Viewing docs for akeyless 2.0.1
published on Monday, Apr 27, 2026 by akeyless-community
published on Monday, Apr 27, 2026 by akeyless-community
Viewing docs for akeyless 2.0.1
published on Monday, Apr 27, 2026 by akeyless-community
published on Monday, Apr 27, 2026 by akeyless-community
AWS dynamic secret resource
Create DynamicSecretAws Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new DynamicSecretAws(name: string, args?: DynamicSecretAwsArgs, opts?: CustomResourceOptions);@overload
def DynamicSecretAws(resource_name: str,
args: Optional[DynamicSecretAwsArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def DynamicSecretAws(resource_name: str,
opts: Optional[ResourceOptions] = None,
access_mode: Optional[str] = None,
admin_rotation_interval_days: Optional[float] = None,
aws_access_key_id: Optional[str] = None,
aws_access_secret_key: Optional[str] = None,
aws_external_id: Optional[str] = None,
aws_role_arns: Optional[str] = None,
aws_user_console_access: Optional[bool] = None,
aws_user_groups: Optional[str] = None,
aws_user_policies: Optional[str] = None,
aws_user_programmatic_access: Optional[bool] = None,
custom_username_template: Optional[str] = None,
delete_protection: Optional[str] = None,
description: Optional[str] = None,
dynamic_secret_aws_id: Optional[str] = None,
enable_admin_rotation: Optional[bool] = None,
encryption_key_name: Optional[str] = None,
item_custom_fields: Optional[Mapping[str, str]] = None,
name: Optional[str] = None,
password_length: Optional[str] = None,
region: Optional[str] = None,
secure_access_aws_account_id: Optional[str] = None,
secure_access_aws_native_cli: Optional[bool] = None,
secure_access_aws_region: Optional[str] = None,
secure_access_bastion_issuer: Optional[str] = None,
secure_access_certificate_issuer: Optional[str] = None,
secure_access_delay: Optional[float] = None,
secure_access_enable: Optional[str] = None,
secure_access_url: Optional[str] = None,
secure_access_web: Optional[bool] = None,
secure_access_web_browsing: Optional[bool] = None,
secure_access_web_proxy: Optional[bool] = None,
session_tags: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
target_name: Optional[str] = None,
transitive_tag_keys: Optional[str] = None,
user_ttl: Optional[str] = None)func NewDynamicSecretAws(ctx *Context, name string, args *DynamicSecretAwsArgs, opts ...ResourceOption) (*DynamicSecretAws, error)public DynamicSecretAws(string name, DynamicSecretAwsArgs? args = null, CustomResourceOptions? opts = null)
public DynamicSecretAws(String name, DynamicSecretAwsArgs args)
public DynamicSecretAws(String name, DynamicSecretAwsArgs args, CustomResourceOptions options)
type: akeyless:DynamicSecretAws
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args DynamicSecretAwsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DynamicSecretAwsArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DynamicSecretAwsArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DynamicSecretAwsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DynamicSecretAwsArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var dynamicSecretAwsResource = new Akeyless.DynamicSecretAws("dynamicSecretAwsResource", new()
{
AccessMode = "string",
AdminRotationIntervalDays = 0,
AwsAccessKeyId = "string",
AwsAccessSecretKey = "string",
AwsExternalId = "string",
AwsRoleArns = "string",
AwsUserConsoleAccess = false,
AwsUserGroups = "string",
AwsUserPolicies = "string",
AwsUserProgrammaticAccess = false,
CustomUsernameTemplate = "string",
DeleteProtection = "string",
Description = "string",
DynamicSecretAwsId = "string",
EnableAdminRotation = false,
EncryptionKeyName = "string",
ItemCustomFields =
{
{ "string", "string" },
},
Name = "string",
PasswordLength = "string",
Region = "string",
SecureAccessAwsAccountId = "string",
SecureAccessAwsNativeCli = false,
SecureAccessAwsRegion = "string",
SecureAccessCertificateIssuer = "string",
SecureAccessDelay = 0,
SecureAccessEnable = "string",
SecureAccessUrl = "string",
SecureAccessWeb = false,
SecureAccessWebBrowsing = false,
SecureAccessWebProxy = false,
SessionTags = "string",
Tags = new[]
{
"string",
},
TargetName = "string",
TransitiveTagKeys = "string",
UserTtl = "string",
});
example, err := akeyless.NewDynamicSecretAws(ctx, "dynamicSecretAwsResource", &akeyless.DynamicSecretAwsArgs{
AccessMode: pulumi.String("string"),
AdminRotationIntervalDays: pulumi.Float64(0),
AwsAccessKeyId: pulumi.String("string"),
AwsAccessSecretKey: pulumi.String("string"),
AwsExternalId: pulumi.String("string"),
AwsRoleArns: pulumi.String("string"),
AwsUserConsoleAccess: pulumi.Bool(false),
AwsUserGroups: pulumi.String("string"),
AwsUserPolicies: pulumi.String("string"),
AwsUserProgrammaticAccess: pulumi.Bool(false),
CustomUsernameTemplate: pulumi.String("string"),
DeleteProtection: pulumi.String("string"),
Description: pulumi.String("string"),
DynamicSecretAwsId: pulumi.String("string"),
EnableAdminRotation: pulumi.Bool(false),
EncryptionKeyName: pulumi.String("string"),
ItemCustomFields: pulumi.StringMap{
"string": pulumi.String("string"),
},
Name: pulumi.String("string"),
PasswordLength: pulumi.String("string"),
Region: pulumi.String("string"),
SecureAccessAwsAccountId: pulumi.String("string"),
SecureAccessAwsNativeCli: pulumi.Bool(false),
SecureAccessAwsRegion: pulumi.String("string"),
SecureAccessCertificateIssuer: pulumi.String("string"),
SecureAccessDelay: pulumi.Float64(0),
SecureAccessEnable: pulumi.String("string"),
SecureAccessUrl: pulumi.String("string"),
SecureAccessWeb: pulumi.Bool(false),
SecureAccessWebBrowsing: pulumi.Bool(false),
SecureAccessWebProxy: pulumi.Bool(false),
SessionTags: pulumi.String("string"),
Tags: pulumi.StringArray{
pulumi.String("string"),
},
TargetName: pulumi.String("string"),
TransitiveTagKeys: pulumi.String("string"),
UserTtl: pulumi.String("string"),
})
var dynamicSecretAwsResource = new DynamicSecretAws("dynamicSecretAwsResource", DynamicSecretAwsArgs.builder()
.accessMode("string")
.adminRotationIntervalDays(0.0)
.awsAccessKeyId("string")
.awsAccessSecretKey("string")
.awsExternalId("string")
.awsRoleArns("string")
.awsUserConsoleAccess(false)
.awsUserGroups("string")
.awsUserPolicies("string")
.awsUserProgrammaticAccess(false)
.customUsernameTemplate("string")
.deleteProtection("string")
.description("string")
.dynamicSecretAwsId("string")
.enableAdminRotation(false)
.encryptionKeyName("string")
.itemCustomFields(Map.of("string", "string"))
.name("string")
.passwordLength("string")
.region("string")
.secureAccessAwsAccountId("string")
.secureAccessAwsNativeCli(false)
.secureAccessAwsRegion("string")
.secureAccessCertificateIssuer("string")
.secureAccessDelay(0.0)
.secureAccessEnable("string")
.secureAccessUrl("string")
.secureAccessWeb(false)
.secureAccessWebBrowsing(false)
.secureAccessWebProxy(false)
.sessionTags("string")
.tags("string")
.targetName("string")
.transitiveTagKeys("string")
.userTtl("string")
.build());
dynamic_secret_aws_resource = akeyless.DynamicSecretAws("dynamicSecretAwsResource",
access_mode="string",
admin_rotation_interval_days=float(0),
aws_access_key_id="string",
aws_access_secret_key="string",
aws_external_id="string",
aws_role_arns="string",
aws_user_console_access=False,
aws_user_groups="string",
aws_user_policies="string",
aws_user_programmatic_access=False,
custom_username_template="string",
delete_protection="string",
description="string",
dynamic_secret_aws_id="string",
enable_admin_rotation=False,
encryption_key_name="string",
item_custom_fields={
"string": "string",
},
name="string",
password_length="string",
region="string",
secure_access_aws_account_id="string",
secure_access_aws_native_cli=False,
secure_access_aws_region="string",
secure_access_certificate_issuer="string",
secure_access_delay=float(0),
secure_access_enable="string",
secure_access_url="string",
secure_access_web=False,
secure_access_web_browsing=False,
secure_access_web_proxy=False,
session_tags="string",
tags=["string"],
target_name="string",
transitive_tag_keys="string",
user_ttl="string")
const dynamicSecretAwsResource = new akeyless.DynamicSecretAws("dynamicSecretAwsResource", {
accessMode: "string",
adminRotationIntervalDays: 0,
awsAccessKeyId: "string",
awsAccessSecretKey: "string",
awsExternalId: "string",
awsRoleArns: "string",
awsUserConsoleAccess: false,
awsUserGroups: "string",
awsUserPolicies: "string",
awsUserProgrammaticAccess: false,
customUsernameTemplate: "string",
deleteProtection: "string",
description: "string",
dynamicSecretAwsId: "string",
enableAdminRotation: false,
encryptionKeyName: "string",
itemCustomFields: {
string: "string",
},
name: "string",
passwordLength: "string",
region: "string",
secureAccessAwsAccountId: "string",
secureAccessAwsNativeCli: false,
secureAccessAwsRegion: "string",
secureAccessCertificateIssuer: "string",
secureAccessDelay: 0,
secureAccessEnable: "string",
secureAccessUrl: "string",
secureAccessWeb: false,
secureAccessWebBrowsing: false,
secureAccessWebProxy: false,
sessionTags: "string",
tags: ["string"],
targetName: "string",
transitiveTagKeys: "string",
userTtl: "string",
});
type: akeyless:DynamicSecretAws
properties:
accessMode: string
adminRotationIntervalDays: 0
awsAccessKeyId: string
awsAccessSecretKey: string
awsExternalId: string
awsRoleArns: string
awsUserConsoleAccess: false
awsUserGroups: string
awsUserPolicies: string
awsUserProgrammaticAccess: false
customUsernameTemplate: string
deleteProtection: string
description: string
dynamicSecretAwsId: string
enableAdminRotation: false
encryptionKeyName: string
itemCustomFields:
string: string
name: string
passwordLength: string
region: string
secureAccessAwsAccountId: string
secureAccessAwsNativeCli: false
secureAccessAwsRegion: string
secureAccessCertificateIssuer: string
secureAccessDelay: 0
secureAccessEnable: string
secureAccessUrl: string
secureAccessWeb: false
secureAccessWebBrowsing: false
secureAccessWebProxy: false
sessionTags: string
tags:
- string
targetName: string
transitiveTagKeys: string
userTtl: string
DynamicSecretAws Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The DynamicSecretAws resource accepts the following input properties:
- Access
Mode string - The types of credentials to retrieve from AWS. Options:[iamuser,assumerole]
- Admin
Rotation doubleInterval Days - Admin credentials rotation interval (days)
- Aws
Access stringKey Id - Access Key ID
- Aws
Access stringSecret Key - Access Secret Key
- Aws
External stringId - The AWS External ID associated with the AWS role (relevant only for assume_role mode)
- Aws
Role stringArns - AWS Role ARNs to be use in the Assume Role operation. Multiple values should be separated by comma
- Aws
User boolConsole Access - Enable AWS User console access
- Aws
User stringGroups - UserGroup name(s). Multiple values should be separated by comma
- Aws
User stringPolicies - Policy ARN(s). Multiple values should be separated by comma
- Aws
User boolProgrammatic Access - Enable AWS User programmatic access
- Custom
Username stringTemplate - Customize how temporary usernames are generated using go template
- Delete
Protection string - Protection from accidental deletion of this object [true/false]
- Description string
- Description of the object
- Dynamic
Secret stringAws Id - The ID of this resource.
- Enable
Admin boolRotation - Automatic admin credentials rotation
- Encryption
Key stringName - Encrypt dynamic secret details with following key
- Item
Custom Dictionary<string, string>Fields - Additional custom fields to associate with the item
- Name string
- Dynamic secret name
- Password
Length string - The length of the password to be generated
- Region string
- Region
- Secure
Access stringAws Account Id - The aws account id
- Secure
Access boolAws Native Cli - The aws native cli
- Secure
Access stringAws Region - Secure
Access stringBastion Issuer - Path to the SSH Certificate Issuer for your Akeyless Bastion
- Secure
Access stringCertificate Issuer - Path to the SSH Certificate Issuer for your Akeyless Secure Access
- Secure
Access doubleDelay - The delay duration, in seconds, to wait after generating just-in-time credentials. Accepted range: 0-120 seconds
- Secure
Access stringEnable - Enable/Disable secure remote access, [true/false]
- Secure
Access stringUrl - Secure
Access boolWeb - Enable Web Secure Remote Access
- Secure
Access boolWeb Browsing - Secure browser via Akeyless Web Access Bastion
- Secure
Access boolWeb Proxy - Web-Proxy via Akeyless's Secure Remote Access (SRA)
- string
- Session tags, space separated, relevant only for Assumed Role. Format: Key=name,Value=val Key=name2,Value=val2
- List<string>
- List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2
- Target
Name string - Name of existing target to use in dynamic secret creation
- Transitive
Tag stringKeys - Transitive tag keys, space separated, relevant only for Assumed Role
- User
Ttl string - User TTL
- Access
Mode string - The types of credentials to retrieve from AWS. Options:[iamuser,assumerole]
- Admin
Rotation float64Interval Days - Admin credentials rotation interval (days)
- Aws
Access stringKey Id - Access Key ID
- Aws
Access stringSecret Key - Access Secret Key
- Aws
External stringId - The AWS External ID associated with the AWS role (relevant only for assume_role mode)
- Aws
Role stringArns - AWS Role ARNs to be use in the Assume Role operation. Multiple values should be separated by comma
- Aws
User boolConsole Access - Enable AWS User console access
- Aws
User stringGroups - UserGroup name(s). Multiple values should be separated by comma
- Aws
User stringPolicies - Policy ARN(s). Multiple values should be separated by comma
- Aws
User boolProgrammatic Access - Enable AWS User programmatic access
- Custom
Username stringTemplate - Customize how temporary usernames are generated using go template
- Delete
Protection string - Protection from accidental deletion of this object [true/false]
- Description string
- Description of the object
- Dynamic
Secret stringAws Id - The ID of this resource.
- Enable
Admin boolRotation - Automatic admin credentials rotation
- Encryption
Key stringName - Encrypt dynamic secret details with following key
- Item
Custom map[string]stringFields - Additional custom fields to associate with the item
- Name string
- Dynamic secret name
- Password
Length string - The length of the password to be generated
- Region string
- Region
- Secure
Access stringAws Account Id - The aws account id
- Secure
Access boolAws Native Cli - The aws native cli
- Secure
Access stringAws Region - Secure
Access stringBastion Issuer - Path to the SSH Certificate Issuer for your Akeyless Bastion
- Secure
Access stringCertificate Issuer - Path to the SSH Certificate Issuer for your Akeyless Secure Access
- Secure
Access float64Delay - The delay duration, in seconds, to wait after generating just-in-time credentials. Accepted range: 0-120 seconds
- Secure
Access stringEnable - Enable/Disable secure remote access, [true/false]
- Secure
Access stringUrl - Secure
Access boolWeb - Enable Web Secure Remote Access
- Secure
Access boolWeb Browsing - Secure browser via Akeyless Web Access Bastion
- Secure
Access boolWeb Proxy - Web-Proxy via Akeyless's Secure Remote Access (SRA)
- string
- Session tags, space separated, relevant only for Assumed Role. Format: Key=name,Value=val Key=name2,Value=val2
- []string
- List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2
- Target
Name string - Name of existing target to use in dynamic secret creation
- Transitive
Tag stringKeys - Transitive tag keys, space separated, relevant only for Assumed Role
- User
Ttl string - User TTL
- access
Mode String - The types of credentials to retrieve from AWS. Options:[iamuser,assumerole]
- admin
Rotation DoubleInterval Days - Admin credentials rotation interval (days)
- aws
Access StringKey Id - Access Key ID
- aws
Access StringSecret Key - Access Secret Key
- aws
External StringId - The AWS External ID associated with the AWS role (relevant only for assume_role mode)
- aws
Role StringArns - AWS Role ARNs to be use in the Assume Role operation. Multiple values should be separated by comma
- aws
User BooleanConsole Access - Enable AWS User console access
- aws
User StringGroups - UserGroup name(s). Multiple values should be separated by comma
- aws
User StringPolicies - Policy ARN(s). Multiple values should be separated by comma
- aws
User BooleanProgrammatic Access - Enable AWS User programmatic access
- custom
Username StringTemplate - Customize how temporary usernames are generated using go template
- delete
Protection String - Protection from accidental deletion of this object [true/false]
- description String
- Description of the object
- dynamic
Secret StringAws Id - The ID of this resource.
- enable
Admin BooleanRotation - Automatic admin credentials rotation
- encryption
Key StringName - Encrypt dynamic secret details with following key
- item
Custom Map<String,String>Fields - Additional custom fields to associate with the item
- name String
- Dynamic secret name
- password
Length String - The length of the password to be generated
- region String
- Region
- secure
Access StringAws Account Id - The aws account id
- secure
Access BooleanAws Native Cli - The aws native cli
- secure
Access StringAws Region - secure
Access StringBastion Issuer - Path to the SSH Certificate Issuer for your Akeyless Bastion
- secure
Access StringCertificate Issuer - Path to the SSH Certificate Issuer for your Akeyless Secure Access
- secure
Access DoubleDelay - The delay duration, in seconds, to wait after generating just-in-time credentials. Accepted range: 0-120 seconds
- secure
Access StringEnable - Enable/Disable secure remote access, [true/false]
- secure
Access StringUrl - secure
Access BooleanWeb - Enable Web Secure Remote Access
- secure
Access BooleanWeb Browsing - Secure browser via Akeyless Web Access Bastion
- secure
Access BooleanWeb Proxy - Web-Proxy via Akeyless's Secure Remote Access (SRA)
- String
- Session tags, space separated, relevant only for Assumed Role. Format: Key=name,Value=val Key=name2,Value=val2
- List<String>
- List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2
- target
Name String - Name of existing target to use in dynamic secret creation
- transitive
Tag StringKeys - Transitive tag keys, space separated, relevant only for Assumed Role
- user
Ttl String - User TTL
- access
Mode string - The types of credentials to retrieve from AWS. Options:[iamuser,assumerole]
- admin
Rotation numberInterval Days - Admin credentials rotation interval (days)
- aws
Access stringKey Id - Access Key ID
- aws
Access stringSecret Key - Access Secret Key
- aws
External stringId - The AWS External ID associated with the AWS role (relevant only for assume_role mode)
- aws
Role stringArns - AWS Role ARNs to be use in the Assume Role operation. Multiple values should be separated by comma
- aws
User booleanConsole Access - Enable AWS User console access
- aws
User stringGroups - UserGroup name(s). Multiple values should be separated by comma
- aws
User stringPolicies - Policy ARN(s). Multiple values should be separated by comma
- aws
User booleanProgrammatic Access - Enable AWS User programmatic access
- custom
Username stringTemplate - Customize how temporary usernames are generated using go template
- delete
Protection string - Protection from accidental deletion of this object [true/false]
- description string
- Description of the object
- dynamic
Secret stringAws Id - The ID of this resource.
- enable
Admin booleanRotation - Automatic admin credentials rotation
- encryption
Key stringName - Encrypt dynamic secret details with following key
- item
Custom {[key: string]: string}Fields - Additional custom fields to associate with the item
- name string
- Dynamic secret name
- password
Length string - The length of the password to be generated
- region string
- Region
- secure
Access stringAws Account Id - The aws account id
- secure
Access booleanAws Native Cli - The aws native cli
- secure
Access stringAws Region - secure
Access stringBastion Issuer - Path to the SSH Certificate Issuer for your Akeyless Bastion
- secure
Access stringCertificate Issuer - Path to the SSH Certificate Issuer for your Akeyless Secure Access
- secure
Access numberDelay - The delay duration, in seconds, to wait after generating just-in-time credentials. Accepted range: 0-120 seconds
- secure
Access stringEnable - Enable/Disable secure remote access, [true/false]
- secure
Access stringUrl - secure
Access booleanWeb - Enable Web Secure Remote Access
- secure
Access booleanWeb Browsing - Secure browser via Akeyless Web Access Bastion
- secure
Access booleanWeb Proxy - Web-Proxy via Akeyless's Secure Remote Access (SRA)
- string
- Session tags, space separated, relevant only for Assumed Role. Format: Key=name,Value=val Key=name2,Value=val2
- string[]
- List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2
- target
Name string - Name of existing target to use in dynamic secret creation
- transitive
Tag stringKeys - Transitive tag keys, space separated, relevant only for Assumed Role
- user
Ttl string - User TTL
- access_
mode str - The types of credentials to retrieve from AWS. Options:[iamuser,assumerole]
- admin_
rotation_ floatinterval_ days - Admin credentials rotation interval (days)
- aws_
access_ strkey_ id - Access Key ID
- aws_
access_ strsecret_ key - Access Secret Key
- aws_
external_ strid - The AWS External ID associated with the AWS role (relevant only for assume_role mode)
- aws_
role_ strarns - AWS Role ARNs to be use in the Assume Role operation. Multiple values should be separated by comma
- aws_
user_ boolconsole_ access - Enable AWS User console access
- aws_
user_ strgroups - UserGroup name(s). Multiple values should be separated by comma
- aws_
user_ strpolicies - Policy ARN(s). Multiple values should be separated by comma
- aws_
user_ boolprogrammatic_ access - Enable AWS User programmatic access
- custom_
username_ strtemplate - Customize how temporary usernames are generated using go template
- delete_
protection str - Protection from accidental deletion of this object [true/false]
- description str
- Description of the object
- dynamic_
secret_ straws_ id - The ID of this resource.
- enable_
admin_ boolrotation - Automatic admin credentials rotation
- encryption_
key_ strname - Encrypt dynamic secret details with following key
- item_
custom_ Mapping[str, str]fields - Additional custom fields to associate with the item
- name str
- Dynamic secret name
- password_
length str - The length of the password to be generated
- region str
- Region
- secure_
access_ straws_ account_ id - The aws account id
- secure_
access_ boolaws_ native_ cli - The aws native cli
- secure_
access_ straws_ region - secure_
access_ strbastion_ issuer - Path to the SSH Certificate Issuer for your Akeyless Bastion
- secure_
access_ strcertificate_ issuer - Path to the SSH Certificate Issuer for your Akeyless Secure Access
- secure_
access_ floatdelay - The delay duration, in seconds, to wait after generating just-in-time credentials. Accepted range: 0-120 seconds
- secure_
access_ strenable - Enable/Disable secure remote access, [true/false]
- secure_
access_ strurl - secure_
access_ boolweb - Enable Web Secure Remote Access
- secure_
access_ boolweb_ browsing - Secure browser via Akeyless Web Access Bastion
- secure_
access_ boolweb_ proxy - Web-Proxy via Akeyless's Secure Remote Access (SRA)
- str
- Session tags, space separated, relevant only for Assumed Role. Format: Key=name,Value=val Key=name2,Value=val2
- Sequence[str]
- List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2
- target_
name str - Name of existing target to use in dynamic secret creation
- transitive_
tag_ strkeys - Transitive tag keys, space separated, relevant only for Assumed Role
- user_
ttl str - User TTL
- access
Mode String - The types of credentials to retrieve from AWS. Options:[iamuser,assumerole]
- admin
Rotation NumberInterval Days - Admin credentials rotation interval (days)
- aws
Access StringKey Id - Access Key ID
- aws
Access StringSecret Key - Access Secret Key
- aws
External StringId - The AWS External ID associated with the AWS role (relevant only for assume_role mode)
- aws
Role StringArns - AWS Role ARNs to be use in the Assume Role operation. Multiple values should be separated by comma
- aws
User BooleanConsole Access - Enable AWS User console access
- aws
User StringGroups - UserGroup name(s). Multiple values should be separated by comma
- aws
User StringPolicies - Policy ARN(s). Multiple values should be separated by comma
- aws
User BooleanProgrammatic Access - Enable AWS User programmatic access
- custom
Username StringTemplate - Customize how temporary usernames are generated using go template
- delete
Protection String - Protection from accidental deletion of this object [true/false]
- description String
- Description of the object
- dynamic
Secret StringAws Id - The ID of this resource.
- enable
Admin BooleanRotation - Automatic admin credentials rotation
- encryption
Key StringName - Encrypt dynamic secret details with following key
- item
Custom Map<String>Fields - Additional custom fields to associate with the item
- name String
- Dynamic secret name
- password
Length String - The length of the password to be generated
- region String
- Region
- secure
Access StringAws Account Id - The aws account id
- secure
Access BooleanAws Native Cli - The aws native cli
- secure
Access StringAws Region - secure
Access StringBastion Issuer - Path to the SSH Certificate Issuer for your Akeyless Bastion
- secure
Access StringCertificate Issuer - Path to the SSH Certificate Issuer for your Akeyless Secure Access
- secure
Access NumberDelay - The delay duration, in seconds, to wait after generating just-in-time credentials. Accepted range: 0-120 seconds
- secure
Access StringEnable - Enable/Disable secure remote access, [true/false]
- secure
Access StringUrl - secure
Access BooleanWeb - Enable Web Secure Remote Access
- secure
Access BooleanWeb Browsing - Secure browser via Akeyless Web Access Bastion
- secure
Access BooleanWeb Proxy - Web-Proxy via Akeyless's Secure Remote Access (SRA)
- String
- Session tags, space separated, relevant only for Assumed Role. Format: Key=name,Value=val Key=name2,Value=val2
- List<String>
- List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2
- target
Name String - Name of existing target to use in dynamic secret creation
- transitive
Tag StringKeys - Transitive tag keys, space separated, relevant only for Assumed Role
- user
Ttl String - User TTL
Outputs
All input properties are implicitly available as output properties. Additionally, the DynamicSecretAws resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Use
Gw boolCloud Identity - Use the GW's Cloud IAM
- Id string
- The provider-assigned unique ID for this managed resource.
- Use
Gw boolCloud Identity - Use the GW's Cloud IAM
- id String
- The provider-assigned unique ID for this managed resource.
- use
Gw BooleanCloud Identity - Use the GW's Cloud IAM
- id string
- The provider-assigned unique ID for this managed resource.
- use
Gw booleanCloud Identity - Use the GW's Cloud IAM
- id str
- The provider-assigned unique ID for this managed resource.
- use_
gw_ boolcloud_ identity - Use the GW's Cloud IAM
- id String
- The provider-assigned unique ID for this managed resource.
- use
Gw BooleanCloud Identity - Use the GW's Cloud IAM
Look up Existing DynamicSecretAws Resource
Get an existing DynamicSecretAws resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: DynamicSecretAwsState, opts?: CustomResourceOptions): DynamicSecretAws@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_mode: Optional[str] = None,
admin_rotation_interval_days: Optional[float] = None,
aws_access_key_id: Optional[str] = None,
aws_access_secret_key: Optional[str] = None,
aws_external_id: Optional[str] = None,
aws_role_arns: Optional[str] = None,
aws_user_console_access: Optional[bool] = None,
aws_user_groups: Optional[str] = None,
aws_user_policies: Optional[str] = None,
aws_user_programmatic_access: Optional[bool] = None,
custom_username_template: Optional[str] = None,
delete_protection: Optional[str] = None,
description: Optional[str] = None,
dynamic_secret_aws_id: Optional[str] = None,
enable_admin_rotation: Optional[bool] = None,
encryption_key_name: Optional[str] = None,
item_custom_fields: Optional[Mapping[str, str]] = None,
name: Optional[str] = None,
password_length: Optional[str] = None,
region: Optional[str] = None,
secure_access_aws_account_id: Optional[str] = None,
secure_access_aws_native_cli: Optional[bool] = None,
secure_access_aws_region: Optional[str] = None,
secure_access_bastion_issuer: Optional[str] = None,
secure_access_certificate_issuer: Optional[str] = None,
secure_access_delay: Optional[float] = None,
secure_access_enable: Optional[str] = None,
secure_access_url: Optional[str] = None,
secure_access_web: Optional[bool] = None,
secure_access_web_browsing: Optional[bool] = None,
secure_access_web_proxy: Optional[bool] = None,
session_tags: Optional[str] = None,
tags: Optional[Sequence[str]] = None,
target_name: Optional[str] = None,
transitive_tag_keys: Optional[str] = None,
use_gw_cloud_identity: Optional[bool] = None,
user_ttl: Optional[str] = None) -> DynamicSecretAwsfunc GetDynamicSecretAws(ctx *Context, name string, id IDInput, state *DynamicSecretAwsState, opts ...ResourceOption) (*DynamicSecretAws, error)public static DynamicSecretAws Get(string name, Input<string> id, DynamicSecretAwsState? state, CustomResourceOptions? opts = null)public static DynamicSecretAws get(String name, Output<String> id, DynamicSecretAwsState state, CustomResourceOptions options)resources: _: type: akeyless:DynamicSecretAws get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Mode string - The types of credentials to retrieve from AWS. Options:[iamuser,assumerole]
- Admin
Rotation doubleInterval Days - Admin credentials rotation interval (days)
- Aws
Access stringKey Id - Access Key ID
- Aws
Access stringSecret Key - Access Secret Key
- Aws
External stringId - The AWS External ID associated with the AWS role (relevant only for assume_role mode)
- Aws
Role stringArns - AWS Role ARNs to be use in the Assume Role operation. Multiple values should be separated by comma
- Aws
User boolConsole Access - Enable AWS User console access
- Aws
User stringGroups - UserGroup name(s). Multiple values should be separated by comma
- Aws
User stringPolicies - Policy ARN(s). Multiple values should be separated by comma
- Aws
User boolProgrammatic Access - Enable AWS User programmatic access
- Custom
Username stringTemplate - Customize how temporary usernames are generated using go template
- Delete
Protection string - Protection from accidental deletion of this object [true/false]
- Description string
- Description of the object
- Dynamic
Secret stringAws Id - The ID of this resource.
- Enable
Admin boolRotation - Automatic admin credentials rotation
- Encryption
Key stringName - Encrypt dynamic secret details with following key
- Item
Custom Dictionary<string, string>Fields - Additional custom fields to associate with the item
- Name string
- Dynamic secret name
- Password
Length string - The length of the password to be generated
- Region string
- Region
- Secure
Access stringAws Account Id - The aws account id
- Secure
Access boolAws Native Cli - The aws native cli
- Secure
Access stringAws Region - Secure
Access stringBastion Issuer - Path to the SSH Certificate Issuer for your Akeyless Bastion
- Secure
Access stringCertificate Issuer - Path to the SSH Certificate Issuer for your Akeyless Secure Access
- Secure
Access doubleDelay - The delay duration, in seconds, to wait after generating just-in-time credentials. Accepted range: 0-120 seconds
- Secure
Access stringEnable - Enable/Disable secure remote access, [true/false]
- Secure
Access stringUrl - Secure
Access boolWeb - Enable Web Secure Remote Access
- Secure
Access boolWeb Browsing - Secure browser via Akeyless Web Access Bastion
- Secure
Access boolWeb Proxy - Web-Proxy via Akeyless's Secure Remote Access (SRA)
- string
- Session tags, space separated, relevant only for Assumed Role. Format: Key=name,Value=val Key=name2,Value=val2
- List<string>
- List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2
- Target
Name string - Name of existing target to use in dynamic secret creation
- Transitive
Tag stringKeys - Transitive tag keys, space separated, relevant only for Assumed Role
- Use
Gw boolCloud Identity - Use the GW's Cloud IAM
- User
Ttl string - User TTL
- Access
Mode string - The types of credentials to retrieve from AWS. Options:[iamuser,assumerole]
- Admin
Rotation float64Interval Days - Admin credentials rotation interval (days)
- Aws
Access stringKey Id - Access Key ID
- Aws
Access stringSecret Key - Access Secret Key
- Aws
External stringId - The AWS External ID associated with the AWS role (relevant only for assume_role mode)
- Aws
Role stringArns - AWS Role ARNs to be use in the Assume Role operation. Multiple values should be separated by comma
- Aws
User boolConsole Access - Enable AWS User console access
- Aws
User stringGroups - UserGroup name(s). Multiple values should be separated by comma
- Aws
User stringPolicies - Policy ARN(s). Multiple values should be separated by comma
- Aws
User boolProgrammatic Access - Enable AWS User programmatic access
- Custom
Username stringTemplate - Customize how temporary usernames are generated using go template
- Delete
Protection string - Protection from accidental deletion of this object [true/false]
- Description string
- Description of the object
- Dynamic
Secret stringAws Id - The ID of this resource.
- Enable
Admin boolRotation - Automatic admin credentials rotation
- Encryption
Key stringName - Encrypt dynamic secret details with following key
- Item
Custom map[string]stringFields - Additional custom fields to associate with the item
- Name string
- Dynamic secret name
- Password
Length string - The length of the password to be generated
- Region string
- Region
- Secure
Access stringAws Account Id - The aws account id
- Secure
Access boolAws Native Cli - The aws native cli
- Secure
Access stringAws Region - Secure
Access stringBastion Issuer - Path to the SSH Certificate Issuer for your Akeyless Bastion
- Secure
Access stringCertificate Issuer - Path to the SSH Certificate Issuer for your Akeyless Secure Access
- Secure
Access float64Delay - The delay duration, in seconds, to wait after generating just-in-time credentials. Accepted range: 0-120 seconds
- Secure
Access stringEnable - Enable/Disable secure remote access, [true/false]
- Secure
Access stringUrl - Secure
Access boolWeb - Enable Web Secure Remote Access
- Secure
Access boolWeb Browsing - Secure browser via Akeyless Web Access Bastion
- Secure
Access boolWeb Proxy - Web-Proxy via Akeyless's Secure Remote Access (SRA)
- string
- Session tags, space separated, relevant only for Assumed Role. Format: Key=name,Value=val Key=name2,Value=val2
- []string
- List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2
- Target
Name string - Name of existing target to use in dynamic secret creation
- Transitive
Tag stringKeys - Transitive tag keys, space separated, relevant only for Assumed Role
- Use
Gw boolCloud Identity - Use the GW's Cloud IAM
- User
Ttl string - User TTL
- access
Mode String - The types of credentials to retrieve from AWS. Options:[iamuser,assumerole]
- admin
Rotation DoubleInterval Days - Admin credentials rotation interval (days)
- aws
Access StringKey Id - Access Key ID
- aws
Access StringSecret Key - Access Secret Key
- aws
External StringId - The AWS External ID associated with the AWS role (relevant only for assume_role mode)
- aws
Role StringArns - AWS Role ARNs to be use in the Assume Role operation. Multiple values should be separated by comma
- aws
User BooleanConsole Access - Enable AWS User console access
- aws
User StringGroups - UserGroup name(s). Multiple values should be separated by comma
- aws
User StringPolicies - Policy ARN(s). Multiple values should be separated by comma
- aws
User BooleanProgrammatic Access - Enable AWS User programmatic access
- custom
Username StringTemplate - Customize how temporary usernames are generated using go template
- delete
Protection String - Protection from accidental deletion of this object [true/false]
- description String
- Description of the object
- dynamic
Secret StringAws Id - The ID of this resource.
- enable
Admin BooleanRotation - Automatic admin credentials rotation
- encryption
Key StringName - Encrypt dynamic secret details with following key
- item
Custom Map<String,String>Fields - Additional custom fields to associate with the item
- name String
- Dynamic secret name
- password
Length String - The length of the password to be generated
- region String
- Region
- secure
Access StringAws Account Id - The aws account id
- secure
Access BooleanAws Native Cli - The aws native cli
- secure
Access StringAws Region - secure
Access StringBastion Issuer - Path to the SSH Certificate Issuer for your Akeyless Bastion
- secure
Access StringCertificate Issuer - Path to the SSH Certificate Issuer for your Akeyless Secure Access
- secure
Access DoubleDelay - The delay duration, in seconds, to wait after generating just-in-time credentials. Accepted range: 0-120 seconds
- secure
Access StringEnable - Enable/Disable secure remote access, [true/false]
- secure
Access StringUrl - secure
Access BooleanWeb - Enable Web Secure Remote Access
- secure
Access BooleanWeb Browsing - Secure browser via Akeyless Web Access Bastion
- secure
Access BooleanWeb Proxy - Web-Proxy via Akeyless's Secure Remote Access (SRA)
- String
- Session tags, space separated, relevant only for Assumed Role. Format: Key=name,Value=val Key=name2,Value=val2
- List<String>
- List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2
- target
Name String - Name of existing target to use in dynamic secret creation
- transitive
Tag StringKeys - Transitive tag keys, space separated, relevant only for Assumed Role
- use
Gw BooleanCloud Identity - Use the GW's Cloud IAM
- user
Ttl String - User TTL
- access
Mode string - The types of credentials to retrieve from AWS. Options:[iamuser,assumerole]
- admin
Rotation numberInterval Days - Admin credentials rotation interval (days)
- aws
Access stringKey Id - Access Key ID
- aws
Access stringSecret Key - Access Secret Key
- aws
External stringId - The AWS External ID associated with the AWS role (relevant only for assume_role mode)
- aws
Role stringArns - AWS Role ARNs to be use in the Assume Role operation. Multiple values should be separated by comma
- aws
User booleanConsole Access - Enable AWS User console access
- aws
User stringGroups - UserGroup name(s). Multiple values should be separated by comma
- aws
User stringPolicies - Policy ARN(s). Multiple values should be separated by comma
- aws
User booleanProgrammatic Access - Enable AWS User programmatic access
- custom
Username stringTemplate - Customize how temporary usernames are generated using go template
- delete
Protection string - Protection from accidental deletion of this object [true/false]
- description string
- Description of the object
- dynamic
Secret stringAws Id - The ID of this resource.
- enable
Admin booleanRotation - Automatic admin credentials rotation
- encryption
Key stringName - Encrypt dynamic secret details with following key
- item
Custom {[key: string]: string}Fields - Additional custom fields to associate with the item
- name string
- Dynamic secret name
- password
Length string - The length of the password to be generated
- region string
- Region
- secure
Access stringAws Account Id - The aws account id
- secure
Access booleanAws Native Cli - The aws native cli
- secure
Access stringAws Region - secure
Access stringBastion Issuer - Path to the SSH Certificate Issuer for your Akeyless Bastion
- secure
Access stringCertificate Issuer - Path to the SSH Certificate Issuer for your Akeyless Secure Access
- secure
Access numberDelay - The delay duration, in seconds, to wait after generating just-in-time credentials. Accepted range: 0-120 seconds
- secure
Access stringEnable - Enable/Disable secure remote access, [true/false]
- secure
Access stringUrl - secure
Access booleanWeb - Enable Web Secure Remote Access
- secure
Access booleanWeb Browsing - Secure browser via Akeyless Web Access Bastion
- secure
Access booleanWeb Proxy - Web-Proxy via Akeyless's Secure Remote Access (SRA)
- string
- Session tags, space separated, relevant only for Assumed Role. Format: Key=name,Value=val Key=name2,Value=val2
- string[]
- List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2
- target
Name string - Name of existing target to use in dynamic secret creation
- transitive
Tag stringKeys - Transitive tag keys, space separated, relevant only for Assumed Role
- use
Gw booleanCloud Identity - Use the GW's Cloud IAM
- user
Ttl string - User TTL
- access_
mode str - The types of credentials to retrieve from AWS. Options:[iamuser,assumerole]
- admin_
rotation_ floatinterval_ days - Admin credentials rotation interval (days)
- aws_
access_ strkey_ id - Access Key ID
- aws_
access_ strsecret_ key - Access Secret Key
- aws_
external_ strid - The AWS External ID associated with the AWS role (relevant only for assume_role mode)
- aws_
role_ strarns - AWS Role ARNs to be use in the Assume Role operation. Multiple values should be separated by comma
- aws_
user_ boolconsole_ access - Enable AWS User console access
- aws_
user_ strgroups - UserGroup name(s). Multiple values should be separated by comma
- aws_
user_ strpolicies - Policy ARN(s). Multiple values should be separated by comma
- aws_
user_ boolprogrammatic_ access - Enable AWS User programmatic access
- custom_
username_ strtemplate - Customize how temporary usernames are generated using go template
- delete_
protection str - Protection from accidental deletion of this object [true/false]
- description str
- Description of the object
- dynamic_
secret_ straws_ id - The ID of this resource.
- enable_
admin_ boolrotation - Automatic admin credentials rotation
- encryption_
key_ strname - Encrypt dynamic secret details with following key
- item_
custom_ Mapping[str, str]fields - Additional custom fields to associate with the item
- name str
- Dynamic secret name
- password_
length str - The length of the password to be generated
- region str
- Region
- secure_
access_ straws_ account_ id - The aws account id
- secure_
access_ boolaws_ native_ cli - The aws native cli
- secure_
access_ straws_ region - secure_
access_ strbastion_ issuer - Path to the SSH Certificate Issuer for your Akeyless Bastion
- secure_
access_ strcertificate_ issuer - Path to the SSH Certificate Issuer for your Akeyless Secure Access
- secure_
access_ floatdelay - The delay duration, in seconds, to wait after generating just-in-time credentials. Accepted range: 0-120 seconds
- secure_
access_ strenable - Enable/Disable secure remote access, [true/false]
- secure_
access_ strurl - secure_
access_ boolweb - Enable Web Secure Remote Access
- secure_
access_ boolweb_ browsing - Secure browser via Akeyless Web Access Bastion
- secure_
access_ boolweb_ proxy - Web-Proxy via Akeyless's Secure Remote Access (SRA)
- str
- Session tags, space separated, relevant only for Assumed Role. Format: Key=name,Value=val Key=name2,Value=val2
- Sequence[str]
- List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2
- target_
name str - Name of existing target to use in dynamic secret creation
- transitive_
tag_ strkeys - Transitive tag keys, space separated, relevant only for Assumed Role
- use_
gw_ boolcloud_ identity - Use the GW's Cloud IAM
- user_
ttl str - User TTL
- access
Mode String - The types of credentials to retrieve from AWS. Options:[iamuser,assumerole]
- admin
Rotation NumberInterval Days - Admin credentials rotation interval (days)
- aws
Access StringKey Id - Access Key ID
- aws
Access StringSecret Key - Access Secret Key
- aws
External StringId - The AWS External ID associated with the AWS role (relevant only for assume_role mode)
- aws
Role StringArns - AWS Role ARNs to be use in the Assume Role operation. Multiple values should be separated by comma
- aws
User BooleanConsole Access - Enable AWS User console access
- aws
User StringGroups - UserGroup name(s). Multiple values should be separated by comma
- aws
User StringPolicies - Policy ARN(s). Multiple values should be separated by comma
- aws
User BooleanProgrammatic Access - Enable AWS User programmatic access
- custom
Username StringTemplate - Customize how temporary usernames are generated using go template
- delete
Protection String - Protection from accidental deletion of this object [true/false]
- description String
- Description of the object
- dynamic
Secret StringAws Id - The ID of this resource.
- enable
Admin BooleanRotation - Automatic admin credentials rotation
- encryption
Key StringName - Encrypt dynamic secret details with following key
- item
Custom Map<String>Fields - Additional custom fields to associate with the item
- name String
- Dynamic secret name
- password
Length String - The length of the password to be generated
- region String
- Region
- secure
Access StringAws Account Id - The aws account id
- secure
Access BooleanAws Native Cli - The aws native cli
- secure
Access StringAws Region - secure
Access StringBastion Issuer - Path to the SSH Certificate Issuer for your Akeyless Bastion
- secure
Access StringCertificate Issuer - Path to the SSH Certificate Issuer for your Akeyless Secure Access
- secure
Access NumberDelay - The delay duration, in seconds, to wait after generating just-in-time credentials. Accepted range: 0-120 seconds
- secure
Access StringEnable - Enable/Disable secure remote access, [true/false]
- secure
Access StringUrl - secure
Access BooleanWeb - Enable Web Secure Remote Access
- secure
Access BooleanWeb Browsing - Secure browser via Akeyless Web Access Bastion
- secure
Access BooleanWeb Proxy - Web-Proxy via Akeyless's Secure Remote Access (SRA)
- String
- Session tags, space separated, relevant only for Assumed Role. Format: Key=name,Value=val Key=name2,Value=val2
- List<String>
- List of the tags attached to this secret. To specify multiple tags use argument multiple times: -t Tag1 -t Tag2
- target
Name String - Name of existing target to use in dynamic secret creation
- transitive
Tag StringKeys - Transitive tag keys, space separated, relevant only for Assumed Role
- use
Gw BooleanCloud Identity - Use the GW's Cloud IAM
- user
Ttl String - User TTL
Package Details
- Repository
- akeyless akeyless-community/terraform-provider-akeyless
- License
- Notes
- This Pulumi package is based on the
akeylessTerraform Provider.
Viewing docs for akeyless 2.0.1
published on Monday, Apr 27, 2026 by akeyless-community
published on Monday, Apr 27, 2026 by akeyless-community
