User
iam.services.k8s.aws/v1alpha1
| Type | Link |
|---|---|
| GoDoc | iam-controller/apis/v1alpha1#User |
Metadata
| Property | Value |
|---|---|
| Scope | Namespaced |
| Kind | User |
| ListKind | UserList |
| Plural | users |
| Singular | user |
Contains information about an IAM user entity.
This data type is used as a response element in the following operations:
CreateUser
GetUser
ListUsers
Spec
inlinePolicies: {}
name: string
path: string
permissionsBoundary: string
permissionsBoundaryRef:
from:
name: string
policies:
- string
policyRefs:
from:
name: string
tags:
- key: string
value: string
| Field | Description |
|---|---|
| inlinePolicies Optional | object |
| name Required | string The name of the user to create. IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both “MyResource” and “myresource”. |
| path Optional | string The path for the user name. For more information about paths, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the IAM User Guide. This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters. |
| permissionsBoundary Optional | string The ARN of the managed policy that is used to set the permissions boundary for the user. A permissions boundary policy defines the maximum permissions that identity-based policies can grant to an entity, but does not grant permissions. Permissions boundaries do not define the maximum permissions that a resource-based policy can grant to an entity. To learn more, see Permissions boundaries for IAM entities (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the IAM User Guide. For more information about policy types, see Policy types (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policy-types) in the IAM User Guide. |
| permissionsBoundaryRef Optional | object AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference type to provide more user friendly syntax for references using ‘from’ field Ex: APIIDRef: from: name: my-api |
| permissionsBoundaryRef.from Optional | object AWSResourceReference provides all the values necessary to reference another k8s resource for finding the identifier(Id/ARN/Name) |
| permissionsBoundaryRef.from.name Optional | string |
| policies Optional | array |
| policies.[] Required | string |
| policyRefs.[] Required | object AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference |
| type to provide more user friendly syntax for references using ‘from’ field | |
| Ex: | |
| APIIDRef: |
from:
name: my-api || **policyRefs.[].from**<br/>Optional | **object**<br/>AWSResourceReference provides all the values necessary to reference another<br/>k8s resource for finding the identifier(Id/ARN/Name) |
| policyRefs.[].from.name
Optional | string
|
| tags
Optional | array
A list of tags that you want to attach to the new user. Each tag consists
of a key name and an associated value. For more information about tagging,
see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
in the IAM User Guide.
If any one of the tags is invalid or if you exceed the allowed maximum number
of tags, then the entire request fails and the resource is not created. |
| tags.[]
Required | object
A structure that represents user-provided metadata that can be associated
with an IAM resource. For more information about tagging, see Tagging IAM
resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html)
in the IAM User Guide. || tags.[].key
Optional | string
|
| tags.[].value
Optional | string
|
Status
ackResourceMetadata:
arn: string
ownerAccountID: string
region: string
conditions:
- lastTransitionTime: string
message: string
reason: string
status: string
type: string
createDate: string
passwordLastUsed: string
userID: string
| Field | Description |
|---|---|
| ackResourceMetadata Optional | object All CRs managed by ACK have a common Status.ACKResourceMetadata memberthat is used to contain resource sync state, account ownership, constructed ARN for the resource |
| ackResourceMetadata.arn Optional | string ARN is the Amazon Resource Name for the resource. This is a globally-unique identifier and is set only by the ACK service controller once the controller has orchestrated the creation of the resource OR when it has verified that an “adopted” resource (a resource where the ARN annotation was set by the Kubernetes user on the CR) exists and matches the supplied CR’s Spec field values. TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse https://github.com/aws/aws-controllers-k8s/issues/270 |
| ackResourceMetadata.ownerAccountID Required | string OwnerAccountID is the AWS Account ID of the account that owns the backend AWS service API resource. |
| ackResourceMetadata.region Required | string Region is the AWS region in which the resource exists or will exist. |
| conditions Optional | array All CRS managed by ACK have a common Status.Conditions member thatcontains a collection of ackv1alpha1.Condition objects that describethe various terminal states of the CR and its backend AWS service API resource |
| conditions.[] Required | object Condition is the common struct used by all CRDs managed by ACK service |
| controllers to indicate terminal states of the CR and its backend AWS | |
| service API resource | |
| conditions.[].message Optional | string A human readable message indicating details about the transition. |
| conditions.[].reason Optional | string The reason for the condition’s last transition. |
| conditions.[].status Optional | string Status of the condition, one of True, False, Unknown. |
| conditions.[].type Optional | string Type is the type of the Condition |
| createDate Optional | string The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), when the user was created. |
| passwordLastUsed Optional | string The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), when the user’s password was last used to sign in to an Amazon Web Services website. For a list of Amazon Web Services websites that capture a user’s last sign-in time, see the Credential reports (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html) topic in the IAM User Guide. If a password is used more than once in a five-minute span, only the first use is returned in this field. If the field is null (no value), then it indicates that they never signed in with a password. This can be because: * The user never had a password. * A password exists but has not been used since IAM started tracking this information on October 20, 2014. A null value does not mean that the user never had a password. Also, if the user does not currently have a password but had one in the past, then this field contains the date and time the most recent password was used. This value is returned only in the GetUser and ListUsers operations. |
| userID Optional | string The stable and unique string identifying the user. For more information about IDs, see IAM identifiers (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the IAM User Guide. |