{ "name": "awscontroltower", "displayName": "AWS Control Tower", "version": "0.0.2", "description": "A Pulumi package for creating and managing control tower accounts.", "keywords": [ "pulumi", "aws", "controltower", "lbrlabs" ], "homepage": "https://leebriggs.co.uk/projects#pulumi-awscontroltower", "license": "Apache-2.0", "attribution": "This Pulumi package is based on the [`awscontroltower` Terraform Provider](https://github.com/idealo/terraform-provider-awscontroltower).", "repository": "https://github.com/lbrlabs/pulumi-awscontroltower", "pluginDownloadURL": "github://api.github.com/lbrlabs", "publisher": "lbrlabs", "meta": { "moduleFormat": "(.*)(?:/[^/]*)" }, "language": { "csharp": { "packageReferences": { "Pulumi": "3.*" }, "compatibility": "tfbridge20", "rootNamespace": "Lbrlabs.PulumiPackage" }, "go": { "importBasePath": "github.com/lbrlabs/pulumi-awscontroltower/sdk/go/awscontroltower", "generateResourceContainerTypes": true, "generateExtraInputTypes": true }, "nodejs": { "packageName": "@lbrlabs/pulumi-awscontroltower", "packageDescription": "A Pulumi package for creating and managing control tower accounts.", "readme": "> This provider is a derived work of the [Terraform Provider](https://github.com/idealo/terraform-provider-awscontroltower)\n> distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n> first check the [`pulumi-awscontroltower` repo](https://github.com/lbrlabs/pulumi-awscontroltower/issues); however, if that doesn't turn up anything,\n> please consult the source [`terraform-provider-awscontroltower` repo](https://github.com/idealo/terraform-provider-awscontroltower/issues).", "dependencies": { "@pulumi/pulumi": "^3.0.0" }, "devDependencies": { "@types/mime": "^2.0.0", "@types/node": "^10.0.0" }, "compatibility": "tfbridge20", "disableUnionOutputTypes": true }, "python": { "packageName": "lbrlabs_pulumi_aws_controltower", "requires": { "pulumi": ">=3.0.0,<4.0.0" }, "readme": "> This provider is a derived work of the [Terraform Provider](https://github.com/idealo/terraform-provider-awscontroltower)\n> distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n> first check the [`pulumi-awscontroltower` repo](https://github.com/lbrlabs/pulumi-awscontroltower/issues); however, if that doesn't turn up anything,\n> please consult the source [`terraform-provider-awscontroltower` repo](https://github.com/idealo/terraform-provider-awscontroltower/issues).", "compatibility": "tfbridge20", "pyproject": {} } }, "config": { "variables": { "accessKey": { "type": "string", "description": "This is the AWS access key. It must be provided, but it can also be sourced from the `AWS_ACCESS_KEY_ID` environment\nvariable, or via a shared credentials file if `profile` is specified.\n" }, "assumeRole": { "$ref": "#/types/awscontroltower:config%2FassumeRole:assumeRole", "description": "Settings for making use of the AWS Assume Role functionality.\n" }, "maxRetries": { "type": "integer", "description": "This is the maximum number of times an API call is retried, in the case where requests are being throttled or\nexperiencing transient failures. The delay between the subsequent API calls increases exponentially. If omitted, the\ndefault value is `25`.\n" }, "profile": { "type": "string", "description": "This is the AWS profile name as set in the shared credentials file.\n" }, "region": { "type": "string", "description": "This is the AWS region. It must be provided, but it can also be sourced from the `AWS_DEFAULT_REGION` environment\nvariables, or via a shared credentials file if `profile` is specified.\n" }, "secretKey": { "type": "string", "description": "This is the AWS secret key. It must be provided, but it can also be sourced from the `AWS_SECRET_ACCESS_KEY` environment\nvariable, or via a shared credentials file if `profile` is specified.\n" }, "sharedCredentialsFile": { "type": "string", "description": "This is the path to the shared credentials file. If this is not set and a profile is specified, `~/.aws/credentials`\nwill be used.\n" }, "skipCredentialsValidation": { "type": "boolean", "description": "Skip the credentials validation via the STS API. Useful for AWS API implementations that do not have STS available or\nimplemented.\n" }, "skipMetadataApiCheck": { "type": "boolean", "description": "Skip the AWS Metadata API check. Useful for AWS API implementations that do not have a metadata API endpoint. Setting to\n`true` prevents Terraform from authenticating via the Metadata API. You may need to use other authentication methods\nlike static credentials, configuration variables, or environment variables.\n" }, "skipRequestingAccountId": { "type": "boolean", "description": "Skip requesting the account ID. Useful for AWS API implementations that do not have the IAM, STS API, or metadata API.\n" }, "token": { "type": "string", "description": "Session token for validating temporary credentials. Typically provided after successful identity federation or\nMulti-Factor Authentication (MFA) login. With MFA login, this is the session token provided afterward, not the 6 digit\nMFA code used to get temporary credentials. It can also be sourced from the `AWS_SESSION_TOKEN` environment variable.\n" } }, "defaults": [ "region" ] }, "types": { "awscontroltower:config/assumeRole:assumeRole": { "properties": { "durationSeconds": { "type": "integer" }, "externalId": { "type": "string" }, "policy": { "type": "string" }, "policyArns": { "type": "array", "items": { "type": "string" } }, "roleArn": { "type": "string" }, "sessionName": { "type": "string" }, "tags": { "type": "object", "additionalProperties": { "type": "string" } }, "transitiveTagKeys": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "awscontroltower:index/ProviderAssumeRole:ProviderAssumeRole": { "properties": { "durationSeconds": { "type": "integer" }, "externalId": { "type": "string" }, "policy": { "type": "string" }, "policyArns": { "type": "array", "items": { "type": "string" } }, "roleArn": { "type": "string" }, "sessionName": { "type": "string" }, "tags": { "type": "object", "additionalProperties": { "type": "string" } }, "transitiveTagKeys": { "type": "array", "items": { "type": "string" } } }, "type": "object" }, "awscontroltower:index/controlTowerAwsAccountSso:controlTowerAwsAccountSso": { "properties": { "email": { "type": "string" }, "firstName": { "type": "string" }, "lastName": { "type": "string" } }, "type": "object", "required": [ "email", "firstName", "lastName" ] } }, "provider": { "description": "The provider type for the awscontroltower package. By default, resources use package-wide configuration\nsettings, however an explicit `Provider` instance may be created and passed during resource\nconstruction to achieve fine-grained programmatic control over provider settings. See the\n[documentation](https://www.pulumi.com/docs/reference/programming-model/#providers) for more information.\n", "properties": { "accessKey": { "type": "string", "description": "This is the AWS access key. It must be provided, but it can also be sourced from the `AWS_ACCESS_KEY_ID` environment\nvariable, or via a shared credentials file if `profile` is specified.\n" }, "profile": { "type": "string", "description": "This is the AWS profile name as set in the shared credentials file.\n" }, "region": { "type": "string", "description": "This is the AWS region. It must be provided, but it can also be sourced from the `AWS_DEFAULT_REGION` environment\nvariables, or via a shared credentials file if `profile` is specified.\n" }, "secretKey": { "type": "string", "description": "This is the AWS secret key. It must be provided, but it can also be sourced from the `AWS_SECRET_ACCESS_KEY` environment\nvariable, or via a shared credentials file if `profile` is specified.\n" }, "sharedCredentialsFile": { "type": "string", "description": "This is the path to the shared credentials file. If this is not set and a profile is specified, `~/.aws/credentials`\nwill be used.\n" }, "token": { "type": "string", "description": "Session token for validating temporary credentials. Typically provided after successful identity federation or\nMulti-Factor Authentication (MFA) login. With MFA login, this is the session token provided afterward, not the 6 digit\nMFA code used to get temporary credentials. It can also be sourced from the `AWS_SESSION_TOKEN` environment variable.\n" } }, "type": "object", "required": [ "region" ], "inputProperties": { "accessKey": { "type": "string", "description": "This is the AWS access key. It must be provided, but it can also be sourced from the `AWS_ACCESS_KEY_ID` environment\nvariable, or via a shared credentials file if `profile` is specified.\n" }, "assumeRole": { "$ref": "#/types/awscontroltower:index%2FProviderAssumeRole:ProviderAssumeRole", "description": "Settings for making use of the AWS Assume Role functionality.\n" }, "maxRetries": { "type": "integer", "description": "This is the maximum number of times an API call is retried, in the case where requests are being throttled or\nexperiencing transient failures. The delay between the subsequent API calls increases exponentially. If omitted, the\ndefault value is `25`.\n" }, "profile": { "type": "string", "description": "This is the AWS profile name as set in the shared credentials file.\n" }, "region": { "type": "string", "description": "This is the AWS region. It must be provided, but it can also be sourced from the `AWS_DEFAULT_REGION` environment\nvariables, or via a shared credentials file if `profile` is specified.\n" }, "secretKey": { "type": "string", "description": "This is the AWS secret key. It must be provided, but it can also be sourced from the `AWS_SECRET_ACCESS_KEY` environment\nvariable, or via a shared credentials file if `profile` is specified.\n" }, "sharedCredentialsFile": { "type": "string", "description": "This is the path to the shared credentials file. If this is not set and a profile is specified, `~/.aws/credentials`\nwill be used.\n" }, "skipCredentialsValidation": { "type": "boolean", "description": "Skip the credentials validation via the STS API. Useful for AWS API implementations that do not have STS available or\nimplemented.\n" }, "skipMetadataApiCheck": { "type": "boolean", "description": "Skip the AWS Metadata API check. Useful for AWS API implementations that do not have a metadata API endpoint. Setting to\n`true` prevents Terraform from authenticating via the Metadata API. You may need to use other authentication methods\nlike static credentials, configuration variables, or environment variables.\n" }, "skipRequestingAccountId": { "type": "boolean", "description": "Skip requesting the account ID. Useful for AWS API implementations that do not have the IAM, STS API, or metadata API.\n" }, "token": { "type": "string", "description": "Session token for validating temporary credentials. Typically provided after successful identity federation or\nMulti-Factor Authentication (MFA) login. With MFA login, this is the session token provided afterward, not the 6 digit\nMFA code used to get temporary credentials. It can also be sourced from the `AWS_SESSION_TOKEN` environment variable.\n" } }, "requiredInputs": [ "region" ] }, "resources": { "awscontroltower:index/controlTowerAwsAccount:controlTowerAwsAccount": { "properties": { "accountId": { "type": "string", "description": "ID of the AWS account.\n" }, "closeAccountOnDelete": { "type": "boolean", "description": "If enabled, this will close the AWS account on resource deletion, beginning the 90-day suspension period. Otherwise, the\naccount will just be unenrolled from Control Tower.\n" }, "email": { "type": "string", "description": "Root email of the account.\n" }, "name": { "type": "string", "description": "Name of the account.\n" }, "organizationalUnit": { "type": "string", "description": "Name of the Organizational Unit under which the account resides.\n" }, "organizationalUnitIdOnDelete": { "type": "string", "description": "ID of the Organizational Unit to which the account should be moved when the resource is deleted. If no value is\nprovided, the account will not be moved.\n" }, "pathId": { "type": "string", "description": "Name of the path identifier of the product. This value is optional if the product has a default path, and required if\nthe product has more than one path. To list the paths for a product, use ListLaunchPaths.\n" }, "provisionedProductName": { "type": "string", "description": "Name of the service catalog product that is provisioned. Defaults to a slugified version of the account name.\n" }, "sso": { "$ref": "#/types/awscontroltower:index%2FcontrolTowerAwsAccountSso:controlTowerAwsAccountSso", "description": "Assigned SSO user settings.\n" }, "tags": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags for the account.\n" } }, "type": "object", "required": [ "accountId", "email", "name", "organizationalUnit", "pathId", "provisionedProductName", "sso" ], "inputProperties": { "closeAccountOnDelete": { "type": "boolean", "description": "If enabled, this will close the AWS account on resource deletion, beginning the 90-day suspension period. Otherwise, the\naccount will just be unenrolled from Control Tower.\n" }, "email": { "type": "string", "description": "Root email of the account.\n", "willReplaceOnChanges": true }, "name": { "type": "string", "description": "Name of the account.\n", "willReplaceOnChanges": true }, "organizationalUnit": { "type": "string", "description": "Name of the Organizational Unit under which the account resides.\n" }, "organizationalUnitIdOnDelete": { "type": "string", "description": "ID of the Organizational Unit to which the account should be moved when the resource is deleted. If no value is\nprovided, the account will not be moved.\n" }, "pathId": { "type": "string", "description": "Name of the path identifier of the product. This value is optional if the product has a default path, and required if\nthe product has more than one path. To list the paths for a product, use ListLaunchPaths.\n", "willReplaceOnChanges": true }, "provisionedProductName": { "type": "string", "description": "Name of the service catalog product that is provisioned. Defaults to a slugified version of the account name.\n", "willReplaceOnChanges": true }, "sso": { "$ref": "#/types/awscontroltower:index%2FcontrolTowerAwsAccountSso:controlTowerAwsAccountSso", "description": "Assigned SSO user settings.\n" }, "tags": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags for the account.\n" } }, "requiredInputs": [ "email", "organizationalUnit", "sso" ], "stateInputs": { "description": "Input properties used for looking up and filtering controlTowerAwsAccount resources.\n", "properties": { "accountId": { "type": "string", "description": "ID of the AWS account.\n" }, "closeAccountOnDelete": { "type": "boolean", "description": "If enabled, this will close the AWS account on resource deletion, beginning the 90-day suspension period. Otherwise, the\naccount will just be unenrolled from Control Tower.\n" }, "email": { "type": "string", "description": "Root email of the account.\n", "willReplaceOnChanges": true }, "name": { "type": "string", "description": "Name of the account.\n", "willReplaceOnChanges": true }, "organizationalUnit": { "type": "string", "description": "Name of the Organizational Unit under which the account resides.\n" }, "organizationalUnitIdOnDelete": { "type": "string", "description": "ID of the Organizational Unit to which the account should be moved when the resource is deleted. If no value is\nprovided, the account will not be moved.\n" }, "pathId": { "type": "string", "description": "Name of the path identifier of the product. This value is optional if the product has a default path, and required if\nthe product has more than one path. To list the paths for a product, use ListLaunchPaths.\n", "willReplaceOnChanges": true }, "provisionedProductName": { "type": "string", "description": "Name of the service catalog product that is provisioned. Defaults to a slugified version of the account name.\n", "willReplaceOnChanges": true }, "sso": { "$ref": "#/types/awscontroltower:index%2FcontrolTowerAwsAccountSso:controlTowerAwsAccountSso", "description": "Assigned SSO user settings.\n" }, "tags": { "type": "object", "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags for the account.\n" } }, "type": "object" } } } }