Show / Hide Table of Contents

Namespace Pulumi.Aws.Ec2

Classes

Ami

The AMI resource allows the creation and management of a completely-custom Amazon Machine Image (AMI).

If you just want to duplicate an existing AMI, possibly copying it to another region, it's better to use aws.ec2.AmiCopy instead.

If you just want to share an existing AMI with another AWS account, it's better to use aws.ec2.AmiLaunchPermission instead.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    // Create an AMI that will start a machine whose root device is backed by
    // an EBS volume populated from a snapshot. It is assumed that such a snapshot
    // already exists with the id "snap-xxxxxxxx".
    var example = new Aws.Ec2.Ami("example", new Aws.Ec2.AmiArgs
    {
        EbsBlockDevices = 
        {
            new Aws.Ec2.Inputs.AmiEbsBlockDeviceArgs
            {
                DeviceName = "/dev/xvda",
                SnapshotId = "snap-xxxxxxxx",
                VolumeSize = 8,
            },
        },
        RootDeviceName = "/dev/xvda",
        VirtualizationType = "hvm",
    });
}

}

AmiArgs

AmiCopy

The "AMI copy" resource allows duplication of an Amazon Machine Image (AMI), including cross-region copies.

If the source AMI has associated EBS snapshots, those will also be duplicated along with the AMI.

This is useful for taking a single AMI provisioned in one region and making it available in another for a multi-region deployment.

Copying an AMI can take several minutes. The creation of this resource will block until the new AMI is available for use on new instances.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var example = new Aws.Ec2.AmiCopy("example", new Aws.Ec2.AmiCopyArgs
    {
        Description = "A copy of ami-xxxxxxxx",
        SourceAmiId = "ami-xxxxxxxx",
        SourceAmiRegion = "us-west-1",
        Tags = 
        {
            { "Name", "HelloWorld" },
        },
    });
}

}

AmiCopyArgs

AmiCopyState

AmiFromInstance

The "AMI from instance" resource allows the creation of an Amazon Machine Image (AMI) modelled after an existing EBS-backed EC2 instance.

The created AMI will refer to implicitly-created snapshots of the instance's EBS volumes and mimick its assigned block device configuration at the time the resource is created.

This resource is best applied to an instance that is stopped when this instance is created, so that the contents of the created image are predictable. When applied to an instance that is running, the instance will be stopped before taking the snapshots and then started back up again, resulting in a period of downtime.

Note that the source instance is inspected only at the initial creation of this resource. Ongoing updates to the referenced instance will not be propagated into the generated AMI. Users may taint or otherwise recreate the resource in order to produce a fresh snapshot.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var example = new Aws.Ec2.AmiFromInstance("example", new Aws.Ec2.AmiFromInstanceArgs
    {
        SourceInstanceId = "i-xxxxxxxx",
    });
}

}

AmiFromInstanceArgs

AmiFromInstanceState

AmiLaunchPermission

Adds launch permission to Amazon Machine Image (AMI) from another AWS account.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var example = new Aws.Ec2.AmiLaunchPermission("example", new Aws.Ec2.AmiLaunchPermissionArgs
    {
        AccountId = "123456789012",
        ImageId = "ami-12345678",
    });
}

}

AmiLaunchPermissionArgs

AmiLaunchPermissionState

AmiState

AvailabilityZoneGroup

Manages an EC2 Availability Zone Group, such as updating its opt-in status.

NOTE: This is an advanced resource. The provider will automatically assume management of the EC2 Availability Zone Group without import and perform no actions on removal from configuration.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var example = new Aws.Ec2.AvailabilityZoneGroup("example", new Aws.Ec2.AvailabilityZoneGroupArgs
    {
        GroupName = "us-west-2-lax-1",
        OptInStatus = "opted-in",
    });
}

}

AvailabilityZoneGroupArgs

AvailabilityZoneGroupState

CapacityReservation

Provides an EC2 Capacity Reservation. This allows you to reserve capacity for your Amazon EC2 instances in a specific Availability Zone for any duration.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var @default = new Aws.Ec2.CapacityReservation("default", new Aws.Ec2.CapacityReservationArgs
    {
        AvailabilityZone = "eu-west-1a",
        InstanceCount = 1,
        InstancePlatform = "Linux/UNIX",
        InstanceType = "t2.micro",
    });
}

}

CapacityReservationArgs

CapacityReservationState

CustomerGateway

Provides a customer gateway inside a VPC. These objects can be connected to VPN gateways via VPN connections, and allow you to establish tunnels between your network and the VPC.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var main = new Aws.Ec2.CustomerGateway("main", new Aws.Ec2.CustomerGatewayArgs
    {
        BgpAsn = 65000,
        IpAddress = "172.83.124.10",
        Tags = 
        {
            { "Name", "main-customer-gateway" },
        },
        Type = "ipsec.1",
    });
}

}

CustomerGatewayArgs

CustomerGatewayState

DefaultNetworkAcl

Provides a resource to manage the default AWS Network ACL. VPC Only.

Each VPC created in AWS comes with a Default Network ACL that can be managed, but not destroyed. This is an advanced resource, and has special caveats to be aware of when using it. Please read this document in its entirety before using this resource.

The aws.ec2.DefaultNetworkAcl behaves differently from normal resources, in that this provider does not create this resource, but instead attempts to "adopt" it into management. We can do this because each VPC created has a Default Network ACL that cannot be destroyed, and is created with a known set of default rules.

When this provider first adopts the Default Network ACL, it immediately removes all rules in the ACL. It then proceeds to create any rules specified in the configuration. This step is required so that only the rules specified in the configuration are created.

This resource treats its inline rules as absolute; only the rules defined inline are created, and any additions/removals external to this resource will result in diffs being shown. For these reasons, this resource is incompatible with the aws.ec2.NetworkAclRule resource.

For more information about Network ACLs, see the AWS Documentation on [Network ACLs][aws-network-acls].

Basic Example Usage, with default rules

The following config gives the Default Network ACL the same rules that AWS includes, but pulls the resource under management by this provider. This means that any ACL rules added or changed will be detected as drift.

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var mainvpc = new Aws.Ec2.Vpc("mainvpc", new Aws.Ec2.VpcArgs
    {
        CidrBlock = "10.1.0.0/16",
    });
    var @default = new Aws.Ec2.DefaultNetworkAcl("default", new Aws.Ec2.DefaultNetworkAclArgs
    {
        DefaultNetworkAclId = mainvpc.DefaultNetworkAclId,
        Ingress = 
        {
            new Aws.Ec2.Inputs.DefaultNetworkAclIngressArgs
            {
                Protocol = -1,
                RuleNo = 100,
                Action = "allow",
                CidrBlock = mainvpc.CidrBlock,
                FromPort = 0,
                ToPort = 0,
            },
        },
        Egress = 
        {
            new Aws.Ec2.Inputs.DefaultNetworkAclEgressArgs
            {
                Protocol = -1,
                RuleNo = 100,
                Action = "allow",
                CidrBlock = "0.0.0.0/0",
                FromPort = 0,
                ToPort = 0,
            },
        },
    });
}

}

Example config to deny all Egress traffic, allowing Ingress

The following denies all Egress traffic by omitting any egress rules, while including the default ingress rule to allow all traffic.

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var mainvpc = new Aws.Ec2.Vpc("mainvpc", new Aws.Ec2.VpcArgs
    {
        CidrBlock = "10.1.0.0/16",
    });
    var @default = new Aws.Ec2.DefaultNetworkAcl("default", new Aws.Ec2.DefaultNetworkAclArgs
    {
        DefaultNetworkAclId = mainvpc.DefaultNetworkAclId,
        Ingress = 
        {
            new Aws.Ec2.Inputs.DefaultNetworkAclIngressArgs
            {
                Protocol = -1,
                RuleNo = 100,
                Action = "allow",
                CidrBlock = mainvpc.CidrBlock,
                FromPort = 0,
                ToPort = 0,
            },
        },
    });
}

}

Example config to deny all traffic to any Subnet in the Default Network ACL

This config denies all traffic in the Default ACL. This can be useful if you want a locked down default to force all resources in the VPC to assign a non-default ACL.

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var mainvpc = new Aws.Ec2.Vpc("mainvpc", new Aws.Ec2.VpcArgs
    {
        CidrBlock = "10.1.0.0/16",
    });
    var @default = new Aws.Ec2.DefaultNetworkAcl("default", new Aws.Ec2.DefaultNetworkAclArgs
    {
        DefaultNetworkAclId = mainvpc.DefaultNetworkAclId,
    });
}

}

DefaultNetworkAclArgs

DefaultNetworkAclState

DefaultRouteTable

Provides a resource to manage a Default VPC Routing Table.

Each VPC created in AWS comes with a Default Route Table that can be managed, but not destroyed. This is an advanced resource, and has special caveats to be aware of when using it. Please read this document in its entirety before using this resource. It is recommended you do not use both aws.ec2.DefaultRouteTable to manage the default route table and use the aws.ec2.MainRouteTableAssociation, due to possible conflict in routes.

The aws.ec2.DefaultRouteTable behaves differently from normal resources, in that this provider does not create this resource, but instead attempts to "adopt" it into management. We can do this because each VPC created has a Default Route Table that cannot be destroyed, and is created with a single route.

When this provider first adopts the Default Route Table, it immediately removes all defined routes. It then proceeds to create any routes specified in the configuration. This step is required so that only the routes specified in the configuration present in the Default Route Table.

For more information about Route Tables, see the AWS Documentation on [Route Tables][aws-route-tables].

For more information about managing normal Route Tables in this provider, see our documentation on [aws.ec2.RouteTable][tf-route-tables].

NOTE on Route Tables and Routes: This provider currently provides both a standalone Route resource and a Route Table resource with routes defined in-line. At this time you cannot use a Route Table with in-line routes in conjunction with any Route resources. Doing so will cause a conflict of rule settings and will overwrite routes.

Example usage with tags

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var defaultRouteTable = new Aws.Ec2.DefaultRouteTable("defaultRouteTable", new Aws.Ec2.DefaultRouteTableArgs
    {
        DefaultRouteTableId = aws_vpc.Foo.Default_route_table_id,
        Routes = 
        {
            ,
        },
        Tags = 
        {
            { "Name", "default table" },
        },
    });
}

}

DefaultRouteTableArgs

DefaultRouteTableState

DefaultSecurityGroup

Provides a resource to manage the default AWS Security Group.

For EC2 Classic accounts, each region comes with a Default Security Group. Additionally, each VPC created in AWS comes with a Default Security Group that can be managed, but not destroyed. This is an advanced resource, and has special caveats to be aware of when using it. Please read this document in its entirety before using this resource.

The aws.ec2.DefaultSecurityGroup behaves differently from normal resources, in that this provider does not create this resource, but instead "adopts" it into management. We can do this because these default security groups cannot be destroyed, and are created with a known set of default ingress/egress rules.

When this provider first adopts the Default Security Group, it immediately removes all ingress and egress rules in the Security Group. It then proceeds to create any rules specified in the configuration. This step is required so that only the rules specified in the configuration are created.

This resource treats its inline rules as absolute; only the rules defined inline are created, and any additions/removals external to this resource will result in diff shown. For these reasons, this resource is incompatible with the aws.ec2.SecurityGroupRule resource.

For more information about Default Security Groups, see the AWS Documentation on [Default Security Groups][aws-default-security-groups].

Basic Example Usage, with default rules

The following config gives the Default Security Group the same rules that AWS provides by default, but pulls the resource under management by this provider. This means that any ingress or egress rules added or changed will be detected as drift.

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var mainvpc = new Aws.Ec2.Vpc("mainvpc", new Aws.Ec2.VpcArgs
    {
        CidrBlock = "10.1.0.0/16",
    });
    var @default = new Aws.Ec2.DefaultSecurityGroup("default", new Aws.Ec2.DefaultSecurityGroupArgs
    {
        Egress = 
        {
            new Aws.Ec2.Inputs.DefaultSecurityGroupEgressArgs
            {
                CidrBlocks = 
                {
                    "0.0.0.0/0",
                },
                FromPort = 0,
                Protocol = "-1",
                ToPort = 0,
            },
        },
        Ingress = 
        {
            new Aws.Ec2.Inputs.DefaultSecurityGroupIngressArgs
            {
                FromPort = 0,
                Protocol = -1,
                Self = true,
                ToPort = 0,
            },
        },
        VpcId = mainvpc.Id,
    });
}

}

Example config to deny all Egress traffic, allowing Ingress

The following denies all Egress traffic by omitting any egress rules, while including the default ingress rule to allow all traffic.

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var mainvpc = new Aws.Ec2.Vpc("mainvpc", new Aws.Ec2.VpcArgs
    {
        CidrBlock = "10.1.0.0/16",
    });
    var @default = new Aws.Ec2.DefaultSecurityGroup("default", new Aws.Ec2.DefaultSecurityGroupArgs
    {
        Ingress = 
        {
            new Aws.Ec2.Inputs.DefaultSecurityGroupIngressArgs
            {
                FromPort = 0,
                Protocol = -1,
                Self = true,
                ToPort = 0,
            },
        },
        VpcId = mainvpc.Id,
    });
}

}

Usage

With the exceptions mentioned above, aws.ec2.DefaultSecurityGroup should identical behavior to aws.ec2.SecurityGroup. Please consult AWS_SECURITY_GROUP for further usage documentation.

Removing aws.ec2.DefaultSecurityGroup from your configuration

Each AWS VPC (or region, if using EC2 Classic) comes with a Default Security Group that cannot be deleted. The aws.ec2.DefaultSecurityGroup allows you to manage this Security Group, but this provider cannot destroy it. Removing this resource from your configuration will remove it from your statefile and management, but will not destroy the Security Group. All ingress or egress rules will be left as they are at the time of removal. You can resume managing them via the AWS Console.

DefaultSecurityGroupArgs

DefaultSecurityGroupState

DefaultSubnet

Provides a resource to manage a default AWS VPC subnet in the current region.

The aws.ec2.DefaultSubnet behaves differently from normal resources, in that this provider does not create this resource, but instead "adopts" it into management.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var defaultAz1 = new Aws.Ec2.DefaultSubnet("defaultAz1", new Aws.Ec2.DefaultSubnetArgs
    {
        AvailabilityZone = "us-west-2a",
        Tags = 
        {
            { "Name", "Default subnet for us-west-2a" },
        },
    });
}

}

DefaultSubnetArgs

DefaultSubnetState

DefaultVpc

Provides a resource to manage the default AWS VPC in the current region.

For AWS accounts created after 2013-12-04, each region comes with a Default VPC. This is an advanced resource, and has special caveats to be aware of when using it. Please read this document in its entirety before using this resource.

The aws.ec2.DefaultVpc behaves differently from normal resources, in that this provider does not create this resource, but instead "adopts" it into management.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var @default = new Aws.Ec2.DefaultVpc("default", new Aws.Ec2.DefaultVpcArgs
    {
        Tags = 
        {
            { "Name", "Default VPC" },
        },
    });
}

}

DefaultVpcArgs

DefaultVpcDhcpOptions

Provides a resource to manage the default AWS DHCP Options Set in the current region.

Each AWS region comes with a default set of DHCP options. This is an advanced resource, and has special caveats to be aware of when using it. Please read this document in its entirety before using this resource.

The aws.ec2.DefaultVpcDhcpOptions behaves differently from normal resources, in that this provider does not create this resource, but instead "adopts" it into management.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var @default = new Aws.Ec2.DefaultVpcDhcpOptions("default", new Aws.Ec2.DefaultVpcDhcpOptionsArgs
    {
        Tags = 
        {
            { "Name", "Default DHCP Option Set" },
        },
    });
}

}

DefaultVpcDhcpOptionsArgs

DefaultVpcDhcpOptionsState

DefaultVpcState

EgressOnlyInternetGateway

[IPv6 only] Creates an egress-only Internet gateway for your VPC. An egress-only Internet gateway is used to enable outbound communication over IPv6 from instances in your VPC to the Internet, and prevents hosts outside of your VPC from initiating an IPv6 connection with your instance.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var exampleVpc = new Aws.Ec2.Vpc("exampleVpc", new Aws.Ec2.VpcArgs
    {
        AssignGeneratedIpv6CidrBlock = true,
        CidrBlock = "10.1.0.0/16",
    });
    var exampleEgressOnlyInternetGateway = new Aws.Ec2.EgressOnlyInternetGateway("exampleEgressOnlyInternetGateway", new Aws.Ec2.EgressOnlyInternetGatewayArgs
    {
        Tags = 
        {
            { "Name", "main" },
        },
        VpcId = exampleVpc.Id,
    });
}

}

EgressOnlyInternetGatewayArgs

EgressOnlyInternetGatewayState

Eip

Provides an Elastic IP resource.

Note: EIP may require IGW to exist prior to association. Use depends_on to set an explicit dependency on the IGW.

Note: Do not use network_interface to associate the EIP to aws.lb.LoadBalancer or aws.ec2.NatGateway resources. Instead use the allocation_id available in those resources to allow AWS to manage the association, otherwise you will see AuthFailure errors.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var lb = new Aws.Ec2.Eip("lb", new Aws.Ec2.EipArgs
    {
        Instance = aws_instance.Web.Id,
        Vpc = true,
    });
}

}

EipArgs

EipAssociation

Provides an AWS EIP Association as a top level resource, to associate and disassociate Elastic IPs from AWS Instances and Network Interfaces.

NOTE: Do not use this resource to associate an EIP to aws.lb.LoadBalancer or aws.ec2.NatGateway resources. Instead use the allocation_id available in those resources to allow AWS to manage the association, otherwise you will see AuthFailure errors.

NOTE: aws.ec2.EipAssociation is useful in scenarios where EIPs are either pre-existing or distributed to customers or users and therefore cannot be changed.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var web = new Aws.Ec2.Instance("web", new Aws.Ec2.InstanceArgs
    {
        Ami = "ami-21f78e11",
        AvailabilityZone = "us-west-2a",
        InstanceType = "t1.micro",
        Tags = 
        {
            { "Name", "HelloWorld" },
        },
    });
    var example = new Aws.Ec2.Eip("example", new Aws.Ec2.EipArgs
    {
        Vpc = true,
    });
    var eipAssoc = new Aws.Ec2.EipAssociation("eipAssoc", new Aws.Ec2.EipAssociationArgs
    {
        AllocationId = example.Id,
        InstanceId = web.Id,
    });
}

}

EipAssociationArgs

EipAssociationState

EipState

Fleet

Provides a resource to manage EC2 Fleets.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var example = new Aws.Ec2.Fleet("example", new Aws.Ec2.FleetArgs
    {
        LaunchTemplateConfig = new Aws.Ec2.Inputs.FleetLaunchTemplateConfigArgs
        {
            LaunchTemplateSpecification = new Aws.Ec2.Inputs.FleetLaunchTemplateConfigLaunchTemplateSpecificationArgs
            {
                LaunchTemplateId = aws_launch_template.Example.Id,
                Version = aws_launch_template.Example.Latest_version,
            },
        },
        TargetCapacitySpecification = new Aws.Ec2.Inputs.FleetTargetCapacitySpecificationArgs
        {
            DefaultTargetCapacityType = "spot",
            TotalTargetCapacity = 5,
        },
    });
}

}

FleetArgs

FleetState

FlowLog

Provides a VPC/Subnet/ENI Flow Log to capture IP traffic for a specific network interface, subnet, or VPC. Logs are sent to a CloudWatch Log Group or a S3 Bucket.

Example Usage

CloudWatch Logging

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var exampleLogGroup = new Aws.CloudWatch.LogGroup("exampleLogGroup", new Aws.CloudWatch.LogGroupArgs
    {
    });
    var exampleRole = new Aws.Iam.Role("exampleRole", new Aws.Iam.RoleArgs
    {
        AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
  ""Sid"": """",
  ""Effect"": ""Allow"",
  ""Principal"": {
    ""Service"": ""vpc-flow-logs.amazonaws.com""
  },
  ""Action"": ""sts:AssumeRole""
}
]
}

",
    });
    var exampleFlowLog = new Aws.Ec2.FlowLog("exampleFlowLog", new Aws.Ec2.FlowLogArgs
    {
        IamRoleArn = exampleRole.Arn,
        LogDestination = exampleLogGroup.Arn,
        TrafficType = "ALL",
        VpcId = aws_vpc.Example.Id,
    });
    var exampleRolePolicy = new Aws.Iam.RolePolicy("exampleRolePolicy", new Aws.Iam.RolePolicyArgs
    {
        Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
  ""Action"": [
    ""logs:CreateLogGroup"",
    ""logs:CreateLogStream"",
    ""logs:PutLogEvents"",
    ""logs:DescribeLogGroups"",
    ""logs:DescribeLogStreams""
  ],
  ""Effect"": ""Allow"",
  ""Resource"": ""*""
}
]
}

",
        Role = exampleRole.Id,
    });
}

}

S3 Logging

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var exampleBucket = new Aws.S3.Bucket("exampleBucket", new Aws.S3.BucketArgs
    {
    });
    var exampleFlowLog = new Aws.Ec2.FlowLog("exampleFlowLog", new Aws.Ec2.FlowLogArgs
    {
        LogDestination = exampleBucket.Arn,
        LogDestinationType = "s3",
        TrafficType = "ALL",
        VpcId = aws_vpc.Example.Id,
    });
}

}

FlowLogArgs

FlowLogState

GetCoipPool

GetCoipPoolArgs

GetCoipPoolResult

GetCoipPools

GetCoipPoolsArgs

GetCoipPoolsResult

GetCustomerGateway

GetCustomerGatewayArgs

GetCustomerGatewayResult

GetInstance

GetInstanceArgs

GetInstanceResult

GetInstances

GetInstancesArgs

GetInstancesResult

GetInstanceTypeOffering

GetInstanceTypeOfferingArgs

GetInstanceTypeOfferingResult

GetInstanceTypeOfferings

GetInstanceTypeOfferingsArgs

GetInstanceTypeOfferingsResult

GetInternetGateway

GetInternetGatewayArgs

GetInternetGatewayResult

GetLaunchConfiguration

GetLaunchConfigurationArgs

GetLaunchConfigurationResult

GetLaunchTemplate

GetLaunchTemplateArgs

GetLaunchTemplateResult

GetLocalGateway

GetLocalGatewayArgs

GetLocalGatewayResult

GetLocalGatewayRouteTable

GetLocalGatewayRouteTableArgs

GetLocalGatewayRouteTableResult

GetLocalGatewayRouteTables

GetLocalGatewayRouteTablesArgs

GetLocalGatewayRouteTablesResult

GetLocalGateways

GetLocalGatewaysArgs

GetLocalGatewaysResult

GetNatGateway

GetNatGatewayArgs

GetNatGatewayResult

GetNetworkAcls

GetNetworkAclsArgs

GetNetworkAclsResult

GetNetworkInterface

GetNetworkInterfaceArgs

GetNetworkInterfaceResult

GetNetworkInterfaces

GetNetworkInterfacesArgs

GetNetworkInterfacesResult

GetRoute

GetRouteArgs

GetRouteResult

GetRouteTable

GetRouteTableArgs

GetRouteTableResult

GetRouteTables

GetRouteTablesArgs

GetRouteTablesResult

GetSecurityGroup

GetSecurityGroupArgs

GetSecurityGroupResult

GetSecurityGroups

GetSecurityGroupsArgs

GetSecurityGroupsResult

GetSubnet

GetSubnetArgs

GetSubnetIds

GetSubnetIdsArgs

GetSubnetIdsResult

GetSubnetResult

GetVpc

GetVpcArgs

GetVpcDhcpOptions

GetVpcDhcpOptionsArgs

GetVpcDhcpOptionsResult

GetVpcEndpoint

GetVpcEndpointArgs

GetVpcEndpointResult

GetVpcEndpointService

GetVpcEndpointServiceArgs

GetVpcEndpointServiceResult

GetVpcPeeringConnection

GetVpcPeeringConnectionArgs

GetVpcPeeringConnectionResult

GetVpcResult

GetVpcs

GetVpcsArgs

GetVpcsResult

GetVpnGateway

GetVpnGatewayArgs

GetVpnGatewayResult

Instance

Provides an EC2 instance resource. This allows instances to be created, updated, and deleted. Instances also support provisioning.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var ubuntu = Output.Create(Aws.GetAmi.InvokeAsync(new Aws.GetAmiArgs
    {
        Filters = 
        {
            new Aws.Inputs.GetAmiFilterArgs
            {
                Name = "name",
                Values = 
                {
                    "ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*",
                },
            },
            new Aws.Inputs.GetAmiFilterArgs
            {
                Name = "virtualization-type",
                Values = 
                {
                    "hvm",
                },
            },
        },
        MostRecent = true,
        Owners = 
        {
            "099720109477",
        },
    }));
    var web = new Aws.Ec2.Instance("web", new Aws.Ec2.InstanceArgs
    {
        Ami = ubuntu.Apply(ubuntu => ubuntu.Id),
        InstanceType = "t2.micro",
        Tags = 
        {
            { "Name", "HelloWorld" },
        },
    });
}

}

InstanceArgs

InstanceState

InternetGateway

Provides a resource to create a VPC Internet Gateway.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var gw = new Aws.Ec2.InternetGateway("gw", new Aws.Ec2.InternetGatewayArgs
    {
        Tags = 
        {
            { "Name", "main" },
        },
        VpcId = aws_vpc.Main.Id,
    });
}

}

InternetGatewayArgs

InternetGatewayState

KeyPair

Provides an EC2 key pair resource. A key pair is used to control login access to EC2 instances.

Currently this resource requires an existing user-supplied key pair. This key pair's public key will be registered with AWS to allow logging-in to EC2 instances.

When importing an existing key pair the public key material may be in any format supported by AWS. Supported formats (per the AWS documentation) are:

  • OpenSSH public key format (the format in ~/.ssh/authorized_keys)
  • Base64 encoded DER format
  • SSH public key file format as specified in RFC4716

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var deployer = new Aws.Ec2.KeyPair("deployer", new Aws.Ec2.KeyPairArgs
    {
        PublicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 email@example.com",
    });
}

}

KeyPairArgs

KeyPairState

LaunchConfiguration

Provides a resource to create a new launch configuration, used for autoscaling groups.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var ubuntu = Output.Create(Aws.GetAmi.InvokeAsync(new Aws.GetAmiArgs
    {
        Filters = 
        {
            new Aws.Inputs.GetAmiFilterArgs
            {
                Name = "name",
                Values = 
                {
                    "ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*",
                },
            },
            new Aws.Inputs.GetAmiFilterArgs
            {
                Name = "virtualization-type",
                Values = 
                {
                    "hvm",
                },
            },
        },
        MostRecent = true,
        Owners = 
        {
            "099720109477",
        },
    }));
    var asConf = new Aws.Ec2.LaunchConfiguration("asConf", new Aws.Ec2.LaunchConfigurationArgs
    {
        ImageId = ubuntu.Apply(ubuntu => ubuntu.Id),
        InstanceType = "t2.micro",
    });
}

}

Using with AutoScaling Groups

Launch Configurations cannot be updated after creation with the Amazon Web Service API. In order to update a Launch Configuration, this provider will destroy the existing resource and create a replacement. In order to effectively use a Launch Configuration resource with an AutoScaling Group resource, it's recommended to specify create_before_destroy in a lifecycle block. Either omit the Launch Configuration name attribute, or specify a partial name with name_prefix. Example:

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var ubuntu = Output.Create(Aws.GetAmi.InvokeAsync(new Aws.GetAmiArgs
    {
        Filters = 
        {
            new Aws.Inputs.GetAmiFilterArgs
            {
                Name = "name",
                Values = 
                {
                    "ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*",
                },
            },
            new Aws.Inputs.GetAmiFilterArgs
            {
                Name = "virtualization-type",
                Values = 
                {
                    "hvm",
                },
            },
        },
        MostRecent = true,
        Owners = 
        {
            "099720109477",
        },
    }));
    var asConf = new Aws.Ec2.LaunchConfiguration("asConf", new Aws.Ec2.LaunchConfigurationArgs
    {
        ImageId = ubuntu.Apply(ubuntu => ubuntu.Id),
        InstanceType = "t2.micro",
        NamePrefix = "lc-example-",
    });
    var bar = new Aws.AutoScaling.Group("bar", new Aws.AutoScaling.GroupArgs
    {
        LaunchConfiguration = asConf.Name,
        MaxSize = 2,
        MinSize = 1,
    });
}

}

With this setup this provider generates a unique name for your Launch Configuration and can then update the AutoScaling Group without conflict before destroying the previous Launch Configuration.

Using with Spot Instances

Launch configurations can set the spot instance pricing to be used for the Auto Scaling Group to reserve instances. Simply specifying the spot_price parameter will set the price on the Launch Configuration which will attempt to reserve your instances at this price. See the AWS Spot Instance documentation for more information or how to launch Spot Instances with this provider.

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var ubuntu = Output.Create(Aws.GetAmi.InvokeAsync(new Aws.GetAmiArgs
    {
        Filters = 
        {
            new Aws.Inputs.GetAmiFilterArgs
            {
                Name = "name",
                Values = 
                {
                    "ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*",
                },
            },
            new Aws.Inputs.GetAmiFilterArgs
            {
                Name = "virtualization-type",
                Values = 
                {
                    "hvm",
                },
            },
        },
        MostRecent = true,
        Owners = 
        {
            "099720109477",
        },
    }));
    var asConf = new Aws.Ec2.LaunchConfiguration("asConf", new Aws.Ec2.LaunchConfigurationArgs
    {
        ImageId = ubuntu.Apply(ubuntu => ubuntu.Id),
        InstanceType = "m4.large",
        SpotPrice = "0.001",
    });
    var bar = new Aws.AutoScaling.Group("bar", new Aws.AutoScaling.GroupArgs
    {
        LaunchConfiguration = asConf.Name,
    });
}

}

Block devices

Each of the *_block_device attributes controls a portion of the AWS Launch Configuration's "Block Device Mapping". It's a good idea to familiarize yourself with AWS's Block Device Mapping docs to understand the implications of using these attributes.

The root_block_device mapping supports the following:

  • volume_type - (Optional) The type of volume. Can be "standard", "gp2", or "io1". (Default: "standard").
  • volume_size - (Optional) The size of the volume in gigabytes.
  • iops - (Optional) The amount of provisioned IOPS. This must be set with a volume_type of "io1".
  • delete_on_termination - (Optional) Whether the volume should be destroyed on instance termination (Default: true).
  • encrypted - (Optional) Whether the volume should be encrypted or not. (Default: false).

Modifying any of the root_block_device settings requires resource replacement.

Each ebs_block_device supports the following:

  • device_name - (Required) The name of the device to mount.
  • snapshot_id - (Optional) The Snapshot ID to mount.
  • volume_type - (Optional) The type of volume. Can be "standard", "gp2", or "io1". (Default: "standard").
  • volume_size - (Optional) The size of the volume in gigabytes.
  • iops - (Optional) The amount of provisioned IOPS. This must be set with a volume_type of "io1".
  • delete_on_termination - (Optional) Whether the volume should be destroyed on instance termination (Default: true).
  • encrypted - (Optional) Whether the volume should be encrypted or not. Do not use this option if you are using snapshot_id as the encrypted flag will be determined by the snapshot. (Default: false).

Modifying any ebs_block_device currently requires resource replacement.

Each ephemeral_block_device supports the following:

  • device_name - The name of the block device to mount on the instance.
  • virtual_name - The Instance Store Device Name (e.g. "ephemeral0")

Each AWS Instance type has a different set of Instance Store block devices available for attachment. AWS publishes a list of which ephemeral devices are available on each type. The devices are always identified by the virtual_name in the format "ephemeral{0..N}".

NOTE: Changes to *_block_device configuration of existing resources cannot currently be detected by this provider. After updating to block device configuration, resource recreation can be manually triggered by using the up command with the --replace argument.

LaunchConfigurationArgs

LaunchConfigurationState

LaunchTemplate

Provides an EC2 launch template resource. Can be used to create instances or auto scaling groups.

LaunchTemplateArgs

LaunchTemplateState

MainRouteTableAssociation

Provides a resource for managing the main routing table of a VPC.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var mainRouteTableAssociation = new Aws.Ec2.MainRouteTableAssociation("mainRouteTableAssociation", new Aws.Ec2.MainRouteTableAssociationArgs
    {
        RouteTableId = aws_route_table.Bar.Id,
        VpcId = aws_vpc.Foo.Id,
    });
}

}

Notes

On VPC creation, the AWS API always creates an initial Main Route Table. This resource records the ID of that Route Table under original_route_table_id. The "Delete" action for a main_route_table_association consists of resetting this original table as the Main Route Table for the VPC. You'll see this additional Route Table in the AWS console; it must remain intact in order for the main_route_table_association delete to work properly.

MainRouteTableAssociationArgs

MainRouteTableAssociationState

NatGateway

Provides a resource to create a VPC NAT Gateway.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var gw = new Aws.Ec2.NatGateway("gw", new Aws.Ec2.NatGatewayArgs
    {
        AllocationId = aws_eip.Nat.Id,
        SubnetId = aws_subnet.Example.Id,
    });
}

}

NatGatewayArgs

NatGatewayState

NetworkAcl

Provides an network ACL resource. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC.

NOTE on Network ACLs and Network ACL Rules: This provider currently provides both a standalone Network ACL Rule resource and a Network ACL resource with rules defined in-line. At this time you cannot use a Network ACL with in-line rules in conjunction with any Network ACL Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var main = new Aws.Ec2.NetworkAcl("main", new Aws.Ec2.NetworkAclArgs
    {
        Egress = 
        {
            new Aws.Ec2.Inputs.NetworkAclEgressArgs
            {
                Action = "allow",
                CidrBlock = "10.3.0.0/18",
                FromPort = 443,
                Protocol = "tcp",
                RuleNo = 200,
                ToPort = 443,
            },
        },
        Ingress = 
        {
            new Aws.Ec2.Inputs.NetworkAclIngressArgs
            {
                Action = "allow",
                CidrBlock = "10.3.0.0/18",
                FromPort = 80,
                Protocol = "tcp",
                RuleNo = 100,
                ToPort = 80,
            },
        },
        Tags = 
        {
            { "Name", "main" },
        },
        VpcId = aws_vpc.Main.Id,
    });
}

}

NetworkAclArgs

NetworkAclRule

Creates an entry (a rule) in a network ACL with the specified rule number.

NOTE on Network ACLs and Network ACL Rules: This provider currently provides both a standalone Network ACL Rule resource and a Network ACL resource with rules defined in-line. At this time you cannot use a Network ACL with in-line rules in conjunction with any Network ACL Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var barNetworkAcl = new Aws.Ec2.NetworkAcl("barNetworkAcl", new Aws.Ec2.NetworkAclArgs
    {
        VpcId = aws_vpc.Foo.Id,
    });
    var barNetworkAclRule = new Aws.Ec2.NetworkAclRule("barNetworkAclRule", new Aws.Ec2.NetworkAclRuleArgs
    {
        NetworkAclId = barNetworkAcl.Id,
        RuleNumber = 200,
        Egress = false,
        Protocol = "tcp",
        RuleAction = "allow",
        CidrBlock = aws_vpc.Foo.Cidr_block,
        FromPort = 22,
        ToPort = 22,
    });
}

}

NetworkAclRuleArgs

NetworkAclRuleState

NetworkAclState

NetworkInterface

Provides an Elastic network interface (ENI) resource.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var test = new Aws.Ec2.NetworkInterface("test", new Aws.Ec2.NetworkInterfaceArgs
    {
        Attachments = 
        {
            new Aws.Ec2.Inputs.NetworkInterfaceAttachmentArgs
            {
                DeviceIndex = 1,
                Instance = aws_instance.Test.Id,
            },
        },
        PrivateIps = 
        {
            "10.0.0.50",
        },
        SecurityGroups = 
        {
            aws_security_group.Web.Id,
        },
        SubnetId = aws_subnet.Public_a.Id,
    });
}

}

NetworkInterfaceArgs

NetworkInterfaceAttachment

Attach an Elastic network interface (ENI) resource with EC2 instance.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var test = new Aws.Ec2.NetworkInterfaceAttachment("test", new Aws.Ec2.NetworkInterfaceAttachmentArgs
    {
        DeviceIndex = 0,
        InstanceId = aws_instance.Test.Id,
        NetworkInterfaceId = aws_network_interface.Test.Id,
    });
}

}

NetworkInterfaceAttachmentArgs

NetworkInterfaceAttachmentState

NetworkInterfaceSecurityGroupAttachment

This resource attaches a security group to an Elastic Network Interface (ENI). It can be used to attach a security group to any existing ENI, be it a secondary ENI or one attached as the primary interface on an instance.

NOTE on instances, interfaces, and security groups: This provider currently provides the capability to assign security groups via the aws.ec2.Instance and the aws.ec2.NetworkInterface resources. Using this resource in conjunction with security groups provided in-line in those resources will cause conflicts, and will lead to spurious diffs and undefined behavior - please use one or the other.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var ami = Output.Create(Aws.GetAmi.InvokeAsync(new Aws.GetAmiArgs
    {
        Filters = 
        {
            new Aws.Inputs.GetAmiFilterArgs
            {
                Name = "name",
                Values = 
                {
                    "amzn-ami-hvm-*",
                },
            },
        },
        MostRecent = true,
        Owners = 
        {
            "amazon",
        },
    }));
    var instance = new Aws.Ec2.Instance("instance", new Aws.Ec2.InstanceArgs
    {
        Ami = ami.Apply(ami => ami.Id),
        InstanceType = "t2.micro",
        Tags = 
        {
            { "type", "test-instance" },
        },
    });
    var sg = new Aws.Ec2.SecurityGroup("sg", new Aws.Ec2.SecurityGroupArgs
    {
        Tags = 
        {
            { "type", "test-security-group" },
        },
    });
    var sgAttachment = new Aws.Ec2.NetworkInterfaceSecurityGroupAttachment("sgAttachment", new Aws.Ec2.NetworkInterfaceSecurityGroupAttachmentArgs
    {
        NetworkInterfaceId = instance.PrimaryNetworkInterfaceId,
        SecurityGroupId = sg.Id,
    });
}

}

Output Reference

There are no outputs for this resource.

NetworkInterfaceSecurityGroupAttachmentArgs

NetworkInterfaceSecurityGroupAttachmentState

NetworkInterfaceState

PeeringConnectionOptions

Provides a resource to manage VPC peering connection options.

NOTE on VPC Peering Connections and VPC Peering Connection Options: This provider provides both a standalone VPC Peering Connection Options and a VPC Peering Connection resource with accepter and requester attributes. Do not manage options for the same VPC peering connection in both a VPC Peering Connection resource and a VPC Peering Connection Options resource. Doing so will cause a conflict of options and will overwrite the options. Using a VPC Peering Connection Options resource decouples management of the connection options from management of the VPC Peering Connection and allows options to be set correctly in cross-region and cross-account scenarios.

Basic usage:

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var fooVpc = new Aws.Ec2.Vpc("fooVpc", new Aws.Ec2.VpcArgs
    {
        CidrBlock = "10.0.0.0/16",
    });
    var bar = new Aws.Ec2.Vpc("bar", new Aws.Ec2.VpcArgs
    {
        CidrBlock = "10.1.0.0/16",
    });
    var fooVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection("fooVpcPeeringConnection", new Aws.Ec2.VpcPeeringConnectionArgs
    {
        AutoAccept = true,
        PeerVpcId = bar.Id,
        VpcId = fooVpc.Id,
    });
    var fooPeeringConnectionOptions = new Aws.Ec2.PeeringConnectionOptions("fooPeeringConnectionOptions", new Aws.Ec2.PeeringConnectionOptionsArgs
    {
        Accepter = new Aws.Ec2.Inputs.PeeringConnectionOptionsAccepterArgs
        {
            AllowRemoteVpcDnsResolution = true,
        },
        Requester = new Aws.Ec2.Inputs.PeeringConnectionOptionsRequesterArgs
        {
            AllowClassicLinkToRemoteVpc = true,
            AllowVpcToRemoteClassicLink = true,
        },
        VpcPeeringConnectionId = fooVpcPeeringConnection.Id,
    });
}

}

Basic cross-account usage:

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var requester = new Aws.Provider("requester", new Aws.ProviderArgs
    {
    });
    var accepter = new Aws.Provider("accepter", new Aws.ProviderArgs
    {
    });
    var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs
    {
        CidrBlock = "10.0.0.0/16",
        EnableDnsHostnames = true,
        EnableDnsSupport = true,
    });
    var peerVpc = new Aws.Ec2.Vpc("peerVpc", new Aws.Ec2.VpcArgs
    {
        CidrBlock = "10.1.0.0/16",
        EnableDnsHostnames = true,
        EnableDnsSupport = true,
    });
    var peerCallerIdentity = Output.Create(Aws.GetCallerIdentity.InvokeAsync());
    // Requester's side of the connection.
    var peerVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection("peerVpcPeeringConnection", new Aws.Ec2.VpcPeeringConnectionArgs
    {
        AutoAccept = false,
        PeerOwnerId = peerCallerIdentity.Apply(peerCallerIdentity => peerCallerIdentity.AccountId),
        PeerVpcId = peerVpc.Id,
        Tags = 
        {
            { "Side", "Requester" },
        },
        VpcId = main.Id,
    });
    // Accepter's side of the connection.
    var peerVpcPeeringConnectionAccepter = new Aws.Ec2.VpcPeeringConnectionAccepter("peerVpcPeeringConnectionAccepter", new Aws.Ec2.VpcPeeringConnectionAccepterArgs
    {
        AutoAccept = true,
        Tags = 
        {
            { "Side", "Accepter" },
        },
        VpcPeeringConnectionId = peerVpcPeeringConnection.Id,
    });
    var requesterPeeringConnectionOptions = new Aws.Ec2.PeeringConnectionOptions("requesterPeeringConnectionOptions", new Aws.Ec2.PeeringConnectionOptionsArgs
    {
        Requester = new Aws.Ec2.Inputs.PeeringConnectionOptionsRequesterArgs
        {
            AllowRemoteVpcDnsResolution = true,
        },
        VpcPeeringConnectionId = peerVpcPeeringConnectionAccepter.Id,
    });
    var accepterPeeringConnectionOptions = new Aws.Ec2.PeeringConnectionOptions("accepterPeeringConnectionOptions", new Aws.Ec2.PeeringConnectionOptionsArgs
    {
        Accepter = new Aws.Ec2.Inputs.PeeringConnectionOptionsAccepterArgs
        {
            AllowRemoteVpcDnsResolution = true,
        },
        VpcPeeringConnectionId = peerVpcPeeringConnectionAccepter.Id,
    });
}

}

PeeringConnectionOptionsArgs

PeeringConnectionOptionsState

PlacementGroup

Provides an EC2 placement group. Read more about placement groups in AWS Docs.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var web = new Aws.Ec2.PlacementGroup("web", new Aws.Ec2.PlacementGroupArgs
    {
        Strategy = "cluster",
    });
}

}

PlacementGroupArgs

PlacementGroupState

ProxyProtocolPolicy

Provides a proxy protocol policy, which allows an ELB to carry a client connection information to a backend.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var lb = new Aws.Elb.LoadBalancer("lb", new Aws.Elb.LoadBalancerArgs
    {
        AvailabilityZones = 
        {
            "us-east-1a",
        },
        Listeners = 
        {
            new Aws.Elb.Inputs.LoadBalancerListenerArgs
            {
                InstancePort = 25,
                InstanceProtocol = "tcp",
                LbPort = 25,
                LbProtocol = "tcp",
            },
            new Aws.Elb.Inputs.LoadBalancerListenerArgs
            {
                InstancePort = 587,
                InstanceProtocol = "tcp",
                LbPort = 587,
                LbProtocol = "tcp",
            },
        },
    });
    var smtp = new Aws.Ec2.ProxyProtocolPolicy("smtp", new Aws.Ec2.ProxyProtocolPolicyArgs
    {
        InstancePorts = 
        {
            "25",
            "587",
        },
        LoadBalancer = lb.Name,
    });
}

}

ProxyProtocolPolicyArgs

ProxyProtocolPolicyState

Route

Provides a resource to create a routing table entry (a route) in a VPC routing table.

NOTE on Route Tables and Routes: This provider currently provides both a standalone Route resource and a Route Table resource with routes defined in-line. At this time you cannot use a Route Table with in-line routes in conjunction with any Route resources. Doing so will cause a conflict of rule settings and will overwrite rules.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var route = new Aws.Ec2.Route("route", new Aws.Ec2.RouteArgs
    {
        RouteTableId = "rtb-4fbb3ac4",
        DestinationCidrBlock = "10.0.1.0/22",
        VpcPeeringConnectionId = "pcx-45ff3dc1",
    });
}

}

Example IPv6 Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var vpc = new Aws.Ec2.Vpc("vpc", new Aws.Ec2.VpcArgs
    {
        AssignGeneratedIpv6CidrBlock = true,
        CidrBlock = "10.1.0.0/16",
    });
    var egress = new Aws.Ec2.EgressOnlyInternetGateway("egress", new Aws.Ec2.EgressOnlyInternetGatewayArgs
    {
        VpcId = vpc.Id,
    });
    var route = new Aws.Ec2.Route("route", new Aws.Ec2.RouteArgs
    {
        DestinationIpv6CidrBlock = "::/0",
        EgressOnlyGatewayId = egress.Id,
        RouteTableId = "rtb-4fbb3ac4",
    });
}

}

RouteArgs

RouteState

RouteTable

Provides a resource to create a VPC routing table.

NOTE on Route Tables and Routes: This provider currently provides both a standalone Route resource and a Route Table resource with routes defined in-line. At this time you cannot use a Route Table with in-line routes in conjunction with any Route resources. Doing so will cause a conflict of rule settings and will overwrite rules.

NOTE on gateway_id and nat_gateway_id: The AWS API is very forgiving with these two attributes and the aws.ec2.RouteTable resource can be created with a NAT ID specified as a Gateway ID attribute. This will lead to a permanent diff between your configuration and statefile, as the API returns the correct parameters in the returned route table. If you're experiencing constant diffs in your aws.ec2.RouteTable resources, the first thing to check is whether or not you're specifying a NAT ID instead of a Gateway ID, or vice-versa.

NOTE on propagating_vgws and the aws.ec2.VpnGatewayRoutePropagation resource: If the propagating_vgws argument is present, it's not supported to also define route propagations using aws.ec2.VpnGatewayRoutePropagation, since this resource will delete any propagating gateways not explicitly listed in propagating_vgws. Omit this argument when defining route propagation using the separate resource.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var routeTable = new Aws.Ec2.RouteTable("routeTable", new Aws.Ec2.RouteTableArgs
    {
        Routes = 
        {
            new Aws.Ec2.Inputs.RouteTableRouteArgs
            {
                CidrBlock = "10.0.1.0/24",
                GatewayId = aws_internet_gateway.Main.Id,
            },
            new Aws.Ec2.Inputs.RouteTableRouteArgs
            {
                EgressOnlyGatewayId = aws_egress_only_internet_gateway.Foo.Id,
                Ipv6CidrBlock = "::/0",
            },
        },
        Tags = 
        {
            { "Name", "main" },
        },
        VpcId = aws_vpc.Default.Id,
    });
}

}

RouteTableArgs

RouteTableAssociation

Provides a resource to create an association between a route table and a subnet or a route table and an internet gateway or virtual private gateway.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var routeTableAssociation = new Aws.Ec2.RouteTableAssociation("routeTableAssociation", new Aws.Ec2.RouteTableAssociationArgs
    {
        SubnetId = aws_subnet.Foo.Id,
        RouteTableId = aws_route_table.Bar.Id,
    });
}

}

RouteTableAssociationArgs

RouteTableAssociationState

RouteTableState

SecurityGroup

Provides a security group resource.

NOTE on Security Groups and Security Group Rules: This provider currently provides both a standalone Security Group Rule resource (a single ingress or egress rule), and a Security Group resource with ingress and egress rules defined in-line. At this time you cannot use a Security Group with in-line rules in conjunction with any Security Group Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules.

NOTE: Referencing Security Groups across VPC peering has certain restrictions. More information is available in the VPC Peering User Guide.

NOTE: Due to AWS Lambda improved VPC networking changes that began deploying in September 2019, security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var allowTls = new Aws.Ec2.SecurityGroup("allowTls", new Aws.Ec2.SecurityGroupArgs
    {
        Description = "Allow TLS inbound traffic",
        VpcId = aws_vpc.Main.Id,
        Ingress = 
        {
            new Aws.Ec2.Inputs.SecurityGroupIngressArgs
            {
                Description = "TLS from VPC",
                FromPort = 443,
                ToPort = 443,
                Protocol = "tcp",
                CidrBlocks = aws_vpc.Main.Cidr_block,
            },
        },
        Egress = 
        {
            new Aws.Ec2.Inputs.SecurityGroupEgressArgs
            {
                FromPort = 0,
                ToPort = 0,
                Protocol = "-1",
                CidrBlocks = 
                {
                    "0.0.0.0/0",
                },
            },
        },
        Tags = 
        {
            { "Name", "allow_tls" },
        },
    });
}

}

Usage with prefix list IDs

Prefix list IDs are managed by AWS internally. Prefix list IDs are associated with a prefix list name, or service name, that is linked to a specific region. Prefix list IDs are exported on VPC Endpoints, so you can use this format:

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    // ...
    var myEndpoint = new Aws.Ec2.VpcEndpoint("myEndpoint", new Aws.Ec2.VpcEndpointArgs
    {
    });
}

}

SecurityGroupArgs

SecurityGroupRule

Provides a security group rule resource. Represents a single ingress or egress group rule, which can be added to external Security Groups.

NOTE on Security Groups and Security Group Rules: This provider currently provides both a standalone Security Group Rule resource (a single ingress or egress rule), and a Security Group resource with ingress and egress rules defined in-line. At this time you cannot use a Security Group with in-line rules in conjunction with any Security Group Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules.

NOTE: Setting protocol = "all" or protocol = -1 with from_port and to_port will result in the EC2 API creating a security group rule with all ports open. This API behavior cannot be controlled by this provider and may generate warnings in the future.

NOTE: Referencing Security Groups across VPC peering has certain restrictions. More information is available in the VPC Peering User Guide.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var example = new Aws.Ec2.SecurityGroupRule("example", new Aws.Ec2.SecurityGroupRuleArgs
    {
        Type = "ingress",
        FromPort = 0,
        ToPort = 65535,
        Protocol = "tcp",
        CidrBlocks = aws_vpc.Example.Cidr_block,
        SecurityGroupId = "sg-123456",
    });
}

}

Usage with prefix list IDs

Prefix list IDs are manged by AWS internally. Prefix list IDs are associated with a prefix list name, or service name, that is linked to a specific region. Prefix list IDs are exported on VPC Endpoints, so you can use this format:

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    // ...
    var myEndpoint = new Aws.Ec2.VpcEndpoint("myEndpoint", new Aws.Ec2.VpcEndpointArgs
    {
    });
    var allowAll = new Aws.Ec2.SecurityGroupRule("allowAll", new Aws.Ec2.SecurityGroupRuleArgs
    {
        FromPort = 0,
        PrefixListIds = 
        {
            myEndpoint.PrefixListId,
        },
        Protocol = "-1",
        SecurityGroupId = "sg-123456",
        ToPort = 0,
        Type = "egress",
    });
}

}

SecurityGroupRuleArgs

SecurityGroupRuleState

SecurityGroupState

SnapshotCreateVolumePermission

Adds permission to create volumes off of a given EBS Snapshot.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var example = new Aws.Ebs.Volume("example", new Aws.Ebs.VolumeArgs
    {
        AvailabilityZone = "us-west-2a",
        Size = 40,
    });
    var exampleSnapshot = new Aws.Ebs.Snapshot("exampleSnapshot", new Aws.Ebs.SnapshotArgs
    {
        VolumeId = example.Id,
    });
    var examplePerm = new Aws.Ec2.SnapshotCreateVolumePermission("examplePerm", new Aws.Ec2.SnapshotCreateVolumePermissionArgs
    {
        AccountId = "12345678",
        SnapshotId = exampleSnapshot.Id,
    });
}

}

SnapshotCreateVolumePermissionArgs

SnapshotCreateVolumePermissionState

SpotDatafeedSubscription

Note: There is only a single subscription allowed per account.

To help you understand the charges for your Spot instances, Amazon EC2 provides a data feed that describes your Spot instance usage and pricing. This data feed is sent to an Amazon S3 bucket that you specify when you subscribe to the data feed.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var defaultBucket = new Aws.S3.Bucket("defaultBucket", new Aws.S3.BucketArgs
    {
    });
    var defaultSpotDatafeedSubscription = new Aws.Ec2.SpotDatafeedSubscription("defaultSpotDatafeedSubscription", new Aws.Ec2.SpotDatafeedSubscriptionArgs
    {
        Bucket = defaultBucket.BucketName,
        Prefix = "my_subdirectory",
    });
}

}

SpotDatafeedSubscriptionArgs

SpotDatafeedSubscriptionState

SpotFleetRequest

Provides an EC2 Spot Fleet Request resource. This allows a fleet of Spot instances to be requested on the Spot market.

Example Usage

Using launch specifications

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    // Request a Spot fleet
    var cheapCompute = new Aws.Ec2.SpotFleetRequest("cheapCompute", new Aws.Ec2.SpotFleetRequestArgs
    {
        AllocationStrategy = "diversified",
        IamFleetRole = "arn:aws:iam::12345678:role/spot-fleet",
        LaunchSpecifications = 
        {
            new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs
            {
                Ami = "ami-1234",
                IamInstanceProfileArn = aws_iam_instance_profile.Example.Arn,
                InstanceType = "m4.10xlarge",
                PlacementTenancy = "dedicated",
                SpotPrice = "2.793",
            },
            new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs
            {
                Ami = "ami-5678",
                AvailabilityZone = "us-west-1a",
                IamInstanceProfileArn = aws_iam_instance_profile.Example.Arn,
                InstanceType = "m4.4xlarge",
                KeyName = "my-key",
                RootBlockDevice = 
                {

                    {
                        { "volumeSize", "300" },
                        { "volumeType", "gp2" },
                    },
                },
                SpotPrice = "1.117",
                SubnetId = "subnet-1234",
                Tags = 
                {
                    { "Name", "spot-fleet-example" },
                },
                WeightedCapacity = 35,
            },
        },
        SpotPrice = "0.03",
        TargetCapacity = 6,
        ValidUntil = "2019-11-04T20:44:20Z",
    });
}

}

Using multiple launch specifications

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var foo = new Aws.Ec2.SpotFleetRequest("foo", new Aws.Ec2.SpotFleetRequestArgs
    {
        IamFleetRole = "arn:aws:iam::12345678:role/spot-fleet",
        LaunchSpecifications = 
        {
            new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs
            {
                Ami = "ami-d06a90b0",
                AvailabilityZone = "us-west-2a",
                InstanceType = "m1.small",
                KeyName = "my-key",
            },
            new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs
            {
                Ami = "ami-d06a90b0",
                AvailabilityZone = "us-west-2a",
                InstanceType = "m5.large",
                KeyName = "my-key",
            },
        },
        SpotPrice = "0.005",
        TargetCapacity = 2,
        ValidUntil = "2019-11-04T20:44:20Z",
    });
}

}

SpotFleetRequestArgs

SpotFleetRequestState

SpotInstanceRequest

Provides an EC2 Spot Instance Request resource. This allows instances to be requested on the spot market.

By default this provider creates Spot Instance Requests with a persistent type, which means that for the duration of their lifetime, AWS will launch an instance with the configured details if and when the spot market will accept the requested price.

On destruction, this provider will make an attempt to terminate the associated Spot Instance if there is one present.

Spot Instances requests with a one-time type will close the spot request when the instance is terminated either by the request being below the current spot price availability or by a user.

NOTE: Because their behavior depends on the live status of the spot market, Spot Instance Requests have a unique lifecycle that makes them behave differently than other resources. Most importantly: there is no guarantee that a Spot Instance exists to fulfill the request at any given point in time. See the AWS Spot Instance documentation for more information.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    // Request a spot instance at $0.03
    var cheapWorker = new Aws.Ec2.SpotInstanceRequest("cheapWorker", new Aws.Ec2.SpotInstanceRequestArgs
    {
        Ami = "ami-1234",
        InstanceType = "c4.xlarge",
        SpotPrice = "0.03",
        Tags = 
        {
            { "Name", "CheapWorker" },
        },
    });
}

}

SpotInstanceRequestArgs

SpotInstanceRequestState

Subnet

Provides an VPC subnet resource.

NOTE: Due to AWS Lambda improved VPC networking changes that began deploying in September 2019, subnets associated with Lambda Functions can take up to 45 minutes to successfully delete.

Example Usage

Basic Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var main = new Aws.Ec2.Subnet("main", new Aws.Ec2.SubnetArgs
    {
        CidrBlock = "10.0.1.0/24",
        Tags = 
        {
            { "Name", "Main" },
        },
        VpcId = aws_vpc.Main.Id,
    });
}

}

Subnets In Secondary VPC CIDR Blocks

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var secondaryCidr = new Aws.Ec2.VpcIpv4CidrBlockAssociation("secondaryCidr", new Aws.Ec2.VpcIpv4CidrBlockAssociationArgs
    {
        CidrBlock = "172.2.0.0/16",
        VpcId = aws_vpc.Main.Id,
    });
    var inSecondaryCidr = new Aws.Ec2.Subnet("inSecondaryCidr", new Aws.Ec2.SubnetArgs
    {
        CidrBlock = "172.2.0.0/24",
        VpcId = secondaryCidr.VpcId,
    });
}

}

SubnetArgs

SubnetState

TrafficMirrorFilter

Provides an Traffic mirror filter.
Read limits and considerations for traffic mirroring

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var foo = new Aws.Ec2.TrafficMirrorFilter("foo", new Aws.Ec2.TrafficMirrorFilterArgs
    {
        Description = "traffic mirror filter - example",
        NetworkServices = 
        {
            "amazon-dns",
        },
    });
}

}

TrafficMirrorFilterArgs

TrafficMirrorFilterRule

Provides an Traffic mirror filter rule.
Read limits and considerations for traffic mirroring

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var filter = new Aws.Ec2.TrafficMirrorFilter("filter", new Aws.Ec2.TrafficMirrorFilterArgs
    {
        Description = "traffic mirror filter - example",
        NetworkServices = 
        {
            "amazon-dns",
        },
    });
    var ruleout = new Aws.Ec2.TrafficMirrorFilterRule("ruleout", new Aws.Ec2.TrafficMirrorFilterRuleArgs
    {
        Description = "test rule",
        DestinationCidrBlock = "10.0.0.0/8",
        RuleAction = "accept",
        RuleNumber = 1,
        SourceCidrBlock = "10.0.0.0/8",
        TrafficDirection = "egress",
        TrafficMirrorFilterId = filter.Id,
    });
    var rulein = new Aws.Ec2.TrafficMirrorFilterRule("rulein", new Aws.Ec2.TrafficMirrorFilterRuleArgs
    {
        Description = "test rule",
        DestinationCidrBlock = "10.0.0.0/8",
        DestinationPortRange = new Aws.Ec2.Inputs.TrafficMirrorFilterRuleDestinationPortRangeArgs
        {
            FromPort = 22,
            ToPort = 53,
        },
        Protocol = 6,
        RuleAction = "accept",
        RuleNumber = 1,
        SourceCidrBlock = "10.0.0.0/8",
        SourcePortRange = new Aws.Ec2.Inputs.TrafficMirrorFilterRuleSourcePortRangeArgs
        {
            FromPort = 0,
            ToPort = 10,
        },
        TrafficDirection = "ingress",
        TrafficMirrorFilterId = filter.Id,
    });
}

}

TrafficMirrorFilterRuleArgs

TrafficMirrorFilterRuleState

TrafficMirrorFilterState

TrafficMirrorSession

Provides an Traffic mirror session.
Read limits and considerations for traffic mirroring

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var filter = new Aws.Ec2.TrafficMirrorFilter("filter", new Aws.Ec2.TrafficMirrorFilterArgs
    {
        Description = "traffic mirror filter - example",
        NetworkServices = 
        {
            "amazon-dns",
        },
    });
    var target = new Aws.Ec2.TrafficMirrorTarget("target", new Aws.Ec2.TrafficMirrorTargetArgs
    {
        NetworkLoadBalancerArn = aws_lb.Lb.Arn,
    });
    var session = new Aws.Ec2.TrafficMirrorSession("session", new Aws.Ec2.TrafficMirrorSessionArgs
    {
        Description = "traffic mirror session - example",
        NetworkInterfaceId = aws_instance.Test.Primary_network_interface_id,
        TrafficMirrorFilterId = filter.Id,
        TrafficMirrorTargetId = target.Id,
    });
}

}

TrafficMirrorSessionArgs

TrafficMirrorSessionState

TrafficMirrorTarget

Provides an Traffic mirror target.
Read limits and considerations for traffic mirroring

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var nlb = new Aws.Ec2.TrafficMirrorTarget("nlb", new Aws.Ec2.TrafficMirrorTargetArgs
    {
        Description = "NLB target",
        NetworkLoadBalancerArn = aws_lb.Lb.Arn,
    });
    var eni = new Aws.Ec2.TrafficMirrorTarget("eni", new Aws.Ec2.TrafficMirrorTargetArgs
    {
        Description = "ENI target",
        NetworkInterfaceId = aws_instance.Test.Primary_network_interface_id,
    });
}

}

TrafficMirrorTargetArgs

TrafficMirrorTargetState

TransitGatewayPeeringAttachmentAccepter

Manages the accepter's side of an EC2 Transit Gateway Peering Attachment.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var example = new Aws.Ec2.TransitGatewayPeeringAttachmentAccepter("example", new Aws.Ec2.TransitGatewayPeeringAttachmentAccepterArgs
    {
        Tags = 
        {
            { "Name", "Example cross-account attachment" },
        },
        TransitGatewayAttachmentId = aws_ec2_transit_gateway_peering_attachment.Example.Id,
    });
}

}

TransitGatewayPeeringAttachmentAccepterArgs

TransitGatewayPeeringAttachmentAccepterState

VolumeAttachment

Provides an AWS EBS Volume Attachment as a top level resource, to attach and detach volumes from AWS Instances.

NOTE on EBS block devices: If you use ebs_block_device on an aws.ec2.Instance, this provider will assume management over the full set of non-root EBS block devices for the instance, and treats additional block devices as drift. For this reason, ebs_block_device cannot be mixed with external aws.ebs.Volume + aws_ebs_volume_attachment resources for a given instance.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var web = new Aws.Ec2.Instance("web", new Aws.Ec2.InstanceArgs
    {
        Ami = "ami-21f78e11",
        AvailabilityZone = "us-west-2a",
        InstanceType = "t1.micro",
        Tags = 
        {
            { "Name", "HelloWorld" },
        },
    });
    var example = new Aws.Ebs.Volume("example", new Aws.Ebs.VolumeArgs
    {
        AvailabilityZone = "us-west-2a",
        Size = 1,
    });
    var ebsAtt = new Aws.Ec2.VolumeAttachment("ebsAtt", new Aws.Ec2.VolumeAttachmentArgs
    {
        DeviceName = "/dev/sdh",
        InstanceId = web.Id,
        VolumeId = example.Id,
    });
}

}

VolumeAttachmentArgs

VolumeAttachmentState

Vpc

Provides a VPC resource.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs
    {
        CidrBlock = "10.0.0.0/16",
    });
}

}

VpcArgs

VpcDhcpOptions

Provides a VPC DHCP Options resource.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var dnsResolver = new Aws.Ec2.VpcDhcpOptions("dnsResolver", new Aws.Ec2.VpcDhcpOptionsArgs
    {
        DomainNameServers = 
        {
            "8.8.8.8",
            "8.8.4.4",
        },
    });
}

}

Remarks

  • Notice that all arguments are optional but you have to specify at least one argument.
  • domain_name_servers, netbios_name_servers, ntp_servers are limited by AWS to maximum four servers only.
  • To actually use the DHCP Options Set you need to associate it to a VPC using aws.ec2.VpcDhcpOptionsAssociation.
  • If you delete a DHCP Options Set, all VPCs using it will be associated to AWS's default DHCP Option Set.
  • In most cases unless you're configuring your own DNS you'll want to set domain_name_servers to AmazonProvidedDNS.

VpcDhcpOptionsArgs

VpcDhcpOptionsAssociation

Provides a VPC DHCP Options Association resource.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var dnsResolver = new Aws.Ec2.VpcDhcpOptionsAssociation("dnsResolver", new Aws.Ec2.VpcDhcpOptionsAssociationArgs
    {
        DhcpOptionsId = aws_vpc_dhcp_options.Foo.Id,
        VpcId = aws_vpc.Foo.Id,
    });
}

}

Remarks

  • You can only associate one DHCP Options Set to a given VPC ID.
  • Removing the DHCP Options Association automatically sets AWS's default DHCP Options Set to the VPC.

VpcDhcpOptionsAssociationArgs

VpcDhcpOptionsAssociationState

VpcDhcpOptionsState

VpcEndpoint

Provides a VPC Endpoint resource.

NOTE on VPC Endpoints and VPC Endpoint Associations: This provider provides both standalone VPC Endpoint Associations for Route Tables - (an association between a VPC endpoint and a single route_table_id) and Subnets - (an association between a VPC endpoint and a single subnet_id) and a VPC Endpoint resource with route_table_ids and subnet_ids attributes. Do not use the same resource ID in both a VPC Endpoint resource and a VPC Endpoint Association resource. Doing so will cause a conflict of associations and will overwrite the association.

Example Usage

Basic

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var s3 = new Aws.Ec2.VpcEndpoint("s3", new Aws.Ec2.VpcEndpointArgs
    {
        ServiceName = "com.amazonaws.us-west-2.s3",
        VpcId = aws_vpc.Main.Id,
    });
}

}

Basic w/ Tags

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var s3 = new Aws.Ec2.VpcEndpoint("s3", new Aws.Ec2.VpcEndpointArgs
    {
        ServiceName = "com.amazonaws.us-west-2.s3",
        Tags = 
        {
            { "Environment", "test" },
        },
        VpcId = aws_vpc.Main.Id,
    });
}

}

Interface Endpoint Type

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var ec2 = new Aws.Ec2.VpcEndpoint("ec2", new Aws.Ec2.VpcEndpointArgs
    {
        PrivateDnsEnabled = true,
        SecurityGroupIds = 
        {
            aws_security_group.Sg1.Id,
        },
        ServiceName = "com.amazonaws.us-west-2.ec2",
        VpcEndpointType = "Interface",
        VpcId = aws_vpc.Main.Id,
    });
}

}

Non-AWS Service

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var ptfeServiceVpcEndpoint = new Aws.Ec2.VpcEndpoint("ptfeServiceVpcEndpoint", new Aws.Ec2.VpcEndpointArgs
    {
        PrivateDnsEnabled = false,
        SecurityGroupIds = 
        {
            aws_security_group.Ptfe_service.Id,
        },
        ServiceName = @var.Ptfe_service,
        SubnetIds = 
        {
            local.Subnet_ids,
        },
        VpcEndpointType = "Interface",
        VpcId = @var.Vpc_id,
    });
    var @internal = Output.Create(Aws.Route53.GetZone.InvokeAsync(new Aws.Route53.GetZoneArgs
    {
        Name = "vpc.internal.",
        PrivateZone = true,
        VpcId = @var.Vpc_id,
    }));
    var ptfeServiceRecord = new Aws.Route53.Record("ptfeServiceRecord", new Aws.Route53.RecordArgs
    {
        Name = @internal.Apply(@internal => $"ptfe.{@internal.Name}"),
        Records = 
        {
            ptfeServiceVpcEndpoint.DnsEntries.Apply(dnsEntries => dnsEntries[0])["dns_name"],
        },
        Ttl = "300",
        Type = "CNAME",
        ZoneId = @internal.Apply(@internal => @internal.ZoneId),
    });
}

}

VpcEndpointArgs

VpcEndpointConnectionNotification

Provides a VPC Endpoint connection notification resource. Connection notifications notify subscribers of VPC Endpoint events.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var topic = new Aws.Sns.Topic("topic", new Aws.Sns.TopicArgs
    {
        Policy = @"{
""Version"":""2012-10-17"",
""Statement"":[{
    ""Effect"": ""Allow"",
    ""Principal"": {
        ""Service"": ""vpce.amazonaws.com""
    },
    ""Action"": ""SNS:Publish"",
    ""Resource"": ""arn:aws:sns:*:*:vpce-notification-topic""
}]
}

",
    });
    var fooVpcEndpointService = new Aws.Ec2.VpcEndpointService("fooVpcEndpointService", new Aws.Ec2.VpcEndpointServiceArgs
    {
        AcceptanceRequired = false,
        NetworkLoadBalancerArns = 
        {
            aws_lb.Test.Arn,
        },
    });
    var fooVpcEndpointConnectionNotification = new Aws.Ec2.VpcEndpointConnectionNotification("fooVpcEndpointConnectionNotification", new Aws.Ec2.VpcEndpointConnectionNotificationArgs
    {
        ConnectionEvents = 
        {
            "Accept",
            "Reject",
        },
        ConnectionNotificationArn = topic.Arn,
        VpcEndpointServiceId = fooVpcEndpointService.Id,
    });
}

}

VpcEndpointConnectionNotificationArgs

VpcEndpointConnectionNotificationState

VpcEndpointRouteTableAssociation

Manages a VPC Endpoint Route Table Association

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var example = new Aws.Ec2.VpcEndpointRouteTableAssociation("example", new Aws.Ec2.VpcEndpointRouteTableAssociationArgs
    {
        RouteTableId = aws_route_table.Example.Id,
        VpcEndpointId = aws_vpc_endpoint.Example.Id,
    });
}

}

VpcEndpointRouteTableAssociationArgs

VpcEndpointRouteTableAssociationState

VpcEndpointService

Provides a VPC Endpoint Service resource. Service consumers can create an Interface VPC Endpoint to connect to the service.

NOTE on VPC Endpoint Services and VPC Endpoint Service Allowed Principals: This provider provides both a standalone VPC Endpoint Service Allowed Principal resource and a VPC Endpoint Service resource with an allowed_principals attribute. Do not use the same principal ARN in both a VPC Endpoint Service resource and a VPC Endpoint Service Allowed Principal resource. Doing so will cause a conflict and will overwrite the association.

Example Usage

Basic

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var example = new Aws.Ec2.VpcEndpointService("example", new Aws.Ec2.VpcEndpointServiceArgs
    {
        AcceptanceRequired = false,
        NetworkLoadBalancerArns = 
        {
            aws_lb.Example.Arn,
        },
    });
}

}

Basic w/ Tags

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var example = new Aws.Ec2.VpcEndpointService("example", new Aws.Ec2.VpcEndpointServiceArgs
    {
        AcceptanceRequired = false,
        NetworkLoadBalancerArns = 
        {
            aws_lb.Example.Arn,
        },
        Tags = 
        {
            { "Environment", "test" },
        },
    });
}

}

VpcEndpointServiceAllowedPrinciple

Provides a resource to allow a principal to discover a VPC endpoint service.

NOTE on VPC Endpoint Services and VPC Endpoint Service Allowed Principals: This provider provides both a standalone VPC Endpoint Service Allowed Principal resource and a VPC Endpoint Service resource with an allowed_principals attribute. Do not use the same principal ARN in both a VPC Endpoint Service resource and a VPC Endpoint Service Allowed Principal resource. Doing so will cause a conflict and will overwrite the association.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var current = Output.Create(Aws.GetCallerIdentity.InvokeAsync());
    var allowMeToFoo = new Aws.Ec2.VpcEndpointServiceAllowedPrinciple("allowMeToFoo", new Aws.Ec2.VpcEndpointServiceAllowedPrincipleArgs
    {
        PrincipalArn = current.Apply(current => current.Arn),
        VpcEndpointServiceId = aws_vpc_endpoint_service.Foo.Id,
    });
}

}

VpcEndpointServiceAllowedPrincipleArgs

VpcEndpointServiceAllowedPrincipleState

VpcEndpointServiceArgs

VpcEndpointServiceState

VpcEndpointState

VpcEndpointSubnetAssociation

Provides a resource to create an association between a VPC endpoint and a subnet.

NOTE on VPC Endpoints and VPC Endpoint Subnet Associations: This provider provides both a standalone VPC Endpoint Subnet Association (an association between a VPC endpoint and a single subnet_id) and a VPC Endpoint resource with a subnet_ids attribute. Do not use the same subnet ID in both a VPC Endpoint resource and a VPC Endpoint Subnet Association resource. Doing so will cause a conflict of associations and will overwrite the association.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var snEc2 = new Aws.Ec2.VpcEndpointSubnetAssociation("snEc2", new Aws.Ec2.VpcEndpointSubnetAssociationArgs
    {
        SubnetId = aws_subnet.Sn.Id,
        VpcEndpointId = aws_vpc_endpoint.Ec2.Id,
    });
}

}

VpcEndpointSubnetAssociationArgs

VpcEndpointSubnetAssociationState

VpcIpv4CidrBlockAssociation

Provides a resource to associate additional IPv4 CIDR blocks with a VPC.

When a VPC is created, a primary IPv4 CIDR block for the VPC must be specified. The aws.ec2.VpcIpv4CidrBlockAssociation resource allows further IPv4 CIDR blocks to be added to the VPC.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs
    {
        CidrBlock = "10.0.0.0/16",
    });
    var secondaryCidr = new Aws.Ec2.VpcIpv4CidrBlockAssociation("secondaryCidr", new Aws.Ec2.VpcIpv4CidrBlockAssociationArgs
    {
        CidrBlock = "172.2.0.0/16",
        VpcId = main.Id,
    });
}

}

VpcIpv4CidrBlockAssociationArgs

VpcIpv4CidrBlockAssociationState

VpcPeeringConnection

Provides a resource to manage a VPC peering connection.

NOTE on VPC Peering Connections and VPC Peering Connection Options: This provider provides both a standalone VPC Peering Connection Options and a VPC Peering Connection resource with accepter and requester attributes. Do not manage options for the same VPC peering connection in both a VPC Peering Connection resource and a VPC Peering Connection Options resource. Doing so will cause a conflict of options and will overwrite the options. Using a VPC Peering Connection Options resource decouples management of the connection options from management of the VPC Peering Connection and allows options to be set correctly in cross-account scenarios.

Note: For cross-account (requester's AWS account differs from the accepter's AWS account) or inter-region VPC Peering Connections use the aws.ec2.VpcPeeringConnection resource to manage the requester's side of the connection and use the aws.ec2.VpcPeeringConnectionAccepter resource to manage the accepter's side of the connection.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var foo = new Aws.Ec2.VpcPeeringConnection("foo", new Aws.Ec2.VpcPeeringConnectionArgs
    {
        PeerOwnerId = @var.Peer_owner_id,
        PeerVpcId = aws_vpc.Bar.Id,
        VpcId = aws_vpc.Foo.Id,
    });
}

}

Notes

If both VPCs are not in the same AWS account do not enable the auto_accept attribute. The accepter can manage its side of the connection using the aws.ec2.VpcPeeringConnectionAccepter resource or accept the connection manually using the AWS Management Console, AWS CLI, through SDKs, etc.

VpcPeeringConnectionAccepter

Provides a resource to manage the accepter's side of a VPC Peering Connection.

When a cross-account (requester's AWS account differs from the accepter's AWS account) or an inter-region VPC Peering Connection is created, a VPC Peering Connection resource is automatically created in the accepter's account. The requester can use the aws.ec2.VpcPeeringConnection resource to manage its side of the connection and the accepter can use the aws.ec2.VpcPeeringConnectionAccepter resource to "adopt" its side of the connection into management.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var peer = new Aws.Provider("peer", new Aws.ProviderArgs
    {
        Region = "us-west-2",
    });
    var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs
    {
        CidrBlock = "10.0.0.0/16",
    });
    var peerVpc = new Aws.Ec2.Vpc("peerVpc", new Aws.Ec2.VpcArgs
    {
        CidrBlock = "10.1.0.0/16",
    });
    var peerCallerIdentity = Output.Create(Aws.GetCallerIdentity.InvokeAsync());
    // Requester's side of the connection.
    var peerVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection("peerVpcPeeringConnection", new Aws.Ec2.VpcPeeringConnectionArgs
    {
        AutoAccept = false,
        PeerOwnerId = peerCallerIdentity.Apply(peerCallerIdentity => peerCallerIdentity.AccountId),
        PeerRegion = "us-west-2",
        PeerVpcId = peerVpc.Id,
        Tags = 
        {
            { "Side", "Requester" },
        },
        VpcId = main.Id,
    });
    // Accepter's side of the connection.
    var peerVpcPeeringConnectionAccepter = new Aws.Ec2.VpcPeeringConnectionAccepter("peerVpcPeeringConnectionAccepter", new Aws.Ec2.VpcPeeringConnectionAccepterArgs
    {
        AutoAccept = true,
        Tags = 
        {
            { "Side", "Accepter" },
        },
        VpcPeeringConnectionId = peerVpcPeeringConnection.Id,
    });
}

}

VpcPeeringConnectionAccepterArgs

VpcPeeringConnectionAccepterState

VpcPeeringConnectionArgs

VpcPeeringConnectionState

VpcState

VpnConnection

Manages an EC2 VPN connection. These objects can be connected to customer gateways, and allow you to establish tunnels between your network and Amazon.

Note: All arguments including tunnel1_preshared_key and tunnel2_preshared_key will be stored in the raw state as plain-text. Read more about sensitive data in state.

Note: The CIDR blocks in the arguments tunnel1_inside_cidr and tunnel2_inside_cidr must have a prefix of /30 and be a part of a specific range. Read more about this in the AWS documentation.

Example Usage

EC2 Transit Gateway

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var exampleTransitGateway = new Aws.Ec2TransitGateway.TransitGateway("exampleTransitGateway", new Aws.Ec2TransitGateway.TransitGatewayArgs
    {
    });
    var exampleCustomerGateway = new Aws.Ec2.CustomerGateway("exampleCustomerGateway", new Aws.Ec2.CustomerGatewayArgs
    {
        BgpAsn = 65000,
        IpAddress = "172.0.0.1",
        Type = "ipsec.1",
    });
    var exampleVpnConnection = new Aws.Ec2.VpnConnection("exampleVpnConnection", new Aws.Ec2.VpnConnectionArgs
    {
        CustomerGatewayId = exampleCustomerGateway.Id,
        TransitGatewayId = exampleTransitGateway.Id,
        Type = exampleCustomerGateway.Type,
    });
}

}

Virtual Private Gateway

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var vpc = new Aws.Ec2.Vpc("vpc", new Aws.Ec2.VpcArgs
    {
        CidrBlock = "10.0.0.0/16",
    });
    var vpnGateway = new Aws.Ec2.VpnGateway("vpnGateway", new Aws.Ec2.VpnGatewayArgs
    {
        VpcId = vpc.Id,
    });
    var customerGateway = new Aws.Ec2.CustomerGateway("customerGateway", new Aws.Ec2.CustomerGatewayArgs
    {
        BgpAsn = 65000,
        IpAddress = "172.0.0.1",
        Type = "ipsec.1",
    });
    var main = new Aws.Ec2.VpnConnection("main", new Aws.Ec2.VpnConnectionArgs
    {
        CustomerGatewayId = customerGateway.Id,
        StaticRoutesOnly = true,
        Type = "ipsec.1",
        VpnGatewayId = vpnGateway.Id,
    });
}

}

VpnConnectionArgs

VpnConnectionRoute

Provides a static route between a VPN connection and a customer gateway.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var vpc = new Aws.Ec2.Vpc("vpc", new Aws.Ec2.VpcArgs
    {
        CidrBlock = "10.0.0.0/16",
    });
    var vpnGateway = new Aws.Ec2.VpnGateway("vpnGateway", new Aws.Ec2.VpnGatewayArgs
    {
        VpcId = vpc.Id,
    });
    var customerGateway = new Aws.Ec2.CustomerGateway("customerGateway", new Aws.Ec2.CustomerGatewayArgs
    {
        BgpAsn = 65000,
        IpAddress = "172.0.0.1",
        Type = "ipsec.1",
    });
    var main = new Aws.Ec2.VpnConnection("main", new Aws.Ec2.VpnConnectionArgs
    {
        CustomerGatewayId = customerGateway.Id,
        StaticRoutesOnly = true,
        Type = "ipsec.1",
        VpnGatewayId = vpnGateway.Id,
    });
    var office = new Aws.Ec2.VpnConnectionRoute("office", new Aws.Ec2.VpnConnectionRouteArgs
    {
        DestinationCidrBlock = "192.168.10.0/24",
        VpnConnectionId = main.Id,
    });
}

}

VpnConnectionRouteArgs

VpnConnectionRouteState

VpnConnectionState

VpnGateway

Provides a resource to create a VPC VPN Gateway.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var vpnGw = new Aws.Ec2.VpnGateway("vpnGw", new Aws.Ec2.VpnGatewayArgs
    {
        Tags = 
        {
            { "Name", "main" },
        },
        VpcId = aws_vpc.Main.Id,
    });
}

}

VpnGatewayArgs

VpnGatewayAttachment

Provides a Virtual Private Gateway attachment resource, allowing for an existing hardware VPN gateway to be attached and/or detached from a VPC.

Note: The aws.ec2.VpnGateway resource can also automatically attach the Virtual Private Gateway it creates to an existing VPC by setting the vpc_id attribute accordingly.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var network = new Aws.Ec2.Vpc("network", new Aws.Ec2.VpcArgs
    {
        CidrBlock = "10.0.0.0/16",
    });
    var vpn = new Aws.Ec2.VpnGateway("vpn", new Aws.Ec2.VpnGatewayArgs
    {
        Tags = 
        {
            { "Name", "example-vpn-gateway" },
        },
    });
    var vpnAttachment = new Aws.Ec2.VpnGatewayAttachment("vpnAttachment", new Aws.Ec2.VpnGatewayAttachmentArgs
    {
        VpcId = network.Id,
        VpnGatewayId = vpn.Id,
    });
}

}

VpnGatewayAttachmentArgs

VpnGatewayAttachmentState

VpnGatewayRoutePropagation

Requests automatic route propagation between a VPN gateway and a route table.

Note: This resource should not be used with a route table that has the propagating_vgws argument set. If that argument is set, any route propagation not explicitly listed in its value will be removed.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var example = new Aws.Ec2.VpnGatewayRoutePropagation("example", new Aws.Ec2.VpnGatewayRoutePropagationArgs
    {
        RouteTableId = aws_route_table.Example.Id,
        VpnGatewayId = aws_vpn_gateway.Example.Id,
    });
}

}

VpnGatewayRoutePropagationArgs

VpnGatewayRoutePropagationState

VpnGatewayState

Back to top Copyright 2016-2020, Pulumi Corporation.