Docs Home
AWS v6.77.0 published on Wednesday, Apr 9, 2025 by Pulumi
aws.iam.getRoles
Explore with Pulumi AI
Use this data source to get the ARNs and Names of IAM Roles.
Example Usage
All roles in an account
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const roles = aws.iam.getRoles({});
import pulumi
import pulumi_aws as aws
roles = aws.iam.get_roles()
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iam.GetRoles(ctx, &iam.GetRolesArgs{}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var roles = Aws.Iam.GetRoles.Invoke();
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetRolesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var roles = IamFunctions.getRoles(GetRolesArgs.builder()
.build());
}
}
variables:
roles:
fn::invoke:
function: aws:iam:getRoles
arguments: {}
Roles filtered by name regex
Roles whose role-name contains project
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const roles = aws.iam.getRoles({
nameRegex: ".*project.*",
});
import pulumi
import pulumi_aws as aws
roles = aws.iam.get_roles(name_regex=".*project.*")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iam.GetRoles(ctx, &iam.GetRolesArgs{
NameRegex: pulumi.StringRef(".*project.*"),
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var roles = Aws.Iam.GetRoles.Invoke(new()
{
NameRegex = ".*project.*",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetRolesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var roles = IamFunctions.getRoles(GetRolesArgs.builder()
.nameRegex(".*project.*")
.build());
}
}
variables:
roles:
fn::invoke:
function: aws:iam:getRoles
arguments:
nameRegex: .*project.*
Roles filtered by path prefix
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const roles = aws.iam.getRoles({
pathPrefix: "/custom-path",
});
import pulumi
import pulumi_aws as aws
roles = aws.iam.get_roles(path_prefix="/custom-path")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iam.GetRoles(ctx, &iam.GetRolesArgs{
PathPrefix: pulumi.StringRef("/custom-path"),
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var roles = Aws.Iam.GetRoles.Invoke(new()
{
PathPrefix = "/custom-path",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetRolesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var roles = IamFunctions.getRoles(GetRolesArgs.builder()
.pathPrefix("/custom-path")
.build());
}
}
variables:
roles:
fn::invoke:
function: aws:iam:getRoles
arguments:
pathPrefix: /custom-path
Roles provisioned by AWS SSO
Roles in the account filtered by path prefix
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const roles = aws.iam.getRoles({
pathPrefix: "/aws-reserved/sso.amazonaws.com/",
});
import pulumi
import pulumi_aws as aws
roles = aws.iam.get_roles(path_prefix="/aws-reserved/sso.amazonaws.com/")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iam.GetRoles(ctx, &iam.GetRolesArgs{
PathPrefix: pulumi.StringRef("/aws-reserved/sso.amazonaws.com/"),
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var roles = Aws.Iam.GetRoles.Invoke(new()
{
PathPrefix = "/aws-reserved/sso.amazonaws.com/",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetRolesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var roles = IamFunctions.getRoles(GetRolesArgs.builder()
.pathPrefix("/aws-reserved/sso.amazonaws.com/")
.build());
}
}
variables:
roles:
fn::invoke:
function: aws:iam:getRoles
arguments:
pathPrefix: /aws-reserved/sso.amazonaws.com/
Specific role in the account filtered by name regex and path prefix
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const roles = aws.iam.getRoles({
nameRegex: "AWSReservedSSO_permission_set_name_.*",
pathPrefix: "/aws-reserved/sso.amazonaws.com/",
});
import pulumi
import pulumi_aws as aws
roles = aws.iam.get_roles(name_regex="AWSReservedSSO_permission_set_name_.*",
path_prefix="/aws-reserved/sso.amazonaws.com/")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iam.GetRoles(ctx, &iam.GetRolesArgs{
NameRegex: pulumi.StringRef("AWSReservedSSO_permission_set_name_.*"),
PathPrefix: pulumi.StringRef("/aws-reserved/sso.amazonaws.com/"),
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var roles = Aws.Iam.GetRoles.Invoke(new()
{
NameRegex = "AWSReservedSSO_permission_set_name_.*",
PathPrefix = "/aws-reserved/sso.amazonaws.com/",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetRolesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var roles = IamFunctions.getRoles(GetRolesArgs.builder()
.nameRegex("AWSReservedSSO_permission_set_name_.*")
.pathPrefix("/aws-reserved/sso.amazonaws.com/")
.build());
}
}
variables:
roles:
fn::invoke:
function: aws:iam:getRoles
arguments:
nameRegex: AWSReservedSSO_permission_set_name_.*
pathPrefix: /aws-reserved/sso.amazonaws.com/
Using getRoles
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getRoles(args: GetRolesArgs, opts?: InvokeOptions): Promise<GetRolesResult>
function getRolesOutput(args: GetRolesOutputArgs, opts?: InvokeOptions): Output<GetRolesResult>def get_roles(name_regex: Optional[str] = None,
path_prefix: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetRolesResult
def get_roles_output(name_regex: Optional[pulumi.Input[str]] = None,
path_prefix: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetRolesResult]func GetRoles(ctx *Context, args *GetRolesArgs, opts ...InvokeOption) (*GetRolesResult, error)
func GetRolesOutput(ctx *Context, args *GetRolesOutputArgs, opts ...InvokeOption) GetRolesResultOutput> Note: This function is named GetRoles in the Go SDK.
public static class GetRoles
{
public static Task<GetRolesResult> InvokeAsync(GetRolesArgs args, InvokeOptions? opts = null)
public static Output<GetRolesResult> Invoke(GetRolesInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetRolesResult> getRoles(GetRolesArgs args, InvokeOptions options)
public static Output<GetRolesResult> getRoles(GetRolesArgs args, InvokeOptions options)
fn::invoke:
function: aws:iam/getRoles:getRoles
arguments:
# arguments dictionaryThe following arguments are supported:
- Name
Regex string - Regex string to apply to the IAM roles list returned by AWS. This allows more advanced filtering not supported from the AWS API. This filtering is done locally on what AWS returns, and could have a performance impact if the result is large. Combine this with other options to narrow down the list AWS returns.
- Path
Prefix string - Path prefix for filtering the results. For example, the prefix
/application_abc/component_xyz/gets all roles whose path starts with/application_abc/component_xyz/. If it is not included, it defaults to a slash (/), listing all roles. For more details, check out [list-roles in the AWS CLI reference][1].
- Name
Regex string - Regex string to apply to the IAM roles list returned by AWS. This allows more advanced filtering not supported from the AWS API. This filtering is done locally on what AWS returns, and could have a performance impact if the result is large. Combine this with other options to narrow down the list AWS returns.
- Path
Prefix string - Path prefix for filtering the results. For example, the prefix
/application_abc/component_xyz/gets all roles whose path starts with/application_abc/component_xyz/. If it is not included, it defaults to a slash (/), listing all roles. For more details, check out [list-roles in the AWS CLI reference][1].
- name
Regex String - Regex string to apply to the IAM roles list returned by AWS. This allows more advanced filtering not supported from the AWS API. This filtering is done locally on what AWS returns, and could have a performance impact if the result is large. Combine this with other options to narrow down the list AWS returns.
- path
Prefix String - Path prefix for filtering the results. For example, the prefix
/application_abc/component_xyz/gets all roles whose path starts with/application_abc/component_xyz/. If it is not included, it defaults to a slash (/), listing all roles. For more details, check out [list-roles in the AWS CLI reference][1].
- name
Regex string - Regex string to apply to the IAM roles list returned by AWS. This allows more advanced filtering not supported from the AWS API. This filtering is done locally on what AWS returns, and could have a performance impact if the result is large. Combine this with other options to narrow down the list AWS returns.
- path
Prefix string - Path prefix for filtering the results. For example, the prefix
/application_abc/component_xyz/gets all roles whose path starts with/application_abc/component_xyz/. If it is not included, it defaults to a slash (/), listing all roles. For more details, check out [list-roles in the AWS CLI reference][1].
- name_
regex str - Regex string to apply to the IAM roles list returned by AWS. This allows more advanced filtering not supported from the AWS API. This filtering is done locally on what AWS returns, and could have a performance impact if the result is large. Combine this with other options to narrow down the list AWS returns.
- path_
prefix str - Path prefix for filtering the results. For example, the prefix
/application_abc/component_xyz/gets all roles whose path starts with/application_abc/component_xyz/. If it is not included, it defaults to a slash (/), listing all roles. For more details, check out [list-roles in the AWS CLI reference][1].
- name
Regex String - Regex string to apply to the IAM roles list returned by AWS. This allows more advanced filtering not supported from the AWS API. This filtering is done locally on what AWS returns, and could have a performance impact if the result is large. Combine this with other options to narrow down the list AWS returns.
- path
Prefix String - Path prefix for filtering the results. For example, the prefix
/application_abc/component_xyz/gets all roles whose path starts with/application_abc/component_xyz/. If it is not included, it defaults to a slash (/), listing all roles. For more details, check out [list-roles in the AWS CLI reference][1].
getRoles Result
The following output properties are available:
- Arns List<string>
- Set of ARNs of the matched IAM roles.
- Id string
- The provider-assigned unique ID for this managed resource.
- Names List<string>
- Set of Names of the matched IAM roles.
- Name
Regex string - Path
Prefix string
- Arns []string
- Set of ARNs of the matched IAM roles.
- Id string
- The provider-assigned unique ID for this managed resource.
- Names []string
- Set of Names of the matched IAM roles.
- Name
Regex string - Path
Prefix string
- arns List<String>
- Set of ARNs of the matched IAM roles.
- id String
- The provider-assigned unique ID for this managed resource.
- names List<String>
- Set of Names of the matched IAM roles.
- name
Regex String - path
Prefix String
- arns string[]
- Set of ARNs of the matched IAM roles.
- id string
- The provider-assigned unique ID for this managed resource.
- names string[]
- Set of Names of the matched IAM roles.
- name
Regex string - path
Prefix string
- arns Sequence[str]
- Set of ARNs of the matched IAM roles.
- id str
- The provider-assigned unique ID for this managed resource.
- names Sequence[str]
- Set of Names of the matched IAM roles.
- name_
regex str - path_
prefix str
- arns List<String>
- Set of ARNs of the matched IAM roles.
- id String
- The provider-assigned unique ID for this managed resource.
- names List<String>
- Set of Names of the matched IAM roles.
- name
Regex String - path
Prefix String
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.