Console Passwords
While API access requires user access keys, password credentials are required for accessing the AWS account resources via the web console. IAM provides various API methods and resources for managing user passwords. For instance, login profiles define the password constraints for a given user.
pulumi up -y
pulumi destroy -y
// iam/identities/users/user_login_profile/ts/index.ts
import * as aws from "@pulumi/aws";
// Create IAM user with password/console credentials
const user = new aws.iam.User("techsquawks-user", {
name: "techsquawks-user",
forceDestroy: true
});
const loginProfile = new aws.iam.UserLoginProfile("techsquawks-user-login-profile", {
user: user.name,
passwordLength: 15,
passwordResetRequired: true
});
export const password = loginProfile.password;
pulumi up -y
pulumi destroy -y
// iam/identities/users/user_login_profile/js/index.js
"use strict";
const aws = require("@pulumi/aws");
// Create IAM user with password/console credentials
const user = new aws.iam.User("techsquawks-user", {
name: "techsquawks-user",
forceDestroy: true
});
const loginProfile = new aws.iam.UserLoginProfile("techsquawks-user-login-profile", {
user: user.name,
passwordLength: 15,
passwordResetRequired: true
});
exports.password = loginProfile.password;
pulumi up -y
pulumi destroy -y
# iam/identities/users/user_login_profile/py/__main__.py
import pulumi
from pulumi_aws import iam
# Create IAM user with long-lived access credentials
user = iam.User("techsquawks-user", name="techsquawks-user")
login_profile = iam.UserLoginProfile("techsquawks-user-login-profile",
user=user.name,
password_length=15,
password_reset_required=True
);
pulumi.export('password', login_profile.password)
pulumi up -y
pulumi destroy -y
// iam/identities/users/user_login_profile/go/main.go
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Create IAM user with password/console credentials
user, err := iam.NewUser(ctx, "techsquawks-user", &iam.UserArgs{
Name: pulumi.String("techsquawks-user"),
})
if err != nil {
return err
}
loginProfile, err := iam.NewUserLoginProfile(ctx, "loginProfile", &iam.UserLoginProfileArgs{
User: user.Name,
PasswordLength: pulumi.Int(15),
PasswordResetRequired: pulumi.Bool(true),
})
if err != nil {
return err
}
ctx.Export("password", loginProfile.Password)
return nil
})
}