`awsAuthBackendRole` Submodule

Constructs

AwsAuthBackendRole

Represents a {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role vault_aws_auth_backend_role}.

Initializers

from cdktf_cdktf_provider_vault import aws_auth_backend_role

awsAuthBackendRole.AwsAuthBackendRole(
  scope: Construct,
  id: str,
  connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection] = None,
  count: typing.Union[typing.Union[int, float], TerraformCount] = None,
  depends_on: typing.List[ITerraformDependable] = None,
  for_each: ITerraformIterator = None,
  lifecycle: TerraformResourceLifecycle = None,
  provider: TerraformProvider = None,
  provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]] = None,
  role: str,
  allow_instance_migration: typing.Union[bool, IResolvable] = None,
  auth_type: str = None,
  backend: str = None,
  bound_account_ids: typing.List[str] = None,
  bound_ami_ids: typing.List[str] = None,
  bound_ec2_instance_ids: typing.List[str] = None,
  bound_iam_instance_profile_arns: typing.List[str] = None,
  bound_iam_principal_arns: typing.List[str] = None,
  bound_iam_role_arns: typing.List[str] = None,
  bound_regions: typing.List[str] = None,
  bound_subnet_ids: typing.List[str] = None,
  bound_vpc_ids: typing.List[str] = None,
  disallow_reauthentication: typing.Union[bool, IResolvable] = None,
  id: str = None,
  inferred_aws_region: str = None,
  inferred_entity_type: str = None,
  namespace: str = None,
  resolve_aws_unique_ids: typing.Union[bool, IResolvable] = None,
  role_tag: str = None,
  token_bound_cidrs: typing.List[str] = None,
  token_explicit_max_ttl: typing.Union[int, float] = None,
  token_max_ttl: typing.Union[int, float] = None,
  token_no_default_policy: typing.Union[bool, IResolvable] = None,
  token_num_uses: typing.Union[int, float] = None,
  token_period: typing.Union[int, float] = None,
  token_policies: typing.List[str] = None,
  token_ttl: typing.Union[int, float] = None,
  token_type: str = None
)

Name	Type	Description
`scope`	`constructs.Construct`	The scope in which to define this construct.
`id`	`str`	The scoped construct ID.
`connection`	`typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]`	No description.
`count`	`typing.Union[typing.Union[int, float], cdktf.TerraformCount]`	No description.
`depends_on`	`typing.List[cdktf.ITerraformDependable]`	No description.
`for_each`	`cdktf.ITerraformIterator`	No description.
`lifecycle`	`cdktf.TerraformResourceLifecycle`	No description.
`provider`	`cdktf.TerraformProvider`	No description.
`provisioners`	`typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]`	No description.
`role`	`str`	Name of the role.
`allow_instance_migration`	`typing.Union[bool, cdktf.IResolvable]`	When true, allows migration of the underlying instance where the client resides. Use with caution.
`auth_type`	`str`	The auth type permitted for this role.
`backend`	`str`	Unique name of the auth backend to configure.
`bound_account_ids`	`typing.List[str]`	Only EC2 instances with this account ID in their identity document will be permitted to log in.
`bound_ami_ids`	`typing.List[str]`	Only EC2 instances using this AMI ID will be permitted to log in.
`bound_ec2_instance_ids`	`typing.List[str]`	Only EC2 instances that match this instance ID will be permitted to log in.
`bound_iam_instance_profile_arns`	`typing.List[str]`	Only EC2 instances associated with an IAM instance profile ARN that matches this value will be permitted to log in.
`bound_iam_principal_arns`	`typing.List[str]`	The IAM principal that must be authenticated using the iam auth method.
`bound_iam_role_arns`	`typing.List[str]`	Only EC2 instances that match this IAM role ARN will be permitted to log in.
`bound_regions`	`typing.List[str]`	Only EC2 instances in this region will be permitted to log in.
`bound_subnet_ids`	`typing.List[str]`	Only EC2 instances associated with this subnet ID will be permitted to log in.
`bound_vpc_ids`	`typing.List[str]`	Only EC2 instances associated with this VPC ID will be permitted to log in.
`disallow_reauthentication`	`typing.Union[bool, cdktf.IResolvable]`	When true, only allows a single token to be granted per instance ID.
`id`	`str`	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#id AwsAuthBackendRole#id}.
`inferred_aws_region`	`str`	The region to search for the inferred entities in.
`inferred_entity_type`	`str`	The type of inferencing Vault should do.
`namespace`	`str`	Target namespace. (requires Enterprise).
`resolve_aws_unique_ids`	`typing.Union[bool, cdktf.IResolvable]`	Whether or not Vault should resolve the bound_iam_principal_arn to an AWS Unique ID.
`role_tag`	`str`	The key of the tag on EC2 instance to use for role tags.
`token_bound_cidrs`	`typing.List[str]`	Specifies the blocks of IP addresses which are allowed to use the generated token.
`token_explicit_max_ttl`	`typing.Union[int, float]`	Generated Token's Explicit Maximum TTL in seconds.
`token_max_ttl`	`typing.Union[int, float]`	The maximum lifetime of the generated token.
`token_no_default_policy`	`typing.Union[bool, cdktf.IResolvable]`	If true, the 'default' policy will not automatically be added to generated tokens.
`token_num_uses`	`typing.Union[int, float]`	The maximum number of times a token may be used, a value of zero means unlimited.
`token_period`	`typing.Union[int, float]`	Generated Token's Period.
`token_policies`	`typing.List[str]`	Generated Token's Policies.
`token_ttl`	`typing.Union[int, float]`	The initial ttl of the token to generate in seconds.
`token_type`	`str`	The type of token to generate, service or batch.

`scope`^Required

Type: constructs.Construct

The scope in which to define this construct.

`id`^Required

Type: str

The scoped construct ID.

Must be unique amongst siblings in the same scope

`connection`^Optional

Type: typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]

`count`^Optional

Type: typing.Union[typing.Union[int, float], cdktf.TerraformCount]

`depends_on`^Optional

Type: typing.List[cdktf.ITerraformDependable]

`for_each`^Optional

Type: cdktf.ITerraformIterator

`lifecycle`^Optional

Type: cdktf.TerraformResourceLifecycle

`provider`^Optional

Type: cdktf.TerraformProvider

`provisioners`^Optional

Type: typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]

`role`^Required

Type: str

Name of the role.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#role AwsAuthBackendRole#role}

`allow_instance_migration`^Optional

Type: typing.Union[bool, cdktf.IResolvable]

When true, allows migration of the underlying instance where the client resides. Use with caution.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#allow_instance_migration AwsAuthBackendRole#allow_instance_migration}

`auth_type`^Optional

Type: str

The auth type permitted for this role.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#auth_type AwsAuthBackendRole#auth_type}

`backend`^Optional

Type: str

Unique name of the auth backend to configure.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#backend AwsAuthBackendRole#backend}

`bound_account_ids`^Optional

Type: typing.List[str]

Only EC2 instances with this account ID in their identity document will be permitted to log in.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#bound_account_ids AwsAuthBackendRole#bound_account_ids}

`bound_ami_ids`^Optional

Type: typing.List[str]

Only EC2 instances using this AMI ID will be permitted to log in.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#bound_ami_ids AwsAuthBackendRole#bound_ami_ids}

`bound_ec2_instance_ids`^Optional

Type: typing.List[str]

Only EC2 instances that match this instance ID will be permitted to log in.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#bound_ec2_instance_ids AwsAuthBackendRole#bound_ec2_instance_ids}

`bound_iam_instance_profile_arns`^Optional

Type: typing.List[str]

Only EC2 instances associated with an IAM instance profile ARN that matches this value will be permitted to log in.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#bound_iam_instance_profile_arns AwsAuthBackendRole#bound_iam_instance_profile_arns}

`bound_iam_principal_arns`^Optional

Type: typing.List[str]

The IAM principal that must be authenticated using the iam auth method.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#bound_iam_principal_arns AwsAuthBackendRole#bound_iam_principal_arns}

`bound_iam_role_arns`^Optional

Type: typing.List[str]

Only EC2 instances that match this IAM role ARN will be permitted to log in.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#bound_iam_role_arns AwsAuthBackendRole#bound_iam_role_arns}

`bound_regions`^Optional

Type: typing.List[str]

Only EC2 instances in this region will be permitted to log in.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#bound_regions AwsAuthBackendRole#bound_regions}

`bound_subnet_ids`^Optional

Type: typing.List[str]

Only EC2 instances associated with this subnet ID will be permitted to log in.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#bound_subnet_ids AwsAuthBackendRole#bound_subnet_ids}

`bound_vpc_ids`^Optional

Type: typing.List[str]

Only EC2 instances associated with this VPC ID will be permitted to log in.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#bound_vpc_ids AwsAuthBackendRole#bound_vpc_ids}

`disallow_reauthentication`^Optional

Type: typing.Union[bool, cdktf.IResolvable]

When true, only allows a single token to be granted per instance ID.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#disallow_reauthentication AwsAuthBackendRole#disallow_reauthentication}

`id`^Optional

Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#id AwsAuthBackendRole#id}.

Please be aware that the id field is automatically added to all resources in Terraform providers using a Terraform provider SDK version below 2. If you experience problems setting this value it might not be settable. Please take a look at the provider documentation to ensure it should be settable.

`inferred_aws_region`^Optional

Type: str

The region to search for the inferred entities in.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#inferred_aws_region AwsAuthBackendRole#inferred_aws_region}

`inferred_entity_type`^Optional

Type: str

The type of inferencing Vault should do.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#inferred_entity_type AwsAuthBackendRole#inferred_entity_type}

`namespace`^Optional

Type: str

Target namespace. (requires Enterprise).

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#namespace AwsAuthBackendRole#namespace}

`resolve_aws_unique_ids`^Optional

Type: typing.Union[bool, cdktf.IResolvable]

Whether or not Vault should resolve the bound_iam_principal_arn to an AWS Unique ID.

When true, deleting a principal and recreating it with the same name won't automatically grant the new principal the same roles in Vault that the old principal had.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#resolve_aws_unique_ids AwsAuthBackendRole#resolve_aws_unique_ids}

`role_tag`^Optional

Type: str

The key of the tag on EC2 instance to use for role tags.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#role_tag AwsAuthBackendRole#role_tag}

`token_bound_cidrs`^Optional

Type: typing.List[str]

Specifies the blocks of IP addresses which are allowed to use the generated token.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#token_bound_cidrs AwsAuthBackendRole#token_bound_cidrs}

`token_explicit_max_ttl`^Optional

Type: typing.Union[int, float]

Generated Token's Explicit Maximum TTL in seconds.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#token_explicit_max_ttl AwsAuthBackendRole#token_explicit_max_ttl}

`token_max_ttl`^Optional

Type: typing.Union[int, float]

The maximum lifetime of the generated token.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#token_max_ttl AwsAuthBackendRole#token_max_ttl}

`token_no_default_policy`^Optional

Type: typing.Union[bool, cdktf.IResolvable]

If true, the 'default' policy will not automatically be added to generated tokens.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#token_no_default_policy AwsAuthBackendRole#token_no_default_policy}

`token_num_uses`^Optional

Type: typing.Union[int, float]

The maximum number of times a token may be used, a value of zero means unlimited.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#token_num_uses AwsAuthBackendRole#token_num_uses}

`token_period`^Optional

Type: typing.Union[int, float]

Generated Token's Period.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#token_period AwsAuthBackendRole#token_period}

`token_policies`^Optional

Type: typing.List[str]

Generated Token's Policies.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#token_policies AwsAuthBackendRole#token_policies}

`token_ttl`^Optional

Type: typing.Union[int, float]

The initial ttl of the token to generate in seconds.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#token_ttl AwsAuthBackendRole#token_ttl}

`token_type`^Optional

Type: str

The type of token to generate, service or batch.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#token_type AwsAuthBackendRole#token_type}

Methods

Name	Description
`to_string`	Returns a string representation of this construct.
`add_override`	No description.
`override_logical_id`	Overrides the auto-generated logical ID with a specific ID.
`reset_override_logical_id`	Resets a previously passed logical Id to use the auto-generated logical id again.
`to_hcl_terraform`	No description.
`to_metadata`	No description.
`to_terraform`	Adds this resource to the terraform JSON output.
`add_move_target`	Adds a user defined moveTarget string to this resource to be later used in .moveTo(moveTarget) to resolve the location of the move.
`get_any_map_attribute`	No description.
`get_boolean_attribute`	No description.
`get_boolean_map_attribute`	No description.
`get_list_attribute`	No description.
`get_number_attribute`	No description.
`get_number_list_attribute`	No description.
`get_number_map_attribute`	No description.
`get_string_attribute`	No description.
`get_string_map_attribute`	No description.
`has_resource_move`	No description.
`import_from`	No description.
`interpolation_for_attribute`	No description.
`move_from_id`	Move the resource corresponding to "id" to this resource.
`move_to`	Moves this resource to the target resource given by moveTarget.
`move_to_id`	Moves this resource to the resource corresponding to "id".
`reset_allow_instance_migration`	No description.
`reset_auth_type`	No description.
`reset_backend`	No description.
`reset_bound_account_ids`	No description.
`reset_bound_ami_ids`	No description.
`reset_bound_ec2_instance_ids`	No description.
`reset_bound_iam_instance_profile_arns`	No description.
`reset_bound_iam_principal_arns`	No description.
`reset_bound_iam_role_arns`	No description.
`reset_bound_regions`	No description.
`reset_bound_subnet_ids`	No description.
`reset_bound_vpc_ids`	No description.
`reset_disallow_reauthentication`	No description.
`reset_id`	No description.
`reset_inferred_aws_region`	No description.
`reset_inferred_entity_type`	No description.
`reset_namespace`	No description.
`reset_resolve_aws_unique_ids`	No description.
`reset_role_tag`	No description.
`reset_token_bound_cidrs`	No description.
`reset_token_explicit_max_ttl`	No description.
`reset_token_max_ttl`	No description.
`reset_token_no_default_policy`	No description.
`reset_token_num_uses`	No description.
`reset_token_period`	No description.
`reset_token_policies`	No description.
`reset_token_ttl`	No description.
`reset_token_type`	No description.

`to_string`

def to_string() -> str

Returns a string representation of this construct.

`add_override`

def add_override(
  path: str,
  value: typing.Any
) -> None

`path`^Required

Type: str

`value`^Required

Type: typing.Any

`override_logical_id`

def override_logical_id(
  new_logical_id: str
) -> None

Overrides the auto-generated logical ID with a specific ID.

`new_logical_id`^Required

Type: str

The new logical ID to use for this stack element.

`reset_override_logical_id`

def reset_override_logical_id() -> None

Resets a previously passed logical Id to use the auto-generated logical id again.

`to_hcl_terraform`

def to_hcl_terraform() -> typing.Any

`to_metadata`

def to_metadata() -> typing.Any

`to_terraform`

def to_terraform() -> typing.Any

Adds this resource to the terraform JSON output.

`add_move_target`

def add_move_target(
  move_target: str
) -> None

Adds a user defined moveTarget string to this resource to be later used in .moveTo(moveTarget) to resolve the location of the move.

`move_target`^Required

Type: str

The string move target that will correspond to this resource.

`get_any_map_attribute`

def get_any_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Any]

`terraform_attribute`^Required

Type: str

`get_boolean_attribute`

def get_boolean_attribute(
  terraform_attribute: str
) -> IResolvable

`terraform_attribute`^Required

Type: str

`get_boolean_map_attribute`

def get_boolean_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[bool]

`terraform_attribute`^Required

Type: str

`get_list_attribute`

def get_list_attribute(
  terraform_attribute: str
) -> typing.List[str]

`terraform_attribute`^Required

Type: str

`get_number_attribute`

def get_number_attribute(
  terraform_attribute: str
) -> typing.Union[int, float]

`terraform_attribute`^Required

Type: str

`get_number_list_attribute`

def get_number_list_attribute(
  terraform_attribute: str
) -> typing.List[typing.Union[int, float]]

`terraform_attribute`^Required

Type: str

`get_number_map_attribute`

def get_number_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[typing.Union[int, float]]

`terraform_attribute`^Required

Type: str

`get_string_attribute`

def get_string_attribute(
  terraform_attribute: str
) -> str

`terraform_attribute`^Required

Type: str

`get_string_map_attribute`

def get_string_map_attribute(
  terraform_attribute: str
) -> typing.Mapping[str]

`terraform_attribute`^Required

Type: str

`has_resource_move`

def has_resource_move() -> typing.Union[TerraformResourceMoveByTarget, TerraformResourceMoveById]

`import_from`

def import_from(
  id: str,
  provider: TerraformProvider = None
) -> None

`id`^Required

Type: str

`provider`^Optional

Type: cdktf.TerraformProvider

`interpolation_for_attribute`

def interpolation_for_attribute(
  terraform_attribute: str
) -> IResolvable

`terraform_attribute`^Required

Type: str

`move_from_id`

def move_from_id(
  id: str
) -> None

Move the resource corresponding to "id" to this resource.

Note that the resource being moved from must be marked as moved using it's instance function.

`id`^Required

Type: str

Full id of resource being moved from, e.g. "aws_s3_bucket.example".

`move_to`

def move_to(
  move_target: str,
  index: typing.Union[str, typing.Union[int, float]] = None
) -> None

Moves this resource to the target resource given by moveTarget.

`move_target`^Required

Type: str

The previously set user defined string set by .addMoveTarget() corresponding to the resource to move to.

`index`^Optional

Type: typing.Union[str, typing.Union[int, float]]

Optional The index corresponding to the key the resource is to appear in the foreach of a resource to move to.

`move_to_id`

def move_to_id(
  id: str
) -> None

Moves this resource to the resource corresponding to "id".

`id`^Required

Type: str

Full id of resource to move to, e.g. "aws_s3_bucket.example".

`reset_allow_instance_migration`

def reset_allow_instance_migration() -> None

`reset_auth_type`

def reset_auth_type() -> None

`reset_backend`

def reset_backend() -> None

`reset_bound_account_ids`

def reset_bound_account_ids() -> None

`reset_bound_ami_ids`

def reset_bound_ami_ids() -> None

`reset_bound_ec2_instance_ids`

def reset_bound_ec2_instance_ids() -> None

`reset_bound_iam_instance_profile_arns`

def reset_bound_iam_instance_profile_arns() -> None

`reset_bound_iam_principal_arns`

def reset_bound_iam_principal_arns() -> None

`reset_bound_iam_role_arns`

def reset_bound_iam_role_arns() -> None

`reset_bound_regions`

def reset_bound_regions() -> None

`reset_bound_subnet_ids`

def reset_bound_subnet_ids() -> None

`reset_bound_vpc_ids`

def reset_bound_vpc_ids() -> None

`reset_disallow_reauthentication`

def reset_disallow_reauthentication() -> None

`reset_id`

def reset_id() -> None

`reset_inferred_aws_region`

def reset_inferred_aws_region() -> None

`reset_inferred_entity_type`

def reset_inferred_entity_type() -> None

`reset_namespace`

def reset_namespace() -> None

`reset_resolve_aws_unique_ids`

def reset_resolve_aws_unique_ids() -> None

`reset_role_tag`

def reset_role_tag() -> None

`reset_token_bound_cidrs`

def reset_token_bound_cidrs() -> None

`reset_token_explicit_max_ttl`

def reset_token_explicit_max_ttl() -> None

`reset_token_max_ttl`

def reset_token_max_ttl() -> None

`reset_token_no_default_policy`

def reset_token_no_default_policy() -> None

`reset_token_num_uses`

def reset_token_num_uses() -> None

`reset_token_period`

def reset_token_period() -> None

`reset_token_policies`

def reset_token_policies() -> None

`reset_token_ttl`

def reset_token_ttl() -> None

`reset_token_type`

def reset_token_type() -> None

Static Functions

Name	Description
`is_construct`	Checks if `x` is a construct.
`is_terraform_element`	No description.
`is_terraform_resource`	No description.
`generate_config_for_import`	Generates CDKTF code for importing a AwsAuthBackendRole resource upon running "cdktf plan ".

`is_construct`

from cdktf_cdktf_provider_vault import aws_auth_backend_role

awsAuthBackendRole.AwsAuthBackendRole.is_construct(
  x: typing.Any
)

Checks if x is a construct.

Use this method instead of instanceof to properly detect Construct instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the constructs library on disk are seen as independent, completely different libraries. As a consequence, the class Construct in each copy of the constructs library is seen as a different class, and an instance of one class will not test as instanceof the other class. npm install will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the constructs library can be accidentally installed, and instanceof will behave unpredictably. It is safest to avoid using instanceof, and using this type-testing method instead.

`x`^Required

Type: typing.Any

Any object.

`is_terraform_element`

from cdktf_cdktf_provider_vault import aws_auth_backend_role

awsAuthBackendRole.AwsAuthBackendRole.is_terraform_element(
  x: typing.Any
)

`x`^Required

Type: typing.Any

`is_terraform_resource`

from cdktf_cdktf_provider_vault import aws_auth_backend_role

awsAuthBackendRole.AwsAuthBackendRole.is_terraform_resource(
  x: typing.Any
)

`x`^Required

Type: typing.Any

`generate_config_for_import`

from cdktf_cdktf_provider_vault import aws_auth_backend_role

awsAuthBackendRole.AwsAuthBackendRole.generate_config_for_import(
  scope: Construct,
  import_to_id: str,
  import_from_id: str,
  provider: TerraformProvider = None
)

Generates CDKTF code for importing a AwsAuthBackendRole resource upon running "cdktf plan ".

`scope`^Required

Type: constructs.Construct

The scope in which to define this construct.

`import_to_id`^Required

Type: str

The construct id used in the generated config for the AwsAuthBackendRole to import.

`import_from_id`^Required

Type: str

The id of the existing AwsAuthBackendRole that should be imported.

Refer to the {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#import import section} in the documentation of this resource for the id to use

`provider`^Optional

Type: cdktf.TerraformProvider

? Optional instance of the provider where the AwsAuthBackendRole to import is found.

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`cdktf_stack`	`cdktf.TerraformStack`	No description.
`fqn`	`str`	No description.
`friendly_unique_id`	`str`	No description.
`terraform_meta_arguments`	`typing.Mapping[typing.Any]`	No description.
`terraform_resource_type`	`str`	No description.
`terraform_generator_metadata`	`cdktf.TerraformProviderGeneratorMetadata`	No description.
`connection`	`typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]`	No description.
`count`	`typing.Union[typing.Union[int, float], cdktf.TerraformCount]`	No description.
`depends_on`	`typing.List[str]`	No description.
`for_each`	`cdktf.ITerraformIterator`	No description.
`lifecycle`	`cdktf.TerraformResourceLifecycle`	No description.
`provider`	`cdktf.TerraformProvider`	No description.
`provisioners`	`typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]`	No description.
`role_id`	`str`	No description.
`allow_instance_migration_input`	`typing.Union[bool, cdktf.IResolvable]`	No description.
`auth_type_input`	`str`	No description.
`backend_input`	`str`	No description.
`bound_account_ids_input`	`typing.List[str]`	No description.
`bound_ami_ids_input`	`typing.List[str]`	No description.
`bound_ec2_instance_ids_input`	`typing.List[str]`	No description.
`bound_iam_instance_profile_arns_input`	`typing.List[str]`	No description.
`bound_iam_principal_arns_input`	`typing.List[str]`	No description.
`bound_iam_role_arns_input`	`typing.List[str]`	No description.
`bound_regions_input`	`typing.List[str]`	No description.
`bound_subnet_ids_input`	`typing.List[str]`	No description.
`bound_vpc_ids_input`	`typing.List[str]`	No description.
`disallow_reauthentication_input`	`typing.Union[bool, cdktf.IResolvable]`	No description.
`id_input`	`str`	No description.
`inferred_aws_region_input`	`str`	No description.
`inferred_entity_type_input`	`str`	No description.
`namespace_input`	`str`	No description.
`resolve_aws_unique_ids_input`	`typing.Union[bool, cdktf.IResolvable]`	No description.
`role_input`	`str`	No description.
`role_tag_input`	`str`	No description.
`token_bound_cidrs_input`	`typing.List[str]`	No description.
`token_explicit_max_ttl_input`	`typing.Union[int, float]`	No description.
`token_max_ttl_input`	`typing.Union[int, float]`	No description.
`token_no_default_policy_input`	`typing.Union[bool, cdktf.IResolvable]`	No description.
`token_num_uses_input`	`typing.Union[int, float]`	No description.
`token_period_input`	`typing.Union[int, float]`	No description.
`token_policies_input`	`typing.List[str]`	No description.
`token_ttl_input`	`typing.Union[int, float]`	No description.
`token_type_input`	`str`	No description.
`allow_instance_migration`	`typing.Union[bool, cdktf.IResolvable]`	No description.
`auth_type`	`str`	No description.
`backend`	`str`	No description.
`bound_account_ids`	`typing.List[str]`	No description.
`bound_ami_ids`	`typing.List[str]`	No description.
`bound_ec2_instance_ids`	`typing.List[str]`	No description.
`bound_iam_instance_profile_arns`	`typing.List[str]`	No description.
`bound_iam_principal_arns`	`typing.List[str]`	No description.
`bound_iam_role_arns`	`typing.List[str]`	No description.
`bound_regions`	`typing.List[str]`	No description.
`bound_subnet_ids`	`typing.List[str]`	No description.
`bound_vpc_ids`	`typing.List[str]`	No description.
`disallow_reauthentication`	`typing.Union[bool, cdktf.IResolvable]`	No description.
`id`	`str`	No description.
`inferred_aws_region`	`str`	No description.
`inferred_entity_type`	`str`	No description.
`namespace`	`str`	No description.
`resolve_aws_unique_ids`	`typing.Union[bool, cdktf.IResolvable]`	No description.
`role`	`str`	No description.
`role_tag`	`str`	No description.
`token_bound_cidrs`	`typing.List[str]`	No description.
`token_explicit_max_ttl`	`typing.Union[int, float]`	No description.
`token_max_ttl`	`typing.Union[int, float]`	No description.
`token_no_default_policy`	`typing.Union[bool, cdktf.IResolvable]`	No description.
`token_num_uses`	`typing.Union[int, float]`	No description.
`token_period`	`typing.Union[int, float]`	No description.
`token_policies`	`typing.List[str]`	No description.
`token_ttl`	`typing.Union[int, float]`	No description.
`token_type`	`str`	No description.

`node`^Required

node: Node

Type: constructs.Node

The tree node.

`cdktf_stack`^Required

cdktf_stack: TerraformStack

Type: cdktf.TerraformStack

`fqn`^Required

fqn: str

Type: str

`friendly_unique_id`^Required

friendly_unique_id: str

Type: str

`terraform_meta_arguments`^Required

terraform_meta_arguments: typing.Mapping[typing.Any]

Type: typing.Mapping[typing.Any]

`terraform_resource_type`^Required

terraform_resource_type: str

Type: str

`terraform_generator_metadata`^Optional

terraform_generator_metadata: TerraformProviderGeneratorMetadata

Type: cdktf.TerraformProviderGeneratorMetadata

`connection`^Optional

connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection]

Type: typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]

`count`^Optional

count: typing.Union[typing.Union[int, float], TerraformCount]

Type: typing.Union[typing.Union[int, float], cdktf.TerraformCount]

`depends_on`^Optional

depends_on: typing.List[str]

Type: typing.List[str]

`for_each`^Optional

for_each: ITerraformIterator

Type: cdktf.ITerraformIterator

`lifecycle`^Optional

lifecycle: TerraformResourceLifecycle

Type: cdktf.TerraformResourceLifecycle

`provider`^Optional

provider: TerraformProvider

Type: cdktf.TerraformProvider

`provisioners`^Optional

provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]]

Type: typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]

`role_id`^Required

role_id: str

Type: str

`allow_instance_migration_input`^Optional

allow_instance_migration_input: typing.Union[bool, IResolvable]

Type: typing.Union[bool, cdktf.IResolvable]

`auth_type_input`^Optional

auth_type_input: str

Type: str

`backend_input`^Optional

backend_input: str

Type: str

`bound_account_ids_input`^Optional

bound_account_ids_input: typing.List[str]

Type: typing.List[str]

`bound_ami_ids_input`^Optional

bound_ami_ids_input: typing.List[str]

Type: typing.List[str]

`bound_ec2_instance_ids_input`^Optional

bound_ec2_instance_ids_input: typing.List[str]

Type: typing.List[str]

`bound_iam_instance_profile_arns_input`^Optional

bound_iam_instance_profile_arns_input: typing.List[str]

Type: typing.List[str]

`bound_iam_principal_arns_input`^Optional

bound_iam_principal_arns_input: typing.List[str]

Type: typing.List[str]

`bound_iam_role_arns_input`^Optional

bound_iam_role_arns_input: typing.List[str]

Type: typing.List[str]

`bound_regions_input`^Optional

bound_regions_input: typing.List[str]

Type: typing.List[str]

`bound_subnet_ids_input`^Optional

bound_subnet_ids_input: typing.List[str]

Type: typing.List[str]

`bound_vpc_ids_input`^Optional

bound_vpc_ids_input: typing.List[str]

Type: typing.List[str]

`disallow_reauthentication_input`^Optional

disallow_reauthentication_input: typing.Union[bool, IResolvable]

Type: typing.Union[bool, cdktf.IResolvable]

`id_input`^Optional

id_input: str

Type: str

`inferred_aws_region_input`^Optional

inferred_aws_region_input: str

Type: str

`inferred_entity_type_input`^Optional

inferred_entity_type_input: str

Type: str

`namespace_input`^Optional

namespace_input: str

Type: str

`resolve_aws_unique_ids_input`^Optional

resolve_aws_unique_ids_input: typing.Union[bool, IResolvable]

Type: typing.Union[bool, cdktf.IResolvable]

`role_input`^Optional

role_input: str

Type: str

`role_tag_input`^Optional

role_tag_input: str

Type: str

`token_bound_cidrs_input`^Optional

token_bound_cidrs_input: typing.List[str]

Type: typing.List[str]

`token_explicit_max_ttl_input`^Optional

token_explicit_max_ttl_input: typing.Union[int, float]

Type: typing.Union[int, float]

`token_max_ttl_input`^Optional

token_max_ttl_input: typing.Union[int, float]

Type: typing.Union[int, float]

`token_no_default_policy_input`^Optional

token_no_default_policy_input: typing.Union[bool, IResolvable]

Type: typing.Union[bool, cdktf.IResolvable]

`token_num_uses_input`^Optional

token_num_uses_input: typing.Union[int, float]

Type: typing.Union[int, float]

`token_period_input`^Optional

token_period_input: typing.Union[int, float]

Type: typing.Union[int, float]

`token_policies_input`^Optional

token_policies_input: typing.List[str]

Type: typing.List[str]

`token_ttl_input`^Optional

token_ttl_input: typing.Union[int, float]

Type: typing.Union[int, float]

`token_type_input`^Optional

token_type_input: str

Type: str

`allow_instance_migration`^Required

allow_instance_migration: typing.Union[bool, IResolvable]

Type: typing.Union[bool, cdktf.IResolvable]

`auth_type`^Required

auth_type: str

Type: str

`backend`^Required

backend: str

Type: str

`bound_account_ids`^Required

bound_account_ids: typing.List[str]

Type: typing.List[str]

`bound_ami_ids`^Required

bound_ami_ids: typing.List[str]

Type: typing.List[str]

`bound_ec2_instance_ids`^Required

bound_ec2_instance_ids: typing.List[str]

Type: typing.List[str]

`bound_iam_instance_profile_arns`^Required

bound_iam_instance_profile_arns: typing.List[str]

Type: typing.List[str]

`bound_iam_principal_arns`^Required

bound_iam_principal_arns: typing.List[str]

Type: typing.List[str]

`bound_iam_role_arns`^Required

bound_iam_role_arns: typing.List[str]

Type: typing.List[str]

`bound_regions`^Required

bound_regions: typing.List[str]

Type: typing.List[str]

`bound_subnet_ids`^Required

bound_subnet_ids: typing.List[str]

Type: typing.List[str]

`bound_vpc_ids`^Required

bound_vpc_ids: typing.List[str]

Type: typing.List[str]

`disallow_reauthentication`^Required

disallow_reauthentication: typing.Union[bool, IResolvable]

Type: typing.Union[bool, cdktf.IResolvable]

`id`^Required

id: str

Type: str

`inferred_aws_region`^Required

inferred_aws_region: str

Type: str

`inferred_entity_type`^Required

inferred_entity_type: str

Type: str

`namespace`^Required

namespace: str

Type: str

`resolve_aws_unique_ids`^Required

resolve_aws_unique_ids: typing.Union[bool, IResolvable]

Type: typing.Union[bool, cdktf.IResolvable]

`role`^Required

role: str

Type: str

`role_tag`^Required

role_tag: str

Type: str

`token_bound_cidrs`^Required

token_bound_cidrs: typing.List[str]

Type: typing.List[str]

`token_explicit_max_ttl`^Required

token_explicit_max_ttl: typing.Union[int, float]

Type: typing.Union[int, float]

`token_max_ttl`^Required

token_max_ttl: typing.Union[int, float]

Type: typing.Union[int, float]

`token_no_default_policy`^Required

token_no_default_policy: typing.Union[bool, IResolvable]

Type: typing.Union[bool, cdktf.IResolvable]

`token_num_uses`^Required

token_num_uses: typing.Union[int, float]

Type: typing.Union[int, float]

`token_period`^Required

token_period: typing.Union[int, float]

Type: typing.Union[int, float]

`token_policies`^Required

token_policies: typing.List[str]

Type: typing.List[str]

`token_ttl`^Required

token_ttl: typing.Union[int, float]

Type: typing.Union[int, float]

`token_type`^Required

token_type: str

Type: str

Constants

Name	Type	Description
`tfResourceType`	`str`	No description.

`tfResourceType`^Required

tfResourceType: str

Type: str

Structs

AwsAuthBackendRoleConfig

Initializer

from cdktf_cdktf_provider_vault import aws_auth_backend_role

awsAuthBackendRole.AwsAuthBackendRoleConfig(
  connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection] = None,
  count: typing.Union[typing.Union[int, float], TerraformCount] = None,
  depends_on: typing.List[ITerraformDependable] = None,
  for_each: ITerraformIterator = None,
  lifecycle: TerraformResourceLifecycle = None,
  provider: TerraformProvider = None,
  provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]] = None,
  role: str,
  allow_instance_migration: typing.Union[bool, IResolvable] = None,
  auth_type: str = None,
  backend: str = None,
  bound_account_ids: typing.List[str] = None,
  bound_ami_ids: typing.List[str] = None,
  bound_ec2_instance_ids: typing.List[str] = None,
  bound_iam_instance_profile_arns: typing.List[str] = None,
  bound_iam_principal_arns: typing.List[str] = None,
  bound_iam_role_arns: typing.List[str] = None,
  bound_regions: typing.List[str] = None,
  bound_subnet_ids: typing.List[str] = None,
  bound_vpc_ids: typing.List[str] = None,
  disallow_reauthentication: typing.Union[bool, IResolvable] = None,
  id: str = None,
  inferred_aws_region: str = None,
  inferred_entity_type: str = None,
  namespace: str = None,
  resolve_aws_unique_ids: typing.Union[bool, IResolvable] = None,
  role_tag: str = None,
  token_bound_cidrs: typing.List[str] = None,
  token_explicit_max_ttl: typing.Union[int, float] = None,
  token_max_ttl: typing.Union[int, float] = None,
  token_no_default_policy: typing.Union[bool, IResolvable] = None,
  token_num_uses: typing.Union[int, float] = None,
  token_period: typing.Union[int, float] = None,
  token_policies: typing.List[str] = None,
  token_ttl: typing.Union[int, float] = None,
  token_type: str = None
)

Properties

Name	Type	Description
`connection`	`typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]`	No description.
`count`	`typing.Union[typing.Union[int, float], cdktf.TerraformCount]`	No description.
`depends_on`	`typing.List[cdktf.ITerraformDependable]`	No description.
`for_each`	`cdktf.ITerraformIterator`	No description.
`lifecycle`	`cdktf.TerraformResourceLifecycle`	No description.
`provider`	`cdktf.TerraformProvider`	No description.
`provisioners`	`typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]`	No description.
`role`	`str`	Name of the role.
`allow_instance_migration`	`typing.Union[bool, cdktf.IResolvable]`	When true, allows migration of the underlying instance where the client resides. Use with caution.
`auth_type`	`str`	The auth type permitted for this role.
`backend`	`str`	Unique name of the auth backend to configure.
`bound_account_ids`	`typing.List[str]`	Only EC2 instances with this account ID in their identity document will be permitted to log in.
`bound_ami_ids`	`typing.List[str]`	Only EC2 instances using this AMI ID will be permitted to log in.
`bound_ec2_instance_ids`	`typing.List[str]`	Only EC2 instances that match this instance ID will be permitted to log in.
`bound_iam_instance_profile_arns`	`typing.List[str]`	Only EC2 instances associated with an IAM instance profile ARN that matches this value will be permitted to log in.
`bound_iam_principal_arns`	`typing.List[str]`	The IAM principal that must be authenticated using the iam auth method.
`bound_iam_role_arns`	`typing.List[str]`	Only EC2 instances that match this IAM role ARN will be permitted to log in.
`bound_regions`	`typing.List[str]`	Only EC2 instances in this region will be permitted to log in.
`bound_subnet_ids`	`typing.List[str]`	Only EC2 instances associated with this subnet ID will be permitted to log in.
`bound_vpc_ids`	`typing.List[str]`	Only EC2 instances associated with this VPC ID will be permitted to log in.
`disallow_reauthentication`	`typing.Union[bool, cdktf.IResolvable]`	When true, only allows a single token to be granted per instance ID.
`id`	`str`	Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#id AwsAuthBackendRole#id}.
`inferred_aws_region`	`str`	The region to search for the inferred entities in.
`inferred_entity_type`	`str`	The type of inferencing Vault should do.
`namespace`	`str`	Target namespace. (requires Enterprise).
`resolve_aws_unique_ids`	`typing.Union[bool, cdktf.IResolvable]`	Whether or not Vault should resolve the bound_iam_principal_arn to an AWS Unique ID.
`role_tag`	`str`	The key of the tag on EC2 instance to use for role tags.
`token_bound_cidrs`	`typing.List[str]`	Specifies the blocks of IP addresses which are allowed to use the generated token.
`token_explicit_max_ttl`	`typing.Union[int, float]`	Generated Token's Explicit Maximum TTL in seconds.
`token_max_ttl`	`typing.Union[int, float]`	The maximum lifetime of the generated token.
`token_no_default_policy`	`typing.Union[bool, cdktf.IResolvable]`	If true, the 'default' policy will not automatically be added to generated tokens.
`token_num_uses`	`typing.Union[int, float]`	The maximum number of times a token may be used, a value of zero means unlimited.
`token_period`	`typing.Union[int, float]`	Generated Token's Period.
`token_policies`	`typing.List[str]`	Generated Token's Policies.
`token_ttl`	`typing.Union[int, float]`	The initial ttl of the token to generate in seconds.
`token_type`	`str`	The type of token to generate, service or batch.

`connection`^Optional

connection: typing.Union[SSHProvisionerConnection, WinrmProvisionerConnection]

Type: typing.Union[cdktf.SSHProvisionerConnection, cdktf.WinrmProvisionerConnection]

`count`^Optional

count: typing.Union[typing.Union[int, float], TerraformCount]

Type: typing.Union[typing.Union[int, float], cdktf.TerraformCount]

`depends_on`^Optional

depends_on: typing.List[ITerraformDependable]

Type: typing.List[cdktf.ITerraformDependable]

`for_each`^Optional

for_each: ITerraformIterator

Type: cdktf.ITerraformIterator

`lifecycle`^Optional

lifecycle: TerraformResourceLifecycle

Type: cdktf.TerraformResourceLifecycle

`provider`^Optional

provider: TerraformProvider

Type: cdktf.TerraformProvider

`provisioners`^Optional

provisioners: typing.List[typing.Union[FileProvisioner, LocalExecProvisioner, RemoteExecProvisioner]]

Type: typing.List[typing.Union[cdktf.FileProvisioner, cdktf.LocalExecProvisioner, cdktf.RemoteExecProvisioner]]

`role`^Required

role: str

Type: str

Name of the role.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#role AwsAuthBackendRole#role}

`allow_instance_migration`^Optional

allow_instance_migration: typing.Union[bool, IResolvable]

Type: typing.Union[bool, cdktf.IResolvable]

When true, allows migration of the underlying instance where the client resides. Use with caution.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#allow_instance_migration AwsAuthBackendRole#allow_instance_migration}

`auth_type`^Optional

auth_type: str

Type: str

The auth type permitted for this role.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#auth_type AwsAuthBackendRole#auth_type}

`backend`^Optional

backend: str

Type: str

Unique name of the auth backend to configure.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#backend AwsAuthBackendRole#backend}

`bound_account_ids`^Optional

bound_account_ids: typing.List[str]

Type: typing.List[str]

Only EC2 instances with this account ID in their identity document will be permitted to log in.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#bound_account_ids AwsAuthBackendRole#bound_account_ids}

`bound_ami_ids`^Optional

bound_ami_ids: typing.List[str]

Type: typing.List[str]

Only EC2 instances using this AMI ID will be permitted to log in.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#bound_ami_ids AwsAuthBackendRole#bound_ami_ids}

`bound_ec2_instance_ids`^Optional

bound_ec2_instance_ids: typing.List[str]

Type: typing.List[str]

Only EC2 instances that match this instance ID will be permitted to log in.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#bound_ec2_instance_ids AwsAuthBackendRole#bound_ec2_instance_ids}

`bound_iam_instance_profile_arns`^Optional

bound_iam_instance_profile_arns: typing.List[str]

Type: typing.List[str]

Only EC2 instances associated with an IAM instance profile ARN that matches this value will be permitted to log in.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#bound_iam_instance_profile_arns AwsAuthBackendRole#bound_iam_instance_profile_arns}

`bound_iam_principal_arns`^Optional

bound_iam_principal_arns: typing.List[str]

Type: typing.List[str]

The IAM principal that must be authenticated using the iam auth method.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#bound_iam_principal_arns AwsAuthBackendRole#bound_iam_principal_arns}

`bound_iam_role_arns`^Optional

bound_iam_role_arns: typing.List[str]

Type: typing.List[str]

Only EC2 instances that match this IAM role ARN will be permitted to log in.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#bound_iam_role_arns AwsAuthBackendRole#bound_iam_role_arns}

`bound_regions`^Optional

bound_regions: typing.List[str]

Type: typing.List[str]

Only EC2 instances in this region will be permitted to log in.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#bound_regions AwsAuthBackendRole#bound_regions}

`bound_subnet_ids`^Optional

bound_subnet_ids: typing.List[str]

Type: typing.List[str]

Only EC2 instances associated with this subnet ID will be permitted to log in.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#bound_subnet_ids AwsAuthBackendRole#bound_subnet_ids}

`bound_vpc_ids`^Optional

bound_vpc_ids: typing.List[str]

Type: typing.List[str]

Only EC2 instances associated with this VPC ID will be permitted to log in.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#bound_vpc_ids AwsAuthBackendRole#bound_vpc_ids}

`disallow_reauthentication`^Optional

disallow_reauthentication: typing.Union[bool, IResolvable]

Type: typing.Union[bool, cdktf.IResolvable]

When true, only allows a single token to be granted per instance ID.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#disallow_reauthentication AwsAuthBackendRole#disallow_reauthentication}

`id`^Optional

id: str

Type: str

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#id AwsAuthBackendRole#id}.

Please be aware that the id field is automatically added to all resources in Terraform providers using a Terraform provider SDK version below 2. If you experience problems setting this value it might not be settable. Please take a look at the provider documentation to ensure it should be settable.

`inferred_aws_region`^Optional

inferred_aws_region: str

Type: str

The region to search for the inferred entities in.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#inferred_aws_region AwsAuthBackendRole#inferred_aws_region}

`inferred_entity_type`^Optional

inferred_entity_type: str

Type: str

The type of inferencing Vault should do.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#inferred_entity_type AwsAuthBackendRole#inferred_entity_type}

`namespace`^Optional

namespace: str

Type: str

Target namespace. (requires Enterprise).

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#namespace AwsAuthBackendRole#namespace}

`resolve_aws_unique_ids`^Optional

resolve_aws_unique_ids: typing.Union[bool, IResolvable]

Type: typing.Union[bool, cdktf.IResolvable]

Whether or not Vault should resolve the bound_iam_principal_arn to an AWS Unique ID.

When true, deleting a principal and recreating it with the same name won't automatically grant the new principal the same roles in Vault that the old principal had.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#resolve_aws_unique_ids AwsAuthBackendRole#resolve_aws_unique_ids}

`role_tag`^Optional

role_tag: str

Type: str

The key of the tag on EC2 instance to use for role tags.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#role_tag AwsAuthBackendRole#role_tag}

`token_bound_cidrs`^Optional

token_bound_cidrs: typing.List[str]

Type: typing.List[str]

Specifies the blocks of IP addresses which are allowed to use the generated token.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#token_bound_cidrs AwsAuthBackendRole#token_bound_cidrs}

`token_explicit_max_ttl`^Optional

token_explicit_max_ttl: typing.Union[int, float]

Type: typing.Union[int, float]

Generated Token's Explicit Maximum TTL in seconds.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#token_explicit_max_ttl AwsAuthBackendRole#token_explicit_max_ttl}

`token_max_ttl`^Optional

token_max_ttl: typing.Union[int, float]

Type: typing.Union[int, float]

The maximum lifetime of the generated token.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#token_max_ttl AwsAuthBackendRole#token_max_ttl}

`token_no_default_policy`^Optional

token_no_default_policy: typing.Union[bool, IResolvable]

Type: typing.Union[bool, cdktf.IResolvable]

If true, the 'default' policy will not automatically be added to generated tokens.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#token_no_default_policy AwsAuthBackendRole#token_no_default_policy}

`token_num_uses`^Optional

token_num_uses: typing.Union[int, float]

Type: typing.Union[int, float]

The maximum number of times a token may be used, a value of zero means unlimited.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#token_num_uses AwsAuthBackendRole#token_num_uses}

`token_period`^Optional

token_period: typing.Union[int, float]

Type: typing.Union[int, float]

Generated Token's Period.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#token_period AwsAuthBackendRole#token_period}

`token_policies`^Optional

token_policies: typing.List[str]

Type: typing.List[str]

Generated Token's Policies.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#token_policies AwsAuthBackendRole#token_policies}

`token_ttl`^Optional

token_ttl: typing.Union[int, float]

Type: typing.Union[int, float]

The initial ttl of the token to generate in seconds.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#token_ttl AwsAuthBackendRole#token_ttl}

`token_type`^Optional

token_type: str

Type: str

The type of token to generate, service or batch.

Docs at Terraform Registry: {@link https://registry.terraform.io/providers/hashicorp/vault/4.2.0/docs/resources/aws_auth_backend_role#token_type AwsAuthBackendRole#token_type}

Files

awsAuthBackendRole.python.md

Latest commit

History

awsAuthBackendRole.python.md

File metadata and controls

awsAuthBackendRole Submodule

Constructs