resource tags.
insecure bool: Explicitly allow the provider to perform "insecure" SSL requests. If omitted,default value is false.
max_retries int: The maximum number of times an AWS API request is being executed. If the API request still fails, an error is thrown.
profile str: The profile for API operations. If not set, the default profile created with aws configure will be used. It can also be sourced from the following environment variable: AWS_PROFILE
role_arn str: The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role for Cloud Control API to use when performing this resource operation. Note, this is a unique feature for server side security enforcement, not to be confused with assumeRole, which is used to obtain temporary client credentials. If you do not specify a role, Cloud Control API uses a temporary session created using your AWS user credentials instead.
s3_force_path_style bool: Set this to true to force the request to use path-style addressing, i.e., http://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will use virtual hosted bucket addressing when possible (http://BUCKET.s3.amazonaws.com/KEY). Specific to the Amazon S3 service.
secret_key str: The secret key for API operations. You can retrieve this from the 'Security & Credentials' section of the AWS console.
shared_credentials_file str: The path to the shared credentials file. If not set this defaults to ~/.aws/credentials. It can also be sourced from the following environment variable: AWS_SHARED_CREDENTIALS_FILE
skip_credentials_validation bool: Skip the credentials validation via STS API. Used for AWS API implementations that do not have STS available/implemented.
skip_get_ec2_platforms bool: Skip getting the supported EC2 platforms. Used by users that don't have ec2:DescribeAccountAttributes permissions.
skip_metadata_api_check bool: Skip the AWS Metadata API check. Useful for AWS API implementations that do not have a metadata API endpoint. Setting to true prevents Pulumi from authenticating via the Metadata API. You may need to use other authentication methods like static credentials, configuration variables, or environment variables.
skip_region_validation bool: Skip static validation of region name. Used by users of alternative AWS-like APIs or users with access to regions that are not public.
skip_requesting_account_id bool: Skip requesting the account ID. Used for AWS API implementations that do not have IAM/STS API and/or metadata API.
token str: Session token for validating temporary credentials. Typically provided after successful identity federation or Multi-Factor Authentication (MFA) login. With MFA login, this is the session token provided afterward, not the 6 digit MFA code used to get temporary credentials.

region: The region where AWS operations will take place. Examples are us-east-1, us-west-2, etc. It can also be sourced from the following environment variables: AWS_REGION, AWS_DEFAULT_REGION
accessKey String: The access key for API operations. You can retrieve this from the ‘Security & Credentials’ section of the AWS console.
allowedAccountIds List<String>: List of allowed AWS account IDs to prevent you from mistakenly using an incorrect one. Conflicts with forbiddenAccountIds.
assumeRole Property Map: Configuration for retrieving temporary credentials from the STS service.
autoNaming Property Map: The configuration for automatically naming resources.
defaultTags Property Map: Configuration block with resource tag settings to apply across all resources handled by this provider. This is designed to replace redundant per-resource tags configurations. Provider tags can be overridden with new values, but not excluded from specific resources. To override provider tag values, use the tags argument within a resource to configure new tag values for matching keys.
endpoints List<Property Map>: Configuration block for customizing service endpoints.
forbiddenAccountIds List<String>: List of forbidden AWS account IDs to prevent you from mistakenly using the wrong one (and potentially end up destroying a live environment). Conflicts with allowedAccountIds.
ignoreTags Property Map: Configuration block with resource tag settings to ignore across all resources handled by this provider (except any individual service tag resources such as ec2.Tag) for situations where external systems are managing certain resource tags.
insecure Boolean: Explicitly allow the provider to perform "insecure" SSL requests. If omitted,default value is false.
maxRetries Number: The maximum number of times an AWS API request is being executed. If the API request still fails, an error is thrown.
profile String: The profile for API operations. If not set, the default profile created with aws configure will be used. It can also be sourced from the following environment variable: AWS_PROFILE
roleArn String: The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role for Cloud Control API to use when performing this resource operation. Note, this is a unique feature for server side security enforcement, not to be confused with assumeRole, which is used to obtain temporary client credentials. If you do not specify a role, Cloud Control API uses a temporary session created using your AWS user credentials instead.
s3ForcePathStyle Boolean: Set this to true to force the request to use path-style addressing, i.e., http://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will use virtual hosted bucket addressing when possible (http://BUCKET.s3.amazonaws.com/KEY). Specific to the Amazon S3 service.
secretKey String: The secret key for API operations. You can retrieve this from the 'Security & Credentials' section of the AWS console.
sharedCredentialsFile String: The path to the shared credentials file. If not set this defaults to ~/.aws/credentials. It can also be sourced from the following environment variable: AWS_SHARED_CREDENTIALS_FILE
skipCredentialsValidation Boolean: Skip the credentials validation via STS API. Used for AWS API implementations that do not have STS available/implemented.
skipGetEc2Platforms Boolean: Skip getting the supported EC2 platforms. Used by users that don't have ec2:DescribeAccountAttributes permissions.
skipMetadataApiCheck Boolean: Skip the AWS Metadata API check. Useful for AWS API implementations that do not have a metadata API endpoint. Setting to true prevents Pulumi from authenticating via the Metadata API. You may need to use other authentication methods like static credentials, configuration variables, or environment variables.
skipRegionValidation Boolean: Skip static validation of region name. Used by users of alternative AWS-like APIs or users with access to regions that are not public.
skipRequestingAccountId Boolean: Skip requesting the account ID. Used for AWS API implementations that do not have IAM/STS API and/or metadata API.
token String: Session token for validating temporary credentials. Typically provided after successful identity federation or Multi-Factor Authentication (MFA) login. With MFA login, this is the session token provided afterward, not the 6 digit MFA code used to get temporary credentials.

Outputs

All input properties are implicitly available as output properties. Additionally, the Provider resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Supporting Types

ProviderAssumeRole
, ProviderAssumeRoleArgs

DurationSeconds int: Number of seconds to restrict the assume role session duration.
ExternalId string: External identifier to use when assuming the role.
Policy string: IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
PolicyArns List<string>: Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the role.
RoleArn string: Amazon Resource Name (ARN) of the IAM Role to assume.
SessionName string: Session name to use when assuming the role.
Tags Dictionary<string, string>: Map of assume role session tags.
TransitiveTagKeys List<string>: A list of keys for session tags that you want to set as transitive. If you set a tag key as transitive, the corresponding key and value passes to subsequent sessions in a role chain.

DurationSeconds int: Number of seconds to restrict the assume role session duration.
ExternalId string: External identifier to use when assuming the role.
Policy string: IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
PolicyArns []string: Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the role.
RoleArn string: Amazon Resource Name (ARN) of the IAM Role to assume.
SessionName string: Session name to use when assuming the role.
Tags map[string]string: Map of assume role session tags.
TransitiveTagKeys []string: A list of keys for session tags that you want to set as transitive. If you set a tag key as transitive, the corresponding key and value passes to subsequent sessions in a role chain.

durationSeconds Integer: Number of seconds to restrict the assume role session duration.
externalId String: External identifier to use when assuming the role.
policy String: IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
policyArns List<String>: Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the role.
roleArn String: Amazon Resource Name (ARN) of the IAM Role to assume.
sessionName String: Session name to use when assuming the role.
tags Map<String,String>: Map of assume role session tags.
transitiveTagKeys List<String>: A list of keys for session tags that you want to set as transitive. If you set a tag key as transitive, the corresponding key and value passes to subsequent sessions in a role chain.

durationSeconds number: Number of seconds to restrict the assume role session duration.
externalId string: External identifier to use when assuming the role.
policy string: IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
policyArns string[]: Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the role.
roleArn string: Amazon Resource Name (ARN) of the IAM Role to assume.
sessionName string: Session name to use when assuming the role.
tags {[key: string]: string}: Map of assume role session tags.
transitiveTagKeys string[]: A list of keys for session tags that you want to set as transitive. If you set a tag key as transitive, the corresponding key and value passes to subsequent sessions in a role chain.

duration_seconds int: Number of seconds to restrict the assume role session duration.
external_id str: External identifier to use when assuming the role.
policy str: IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
policy_arns Sequence[str]: Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the role.
role_arn str: Amazon Resource Name (ARN) of the IAM Role to assume.
session_name str: Session name to use when assuming the role.
tags Mapping[str, str]: Map of assume role session tags.
transitive_tag_keys Sequence[str]: A list of keys for session tags that you want to set as transitive. If you set a tag key as transitive, the corresponding key and value passes to subsequent sessions in a role chain.

durationSeconds Number: Number of seconds to restrict the assume role session duration.
externalId String: External identifier to use when assuming the role.
policy String: IAM Policy JSON describing further restricting permissions for the IAM Role being assumed.
policyArns List<String>: Set of Amazon Resource Names (ARNs) of IAM Policies describing further restricting permissions for the role.
roleArn String: Amazon Resource Name (ARN) of the IAM Role to assume.
sessionName String: Session name to use when assuming the role.
tags Map<String>: Map of assume role session tags.
transitiveTagKeys List<String>: A list of keys for session tags that you want to set as transitive. If you set a tag key as transitive, the corresponding key and value passes to subsequent sessions in a role chain.

ProviderAutoNaming
, ProviderAutoNamingArgs

AutoTrim bool: Automatically trim the auto-generated name to meet the maximum length constraint.
RandomSuffixMinLength int: The minimum length of the random suffix to append to the auto-generated name.

AutoTrim bool: Automatically trim the auto-generated name to meet the maximum length constraint.
RandomSuffixMinLength int: The minimum length of the random suffix to append to the auto-generated name.

autoTrim Boolean: Automatically trim the auto-generated name to meet the maximum length constraint.
randomSuffixMinLength Integer: The minimum length of the random suffix to append to the auto-generated name.

autoTrim boolean: Automatically trim the auto-generated name to meet the maximum length constraint.
randomSuffixMinLength number: The minimum length of the random suffix to append to the auto-generated name.

auto_trim bool: Automatically trim the auto-generated name to meet the maximum length constraint.
random_suffix_min_length int: The minimum length of the random suffix to append to the auto-generated name.

autoTrim Boolean: Automatically trim the auto-generated name to meet the maximum length constraint.
randomSuffixMinLength Number: The minimum length of the random suffix to append to the auto-generated name.

ProviderDefaultTags
, ProviderDefaultTagsArgs

Tags Dictionary<string, string>: A group of tags to set across all resources.

Tags map[string]string: A group of tags to set across all resources.

tags Map<String,String>: A group of tags to set across all resources.

tags {[key: string]: string}: A group of tags to set across all resources.

tags Mapping[str, str]: A group of tags to set across all resources.

tags Map<String>: A group of tags to set across all resources.

ProviderEndpoint
, ProviderEndpointArgs

Cloudcontrol string: Override the default endpoint for AWS CloudControl
Cloudformation string: Override the default endpoint for AWS CloudFormation
Ec2 string: Override the default endpoint for AWS Elastic Compute Cloud (EC2)
Ssm string: Override the default endpoint for AWS Systems Manager
Sts string: Override the default endpoint for AWS Security Token Service (STS)

Cloudcontrol string: Override the default endpoint for AWS CloudControl
Cloudformation string: Override the default endpoint for AWS CloudFormation
Ec2 string: Override the default endpoint for AWS Elastic Compute Cloud (EC2)
Ssm string: Override the default endpoint for AWS Systems Manager
Sts string: Override the default endpoint for AWS Security Token Service (STS)

cloudcontrol String: Override the default endpoint for AWS CloudControl
cloudformation String: Override the default endpoint for AWS CloudFormation
ec2 String: Override the default endpoint for AWS Elastic Compute Cloud (EC2)
ssm String: Override the default endpoint for AWS Systems Manager
sts String: Override the default endpoint for AWS Security Token Service (STS)

cloudcontrol string: Override the default endpoint for AWS CloudControl
cloudformation string: Override the default endpoint for AWS CloudFormation
ec2 string: Override the default endpoint for AWS Elastic Compute Cloud (EC2)
ssm string: Override the default endpoint for AWS Systems Manager
sts string: Override the default endpoint for AWS Security Token Service (STS)

cloudcontrol str: Override the default endpoint for AWS CloudControl
cloudformation str: Override the default endpoint for AWS CloudFormation
ec2 str: Override the default endpoint for AWS Elastic Compute Cloud (EC2)
ssm str: Override the default endpoint for AWS Systems Manager
sts str: Override the default endpoint for AWS Security Token Service (STS)

cloudcontrol String: Override the default endpoint for AWS CloudControl
cloudformation String: Override the default endpoint for AWS CloudFormation
ec2 String: Override the default endpoint for AWS Elastic Compute Cloud (EC2)
ssm String: Override the default endpoint for AWS Systems Manager
sts String: Override the default endpoint for AWS Security Token Service (STS)

ProviderIgnoreTags
, ProviderIgnoreTagsArgs

KeyPrefixes List<string>: List of exact resource tag keys to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning the tag in any tags attributes and displaying any configuration difference for the tag value. If any resource configuration still has this tag key configured in the tags argument, it will display a perpetual difference until the tag is removed from the argument or ignoreChanges is also used.
Keys List<string>: List of resource tag key prefixes to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning any tag key matching the prefixes in any tags attributes and displaying any configuration difference for those tag values. If any resource configuration still has a tag matching one of the prefixes configured in the tags argument, it will display a perpetual difference until the tag is removed from the argument or ignoreChanges is also used.

KeyPrefixes []string: List of exact resource tag keys to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning the tag in any tags attributes and displaying any configuration difference for the tag value. If any resource configuration still has this tag key configured in the tags argument, it will display a perpetual difference until the tag is removed from the argument or ignoreChanges is also used.
Keys []string: List of resource tag key prefixes to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning any tag key matching the prefixes in any tags attributes and displaying any configuration difference for those tag values. If any resource configuration still has a tag matching one of the prefixes configured in the tags argument, it will display a perpetual difference until the tag is removed from the argument or ignoreChanges is also used.

keyPrefixes List<String>: List of exact resource tag keys to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning the tag in any tags attributes and displaying any configuration difference for the tag value. If any resource configuration still has this tag key configured in the tags argument, it will display a perpetual difference until the tag is removed from the argument or ignoreChanges is also used.
keys List<String>: List of resource tag key prefixes to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning any tag key matching the prefixes in any tags attributes and displaying any configuration difference for those tag values. If any resource configuration still has a tag matching one of the prefixes configured in the tags argument, it will display a perpetual difference until the tag is removed from the argument or ignoreChanges is also used.

keyPrefixes string[]: List of exact resource tag keys to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning the tag in any tags attributes and displaying any configuration difference for the tag value. If any resource configuration still has this tag key configured in the tags argument, it will display a perpetual difference until the tag is removed from the argument or ignoreChanges is also used.
keys string[]: List of resource tag key prefixes to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning any tag key matching the prefixes in any tags attributes and displaying any configuration difference for those tag values. If any resource configuration still has a tag matching one of the prefixes configured in the tags argument, it will display a perpetual difference until the tag is removed from the argument or ignoreChanges is also used.

key_prefixes Sequence[str]: List of exact resource tag keys to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning the tag in any tags attributes and displaying any configuration difference for the tag value. If any resource configuration still has this tag key configured in the tags argument, it will display a perpetual difference until the tag is removed from the argument or ignoreChanges is also used.
keys Sequence[str]: List of resource tag key prefixes to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning any tag key matching the prefixes in any tags attributes and displaying any configuration difference for those tag values. If any resource configuration still has a tag matching one of the prefixes configured in the tags argument, it will display a perpetual difference until the tag is removed from the argument or ignoreChanges is also used.

keyPrefixes List<String>: List of exact resource tag keys to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning the tag in any tags attributes and displaying any configuration difference for the tag value. If any resource configuration still has this tag key configured in the tags argument, it will display a perpetual difference until the tag is removed from the argument or ignoreChanges is also used.
keys List<String>: List of resource tag key prefixes to ignore across all resources handled by this provider. This configuration prevents Pulumi from returning any tag key matching the prefixes in any tags attributes and displaying any configuration difference for those tag values. If any resource configuration still has a tag matching one of the prefixes configured in the tags argument, it will display a perpetual difference until the tag is removed from the argument or ignoreChanges is also used.

Package Details

Repository: AWS Native pulumi/pulumi-aws-native
License: Apache-2.0

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi

pulumi/pulumi-aws-native

aws-native.Provider

On this page

On this page

Create Provider Resource

Constructor syntax

Parameters

Provider Resource Properties

Inputs

Outputs

Supporting Types

ProviderAssumeRole
, ProviderAssumeRoleArgs

ProviderAutoNaming
, ProviderAutoNamingArgs

ProviderDefaultTags
, ProviderDefaultTagsArgs

ProviderEndpoint
, ProviderEndpointArgs

ProviderIgnoreTags
, ProviderIgnoreTagsArgs

Package Details

On this page

On this page

aws-native.Provider

On this page

On this page

Create Provider Resource

Constructor syntax

Parameters

Provider Resource Properties

Inputs

Outputs

Supporting Types

ProviderAssumeRole, ProviderAssumeRoleArgs

ProviderAutoNaming, ProviderAutoNamingArgs

ProviderDefaultTags, ProviderDefaultTagsArgs

ProviderEndpoint, ProviderEndpointArgs

ProviderIgnoreTags, ProviderIgnoreTagsArgs

Package Details

On this page

On this page

ProviderAssumeRole
, ProviderAssumeRoleArgs

ProviderAutoNaming
, ProviderAutoNamingArgs

ProviderDefaultTags
, ProviderDefaultTagsArgs

ProviderEndpoint
, ProviderEndpointArgs

ProviderIgnoreTags
, ProviderIgnoreTagsArgs