alicloud.cen.InstanceGrant
Explore with Pulumi AI
Provides a CEN child instance grant resource, which allow you to authorize a VPC or VBR to a CEN of a different account.
For more information about how to use it, see Attach a network in a different account.
NOTE: Available since v1.37.0.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
const config = new pulumi.Config();
const anotherUid = config.get("anotherUid") || "xxxx";
// Method 1: Use assume_role to operate resources in the target cen account, detail see https://registry.terraform.io/providers/aliyun/alicloud/latest/docs#assume-role
const childAccount = new alicloud.Provider("childAccount", {
region: "cn-hangzhou",
assumeRole: {
roleArn: `acs:ram::${anotherUid}:role/terraform-example-assume-role`,
},
});
// Method 2: Use the target cen account's access_key, secret_key
// provider "alicloud" {
// region = "cn-hangzhou"
// access_key = "access_key"
// secret_key = "secret_key"
// alias = "child_account"
// }
const yourAccount = new alicloud.Provider("yourAccount", {});
const yourAccountAccount = alicloud.getAccount({});
const childAccountAccount = alicloud.getAccount({});
const default = alicloud.getRegions({
current: true,
});
const exampleInstance = new alicloud.cen.Instance("exampleInstance", {
cenInstanceName: "tf_example",
description: "an example for cen",
}, {
provider: alicloud.your_account,
});
const childAccountNetwork = new alicloud.vpc.Network("childAccountNetwork", {
vpcName: "terraform-example",
cidrBlock: "172.17.3.0/24",
}, {
provider: alicloud.child_account,
});
const childAccountInstanceGrant = new alicloud.cen.InstanceGrant("childAccountInstanceGrant", {
cenId: exampleInstance.id,
childInstanceId: childAccountNetwork.id,
cenOwnerId: yourAccountAccount.then(yourAccountAccount => yourAccountAccount.id),
}, {
provider: alicloud.child_account,
});
const exampleInstanceAttachment = new alicloud.cen.InstanceAttachment("exampleInstanceAttachment", {
instanceId: exampleInstance.id,
childInstanceId: childAccountInstanceGrant.childInstanceId,
childInstanceType: "VPC",
childInstanceRegionId: _default.then(_default => _default.regions?.[0]?.id),
childInstanceOwnerId: childAccountAccount.then(childAccountAccount => childAccountAccount.id),
}, {
provider: alicloud.your_account,
});
import pulumi
import pulumi_alicloud as alicloud
config = pulumi.Config()
another_uid = config.get("anotherUid")
if another_uid is None:
another_uid = "xxxx"
# Method 1: Use assume_role to operate resources in the target cen account, detail see https://registry.terraform.io/providers/aliyun/alicloud/latest/docs#assume-role
child_account = alicloud.Provider("childAccount",
region="cn-hangzhou",
assume_role=alicloud.ProviderAssumeRoleArgs(
role_arn=f"acs:ram::{another_uid}:role/terraform-example-assume-role",
))
# Method 2: Use the target cen account's access_key, secret_key
# provider "alicloud" {
# region = "cn-hangzhou"
# access_key = "access_key"
# secret_key = "secret_key"
# alias = "child_account"
# }
your_account = alicloud.Provider("yourAccount")
your_account_account = alicloud.get_account()
child_account_account = alicloud.get_account()
default = alicloud.get_regions(current=True)
example_instance = alicloud.cen.Instance("exampleInstance",
cen_instance_name="tf_example",
description="an example for cen",
opts=pulumi.ResourceOptions(provider=alicloud["your_account"]))
child_account_network = alicloud.vpc.Network("childAccountNetwork",
vpc_name="terraform-example",
cidr_block="172.17.3.0/24",
opts=pulumi.ResourceOptions(provider=alicloud["child_account"]))
child_account_instance_grant = alicloud.cen.InstanceGrant("childAccountInstanceGrant",
cen_id=example_instance.id,
child_instance_id=child_account_network.id,
cen_owner_id=your_account_account.id,
opts=pulumi.ResourceOptions(provider=alicloud["child_account"]))
example_instance_attachment = alicloud.cen.InstanceAttachment("exampleInstanceAttachment",
instance_id=example_instance.id,
child_instance_id=child_account_instance_grant.child_instance_id,
child_instance_type="VPC",
child_instance_region_id=default.regions[0].id,
child_instance_owner_id=child_account_account.id,
opts=pulumi.ResourceOptions(provider=alicloud["your_account"]))
package main
import (
"fmt"
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud"
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/cen"
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/vpc"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
anotherUid := "xxxx"
if param := cfg.Get("anotherUid"); param != "" {
anotherUid = param
}
// Method 1: Use assume_role to operate resources in the target cen account, detail see https://registry.terraform.io/providers/aliyun/alicloud/latest/docs#assume-role
_, err := alicloud.NewProvider(ctx, "childAccount", &alicloud.ProviderArgs{
Region: pulumi.String("cn-hangzhou"),
AssumeRole: &alicloud.ProviderAssumeRoleArgs{
RoleArn: pulumi.String(fmt.Sprintf("acs:ram::%v:role/terraform-example-assume-role", anotherUid)),
},
})
if err != nil {
return err
}
_, err = alicloud.NewProvider(ctx, "yourAccount", nil)
if err != nil {
return err
}
yourAccountAccount, err := alicloud.GetAccount(ctx, nil, nil)
if err != nil {
return err
}
childAccountAccount, err := alicloud.GetAccount(ctx, nil, nil)
if err != nil {
return err
}
_default, err := alicloud.GetRegions(ctx, &alicloud.GetRegionsArgs{
Current: pulumi.BoolRef(true),
}, nil)
if err != nil {
return err
}
exampleInstance, err := cen.NewInstance(ctx, "exampleInstance", &cen.InstanceArgs{
CenInstanceName: pulumi.String("tf_example"),
Description: pulumi.String("an example for cen"),
}, pulumi.Provider(alicloud.Your_account))
if err != nil {
return err
}
childAccountNetwork, err := vpc.NewNetwork(ctx, "childAccountNetwork", &vpc.NetworkArgs{
VpcName: pulumi.String("terraform-example"),
CidrBlock: pulumi.String("172.17.3.0/24"),
}, pulumi.Provider(alicloud.Child_account))
if err != nil {
return err
}
childAccountInstanceGrant, err := cen.NewInstanceGrant(ctx, "childAccountInstanceGrant", &cen.InstanceGrantArgs{
CenId: exampleInstance.ID(),
ChildInstanceId: childAccountNetwork.ID(),
CenOwnerId: pulumi.String(yourAccountAccount.Id),
}, pulumi.Provider(alicloud.Child_account))
if err != nil {
return err
}
_, err = cen.NewInstanceAttachment(ctx, "exampleInstanceAttachment", &cen.InstanceAttachmentArgs{
InstanceId: exampleInstance.ID(),
ChildInstanceId: childAccountInstanceGrant.ChildInstanceId,
ChildInstanceType: pulumi.String("VPC"),
ChildInstanceRegionId: pulumi.String(_default.Regions[0].Id),
ChildInstanceOwnerId: pulumi.String(childAccountAccount.Id),
}, pulumi.Provider(alicloud.Your_account))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var anotherUid = config.Get("anotherUid") ?? "xxxx";
// Method 1: Use assume_role to operate resources in the target cen account, detail see https://registry.terraform.io/providers/aliyun/alicloud/latest/docs#assume-role
var childAccount = new AliCloud.Provider("childAccount", new()
{
Region = "cn-hangzhou",
AssumeRole = new AliCloud.Inputs.ProviderAssumeRoleArgs
{
RoleArn = $"acs:ram::{anotherUid}:role/terraform-example-assume-role",
},
});
// Method 2: Use the target cen account's access_key, secret_key
// provider "alicloud" {
// region = "cn-hangzhou"
// access_key = "access_key"
// secret_key = "secret_key"
// alias = "child_account"
// }
var yourAccount = new AliCloud.Provider("yourAccount");
var yourAccountAccount = AliCloud.GetAccount.Invoke();
var childAccountAccount = AliCloud.GetAccount.Invoke();
var @default = AliCloud.GetRegions.Invoke(new()
{
Current = true,
});
var exampleInstance = new AliCloud.Cen.Instance("exampleInstance", new()
{
CenInstanceName = "tf_example",
Description = "an example for cen",
}, new CustomResourceOptions
{
Provider = alicloud.Your_account,
});
var childAccountNetwork = new AliCloud.Vpc.Network("childAccountNetwork", new()
{
VpcName = "terraform-example",
CidrBlock = "172.17.3.0/24",
}, new CustomResourceOptions
{
Provider = alicloud.Child_account,
});
var childAccountInstanceGrant = new AliCloud.Cen.InstanceGrant("childAccountInstanceGrant", new()
{
CenId = exampleInstance.Id,
ChildInstanceId = childAccountNetwork.Id,
CenOwnerId = yourAccountAccount.Apply(getAccountResult => getAccountResult.Id),
}, new CustomResourceOptions
{
Provider = alicloud.Child_account,
});
var exampleInstanceAttachment = new AliCloud.Cen.InstanceAttachment("exampleInstanceAttachment", new()
{
InstanceId = exampleInstance.Id,
ChildInstanceId = childAccountInstanceGrant.ChildInstanceId,
ChildInstanceType = "VPC",
ChildInstanceRegionId = @default.Apply(@default => @default.Apply(getRegionsResult => getRegionsResult.Regions[0]?.Id)),
ChildInstanceOwnerId = childAccountAccount.Apply(getAccountResult => getAccountResult.Id),
}, new CustomResourceOptions
{
Provider = alicloud.Your_account,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.Provider;
import com.pulumi.alicloud.ProviderArgs;
import com.pulumi.alicloud.inputs.ProviderAssumeRoleArgs;
import com.pulumi.alicloud.AlicloudFunctions;
import com.pulumi.alicloud.inputs.GetRegionsArgs;
import com.pulumi.alicloud.cen.Instance;
import com.pulumi.alicloud.cen.InstanceArgs;
import com.pulumi.alicloud.vpc.Network;
import com.pulumi.alicloud.vpc.NetworkArgs;
import com.pulumi.alicloud.cen.InstanceGrant;
import com.pulumi.alicloud.cen.InstanceGrantArgs;
import com.pulumi.alicloud.cen.InstanceAttachment;
import com.pulumi.alicloud.cen.InstanceAttachmentArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var anotherUid = config.get("anotherUid").orElse("xxxx");
// Method 1: Use assume_role to operate resources in the target cen account, detail see https://registry.terraform.io/providers/aliyun/alicloud/latest/docs#assume-role
var childAccount = new Provider("childAccount", ProviderArgs.builder()
.region("cn-hangzhou")
.assumeRole(ProviderAssumeRoleArgs.builder()
.roleArn(String.format("acs:ram::%s:role/terraform-example-assume-role", anotherUid))
.build())
.build());
// Method 2: Use the target cen account's access_key, secret_key
// provider "alicloud" {
// region = "cn-hangzhou"
// access_key = "access_key"
// secret_key = "secret_key"
// alias = "child_account"
// }
var yourAccount = new Provider("yourAccount");
final var yourAccountAccount = AlicloudFunctions.getAccount();
final var childAccountAccount = AlicloudFunctions.getAccount();
final var default = AlicloudFunctions.getRegions(GetRegionsArgs.builder()
.current(true)
.build());
var exampleInstance = new Instance("exampleInstance", InstanceArgs.builder()
.cenInstanceName("tf_example")
.description("an example for cen")
.build(), CustomResourceOptions.builder()
.provider(alicloud.your_account())
.build());
var childAccountNetwork = new Network("childAccountNetwork", NetworkArgs.builder()
.vpcName("terraform-example")
.cidrBlock("172.17.3.0/24")
.build(), CustomResourceOptions.builder()
.provider(alicloud.child_account())
.build());
var childAccountInstanceGrant = new InstanceGrant("childAccountInstanceGrant", InstanceGrantArgs.builder()
.cenId(exampleInstance.id())
.childInstanceId(childAccountNetwork.id())
.cenOwnerId(yourAccountAccount.applyValue(getAccountResult -> getAccountResult.id()))
.build(), CustomResourceOptions.builder()
.provider(alicloud.child_account())
.build());
var exampleInstanceAttachment = new InstanceAttachment("exampleInstanceAttachment", InstanceAttachmentArgs.builder()
.instanceId(exampleInstance.id())
.childInstanceId(childAccountInstanceGrant.childInstanceId())
.childInstanceType("VPC")
.childInstanceRegionId(default_.regions()[0].id())
.childInstanceOwnerId(childAccountAccount.applyValue(getAccountResult -> getAccountResult.id()))
.build(), CustomResourceOptions.builder()
.provider(alicloud.your_account())
.build());
}
}
configuration:
anotherUid:
type: string
default: xxxx
resources:
# Method 1: Use assume_role to operate resources in the target cen account, detail see https://registry.terraform.io/providers/aliyun/alicloud/latest/docs#assume-role
childAccount: # Method 2: Use the target cen account's access_key, secret_key
# provider "alicloud" {
# region = "cn-hangzhou"
# access_key = "access_key"
# secret_key = "secret_key"
# alias = "child_account"
# }
type: pulumi:providers:alicloud
properties:
region: cn-hangzhou
assumeRole:
roleArn: acs:ram::${anotherUid}:role/terraform-example-assume-role
yourAccount:
type: pulumi:providers:alicloud
exampleInstance:
type: alicloud:cen:Instance
properties:
cenInstanceName: tf_example
description: an example for cen
options:
provider: ${alicloud.your_account}
childAccountNetwork:
type: alicloud:vpc:Network
properties:
vpcName: terraform-example
cidrBlock: 172.17.3.0/24
options:
provider: ${alicloud.child_account}
childAccountInstanceGrant:
type: alicloud:cen:InstanceGrant
properties:
cenId: ${exampleInstance.id}
childInstanceId: ${childAccountNetwork.id}
cenOwnerId: ${yourAccountAccount.id}
options:
provider: ${alicloud.child_account}
exampleInstanceAttachment:
type: alicloud:cen:InstanceAttachment
properties:
instanceId: ${exampleInstance.id}
childInstanceId: ${childAccountInstanceGrant.childInstanceId}
childInstanceType: VPC
childInstanceRegionId: ${default.regions[0].id}
childInstanceOwnerId: ${childAccountAccount.id}
options:
provider: ${alicloud.your_account}
variables:
yourAccountAccount:
fn::invoke:
Function: alicloud:getAccount
Arguments: {}
childAccountAccount:
fn::invoke:
Function: alicloud:getAccount
Arguments: {}
default:
fn::invoke:
Function: alicloud:getRegions
Arguments:
current: true
Create InstanceGrant Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new InstanceGrant(name: string, args: InstanceGrantArgs, opts?: CustomResourceOptions);
@overload
def InstanceGrant(resource_name: str,
args: InstanceGrantArgs,
opts: Optional[ResourceOptions] = None)
@overload
def InstanceGrant(resource_name: str,
opts: Optional[ResourceOptions] = None,
cen_id: Optional[str] = None,
cen_owner_id: Optional[str] = None,
child_instance_id: Optional[str] = None)
func NewInstanceGrant(ctx *Context, name string, args InstanceGrantArgs, opts ...ResourceOption) (*InstanceGrant, error)
public InstanceGrant(string name, InstanceGrantArgs args, CustomResourceOptions? opts = null)
public InstanceGrant(String name, InstanceGrantArgs args)
public InstanceGrant(String name, InstanceGrantArgs args, CustomResourceOptions options)
type: alicloud:cen:InstanceGrant
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args InstanceGrantArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args InstanceGrantArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args InstanceGrantArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args InstanceGrantArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args InstanceGrantArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var instanceGrantResource = new AliCloud.Cen.InstanceGrant("instanceGrantResource", new()
{
CenId = "string",
CenOwnerId = "string",
ChildInstanceId = "string",
});
example, err := cen.NewInstanceGrant(ctx, "instanceGrantResource", &cen.InstanceGrantArgs{
CenId: pulumi.String("string"),
CenOwnerId: pulumi.String("string"),
ChildInstanceId: pulumi.String("string"),
})
var instanceGrantResource = new InstanceGrant("instanceGrantResource", InstanceGrantArgs.builder()
.cenId("string")
.cenOwnerId("string")
.childInstanceId("string")
.build());
instance_grant_resource = alicloud.cen.InstanceGrant("instanceGrantResource",
cen_id="string",
cen_owner_id="string",
child_instance_id="string")
const instanceGrantResource = new alicloud.cen.InstanceGrant("instanceGrantResource", {
cenId: "string",
cenOwnerId: "string",
childInstanceId: "string",
});
type: alicloud:cen:InstanceGrant
properties:
cenId: string
cenOwnerId: string
childInstanceId: string
InstanceGrant Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The InstanceGrant resource accepts the following input properties:
- Cen
Id string - The ID of the CEN.
- Cen
Owner stringId - The owner UID of the CEN which the child instance granted to.
- Child
Instance stringId - The ID of the child instance to grant.
- Cen
Id string - The ID of the CEN.
- Cen
Owner stringId - The owner UID of the CEN which the child instance granted to.
- Child
Instance stringId - The ID of the child instance to grant.
- cen
Id String - The ID of the CEN.
- cen
Owner StringId - The owner UID of the CEN which the child instance granted to.
- child
Instance StringId - The ID of the child instance to grant.
- cen
Id string - The ID of the CEN.
- cen
Owner stringId - The owner UID of the CEN which the child instance granted to.
- child
Instance stringId - The ID of the child instance to grant.
- cen_
id str - The ID of the CEN.
- cen_
owner_ strid - The owner UID of the CEN which the child instance granted to.
- child_
instance_ strid - The ID of the child instance to grant.
- cen
Id String - The ID of the CEN.
- cen
Owner StringId - The owner UID of the CEN which the child instance granted to.
- child
Instance StringId - The ID of the child instance to grant.
Outputs
All input properties are implicitly available as output properties. Additionally, the InstanceGrant resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing InstanceGrant Resource
Get an existing InstanceGrant resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: InstanceGrantState, opts?: CustomResourceOptions): InstanceGrant
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
cen_id: Optional[str] = None,
cen_owner_id: Optional[str] = None,
child_instance_id: Optional[str] = None) -> InstanceGrant
func GetInstanceGrant(ctx *Context, name string, id IDInput, state *InstanceGrantState, opts ...ResourceOption) (*InstanceGrant, error)
public static InstanceGrant Get(string name, Input<string> id, InstanceGrantState? state, CustomResourceOptions? opts = null)
public static InstanceGrant get(String name, Output<String> id, InstanceGrantState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Cen
Id string - The ID of the CEN.
- Cen
Owner stringId - The owner UID of the CEN which the child instance granted to.
- Child
Instance stringId - The ID of the child instance to grant.
- Cen
Id string - The ID of the CEN.
- Cen
Owner stringId - The owner UID of the CEN which the child instance granted to.
- Child
Instance stringId - The ID of the child instance to grant.
- cen
Id String - The ID of the CEN.
- cen
Owner StringId - The owner UID of the CEN which the child instance granted to.
- child
Instance StringId - The ID of the child instance to grant.
- cen
Id string - The ID of the CEN.
- cen
Owner stringId - The owner UID of the CEN which the child instance granted to.
- child
Instance stringId - The ID of the child instance to grant.
- cen_
id str - The ID of the CEN.
- cen_
owner_ strid - The owner UID of the CEN which the child instance granted to.
- child_
instance_ strid - The ID of the child instance to grant.
- cen
Id String - The ID of the CEN.
- cen
Owner StringId - The owner UID of the CEN which the child instance granted to.
- child
Instance StringId - The ID of the child instance to grant.
Import
CEN instance can be imported using the id, e.g.
$ pulumi import alicloud:cen/instanceGrant:InstanceGrant example cen-abc123456:vpc-abc123456:uid123456
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Alibaba Cloud pulumi/pulumi-alicloud
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
alicloud
Terraform Provider.