sdk/go/aws/iam/role.go

// Code generated by pulumi-language-go DO NOT EDIT.
// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! ***

package iam

import (
	"context"
	"reflect"

	"errors"
	"github.com/pulumi/pulumi-aws-native/sdk/go/aws"
	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/internal"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

// Creates a new role for your AWS-account.
//
//	For more information about roles, see [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) in the *IAM User Guide*. For information about quotas for role names and the number of roles you can create, see [IAM and quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *IAM User Guide*.
//
// ## Example Usage
// ### Example
//
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/gamelift"
//	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			iamRole, err := iam.NewRole(ctx, "iamRole", &iam.RoleArgs{
//				AssumeRolePolicyDocument: pulumi.Any(map[string]interface{}{
//					"version": "2012-10-17",
//					"statement": []map[string]interface{}{
//						map[string]interface{}{
//							"effect": "Allow",
//							"principal": map[string]interface{}{
//								"service": []string{
//									"cloudformation.amazonaws.com",
//									"gamelift.amazonaws.com",
//								},
//							},
//							"action": "sts:AssumeRole",
//						},
//					},
//				}),
//				RoleName: pulumi.String("ScriptIAMRole"),
//				Policies: iam.RolePolicyTypeArray{
//					&iam.RolePolicyTypeArgs{
//						PolicyName: pulumi.String("ScriptResourceIAMPolicy"),
//						PolicyDocument: pulumi.Any(map[string]interface{}{
//							"version": "2012-10-17",
//							"statement": []map[string]interface{}{
//								map[string]interface{}{
//									"effect": "Allow",
//									"action": []string{
//										"s3:GetObject",
//										"s3:GetObjectVersion",
//										"s3:GetObjectMetadata",
//										"s3:*Object*",
//									},
//									"resource": []string{
//										"*",
//									},
//								},
//							},
//						}),
//					},
//				},
//			})
//			if err != nil {
//				return err
//			}
//			_, err = gamelift.NewScript(ctx, "scriptResource", &gamelift.ScriptArgs{
//				Name:    pulumi.String("MyRealtimeScript"),
//				Version: pulumi.String("v1.0"),
//				StorageLocation: &gamelift.ScriptS3LocationArgs{
//					Bucket:  pulumi.String("MyBucketName"),
//					Key:     pulumi.String("MyScriptFiles.zip"),
//					RoleArn: iamRole.Arn,
//				},
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// ### Example
//
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/gamelift"
//	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			iamRole, err := iam.NewRole(ctx, "iamRole", &iam.RoleArgs{
//				AssumeRolePolicyDocument: pulumi.Any(map[string]interface{}{
//					"version": "2012-10-17",
//					"statement": []map[string]interface{}{
//						map[string]interface{}{
//							"effect": "Allow",
//							"principal": map[string]interface{}{
//								"service": []string{
//									"cloudformation.amazonaws.com",
//									"gamelift.amazonaws.com",
//								},
//							},
//							"action": "sts:AssumeRole",
//						},
//					},
//				}),
//				RoleName: pulumi.String("ScriptIAMRole"),
//				Policies: iam.RolePolicyTypeArray{
//					&iam.RolePolicyTypeArgs{
//						PolicyName: pulumi.String("ScriptResourceIAMPolicy"),
//						PolicyDocument: pulumi.Any(map[string]interface{}{
//							"version": "2012-10-17",
//							"statement": []map[string]interface{}{
//								map[string]interface{}{
//									"effect": "Allow",
//									"action": []string{
//										"s3:GetObject",
//										"s3:GetObjectVersion",
//										"s3:GetObjectMetadata",
//										"s3:*Object*",
//									},
//									"resource": []string{
//										"*",
//									},
//								},
//							},
//						}),
//					},
//				},
//			})
//			if err != nil {
//				return err
//			}
//			_, err = gamelift.NewScript(ctx, "scriptResource", &gamelift.ScriptArgs{
//				Name:    pulumi.String("MyRealtimeScript"),
//				Version: pulumi.String("v1.0"),
//				StorageLocation: &gamelift.ScriptS3LocationArgs{
//					Bucket:  pulumi.String("MyBucketName"),
//					Key:     pulumi.String("MyScriptFiles.zip"),
//					RoleArn: iamRole.Arn,
//				},
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// ### Example
//
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/grafana"
//	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			amazonGrafanaWorkspaceIAMRole, err := iam.NewRole(ctx, "amazonGrafanaWorkspaceIAMRole", &iam.RoleArgs{
//				ManagedPolicyArns: pulumi.StringArray{
//					pulumi.String("arn:aws:iam::aws:policy/service-role/AmazonGrafanaAthenaAccess"),
//				},
//				AssumeRolePolicyDocument: pulumi.Any(map[string]interface{}{
//					"version": "2012-10-17",
//					"statement": []map[string]interface{}{
//						map[string]interface{}{
//							"effect": "Allow",
//							"principal": map[string]interface{}{
//								"service": []string{
//									"grafana.amazonaws.com",
//								},
//							},
//							"action": []string{
//								"sts:AssumeRole",
//							},
//						},
//					},
//				}),
//			})
//			if err != nil {
//				return err
//			}
//			amazonGrafanaWorkspace, err := grafana.NewWorkspace(ctx, "amazonGrafanaWorkspace", &grafana.WorkspaceArgs{
//				AccountAccessType: grafana.WorkspaceAccountAccessTypeCurrentAccount,
//				Name:              pulumi.String("AmazonGrafanaWorkspace"),
//				Description:       pulumi.String("Amazon Grafana Workspace"),
//				AuthenticationProviders: grafana.WorkspaceAuthenticationProviderTypesArray{
//					grafana.WorkspaceAuthenticationProviderTypesSaml,
//				},
//				PermissionType: grafana.WorkspacePermissionTypeCustomerManaged,
//				GrafanaVersion: pulumi.String("9.4"),
//				RoleArn:        amazonGrafanaWorkspaceIAMRole.Arn,
//				SamlConfiguration: &grafana.WorkspaceSamlConfigurationArgs{
//					IdpMetadata: &grafana.WorkspaceIdpMetadataArgs{
//						Xml: pulumi.String("<md:EntityDescriptor xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata' entityID='entityId'>DATA</md:EntityDescriptor>"),
//					},
//					AssertionAttributes: &grafana.WorkspaceAssertionAttributesArgs{
//						Name:   pulumi.String("displayName"),
//						Login:  pulumi.String("login"),
//						Email:  pulumi.String("email"),
//						Groups: pulumi.String("group"),
//						Role:   pulumi.String("role"),
//						Org:    pulumi.String("org"),
//					},
//					RoleValues: &grafana.WorkspaceRoleValuesArgs{
//						Editor: pulumi.StringArray{
//							pulumi.String("editor1"),
//						},
//						Admin: pulumi.StringArray{
//							pulumi.String("admin1"),
//						},
//					},
//					AllowedOrganizations: pulumi.StringArray{
//						pulumi.String("org1"),
//					},
//					LoginValidityDuration: pulumi.Float64(60),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			ctx.Export("workspaceEndpoint", amazonGrafanaWorkspace.Endpoint)
//			ctx.Export("workspaceStatus", amazonGrafanaWorkspace.Status)
//			ctx.Export("workspaceId", amazonGrafanaWorkspace.ID())
//			ctx.Export("grafanaVersion", amazonGrafanaWorkspace.GrafanaVersion)
//			return nil
//		})
//	}
//
// ```
// ### Example
//
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/grafana"
//	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			amazonGrafanaWorkspaceIAMRole, err := iam.NewRole(ctx, "amazonGrafanaWorkspaceIAMRole", &iam.RoleArgs{
//				ManagedPolicyArns: pulumi.StringArray{
//					pulumi.String("arn:aws:iam::aws:policy/service-role/AmazonGrafanaAthenaAccess"),
//				},
//				AssumeRolePolicyDocument: pulumi.Any(map[string]interface{}{
//					"version": "2012-10-17",
//					"statement": []map[string]interface{}{
//						map[string]interface{}{
//							"effect": "Allow",
//							"principal": map[string]interface{}{
//								"service": []string{
//									"grafana.amazonaws.com",
//								},
//							},
//							"action": []string{
//								"sts:AssumeRole",
//							},
//						},
//					},
//				}),
//			})
//			if err != nil {
//				return err
//			}
//			amazonGrafanaWorkspace, err := grafana.NewWorkspace(ctx, "amazonGrafanaWorkspace", &grafana.WorkspaceArgs{
//				AccountAccessType: grafana.WorkspaceAccountAccessTypeCurrentAccount,
//				Name:              pulumi.String("AmazonGrafanaWorkspace"),
//				Description:       pulumi.String("Amazon Grafana Workspace"),
//				AuthenticationProviders: grafana.WorkspaceAuthenticationProviderTypesArray{
//					grafana.WorkspaceAuthenticationProviderTypesSaml,
//				},
//				PermissionType: grafana.WorkspacePermissionTypeCustomerManaged,
//				GrafanaVersion: pulumi.String("9.4"),
//				RoleArn:        amazonGrafanaWorkspaceIAMRole.Arn,
//				SamlConfiguration: &grafana.WorkspaceSamlConfigurationArgs{
//					IdpMetadata: &grafana.WorkspaceIdpMetadataArgs{
//						Xml: pulumi.String("<md:EntityDescriptor xmlns:md='urn:oasis:names:tc:SAML:2.0:metadata' entityID='entityId'>DATA</md:EntityDescriptor>"),
//					},
//					AssertionAttributes: &grafana.WorkspaceAssertionAttributesArgs{
//						Name:   pulumi.String("displayName"),
//						Login:  pulumi.String("login"),
//						Email:  pulumi.String("email"),
//						Groups: pulumi.String("group"),
//						Role:   pulumi.String("role"),
//						Org:    pulumi.String("org"),
//					},
//					RoleValues: &grafana.WorkspaceRoleValuesArgs{
//						Editor: pulumi.StringArray{
//							pulumi.String("editor1"),
//						},
//						Admin: pulumi.StringArray{
//							pulumi.String("admin1"),
//						},
//					},
//					AllowedOrganizations: pulumi.StringArray{
//						pulumi.String("org1"),
//					},
//					LoginValidityDuration: pulumi.Float64(60),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			ctx.Export("workspaceEndpoint", amazonGrafanaWorkspace.Endpoint)
//			ctx.Export("workspaceStatus", amazonGrafanaWorkspace.Status)
//			ctx.Export("workspaceId", amazonGrafanaWorkspace.ID())
//			ctx.Export("grafanaVersion", amazonGrafanaWorkspace.GrafanaVersion)
//			return nil
//		})
//	}
//
// ```
// ### Example
//
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			rootRole, err := iam.NewRole(ctx, "rootRole", &iam.RoleArgs{
//				AssumeRolePolicyDocument: pulumi.Any(map[string]interface{}{
//					"version": "2012-10-17",
//					"statement": []map[string]interface{}{
//						map[string]interface{}{
//							"effect": "Allow",
//							"principal": map[string]interface{}{
//								"service": []string{
//									"ec2.amazonaws.com",
//								},
//							},
//							"action": []string{
//								"sts:AssumeRole",
//							},
//						},
//					},
//				}),
//				Path: pulumi.String("/"),
//				Policies: iam.RolePolicyTypeArray{
//					&iam.RolePolicyTypeArgs{
//						PolicyName: pulumi.String("root"),
//						PolicyDocument: pulumi.Any(map[string]interface{}{
//							"version": "2012-10-17",
//							"statement": []map[string]interface{}{
//								map[string]interface{}{
//									"effect":   "Allow",
//									"action":   "*",
//									"resource": "*",
//								},
//							},
//						}),
//					},
//				},
//			})
//			if err != nil {
//				return err
//			}
//			_, err = iam.NewInstanceProfile(ctx, "rootInstanceProfile", &iam.InstanceProfileArgs{
//				Path: pulumi.String("/"),
//				Roles: pulumi.StringArray{
//					rootRole.ID(),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// ### Example
//
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			rootRole, err := iam.NewRole(ctx, "rootRole", &iam.RoleArgs{
//				AssumeRolePolicyDocument: pulumi.Any(map[string]interface{}{
//					"version": "2012-10-17",
//					"statement": []map[string]interface{}{
//						map[string]interface{}{
//							"effect": "Allow",
//							"principal": map[string]interface{}{
//								"service": []string{
//									"ec2.amazonaws.com",
//								},
//							},
//							"action": []string{
//								"sts:AssumeRole",
//							},
//						},
//					},
//				}),
//				Path: pulumi.String("/"),
//				Policies: iam.RolePolicyTypeArray{
//					&iam.RolePolicyTypeArgs{
//						PolicyName: pulumi.String("root"),
//						PolicyDocument: pulumi.Any(map[string]interface{}{
//							"version": "2012-10-17",
//							"statement": []map[string]interface{}{
//								map[string]interface{}{
//									"effect":   "Allow",
//									"action":   "*",
//									"resource": "*",
//								},
//							},
//						}),
//					},
//				},
//			})
//			if err != nil {
//				return err
//			}
//			_, err = iam.NewInstanceProfile(ctx, "rootInstanceProfile", &iam.InstanceProfileArgs{
//				Path: pulumi.String("/"),
//				Roles: pulumi.StringArray{
//					rootRole.ID(),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// ### Example
//
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/iam"
//	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/ssm"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			_, err := iam.NewRole(ctx, "automationExecutionRole", &iam.RoleArgs{
//				AssumeRolePolicyDocument: pulumi.Any(map[string]interface{}{
//					"version": "2012-10-17",
//					"statement": []map[string]interface{}{
//						map[string]interface{}{
//							"effect": "Allow",
//							"principal": map[string]interface{}{
//								"service": "ssm.amazonaws.com",
//							},
//							"action": []string{
//								"sts:AssumeRole",
//							},
//						},
//					},
//				}),
//				Path: pulumi.String("/"),
//				ManagedPolicyArns: pulumi.StringArray{
//					pulumi.String("arn:${AWS::Partition}:iam::aws:policy/AmazonEC2FullAccess"),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			_, err = ssm.NewAssociation(ctx, "automationAssociation", &ssm.AssociationArgs{
//				Name: pulumi.String("AWS-StopEC2Instance"),
//				Parameters: pulumi.StringArrayMap{
//					"automationAssumeRole": pulumi.StringArray{
//						pulumi.String("AutomationExecutionRole.Arn"),
//					},
//				},
//				Targets: ssm.AssociationTargetArray{
//					&ssm.AssociationTargetArgs{
//						Key: pulumi.String("ParameterValues"),
//						Values: pulumi.StringArray{
//							pulumi.String("i-1234567890abcdef0"),
//						},
//					},
//				},
//				AutomationTargetParameterName: pulumi.String("InstanceId"),
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
type Role struct {
	pulumi.CustomResourceState

	Arn pulumi.StringOutput `pulumi:"arn"`
	// The trust policy that is associated with this role. Trust policies define which entities can assume the role. You can associate only one trust policy with a role. For an example of a policy that can be used to assume a role, see [Template Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#aws-resource-iam-role--examples). For more information about the elements that you can use in an IAM policy, see [Policy Elements Reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the *User Guide*.
	//
	// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::Role` for more information about the expected schema for this property.
	AssumeRolePolicyDocument pulumi.AnyOutput `pulumi:"assumeRolePolicyDocument"`
	// A description of the role that you provide.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role.
	//  For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.
	ManagedPolicyArns pulumi.StringArrayOutput `pulumi:"managedPolicyArns"`
	// The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours.
	//  Anyone who assumes the role from the CLI or API can use the ``DurationSeconds`` API parameter or the ``duration-seconds`` CLI parameter to request a longer session. The ``MaxSessionDuration`` setting determines the maximum duration that can be requested using the ``DurationSeconds`` parameter. If users don't specify a value for the ``DurationSeconds`` parameter, their security credentials are valid for one hour by default. This applies when you use the ``AssumeRole*`` API operations or the ``assume-role*`` CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide*.
	MaxSessionDuration pulumi.IntPtrOutput `pulumi:"maxSessionDuration"`
	// The path to the role. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*.
	//  This parameter is optional. If it is not included, it defaults to a slash (/).
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters.
	Path pulumi.StringPtrOutput `pulumi:"path"`
	// The ARN of the policy used to set the permissions boundary for the role.
	//  For more information about permissions boundaries, see [Permissions boundaries for IAM identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*.
	PermissionsBoundary pulumi.StringPtrOutput `pulumi:"permissionsBoundary"`
	// Adds or updates an inline policy document that is embedded in the specified IAM role.
	//  When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html).
	//  A role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*.
	//  For information about limits on the number of inline policies that you can embed with a role, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.
	//   If an external policy (such as ``AWS::IAM::Policy`` or
	Policies RolePolicyTypeArrayOutput `pulumi:"policies"`
	RoleId   pulumi.StringOutput       `pulumi:"roleId"`
	// A name for the IAM role, up to 64 characters in length. For valid values, see the ``RoleName`` parameter for the [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *User Guide*.
	//  This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both "Role1" and "role1".
	//  If you don't specify a name, CFN generates a unique physical ID and uses that ID for the role name.
	//  If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/Use
	RoleName pulumi.StringPtrOutput `pulumi:"roleName"`
	// A list of tags that are attached to the role. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*.
	Tags aws.TagArrayOutput `pulumi:"tags"`
}

// NewRole registers a new resource with the given unique name, arguments, and options.
func NewRole(ctx *pulumi.Context,
	name string, args *RoleArgs, opts ...pulumi.ResourceOption) (*Role, error) {
	if args == nil {
		return nil, errors.New("missing one or more required arguments")
	}

	if args.AssumeRolePolicyDocument == nil {
		return nil, errors.New("invalid value for required argument 'AssumeRolePolicyDocument'")
	}
	replaceOnChanges := pulumi.ReplaceOnChanges([]string{
		"path",
		"roleName",
	})
	opts = append(opts, replaceOnChanges)
	opts = internal.PkgResourceDefaultOpts(opts)
	var resource Role
	err := ctx.RegisterResource("aws-native:iam:Role", name, args, &resource, opts...)
	if err != nil {
		return nil, err
	}
	return &resource, nil
}

// GetRole gets an existing Role resource's state with the given name, ID, and optional
// state properties that are used to uniquely qualify the lookup (nil if not required).
func GetRole(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *RoleState, opts ...pulumi.ResourceOption) (*Role, error) {
	var resource Role
	err := ctx.ReadResource("aws-native:iam:Role", name, id, state, &resource, opts...)
	if err != nil {
		return nil, err
	}
	return &resource, nil
}

// Input properties used for looking up and filtering Role resources.
type roleState struct {
}

type RoleState struct {
}

func (RoleState) ElementType() reflect.Type {
	return reflect.TypeOf((*roleState)(nil)).Elem()
}

type roleArgs struct {
	// The trust policy that is associated with this role. Trust policies define which entities can assume the role. You can associate only one trust policy with a role. For an example of a policy that can be used to assume a role, see [Template Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#aws-resource-iam-role--examples). For more information about the elements that you can use in an IAM policy, see [Policy Elements Reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the *User Guide*.
	//
	// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::Role` for more information about the expected schema for this property.
	AssumeRolePolicyDocument interface{} `pulumi:"assumeRolePolicyDocument"`
	// A description of the role that you provide.
	Description *string `pulumi:"description"`
	// A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role.
	//  For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.
	ManagedPolicyArns []string `pulumi:"managedPolicyArns"`
	// The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours.
	//  Anyone who assumes the role from the CLI or API can use the ``DurationSeconds`` API parameter or the ``duration-seconds`` CLI parameter to request a longer session. The ``MaxSessionDuration`` setting determines the maximum duration that can be requested using the ``DurationSeconds`` parameter. If users don't specify a value for the ``DurationSeconds`` parameter, their security credentials are valid for one hour by default. This applies when you use the ``AssumeRole*`` API operations or the ``assume-role*`` CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide*.
	MaxSessionDuration *int `pulumi:"maxSessionDuration"`
	// The path to the role. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*.
	//  This parameter is optional. If it is not included, it defaults to a slash (/).
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters.
	Path *string `pulumi:"path"`
	// The ARN of the policy used to set the permissions boundary for the role.
	//  For more information about permissions boundaries, see [Permissions boundaries for IAM identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*.
	PermissionsBoundary *string `pulumi:"permissionsBoundary"`
	// Adds or updates an inline policy document that is embedded in the specified IAM role.
	//  When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html).
	//  A role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*.
	//  For information about limits on the number of inline policies that you can embed with a role, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.
	//   If an external policy (such as ``AWS::IAM::Policy`` or
	Policies []RolePolicyType `pulumi:"policies"`
	// A name for the IAM role, up to 64 characters in length. For valid values, see the ``RoleName`` parameter for the [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *User Guide*.
	//  This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both "Role1" and "role1".
	//  If you don't specify a name, CFN generates a unique physical ID and uses that ID for the role name.
	//  If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/Use
	RoleName *string `pulumi:"roleName"`
	// A list of tags that are attached to the role. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*.
	Tags []aws.Tag `pulumi:"tags"`
}

// The set of arguments for constructing a Role resource.
type RoleArgs struct {
	// The trust policy that is associated with this role. Trust policies define which entities can assume the role. You can associate only one trust policy with a role. For an example of a policy that can be used to assume a role, see [Template Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#aws-resource-iam-role--examples). For more information about the elements that you can use in an IAM policy, see [Policy Elements Reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the *User Guide*.
	//
	// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::Role` for more information about the expected schema for this property.
	AssumeRolePolicyDocument pulumi.Input
	// A description of the role that you provide.
	Description pulumi.StringPtrInput
	// A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role.
	//  For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.
	ManagedPolicyArns pulumi.StringArrayInput
	// The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours.
	//  Anyone who assumes the role from the CLI or API can use the ``DurationSeconds`` API parameter or the ``duration-seconds`` CLI parameter to request a longer session. The ``MaxSessionDuration`` setting determines the maximum duration that can be requested using the ``DurationSeconds`` parameter. If users don't specify a value for the ``DurationSeconds`` parameter, their security credentials are valid for one hour by default. This applies when you use the ``AssumeRole*`` API operations or the ``assume-role*`` CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide*.
	MaxSessionDuration pulumi.IntPtrInput
	// The path to the role. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*.
	//  This parameter is optional. If it is not included, it defaults to a slash (/).
	//  This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters.
	Path pulumi.StringPtrInput
	// The ARN of the policy used to set the permissions boundary for the role.
	//  For more information about permissions boundaries, see [Permissions boundaries for IAM identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*.
	PermissionsBoundary pulumi.StringPtrInput
	// Adds or updates an inline policy document that is embedded in the specified IAM role.
	//  When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html).
	//  A role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*.
	//  For information about limits on the number of inline policies that you can embed with a role, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.
	//   If an external policy (such as ``AWS::IAM::Policy`` or
	Policies RolePolicyTypeArrayInput
	// A name for the IAM role, up to 64 characters in length. For valid values, see the ``RoleName`` parameter for the [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *User Guide*.
	//  This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both "Role1" and "role1".
	//  If you don't specify a name, CFN generates a unique physical ID and uses that ID for the role name.
	//  If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/Use
	RoleName pulumi.StringPtrInput
	// A list of tags that are attached to the role. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*.
	Tags aws.TagArrayInput
}

func (RoleArgs) ElementType() reflect.Type {
	return reflect.TypeOf((*roleArgs)(nil)).Elem()
}

type RoleInput interface {
	pulumi.Input

	ToRoleOutput() RoleOutput
	ToRoleOutputWithContext(ctx context.Context) RoleOutput
}

func (*Role) ElementType() reflect.Type {
	return reflect.TypeOf((**Role)(nil)).Elem()
}

func (i *Role) ToRoleOutput() RoleOutput {
	return i.ToRoleOutputWithContext(context.Background())
}

func (i *Role) ToRoleOutputWithContext(ctx context.Context) RoleOutput {
	return pulumi.ToOutputWithContext(ctx, i).(RoleOutput)
}

type RoleOutput struct{ *pulumi.OutputState }

func (RoleOutput) ElementType() reflect.Type {
	return reflect.TypeOf((**Role)(nil)).Elem()
}

func (o RoleOutput) ToRoleOutput() RoleOutput {
	return o
}

func (o RoleOutput) ToRoleOutputWithContext(ctx context.Context) RoleOutput {
	return o
}

func (o RoleOutput) Arn() pulumi.StringOutput {
	return o.ApplyT(func(v *Role) pulumi.StringOutput { return v.Arn }).(pulumi.StringOutput)
}

// The trust policy that is associated with this role. Trust policies define which entities can assume the role. You can associate only one trust policy with a role. For an example of a policy that can be used to assume a role, see [Template Examples](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html#aws-resource-iam-role--examples). For more information about the elements that you can use in an IAM policy, see [Policy Elements Reference](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html) in the *User Guide*.
//
// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::IAM::Role` for more information about the expected schema for this property.
func (o RoleOutput) AssumeRolePolicyDocument() pulumi.AnyOutput {
	return o.ApplyT(func(v *Role) pulumi.AnyOutput { return v.AssumeRolePolicyDocument }).(pulumi.AnyOutput)
}

// A description of the role that you provide.
func (o RoleOutput) Description() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *Role) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput)
}

// A list of Amazon Resource Names (ARNs) of the IAM managed policies that you want to attach to the role.
//
//	For more information about ARNs, see [Amazon Resource Names (ARNs) and Service Namespaces](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*.
func (o RoleOutput) ManagedPolicyArns() pulumi.StringArrayOutput {
	return o.ApplyT(func(v *Role) pulumi.StringArrayOutput { return v.ManagedPolicyArns }).(pulumi.StringArrayOutput)
}

// The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default value of one hour is applied. This setting can have a value from 1 hour to 12 hours.
//
//	Anyone who assumes the role from the CLI or API can use the ``DurationSeconds`` API parameter or the ``duration-seconds`` CLI parameter to request a longer session. The ``MaxSessionDuration`` setting determines the maximum duration that can be requested using the ``DurationSeconds`` parameter. If users don't specify a value for the ``DurationSeconds`` parameter, their security credentials are valid for one hour by default. This applies when you use the ``AssumeRole*`` API operations or the ``assume-role*`` CLI operations but does not apply when you use those operations to create a console URL. For more information, see [Using IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide*.
func (o RoleOutput) MaxSessionDuration() pulumi.IntPtrOutput {
	return o.ApplyT(func(v *Role) pulumi.IntPtrOutput { return v.MaxSessionDuration }).(pulumi.IntPtrOutput)
}

// The path to the role. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*.
//
//	This parameter is optional. If it is not included, it defaults to a slash (/).
//	This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (``\u0021``) through the DEL character (``\u007F``), including most punctuation characters, digits, and upper and lowercased letters.
func (o RoleOutput) Path() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *Role) pulumi.StringPtrOutput { return v.Path }).(pulumi.StringPtrOutput)
}

// The ARN of the policy used to set the permissions boundary for the role.
//
//	For more information about permissions boundaries, see [Permissions boundaries for IAM identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide*.
func (o RoleOutput) PermissionsBoundary() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *Role) pulumi.StringPtrOutput { return v.PermissionsBoundary }).(pulumi.StringPtrOutput)
}

// Adds or updates an inline policy document that is embedded in the specified IAM role.
//
//	When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role. You can update a role's trust policy later. For more information about IAM roles, go to [Using Roles to Delegate Permissions and Federate Identities](https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html).
//	A role can also have an attached managed policy. For information about policies, see [Managed Policies and Inline Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *User Guide*.
//	For information about limits on the number of inline policies that you can embed with a role, see [Limitations on Entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/LimitationsOnEntities.html) in the *User Guide*.
//	 If an external policy (such as ``AWS::IAM::Policy`` or
func (o RoleOutput) Policies() RolePolicyTypeArrayOutput {
	return o.ApplyT(func(v *Role) RolePolicyTypeArrayOutput { return v.Policies }).(RolePolicyTypeArrayOutput)
}

func (o RoleOutput) RoleId() pulumi.StringOutput {
	return o.ApplyT(func(v *Role) pulumi.StringOutput { return v.RoleId }).(pulumi.StringOutput)
}

// A name for the IAM role, up to 64 characters in length. For valid values, see the “RoleName“ parameter for the [CreateRole](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html) action in the *User Guide*.
//
//	This parameter allows (per its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. The role name must be unique within the account. Role names are not distinguished by case. For example, you cannot create roles named both "Role1" and "role1".
//	If you don't specify a name, CFN generates a unique physical ID and uses that ID for the role name.
//	If you specify a name, you must specify the ``CAPABILITY_NAMED_IAM`` value to acknowledge your template's capabilities. For more information, see [Acknowledging Resources in Templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/Use
func (o RoleOutput) RoleName() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *Role) pulumi.StringPtrOutput { return v.RoleName }).(pulumi.StringPtrOutput)
}

// A list of tags that are attached to the role. For more information about tagging, see [Tagging IAM resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the *IAM User Guide*.
func (o RoleOutput) Tags() aws.TagArrayOutput {
	return o.ApplyT(func(v *Role) aws.TagArrayOutput { return v.Tags }).(aws.TagArrayOutput)
}

func init() {
	pulumi.RegisterInputType(reflect.TypeOf((*RoleInput)(nil)).Elem(), &Role{})
	pulumi.RegisterOutputType(RoleOutput{})
}