tessl/generic-pulumi--aws

Comprehensive Amazon Web Services (AWS) infrastructure provider for Pulumi enabling multi-language infrastructure-as-code with 225+ AWS services

—

Pending

Overview

Eval results

Files

Provider Configuration

Name: tessl/generic-pulumi--aws
Author: tessl

The AWS Provider class configures authentication, regional settings, and global behavior for all AWS resources in a Pulumi program.

Capabilities

Provider Class

Central configuration resource that manages AWS connection settings and global defaults.

/**
 * AWS Provider resource for configuring authentication and global settings
 */
class Provider extends pulumi.ProviderResource {
    constructor(name: string, args?: ProviderArgs, opts?: pulumi.ResourceOptions);
    
    // Authentication properties
    readonly accessKey?: pulumi.Output<string>;
    readonly secretKey?: pulumi.Output<string>;
    readonly token?: pulumi.Output<string>;
    readonly profile?: pulumi.Output<string>;
    
    // Regional configuration
    readonly region?: pulumi.Output<string>;
    readonly stsRegion?: pulumi.Output<string>;
    
    // Advanced configuration
    readonly defaultTags?: pulumi.Output<ProviderDefaultTags>;
    readonly customEndpoints?: pulumi.Output<ProviderCustomEndpoints>;
    readonly maxRetries?: pulumi.Output<number>;
    readonly httpProxy?: pulumi.Output<string>;
    readonly httpsProxy?: pulumi.Output<string>;
}

interface ProviderArgs {
    // Authentication
    accessKey?: pulumi.Input<string>;
    secretKey?: pulumi.Input<string>;
    token?: pulumi.Input<string>;
    profile?: pulumi.Input<string>;
    
    // Regional settings
    region?: pulumi.Input<string>;
    stsRegion?: pulumi.Input<string>;
    
    // Role assumption
    assumeRole?: pulumi.Input<ProviderAssumeRole>;
    assumeRoleWithWebIdentity?: pulumi.Input<ProviderAssumeRoleWithWebIdentity>;
    
    // Security settings  
    allowedAccountIds?: pulumi.Input<pulumi.Input<string>[]>;
    forbiddenAccountIds?: pulumi.Input<pulumi.Input<string>[]>;
    
    // Global tags and configuration
    defaultTags?: pulumi.Input<ProviderDefaultTags>;
    ignoreTags?: pulumi.Input<ProviderIgnoreTags>;
    
    // Networking and endpoints
    customEndpoints?: pulumi.Input<ProviderCustomEndpoints>;
    httpProxy?: pulumi.Input<string>;
    httpsProxy?: pulumi.Input<string>;
    noProxy?: pulumi.Input<string>;
    
    // Performance and behavior
    maxRetries?: pulumi.Input<number>;
    retryMode?: pulumi.Input<string>;
    skipCredentialsValidation?: pulumi.Input<boolean>;
    skipMetadataApiCheck?: pulumi.Input<boolean>;
    insecure?: pulumi.Input<boolean>;
}

Usage Examples:

import * as aws from "@pulumi/aws";

// Basic provider with region
const provider = new aws.Provider("aws-provider", {
    region: "us-west-2"
});

// Provider with profile authentication
const provider = new aws.Provider("aws-profile", {
    region: "us-east-1",
    profile: "production"
});

// Provider with role assumption
const provider = new aws.Provider("aws-assume-role", {
    region: "eu-west-1",
    assumeRole: {
        roleArn: "arn:aws:iam::123456789012:role/CrossAccountRole",
        sessionName: "pulumi-session"
    }
});

// Provider with default tags
const provider = new aws.Provider("aws-tagged", {
    region: "us-west-2",
    defaultTags: {
        tags: {
            Environment: "production",
            ManagedBy: "pulumi"
        }
    }
});

Role Assumption

Configuration for assuming IAM roles, including cross-account access and web identity federation.

interface ProviderAssumeRole {
    /** ARN of the role to assume */
    roleArn?: pulumi.Input<string>;
    /** Session name for the assumed role session */
    sessionName?: pulumi.Input<string>;
    /** External ID for role assumption */
    externalId?: pulumi.Input<string>;
    /** IAM policy to apply to the assumed role session */
    policy?: pulumi.Input<string>;
    /** Session tags for the assumed role */
    tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
    /** Session duration in seconds (900-43200) */
    duration?: pulumi.Input<string>;
}

interface ProviderAssumeRoleWithWebIdentity {
    /** ARN of the role to assume */
    roleArn?: pulumi.Input<string>;
    /** Session name for the assumed role session */
    sessionName?: pulumi.Input<string>;
    /** Path to the web identity token file */
    webIdentityTokenFile?: pulumi.Input<string>;
    /** IAM policy to apply to the assumed role session */
    policy?: pulumi.Input<string>;
    /** Session duration in seconds (900-43200) */
    duration?: pulumi.Input<string>;
}

Default Tags

Global tagging configuration applied to all resources created by the provider.

interface ProviderDefaultTags {
    /** Map of tags to apply to all resources */
    tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
}

interface ProviderIgnoreTags {
    /** Tag keys to ignore during resource updates */
    keys?: pulumi.Input<pulumi.Input<string>[]>;
    /** Tag key prefixes to ignore during resource updates */
    keyPrefixes?: pulumi.Input<pulumi.Input<string>[]>;
}

Custom Endpoints

Override default AWS service endpoints for testing or private deployments.

interface ProviderCustomEndpoints {
    /** EC2 service endpoint URL */
    ec2?: pulumi.Input<string>;
    /** S3 service endpoint URL */
    s3?: pulumi.Input<string>;
    /** Lambda service endpoint URL */
    lambda?: pulumi.Input<string>;
    /** IAM service endpoint URL */
    iam?: pulumi.Input<string>;
    /** RDS service endpoint URL */
    rds?: pulumi.Input<string>;
    /** DynamoDB service endpoint URL */
    dynamodb?: pulumi.Input<string>;
    // ... endpoints for all 225+ AWS services
}

Usage Examples:

// Custom endpoints for LocalStack testing
const provider = new aws.Provider("localstack", {
    region: "us-east-1",
    accessKey: "test",
    secretKey: "test", 
    customEndpoints: {
        s3: "http://localhost:4566",
        lambda: "http://localhost:4566",
        dynamodb: "http://localhost:4566"
    },
    skipCredentialsValidation: true,
    skipMetadataApiCheck: true
});

// Private cloud or VPC endpoints
const provider = new aws.Provider("private-cloud", {
    region: "us-west-2",
    customEndpoints: {
        s3: "https://s3.private.example.com",
        ec2: "https://ec2.private.example.com"
    }
});

Authentication Methods

The provider supports multiple authentication methods in order of precedence:

Explicit credentials - accessKey, secretKey, token parameters
Profile-based - profile parameter referencing AWS CLI profiles
Role assumption - assumeRole configuration
Environment variables - AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, etc.
Instance metadata - EC2 instance profiles and ECS task roles
Web Identity Federation - assumeRoleWithWebIdentity for OIDC providers

Global Configuration Functions

Utility functions for retrieving provider and account information.

/**
 * Get information about the AWS provider configuration
 */
function getDefaultTags(args?: GetDefaultTagsArgs): Promise<GetDefaultTagsResult>;

interface GetDefaultTagsResult {
    /** Tags configured at the provider level */
    readonly tags: {[key: string]: string};
}

/**
 * Get current AWS caller identity information
 */
function getCallerIdentity(args?: GetCallerIdentityArgs): Promise<GetCallerIdentityResult>;

interface GetCallerIdentityResult {
    /** AWS account ID */
    readonly accountId: string;
    /** ARN of the calling identity */
    readonly arn: string;
    /** Unique ID of the calling identity */
    readonly userId: string;
}

Install with Tessl CLI

npx tessl i tessl/generic-pulumi--aws@7.6.2

docs

application.md

compute.md

database.md

global-data-sources.md