NetworkInterfaceSecurityGroupAttachment

This resource attaches a security group to an Elastic Network Interface (ENI). It can be used to attach a security group to any existing ENI, be it a secondary ENI or one attached as the primary interface on an instance.

NOTE on instances, interfaces, and security groups: This provider currently provides the capability to assign security groups via the aws.ec2.Instance and the aws.ec2.NetworkInterface resources. Using this resource in conjunction with security groups provided in-line in those resources will cause conflicts, and will lead to spurious diffs and undefined behavior - please use one or the other.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var ami = Output.Create(Aws.Ec2.GetAmi.InvokeAsync(new Aws.Ec2.GetAmiArgs
        {
            MostRecent = true,
            Filters = 
            {
                new Aws.Ec2.Inputs.GetAmiFilterArgs
                {
                    Name = "name",
                    Values = 
                    {
                        "amzn-ami-hvm-*",
                    },
                },
            },
            Owners = 
            {
                "amazon",
            },
        }));
        var instance = new Aws.Ec2.Instance("instance", new Aws.Ec2.InstanceArgs
        {
            InstanceType = "t2.micro",
            Ami = ami.Apply(ami => ami.Id),
            Tags = 
            {
                { "type", "test-instance" },
            },
        });
        var sg = new Aws.Ec2.SecurityGroup("sg", new Aws.Ec2.SecurityGroupArgs
        {
            Tags = 
            {
                { "type", "test-security-group" },
            },
        });
        var sgAttachment = new Aws.Ec2.NetworkInterfaceSecurityGroupAttachment("sgAttachment", new Aws.Ec2.NetworkInterfaceSecurityGroupAttachmentArgs
        {
            SecurityGroupId = sg.Id,
            NetworkInterfaceId = instance.PrimaryNetworkInterfaceId,
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		opt0 := true
		ami, err := ec2.LookupAmi(ctx, &ec2.LookupAmiArgs{
			MostRecent: &opt0,
			Filters: []ec2.GetAmiFilter{
				ec2.GetAmiFilter{
					Name: "name",
					Values: []string{
						"amzn-ami-hvm-*",
					},
				},
			},
			Owners: []string{
				"amazon",
			},
		}, nil)
		if err != nil {
			return err
		}
		instance, err := ec2.NewInstance(ctx, "instance", &ec2.InstanceArgs{
			InstanceType: pulumi.String("t2.micro"),
			Ami:          pulumi.String(ami.Id),
			Tags: pulumi.StringMap{
				"type": pulumi.String("test-instance"),
			},
		})
		if err != nil {
			return err
		}
		sg, err := ec2.NewSecurityGroup(ctx, "sg", &ec2.SecurityGroupArgs{
			Tags: pulumi.StringMap{
				"type": pulumi.String("test-security-group"),
			},
		})
		if err != nil {
			return err
		}
		_, err = ec2.NewNetworkInterfaceSecurityGroupAttachment(ctx, "sgAttachment", &ec2.NetworkInterfaceSecurityGroupAttachmentArgs{
			SecurityGroupId:    sg.ID(),
			NetworkInterfaceId: instance.PrimaryNetworkInterfaceId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_aws as aws

ami = aws.ec2.get_ami(most_recent=True,
    filters=[aws.ec2.GetAmiFilterArgs(
        name="name",
        values=["amzn-ami-hvm-*"],
    )],
    owners=["amazon"])
instance = aws.ec2.Instance("instance",
    instance_type="t2.micro",
    ami=ami.id,
    tags={
        "type": "test-instance",
    })
sg = aws.ec2.SecurityGroup("sg", tags={
    "type": "test-security-group",
})
sg_attachment = aws.ec2.NetworkInterfaceSecurityGroupAttachment("sgAttachment",
    security_group_id=sg.id,
    network_interface_id=instance.primary_network_interface_id)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const ami = aws.ec2.getAmi({
    mostRecent: true,
    filters: [{
        name: "name",
        values: ["amzn-ami-hvm-*"],
    }],
    owners: ["amazon"],
});
const instance = new aws.ec2.Instance("instance", {
    instanceType: "t2.micro",
    ami: ami.then(ami => ami.id),
    tags: {
        type: "test-instance",
    },
});
const sg = new aws.ec2.SecurityGroup("sg", {tags: {
    type: "test-security-group",
}});
const sgAttachment = new aws.ec2.NetworkInterfaceSecurityGroupAttachment("sgAttachment", {
    securityGroupId: sg.id,
    networkInterfaceId: instance.primaryNetworkInterfaceId,
});

Create a NetworkInterfaceSecurityGroupAttachment Resource

new NetworkInterfaceSecurityGroupAttachment(name: string, args: NetworkInterfaceSecurityGroupAttachmentArgs, opts?: CustomResourceOptions);
@overload
def NetworkInterfaceSecurityGroupAttachment(resource_name: str,
                                            opts: Optional[ResourceOptions] = None,
                                            network_interface_id: Optional[str] = None,
                                            security_group_id: Optional[str] = None)
@overload
def NetworkInterfaceSecurityGroupAttachment(resource_name: str,
                                            args: NetworkInterfaceSecurityGroupAttachmentArgs,
                                            opts: Optional[ResourceOptions] = None)
func NewNetworkInterfaceSecurityGroupAttachment(ctx *Context, name string, args NetworkInterfaceSecurityGroupAttachmentArgs, opts ...ResourceOption) (*NetworkInterfaceSecurityGroupAttachment, error)
public NetworkInterfaceSecurityGroupAttachment(string name, NetworkInterfaceSecurityGroupAttachmentArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args NetworkInterfaceSecurityGroupAttachmentArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args NetworkInterfaceSecurityGroupAttachmentArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args NetworkInterfaceSecurityGroupAttachmentArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args NetworkInterfaceSecurityGroupAttachmentArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

NetworkInterfaceSecurityGroupAttachment Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The NetworkInterfaceSecurityGroupAttachment resource accepts the following input properties:

NetworkInterfaceId string
The ID of the network interface to attach to.
SecurityGroupId string
The ID of the security group.
NetworkInterfaceId string
The ID of the network interface to attach to.
SecurityGroupId string
The ID of the security group.
networkInterfaceId string
The ID of the network interface to attach to.
securityGroupId string
The ID of the security group.
network_interface_id str
The ID of the network interface to attach to.
security_group_id str
The ID of the security group.

Outputs

All input properties are implicitly available as output properties. Additionally, the NetworkInterfaceSecurityGroupAttachment resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing NetworkInterfaceSecurityGroupAttachment Resource

Get an existing NetworkInterfaceSecurityGroupAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: NetworkInterfaceSecurityGroupAttachmentState, opts?: CustomResourceOptions): NetworkInterfaceSecurityGroupAttachment
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        network_interface_id: Optional[str] = None,
        security_group_id: Optional[str] = None) -> NetworkInterfaceSecurityGroupAttachment
func GetNetworkInterfaceSecurityGroupAttachment(ctx *Context, name string, id IDInput, state *NetworkInterfaceSecurityGroupAttachmentState, opts ...ResourceOption) (*NetworkInterfaceSecurityGroupAttachment, error)
public static NetworkInterfaceSecurityGroupAttachment Get(string name, Input<string> id, NetworkInterfaceSecurityGroupAttachmentState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

NetworkInterfaceId string
The ID of the network interface to attach to.
SecurityGroupId string
The ID of the security group.
NetworkInterfaceId string
The ID of the network interface to attach to.
SecurityGroupId string
The ID of the security group.
networkInterfaceId string
The ID of the network interface to attach to.
securityGroupId string
The ID of the security group.
network_interface_id str
The ID of the network interface to attach to.
security_group_id str
The ID of the security group.

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.