Docs Home
AWS v6.73.0 published on Wednesday, Mar 19, 2025 by Pulumi
aws.verifiedaccess.Group
Explore with Pulumi AI
Resource for managing a Verified Access Group.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.verifiedaccess.Group("example", {verifiedaccessInstanceId: exampleAwsVerifiedaccessInstance.id});
import pulumi
import pulumi_aws as aws
example = aws.verifiedaccess.Group("example", verifiedaccess_instance_id=example_aws_verifiedaccess_instance["id"])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/verifiedaccess"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := verifiedaccess.NewGroup(ctx, "example", &verifiedaccess.GroupArgs{
VerifiedaccessInstanceId: pulumi.Any(exampleAwsVerifiedaccessInstance.Id),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.VerifiedAccess.Group("example", new()
{
VerifiedaccessInstanceId = exampleAwsVerifiedaccessInstance.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.verifiedaccess.Group;
import com.pulumi.aws.verifiedaccess.GroupArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Group("example", GroupArgs.builder()
.verifiedaccessInstanceId(exampleAwsVerifiedaccessInstance.id())
.build());
}
}
resources:
example:
type: aws:verifiedaccess:Group
properties:
verifiedaccessInstanceId: ${exampleAwsVerifiedaccessInstance.id}
Usage with KMS Key
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const testKey = new aws.kms.Key("test_key", {description: "KMS key for Verified Access Group test"});
const test = new aws.verifiedaccess.Group("test", {
verifiedaccessInstanceId: testAwsVerifiedaccessInstanceTrustProviderAttachment.verifiedaccessInstanceId,
sseConfiguration: {
kmsKeyArn: testKey.arn,
},
});
import pulumi
import pulumi_aws as aws
test_key = aws.kms.Key("test_key", description="KMS key for Verified Access Group test")
test = aws.verifiedaccess.Group("test",
verifiedaccess_instance_id=test_aws_verifiedaccess_instance_trust_provider_attachment["verifiedaccessInstanceId"],
sse_configuration={
"kms_key_arn": test_key.arn,
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/verifiedaccess"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
testKey, err := kms.NewKey(ctx, "test_key", &kms.KeyArgs{
Description: pulumi.String("KMS key for Verified Access Group test"),
})
if err != nil {
return err
}
_, err = verifiedaccess.NewGroup(ctx, "test", &verifiedaccess.GroupArgs{
VerifiedaccessInstanceId: pulumi.Any(testAwsVerifiedaccessInstanceTrustProviderAttachment.VerifiedaccessInstanceId),
SseConfiguration: &verifiedaccess.GroupSseConfigurationArgs{
KmsKeyArn: testKey.Arn,
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var testKey = new Aws.Kms.Key("test_key", new()
{
Description = "KMS key for Verified Access Group test",
});
var test = new Aws.VerifiedAccess.Group("test", new()
{
VerifiedaccessInstanceId = testAwsVerifiedaccessInstanceTrustProviderAttachment.VerifiedaccessInstanceId,
SseConfiguration = new Aws.VerifiedAccess.Inputs.GroupSseConfigurationArgs
{
KmsKeyArn = testKey.Arn,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.kms.Key;
import com.pulumi.aws.kms.KeyArgs;
import com.pulumi.aws.verifiedaccess.Group;
import com.pulumi.aws.verifiedaccess.GroupArgs;
import com.pulumi.aws.verifiedaccess.inputs.GroupSseConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testKey = new Key("testKey", KeyArgs.builder()
.description("KMS key for Verified Access Group test")
.build());
var test = new Group("test", GroupArgs.builder()
.verifiedaccessInstanceId(testAwsVerifiedaccessInstanceTrustProviderAttachment.verifiedaccessInstanceId())
.sseConfiguration(GroupSseConfigurationArgs.builder()
.kmsKeyArn(testKey.arn())
.build())
.build());
}
}
resources:
testKey:
type: aws:kms:Key
name: test_key
properties:
description: KMS key for Verified Access Group test
test:
type: aws:verifiedaccess:Group
properties:
verifiedaccessInstanceId: ${testAwsVerifiedaccessInstanceTrustProviderAttachment.verifiedaccessInstanceId}
sseConfiguration:
kmsKeyArn: ${testKey.arn}
Create Group Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Group(name: string, args: GroupArgs, opts?: CustomResourceOptions);@overload
def Group(resource_name: str,
args: GroupArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Group(resource_name: str,
opts: Optional[ResourceOptions] = None,
verifiedaccess_instance_id: Optional[str] = None,
description: Optional[str] = None,
policy_document: Optional[str] = None,
sse_configuration: Optional[GroupSseConfigurationArgs] = None,
tags: Optional[Mapping[str, str]] = None)func NewGroup(ctx *Context, name string, args GroupArgs, opts ...ResourceOption) (*Group, error)public Group(string name, GroupArgs args, CustomResourceOptions? opts = null)type: aws:verifiedaccess:Group
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GroupArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GroupArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GroupArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var examplegroupResourceResourceFromVerifiedaccessgroup = new Aws.VerifiedAccess.Group("examplegroupResourceResourceFromVerifiedaccessgroup", new()
{
VerifiedaccessInstanceId = "string",
Description = "string",
PolicyDocument = "string",
SseConfiguration = new Aws.VerifiedAccess.Inputs.GroupSseConfigurationArgs
{
CustomerManagedKeyEnabled = false,
KmsKeyArn = "string",
},
Tags =
{
{ "string", "string" },
},
});
example, err := verifiedaccess.NewGroup(ctx, "examplegroupResourceResourceFromVerifiedaccessgroup", &verifiedaccess.GroupArgs{
VerifiedaccessInstanceId: pulumi.String("string"),
Description: pulumi.String("string"),
PolicyDocument: pulumi.String("string"),
SseConfiguration: &verifiedaccess.GroupSseConfigurationArgs{
CustomerManagedKeyEnabled: pulumi.Bool(false),
KmsKeyArn: pulumi.String("string"),
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var examplegroupResourceResourceFromVerifiedaccessgroup = new Group("examplegroupResourceResourceFromVerifiedaccessgroup", GroupArgs.builder()
.verifiedaccessInstanceId("string")
.description("string")
.policyDocument("string")
.sseConfiguration(GroupSseConfigurationArgs.builder()
.customerManagedKeyEnabled(false)
.kmsKeyArn("string")
.build())
.tags(Map.of("string", "string"))
.build());
examplegroup_resource_resource_from_verifiedaccessgroup = aws.verifiedaccess.Group("examplegroupResourceResourceFromVerifiedaccessgroup",
verifiedaccess_instance_id="string",
description="string",
policy_document="string",
sse_configuration={
"customer_managed_key_enabled": False,
"kms_key_arn": "string",
},
tags={
"string": "string",
})
const examplegroupResourceResourceFromVerifiedaccessgroup = new aws.verifiedaccess.Group("examplegroupResourceResourceFromVerifiedaccessgroup", {
verifiedaccessInstanceId: "string",
description: "string",
policyDocument: "string",
sseConfiguration: {
customerManagedKeyEnabled: false,
kmsKeyArn: "string",
},
tags: {
string: "string",
},
});
type: aws:verifiedaccess:Group
properties:
description: string
policyDocument: string
sseConfiguration:
customerManagedKeyEnabled: false
kmsKeyArn: string
tags:
string: string
verifiedaccessInstanceId: string
Group Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Group resource accepts the following input properties:
- Verifiedaccess
Instance stringId The id of the verified access instance this group is associated with.
The following arguments are optional:
- Description string
- Description of the verified access group.
- Policy
Document string - The policy document that is associated with this resource.
- Sse
Configuration GroupSse Configuration - Configuration block to use KMS keys for server-side encryption.
- Dictionary<string, string>
- Key-value mapping of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- Verifiedaccess
Instance stringId The id of the verified access instance this group is associated with.
The following arguments are optional:
- Description string
- Description of the verified access group.
- Policy
Document string - The policy document that is associated with this resource.
- Sse
Configuration GroupSse Configuration Args - Configuration block to use KMS keys for server-side encryption.
- map[string]string
- Key-value mapping of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- verifiedaccess
Instance StringId The id of the verified access instance this group is associated with.
The following arguments are optional:
- description String
- Description of the verified access group.
- policy
Document String - The policy document that is associated with this resource.
- sse
Configuration GroupSse Configuration - Configuration block to use KMS keys for server-side encryption.
- Map<String,String>
- Key-value mapping of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- verifiedaccess
Instance stringId The id of the verified access instance this group is associated with.
The following arguments are optional:
- description string
- Description of the verified access group.
- policy
Document string - The policy document that is associated with this resource.
- sse
Configuration GroupSse Configuration - Configuration block to use KMS keys for server-side encryption.
- {[key: string]: string}
- Key-value mapping of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- verifiedaccess_
instance_ strid The id of the verified access instance this group is associated with.
The following arguments are optional:
- description str
- Description of the verified access group.
- policy_
document str - The policy document that is associated with this resource.
- sse_
configuration GroupSse Configuration Args - Configuration block to use KMS keys for server-side encryption.
- Mapping[str, str]
- Key-value mapping of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- verifiedaccess
Instance StringId The id of the verified access instance this group is associated with.
The following arguments are optional:
- description String
- Description of the verified access group.
- policy
Document String - The policy document that is associated with this resource.
- sse
Configuration Property Map - Configuration block to use KMS keys for server-side encryption.
- Map<String>
- Key-value mapping of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
Outputs
All input properties are implicitly available as output properties. Additionally, the Group resource produces the following output properties:
- Creation
Time string - Timestamp when the access group was created.
- Deletion
Time string - Timestamp when the access group was deleted.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Updated stringTime - Timestamp when the access group was last updated.
- Owner string
- AWS account number owning this resource.
- Dictionary<string, string>
- Verifiedaccess
Group stringArn - ARN of this verified acess group.
- Verifiedaccess
Group stringId - ID of this verified access group.
- Creation
Time string - Timestamp when the access group was created.
- Deletion
Time string - Timestamp when the access group was deleted.
- Id string
- The provider-assigned unique ID for this managed resource.
- Last
Updated stringTime - Timestamp when the access group was last updated.
- Owner string
- AWS account number owning this resource.
- map[string]string
- Verifiedaccess
Group stringArn - ARN of this verified acess group.
- Verifiedaccess
Group stringId - ID of this verified access group.
- creation
Time String - Timestamp when the access group was created.
- deletion
Time String - Timestamp when the access group was deleted.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Updated StringTime - Timestamp when the access group was last updated.
- owner String
- AWS account number owning this resource.
- Map<String,String>
- verifiedaccess
Group StringArn - ARN of this verified acess group.
- verifiedaccess
Group StringId - ID of this verified access group.
- creation
Time string - Timestamp when the access group was created.
- deletion
Time string - Timestamp when the access group was deleted.
- id string
- The provider-assigned unique ID for this managed resource.
- last
Updated stringTime - Timestamp when the access group was last updated.
- owner string
- AWS account number owning this resource.
- {[key: string]: string}
- verifiedaccess
Group stringArn - ARN of this verified acess group.
- verifiedaccess
Group stringId - ID of this verified access group.
- creation_
time str - Timestamp when the access group was created.
- deletion_
time str - Timestamp when the access group was deleted.
- id str
- The provider-assigned unique ID for this managed resource.
- last_
updated_ strtime - Timestamp when the access group was last updated.
- owner str
- AWS account number owning this resource.
- Mapping[str, str]
- verifiedaccess_
group_ strarn - ARN of this verified acess group.
- verifiedaccess_
group_ strid - ID of this verified access group.
- creation
Time String - Timestamp when the access group was created.
- deletion
Time String - Timestamp when the access group was deleted.
- id String
- The provider-assigned unique ID for this managed resource.
- last
Updated StringTime - Timestamp when the access group was last updated.
- owner String
- AWS account number owning this resource.
- Map<String>
- verifiedaccess
Group StringArn - ARN of this verified acess group.
- verifiedaccess
Group StringId - ID of this verified access group.
Look up Existing Group Resource
Get an existing Group resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GroupState, opts?: CustomResourceOptions): Group@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
creation_time: Optional[str] = None,
deletion_time: Optional[str] = None,
description: Optional[str] = None,
last_updated_time: Optional[str] = None,
owner: Optional[str] = None,
policy_document: Optional[str] = None,
sse_configuration: Optional[GroupSseConfigurationArgs] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
verifiedaccess_group_arn: Optional[str] = None,
verifiedaccess_group_id: Optional[str] = None,
verifiedaccess_instance_id: Optional[str] = None) -> Groupfunc GetGroup(ctx *Context, name string, id IDInput, state *GroupState, opts ...ResourceOption) (*Group, error)public static Group Get(string name, Input<string> id, GroupState? state, CustomResourceOptions? opts = null)public static Group get(String name, Output<String> id, GroupState state, CustomResourceOptions options)resources: _: type: aws:verifiedaccess:Group get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Creation
Time string - Timestamp when the access group was created.
- Deletion
Time string - Timestamp when the access group was deleted.
- Description string
- Description of the verified access group.
- Last
Updated stringTime - Timestamp when the access group was last updated.
- Owner string
- AWS account number owning this resource.
- Policy
Document string - The policy document that is associated with this resource.
- Sse
Configuration GroupSse Configuration - Configuration block to use KMS keys for server-side encryption.
- Dictionary<string, string>
- Key-value mapping of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- Verifiedaccess
Group stringArn - ARN of this verified acess group.
- Verifiedaccess
Group stringId - ID of this verified access group.
- Verifiedaccess
Instance stringId The id of the verified access instance this group is associated with.
The following arguments are optional:
- Creation
Time string - Timestamp when the access group was created.
- Deletion
Time string - Timestamp when the access group was deleted.
- Description string
- Description of the verified access group.
- Last
Updated stringTime - Timestamp when the access group was last updated.
- Owner string
- AWS account number owning this resource.
- Policy
Document string - The policy document that is associated with this resource.
- Sse
Configuration GroupSse Configuration Args - Configuration block to use KMS keys for server-side encryption.
- map[string]string
- Key-value mapping of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- Verifiedaccess
Group stringArn - ARN of this verified acess group.
- Verifiedaccess
Group stringId - ID of this verified access group.
- Verifiedaccess
Instance stringId The id of the verified access instance this group is associated with.
The following arguments are optional:
- creation
Time String - Timestamp when the access group was created.
- deletion
Time String - Timestamp when the access group was deleted.
- description String
- Description of the verified access group.
- last
Updated StringTime - Timestamp when the access group was last updated.
- owner String
- AWS account number owning this resource.
- policy
Document String - The policy document that is associated with this resource.
- sse
Configuration GroupSse Configuration - Configuration block to use KMS keys for server-side encryption.
- Map<String,String>
- Key-value mapping of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- verifiedaccess
Group StringArn - ARN of this verified acess group.
- verifiedaccess
Group StringId - ID of this verified access group.
- verifiedaccess
Instance StringId The id of the verified access instance this group is associated with.
The following arguments are optional:
- creation
Time string - Timestamp when the access group was created.
- deletion
Time string - Timestamp when the access group was deleted.
- description string
- Description of the verified access group.
- last
Updated stringTime - Timestamp when the access group was last updated.
- owner string
- AWS account number owning this resource.
- policy
Document string - The policy document that is associated with this resource.
- sse
Configuration GroupSse Configuration - Configuration block to use KMS keys for server-side encryption.
- {[key: string]: string}
- Key-value mapping of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- verifiedaccess
Group stringArn - ARN of this verified acess group.
- verifiedaccess
Group stringId - ID of this verified access group.
- verifiedaccess
Instance stringId The id of the verified access instance this group is associated with.
The following arguments are optional:
- creation_
time str - Timestamp when the access group was created.
- deletion_
time str - Timestamp when the access group was deleted.
- description str
- Description of the verified access group.
- last_
updated_ strtime - Timestamp when the access group was last updated.
- owner str
- AWS account number owning this resource.
- policy_
document str - The policy document that is associated with this resource.
- sse_
configuration GroupSse Configuration Args - Configuration block to use KMS keys for server-side encryption.
- Mapping[str, str]
- Key-value mapping of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- verifiedaccess_
group_ strarn - ARN of this verified acess group.
- verifiedaccess_
group_ strid - ID of this verified access group.
- verifiedaccess_
instance_ strid The id of the verified access instance this group is associated with.
The following arguments are optional:
- creation
Time String - Timestamp when the access group was created.
- deletion
Time String - Timestamp when the access group was deleted.
- description String
- Description of the verified access group.
- last
Updated StringTime - Timestamp when the access group was last updated.
- owner String
- AWS account number owning this resource.
- policy
Document String - The policy document that is associated with this resource.
- sse
Configuration Property Map - Configuration block to use KMS keys for server-side encryption.
- Map<String>
- Key-value mapping of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- verifiedaccess
Group StringArn - ARN of this verified acess group.
- verifiedaccess
Group StringId - ID of this verified access group.
- verifiedaccess
Instance StringId The id of the verified access instance this group is associated with.
The following arguments are optional:
Supporting Types
GroupSseConfiguration, GroupSseConfigurationArgs
- Customer
Managed boolKey Enabled - Boolean flag to indicate that the CMK should be used.
- Kms
Key stringArn - ARN of the KMS key to use.
- Customer
Managed boolKey Enabled - Boolean flag to indicate that the CMK should be used.
- Kms
Key stringArn - ARN of the KMS key to use.
- customer
Managed BooleanKey Enabled - Boolean flag to indicate that the CMK should be used.
- kms
Key StringArn - ARN of the KMS key to use.
- customer
Managed booleanKey Enabled - Boolean flag to indicate that the CMK should be used.
- kms
Key stringArn - ARN of the KMS key to use.
- customer_
managed_ boolkey_ enabled - Boolean flag to indicate that the CMK should be used.
- kms_
key_ strarn - ARN of the KMS key to use.
- customer
Managed BooleanKey Enabled - Boolean flag to indicate that the CMK should be used.
- kms
Key StringArn - ARN of the KMS key to use.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.