Namespace Pulumi.Aws.Ec2
Classes
Ami
The AMI resource allows the creation and management of a completely-custom Amazon Machine Image (AMI).
If you just want to duplicate an existing AMI, possibly copying it to another
region, it's better to use aws.ec2.AmiCopy instead.
If you just want to share an existing AMI with another AWS account,
it's better to use aws.ec2.AmiLaunchPermission instead.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
// Create an AMI that will start a machine whose root device is backed by
// an EBS volume populated from a snapshot. It is assumed that such a snapshot
// already exists with the id "snap-xxxxxxxx".
var example = new Aws.Ec2.Ami("example", new Aws.Ec2.AmiArgs
{
EbsBlockDevices =
{
new Aws.Ec2.Inputs.AmiEbsBlockDeviceArgs
{
DeviceName = "/dev/xvda",
SnapshotId = "snap-xxxxxxxx",
VolumeSize = 8,
},
},
RootDeviceName = "/dev/xvda",
VirtualizationType = "hvm",
});
}
}
AmiArgs
AmiCopy
The "AMI copy" resource allows duplication of an Amazon Machine Image (AMI), including cross-region copies.
If the source AMI has associated EBS snapshots, those will also be duplicated along with the AMI.
This is useful for taking a single AMI provisioned in one region and making it available in another for a multi-region deployment.
Copying an AMI can take several minutes. The creation of this resource will block until the new AMI is available for use on new instances.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.Ec2.AmiCopy("example", new Aws.Ec2.AmiCopyArgs
{
Description = "A copy of ami-xxxxxxxx",
SourceAmiId = "ami-xxxxxxxx",
SourceAmiRegion = "us-west-1",
Tags =
{
{ "Name", "HelloWorld" },
},
});
}
}
AmiCopyArgs
AmiCopyState
AmiFromInstance
The "AMI from instance" resource allows the creation of an Amazon Machine Image (AMI) modelled after an existing EBS-backed EC2 instance.
The created AMI will refer to implicitly-created snapshots of the instance's EBS volumes and mimick its assigned block device configuration at the time the resource is created.
This resource is best applied to an instance that is stopped when this instance is created, so that the contents of the created image are predictable. When applied to an instance that is running, the instance will be stopped before taking the snapshots and then started back up again, resulting in a period of downtime.
Note that the source instance is inspected only at the initial creation of this resource. Ongoing updates to the referenced instance will not be propagated into the generated AMI. Users may taint or otherwise recreate the resource in order to produce a fresh snapshot.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.Ec2.AmiFromInstance("example", new Aws.Ec2.AmiFromInstanceArgs
{
SourceInstanceId = "i-xxxxxxxx",
});
}
}
AmiFromInstanceArgs
AmiFromInstanceState
AmiLaunchPermission
Adds launch permission to Amazon Machine Image (AMI) from another AWS account.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.Ec2.AmiLaunchPermission("example", new Aws.Ec2.AmiLaunchPermissionArgs
{
AccountId = "123456789012",
ImageId = "ami-12345678",
});
}
}
AmiLaunchPermissionArgs
AmiLaunchPermissionState
AmiState
AvailabilityZoneGroup
Manages an EC2 Availability Zone Group, such as updating its opt-in status.
NOTE: This is an advanced resource. The provider will automatically assume management of the EC2 Availability Zone Group without import and perform no actions on removal from configuration.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.Ec2.AvailabilityZoneGroup("example", new Aws.Ec2.AvailabilityZoneGroupArgs
{
GroupName = "us-west-2-lax-1",
OptInStatus = "opted-in",
});
}
}
AvailabilityZoneGroupArgs
AvailabilityZoneGroupState
CapacityReservation
Provides an EC2 Capacity Reservation. This allows you to reserve capacity for your Amazon EC2 instances in a specific Availability Zone for any duration.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var @default = new Aws.Ec2.CapacityReservation("default", new Aws.Ec2.CapacityReservationArgs
{
AvailabilityZone = "eu-west-1a",
InstanceCount = 1,
InstancePlatform = "Linux/UNIX",
InstanceType = "t2.micro",
});
}
}
CapacityReservationArgs
CapacityReservationState
CustomerGateway
Provides a customer gateway inside a VPC. These objects can be connected to VPN gateways via VPN connections, and allow you to establish tunnels between your network and the VPC.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var main = new Aws.Ec2.CustomerGateway("main", new Aws.Ec2.CustomerGatewayArgs
{
BgpAsn = 65000,
IpAddress = "172.83.124.10",
Tags =
{
{ "Name", "main-customer-gateway" },
},
Type = "ipsec.1",
});
}
}
CustomerGatewayArgs
CustomerGatewayState
DefaultNetworkAcl
Provides a resource to manage the default AWS Network ACL. VPC Only.
Each VPC created in AWS comes with a Default Network ACL that can be managed, but not destroyed. This is an advanced resource, and has special caveats to be aware of when using it. Please read this document in its entirety before using this resource.
The aws.ec2.DefaultNetworkAcl behaves differently from normal resources, in that
this provider does not create this resource, but instead attempts to "adopt" it
into management. We can do this because each VPC created has a Default Network
ACL that cannot be destroyed, and is created with a known set of default rules.
When this provider first adopts the Default Network ACL, it immediately removes all rules in the ACL. It then proceeds to create any rules specified in the configuration. This step is required so that only the rules specified in the configuration are created.
This resource treats its inline rules as absolute; only the rules defined
inline are created, and any additions/removals external to this resource will
result in diffs being shown. For these reasons, this resource is incompatible with the
aws.ec2.NetworkAclRule resource.
For more information about Network ACLs, see the AWS Documentation on [Network ACLs][aws-network-acls].
Basic Example Usage, with default rules
The following config gives the Default Network ACL the same rules that AWS includes, but pulls the resource under management by this provider. This means that any ACL rules added or changed will be detected as drift.
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var mainvpc = new Aws.Ec2.Vpc("mainvpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.1.0.0/16",
});
var @default = new Aws.Ec2.DefaultNetworkAcl("default", new Aws.Ec2.DefaultNetworkAclArgs
{
DefaultNetworkAclId = mainvpc.DefaultNetworkAclId,
Ingress =
{
new Aws.Ec2.Inputs.DefaultNetworkAclIngressArgs
{
Protocol = -1,
RuleNo = 100,
Action = "allow",
CidrBlock = mainvpc.CidrBlock,
FromPort = 0,
ToPort = 0,
},
},
Egress =
{
new Aws.Ec2.Inputs.DefaultNetworkAclEgressArgs
{
Protocol = -1,
RuleNo = 100,
Action = "allow",
CidrBlock = "0.0.0.0/0",
FromPort = 0,
ToPort = 0,
},
},
});
}
}
Example config to deny all Egress traffic, allowing Ingress
The following denies all Egress traffic by omitting any egress rules, while
including the default ingress rule to allow all traffic.
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var mainvpc = new Aws.Ec2.Vpc("mainvpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.1.0.0/16",
});
var @default = new Aws.Ec2.DefaultNetworkAcl("default", new Aws.Ec2.DefaultNetworkAclArgs
{
DefaultNetworkAclId = mainvpc.DefaultNetworkAclId,
Ingress =
{
new Aws.Ec2.Inputs.DefaultNetworkAclIngressArgs
{
Protocol = -1,
RuleNo = 100,
Action = "allow",
CidrBlock = mainvpc.CidrBlock,
FromPort = 0,
ToPort = 0,
},
},
});
}
}
Example config to deny all traffic to any Subnet in the Default Network ACL
This config denies all traffic in the Default ACL. This can be useful if you want a locked down default to force all resources in the VPC to assign a non-default ACL.
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var mainvpc = new Aws.Ec2.Vpc("mainvpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.1.0.0/16",
});
var @default = new Aws.Ec2.DefaultNetworkAcl("default", new Aws.Ec2.DefaultNetworkAclArgs
{
DefaultNetworkAclId = mainvpc.DefaultNetworkAclId,
});
}
}
DefaultNetworkAclArgs
DefaultNetworkAclState
DefaultRouteTable
Provides a resource to manage a Default VPC Routing Table.
Each VPC created in AWS comes with a Default Route Table that can be managed, but not
destroyed. This is an advanced resource, and has special caveats to be aware
of when using it. Please read this document in its entirety before using this
resource. It is recommended you do not use both aws.ec2.DefaultRouteTable to
manage the default route table and use the aws.ec2.MainRouteTableAssociation,
due to possible conflict in routes.
The aws.ec2.DefaultRouteTable behaves differently from normal resources, in that
this provider does not create this resource, but instead attempts to "adopt" it
into management. We can do this because each VPC created has a Default Route
Table that cannot be destroyed, and is created with a single route.
When this provider first adopts the Default Route Table, it immediately removes all defined routes. It then proceeds to create any routes specified in the configuration. This step is required so that only the routes specified in the configuration present in the Default Route Table.
For more information about Route Tables, see the AWS Documentation on [Route Tables][aws-route-tables].
For more information about managing normal Route Tables in this provider, see our documentation on [aws.ec2.RouteTable][tf-route-tables].
NOTE on Route Tables and Routes: This provider currently provides both a standalone Route resource and a Route Table resource with routes defined in-line. At this time you cannot use a Route Table with in-line routes in conjunction with any Route resources. Doing so will cause a conflict of rule settings and will overwrite routes.
Example usage with tags
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var defaultRouteTable = new Aws.Ec2.DefaultRouteTable("defaultRouteTable", new Aws.Ec2.DefaultRouteTableArgs
{
DefaultRouteTableId = aws_vpc.Foo.Default_route_table_id,
Routes =
{
,
},
Tags =
{
{ "Name", "default table" },
},
});
}
}
DefaultRouteTableArgs
DefaultRouteTableState
DefaultSecurityGroup
Provides a resource to manage the default AWS Security Group.
For EC2 Classic accounts, each region comes with a Default Security Group. Additionally, each VPC created in AWS comes with a Default Security Group that can be managed, but not destroyed. This is an advanced resource, and has special caveats to be aware of when using it. Please read this document in its entirety before using this resource.
The aws.ec2.DefaultSecurityGroup behaves differently from normal resources, in that
this provider does not create this resource, but instead "adopts" it
into management. We can do this because these default security groups cannot be
destroyed, and are created with a known set of default ingress/egress rules.
When this provider first adopts the Default Security Group, it immediately removes all ingress and egress rules in the Security Group. It then proceeds to create any rules specified in the configuration. This step is required so that only the rules specified in the configuration are created.
This resource treats its inline rules as absolute; only the rules defined
inline are created, and any additions/removals external to this resource will
result in diff shown. For these reasons, this resource is incompatible with the
aws.ec2.SecurityGroupRule resource.
For more information about Default Security Groups, see the AWS Documentation on [Default Security Groups][aws-default-security-groups].
Basic Example Usage, with default rules
The following config gives the Default Security Group the same rules that AWS provides by default, but pulls the resource under management by this provider. This means that any ingress or egress rules added or changed will be detected as drift.
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var mainvpc = new Aws.Ec2.Vpc("mainvpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.1.0.0/16",
});
var @default = new Aws.Ec2.DefaultSecurityGroup("default", new Aws.Ec2.DefaultSecurityGroupArgs
{
Egress =
{
new Aws.Ec2.Inputs.DefaultSecurityGroupEgressArgs
{
CidrBlocks =
{
"0.0.0.0/0",
},
FromPort = 0,
Protocol = "-1",
ToPort = 0,
},
},
Ingress =
{
new Aws.Ec2.Inputs.DefaultSecurityGroupIngressArgs
{
FromPort = 0,
Protocol = -1,
Self = true,
ToPort = 0,
},
},
VpcId = mainvpc.Id,
});
}
}
Example config to deny all Egress traffic, allowing Ingress
The following denies all Egress traffic by omitting any egress rules, while
including the default ingress rule to allow all traffic.
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var mainvpc = new Aws.Ec2.Vpc("mainvpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.1.0.0/16",
});
var @default = new Aws.Ec2.DefaultSecurityGroup("default", new Aws.Ec2.DefaultSecurityGroupArgs
{
Ingress =
{
new Aws.Ec2.Inputs.DefaultSecurityGroupIngressArgs
{
FromPort = 0,
Protocol = -1,
Self = true,
ToPort = 0,
},
},
VpcId = mainvpc.Id,
});
}
}
Usage
With the exceptions mentioned above, aws.ec2.DefaultSecurityGroup should
identical behavior to aws.ec2.SecurityGroup. Please consult AWS_SECURITY_GROUP
for further usage documentation.
Removing aws.ec2.DefaultSecurityGroup from your configuration
Each AWS VPC (or region, if using EC2 Classic) comes with a Default Security
Group that cannot be deleted. The aws.ec2.DefaultSecurityGroup allows you to
manage this Security Group, but this provider cannot destroy it. Removing this resource
from your configuration will remove it from your statefile and management, but
will not destroy the Security Group. All ingress or egress rules will be left as
they are at the time of removal. You can resume managing them via the AWS Console.
DefaultSecurityGroupArgs
DefaultSecurityGroupState
DefaultSubnet
Provides a resource to manage a default AWS VPC subnet in the current region.
The aws.ec2.DefaultSubnet behaves differently from normal resources, in that
this provider does not create this resource, but instead "adopts" it
into management.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var defaultAz1 = new Aws.Ec2.DefaultSubnet("defaultAz1", new Aws.Ec2.DefaultSubnetArgs
{
AvailabilityZone = "us-west-2a",
Tags =
{
{ "Name", "Default subnet for us-west-2a" },
},
});
}
}
DefaultSubnetArgs
DefaultSubnetState
DefaultVpc
Provides a resource to manage the default AWS VPC in the current region.
For AWS accounts created after 2013-12-04, each region comes with a Default VPC. This is an advanced resource, and has special caveats to be aware of when using it. Please read this document in its entirety before using this resource.
The aws.ec2.DefaultVpc behaves differently from normal resources, in that
this provider does not create this resource, but instead "adopts" it
into management.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var @default = new Aws.Ec2.DefaultVpc("default", new Aws.Ec2.DefaultVpcArgs
{
Tags =
{
{ "Name", "Default VPC" },
},
});
}
}
DefaultVpcArgs
DefaultVpcDhcpOptions
Provides a resource to manage the default AWS DHCP Options Set in the current region.
Each AWS region comes with a default set of DHCP options. This is an advanced resource, and has special caveats to be aware of when using it. Please read this document in its entirety before using this resource.
The aws.ec2.DefaultVpcDhcpOptions behaves differently from normal resources, in that
this provider does not create this resource, but instead "adopts" it
into management.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var @default = new Aws.Ec2.DefaultVpcDhcpOptions("default", new Aws.Ec2.DefaultVpcDhcpOptionsArgs
{
Tags =
{
{ "Name", "Default DHCP Option Set" },
},
});
}
}
DefaultVpcDhcpOptionsArgs
DefaultVpcDhcpOptionsState
DefaultVpcState
EgressOnlyInternetGateway
[IPv6 only] Creates an egress-only Internet gateway for your VPC. An egress-only Internet gateway is used to enable outbound communication over IPv6 from instances in your VPC to the Internet, and prevents hosts outside of your VPC from initiating an IPv6 connection with your instance.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var exampleVpc = new Aws.Ec2.Vpc("exampleVpc", new Aws.Ec2.VpcArgs
{
AssignGeneratedIpv6CidrBlock = true,
CidrBlock = "10.1.0.0/16",
});
var exampleEgressOnlyInternetGateway = new Aws.Ec2.EgressOnlyInternetGateway("exampleEgressOnlyInternetGateway", new Aws.Ec2.EgressOnlyInternetGatewayArgs
{
Tags =
{
{ "Name", "main" },
},
VpcId = exampleVpc.Id,
});
}
}
EgressOnlyInternetGatewayArgs
EgressOnlyInternetGatewayState
Eip
Provides an Elastic IP resource.
Note: EIP may require IGW to exist prior to association. Use
depends_onto set an explicit dependency on the IGW.
Note: Do not use
network_interfaceto associate the EIP toaws.lb.LoadBalanceroraws.ec2.NatGatewayresources. Instead use theallocation_idavailable in those resources to allow AWS to manage the association, otherwise you will seeAuthFailureerrors.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var lb = new Aws.Ec2.Eip("lb", new Aws.Ec2.EipArgs
{
Instance = aws_instance.Web.Id,
Vpc = true,
});
}
}
EipArgs
EipAssociation
Provides an AWS EIP Association as a top level resource, to associate and disassociate Elastic IPs from AWS Instances and Network Interfaces.
NOTE: Do not use this resource to associate an EIP to
aws.lb.LoadBalanceroraws.ec2.NatGatewayresources. Instead use theallocation_idavailable in those resources to allow AWS to manage the association, otherwise you will seeAuthFailureerrors.
NOTE:
aws.ec2.EipAssociationis useful in scenarios where EIPs are either pre-existing or distributed to customers or users and therefore cannot be changed.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var web = new Aws.Ec2.Instance("web", new Aws.Ec2.InstanceArgs
{
Ami = "ami-21f78e11",
AvailabilityZone = "us-west-2a",
InstanceType = "t1.micro",
Tags =
{
{ "Name", "HelloWorld" },
},
});
var example = new Aws.Ec2.Eip("example", new Aws.Ec2.EipArgs
{
Vpc = true,
});
var eipAssoc = new Aws.Ec2.EipAssociation("eipAssoc", new Aws.Ec2.EipAssociationArgs
{
AllocationId = example.Id,
InstanceId = web.Id,
});
}
}
EipAssociationArgs
EipAssociationState
EipState
Fleet
Provides a resource to manage EC2 Fleets.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.Ec2.Fleet("example", new Aws.Ec2.FleetArgs
{
LaunchTemplateConfig = new Aws.Ec2.Inputs.FleetLaunchTemplateConfigArgs
{
LaunchTemplateSpecification = new Aws.Ec2.Inputs.FleetLaunchTemplateConfigLaunchTemplateSpecificationArgs
{
LaunchTemplateId = aws_launch_template.Example.Id,
Version = aws_launch_template.Example.Latest_version,
},
},
TargetCapacitySpecification = new Aws.Ec2.Inputs.FleetTargetCapacitySpecificationArgs
{
DefaultTargetCapacityType = "spot",
TotalTargetCapacity = 5,
},
});
}
}
FleetArgs
FleetState
FlowLog
Provides a VPC/Subnet/ENI Flow Log to capture IP traffic for a specific network interface, subnet, or VPC. Logs are sent to a CloudWatch Log Group or a S3 Bucket.
Example Usage
CloudWatch Logging
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var exampleLogGroup = new Aws.CloudWatch.LogGroup("exampleLogGroup", new Aws.CloudWatch.LogGroupArgs
{
});
var exampleRole = new Aws.Iam.Role("exampleRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Sid"": """",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""vpc-flow-logs.amazonaws.com""
},
""Action"": ""sts:AssumeRole""
}
]
}
",
});
var exampleFlowLog = new Aws.Ec2.FlowLog("exampleFlowLog", new Aws.Ec2.FlowLogArgs
{
IamRoleArn = exampleRole.Arn,
LogDestination = exampleLogGroup.Arn,
TrafficType = "ALL",
VpcId = aws_vpc.Example.Id,
});
var exampleRolePolicy = new Aws.Iam.RolePolicy("exampleRolePolicy", new Aws.Iam.RolePolicyArgs
{
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": [
""logs:CreateLogGroup"",
""logs:CreateLogStream"",
""logs:PutLogEvents"",
""logs:DescribeLogGroups"",
""logs:DescribeLogStreams""
],
""Effect"": ""Allow"",
""Resource"": ""*""
}
]
}
",
Role = exampleRole.Id,
});
}
}
S3 Logging
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var exampleBucket = new Aws.S3.Bucket("exampleBucket", new Aws.S3.BucketArgs
{
});
var exampleFlowLog = new Aws.Ec2.FlowLog("exampleFlowLog", new Aws.Ec2.FlowLogArgs
{
LogDestination = exampleBucket.Arn,
LogDestinationType = "s3",
TrafficType = "ALL",
VpcId = aws_vpc.Example.Id,
});
}
}
FlowLogArgs
FlowLogState
GetCoipPool
GetCoipPoolArgs
GetCoipPoolResult
GetCoipPools
GetCoipPoolsArgs
GetCoipPoolsResult
GetCustomerGateway
GetCustomerGatewayArgs
GetCustomerGatewayResult
GetInstance
GetInstanceArgs
GetInstanceResult
GetInstances
GetInstancesArgs
GetInstancesResult
GetInstanceTypeOffering
GetInstanceTypeOfferingArgs
GetInstanceTypeOfferingResult
GetInstanceTypeOfferings
GetInstanceTypeOfferingsArgs
GetInstanceTypeOfferingsResult
GetInternetGateway
GetInternetGatewayArgs
GetInternetGatewayResult
GetLaunchConfiguration
GetLaunchConfigurationArgs
GetLaunchConfigurationResult
GetLaunchTemplate
GetLaunchTemplateArgs
GetLaunchTemplateResult
GetLocalGateway
GetLocalGatewayArgs
GetLocalGatewayResult
GetLocalGatewayRouteTable
GetLocalGatewayRouteTableArgs
GetLocalGatewayRouteTableResult
GetLocalGatewayRouteTables
GetLocalGatewayRouteTablesArgs
GetLocalGatewayRouteTablesResult
GetLocalGateways
GetLocalGatewaysArgs
GetLocalGatewaysResult
GetNatGateway
GetNatGatewayArgs
GetNatGatewayResult
GetNetworkAcls
GetNetworkAclsArgs
GetNetworkAclsResult
GetNetworkInterface
GetNetworkInterfaceArgs
GetNetworkInterfaceResult
GetNetworkInterfaces
GetNetworkInterfacesArgs
GetNetworkInterfacesResult
GetRoute
GetRouteArgs
GetRouteResult
GetRouteTable
GetRouteTableArgs
GetRouteTableResult
GetRouteTables
GetRouteTablesArgs
GetRouteTablesResult
GetSecurityGroup
GetSecurityGroupArgs
GetSecurityGroupResult
GetSecurityGroups
GetSecurityGroupsArgs
GetSecurityGroupsResult
GetSubnet
GetSubnetArgs
GetSubnetIds
GetSubnetIdsArgs
GetSubnetIdsResult
GetSubnetResult
GetVpc
GetVpcArgs
GetVpcDhcpOptions
GetVpcDhcpOptionsArgs
GetVpcDhcpOptionsResult
GetVpcEndpoint
GetVpcEndpointArgs
GetVpcEndpointResult
GetVpcEndpointService
GetVpcEndpointServiceArgs
GetVpcEndpointServiceResult
GetVpcPeeringConnection
GetVpcPeeringConnectionArgs
GetVpcPeeringConnectionResult
GetVpcResult
GetVpcs
GetVpcsArgs
GetVpcsResult
GetVpnGateway
GetVpnGatewayArgs
GetVpnGatewayResult
Instance
Provides an EC2 instance resource. This allows instances to be created, updated, and deleted. Instances also support provisioning.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var ubuntu = Output.Create(Aws.GetAmi.InvokeAsync(new Aws.GetAmiArgs
{
Filters =
{
new Aws.Inputs.GetAmiFilterArgs
{
Name = "name",
Values =
{
"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*",
},
},
new Aws.Inputs.GetAmiFilterArgs
{
Name = "virtualization-type",
Values =
{
"hvm",
},
},
},
MostRecent = true,
Owners =
{
"099720109477",
},
}));
var web = new Aws.Ec2.Instance("web", new Aws.Ec2.InstanceArgs
{
Ami = ubuntu.Apply(ubuntu => ubuntu.Id),
InstanceType = "t2.micro",
Tags =
{
{ "Name", "HelloWorld" },
},
});
}
}
InstanceArgs
InstanceState
InternetGateway
Provides a resource to create a VPC Internet Gateway.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var gw = new Aws.Ec2.InternetGateway("gw", new Aws.Ec2.InternetGatewayArgs
{
Tags =
{
{ "Name", "main" },
},
VpcId = aws_vpc.Main.Id,
});
}
}
InternetGatewayArgs
InternetGatewayState
KeyPair
Provides an EC2 key pair resource. A key pair is used to control login access to EC2 instances.
Currently this resource requires an existing user-supplied key pair. This key pair's public key will be registered with AWS to allow logging-in to EC2 instances.
When importing an existing key pair the public key material may be in any format supported by AWS. Supported formats (per the AWS documentation) are:
- OpenSSH public key format (the format in ~/.ssh/authorized_keys)
- Base64 encoded DER format
- SSH public key file format as specified in RFC4716
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var deployer = new Aws.Ec2.KeyPair("deployer", new Aws.Ec2.KeyPairArgs
{
PublicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 email@example.com",
});
}
}
KeyPairArgs
KeyPairState
LaunchConfiguration
Provides a resource to create a new launch configuration, used for autoscaling groups.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var ubuntu = Output.Create(Aws.GetAmi.InvokeAsync(new Aws.GetAmiArgs
{
Filters =
{
new Aws.Inputs.GetAmiFilterArgs
{
Name = "name",
Values =
{
"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*",
},
},
new Aws.Inputs.GetAmiFilterArgs
{
Name = "virtualization-type",
Values =
{
"hvm",
},
},
},
MostRecent = true,
Owners =
{
"099720109477",
},
}));
var asConf = new Aws.Ec2.LaunchConfiguration("asConf", new Aws.Ec2.LaunchConfigurationArgs
{
ImageId = ubuntu.Apply(ubuntu => ubuntu.Id),
InstanceType = "t2.micro",
});
}
}
Using with AutoScaling Groups
Launch Configurations cannot be updated after creation with the Amazon
Web Service API. In order to update a Launch Configuration, this provider will
destroy the existing resource and create a replacement. In order to effectively
use a Launch Configuration resource with an AutoScaling Group resource,
it's recommended to specify create_before_destroy in a lifecycle block.
Either omit the Launch Configuration name attribute, or specify a partial name
with name_prefix. Example:
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var ubuntu = Output.Create(Aws.GetAmi.InvokeAsync(new Aws.GetAmiArgs
{
Filters =
{
new Aws.Inputs.GetAmiFilterArgs
{
Name = "name",
Values =
{
"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*",
},
},
new Aws.Inputs.GetAmiFilterArgs
{
Name = "virtualization-type",
Values =
{
"hvm",
},
},
},
MostRecent = true,
Owners =
{
"099720109477",
},
}));
var asConf = new Aws.Ec2.LaunchConfiguration("asConf", new Aws.Ec2.LaunchConfigurationArgs
{
ImageId = ubuntu.Apply(ubuntu => ubuntu.Id),
InstanceType = "t2.micro",
NamePrefix = "lc-example-",
});
var bar = new Aws.AutoScaling.Group("bar", new Aws.AutoScaling.GroupArgs
{
LaunchConfiguration = asConf.Name,
MaxSize = 2,
MinSize = 1,
});
}
}
With this setup this provider generates a unique name for your Launch Configuration and can then update the AutoScaling Group without conflict before destroying the previous Launch Configuration.
Using with Spot Instances
Launch configurations can set the spot instance pricing to be used for the
Auto Scaling Group to reserve instances. Simply specifying the spot_price
parameter will set the price on the Launch Configuration which will attempt to
reserve your instances at this price. See the AWS Spot Instance
documentation
for more information or how to launch Spot Instances with this provider.
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var ubuntu = Output.Create(Aws.GetAmi.InvokeAsync(new Aws.GetAmiArgs
{
Filters =
{
new Aws.Inputs.GetAmiFilterArgs
{
Name = "name",
Values =
{
"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*",
},
},
new Aws.Inputs.GetAmiFilterArgs
{
Name = "virtualization-type",
Values =
{
"hvm",
},
},
},
MostRecent = true,
Owners =
{
"099720109477",
},
}));
var asConf = new Aws.Ec2.LaunchConfiguration("asConf", new Aws.Ec2.LaunchConfigurationArgs
{
ImageId = ubuntu.Apply(ubuntu => ubuntu.Id),
InstanceType = "m4.large",
SpotPrice = "0.001",
});
var bar = new Aws.AutoScaling.Group("bar", new Aws.AutoScaling.GroupArgs
{
LaunchConfiguration = asConf.Name,
});
}
}
Block devices
Each of the *_block_device attributes controls a portion of the AWS
Launch Configuration's "Block Device Mapping". It's a good idea to familiarize yourself with AWS's Block Device
Mapping docs
to understand the implications of using these attributes.
The root_block_device mapping supports the following:
volume_type- (Optional) The type of volume. Can be"standard","gp2", or"io1". (Default:"standard").volume_size- (Optional) The size of the volume in gigabytes.iops- (Optional) The amount of provisioned IOPS. This must be set with avolume_typeof"io1".delete_on_termination- (Optional) Whether the volume should be destroyed on instance termination (Default:true).encrypted- (Optional) Whether the volume should be encrypted or not. (Default:false).
Modifying any of the root_block_device settings requires resource
replacement.
Each ebs_block_device supports the following:
device_name- (Required) The name of the device to mount.snapshot_id- (Optional) The Snapshot ID to mount.volume_type- (Optional) The type of volume. Can be"standard","gp2", or"io1". (Default:"standard").volume_size- (Optional) The size of the volume in gigabytes.iops- (Optional) The amount of provisioned IOPS. This must be set with avolume_typeof"io1".delete_on_termination- (Optional) Whether the volume should be destroyed on instance termination (Default:true).encrypted- (Optional) Whether the volume should be encrypted or not. Do not use this option if you are usingsnapshot_idas the encrypted flag will be determined by the snapshot. (Default:false).
Modifying any ebs_block_device currently requires resource replacement.
Each ephemeral_block_device supports the following:
device_name- The name of the block device to mount on the instance.virtual_name- The Instance Store Device Name (e.g."ephemeral0")
Each AWS Instance type has a different set of Instance Store block devices
available for attachment. AWS publishes a
list
of which ephemeral devices are available on each type. The devices are always
identified by the virtual_name in the format "ephemeral{0..N}".
NOTE: Changes to
*_block_deviceconfiguration of existing resources cannot currently be detected by this provider. After updating to block device configuration, resource recreation can be manually triggered by using theupcommand with the --replace argument.
LaunchConfigurationArgs
LaunchConfigurationState
LaunchTemplate
Provides an EC2 launch template resource. Can be used to create instances or auto scaling groups.
LaunchTemplateArgs
LaunchTemplateState
MainRouteTableAssociation
Provides a resource for managing the main routing table of a VPC.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var mainRouteTableAssociation = new Aws.Ec2.MainRouteTableAssociation("mainRouteTableAssociation", new Aws.Ec2.MainRouteTableAssociationArgs
{
RouteTableId = aws_route_table.Bar.Id,
VpcId = aws_vpc.Foo.Id,
});
}
}
Notes
On VPC creation, the AWS API always creates an initial Main Route Table. This
resource records the ID of that Route Table under original_route_table_id.
The "Delete" action for a main_route_table_association consists of resetting
this original table as the Main Route Table for the VPC. You'll see this
additional Route Table in the AWS console; it must remain intact in order for
the main_route_table_association delete to work properly.
MainRouteTableAssociationArgs
MainRouteTableAssociationState
NatGateway
Provides a resource to create a VPC NAT Gateway.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var gw = new Aws.Ec2.NatGateway("gw", new Aws.Ec2.NatGatewayArgs
{
AllocationId = aws_eip.Nat.Id,
SubnetId = aws_subnet.Example.Id,
});
}
}
NatGatewayArgs
NatGatewayState
NetworkAcl
Provides an network ACL resource. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC.
NOTE on Network ACLs and Network ACL Rules: This provider currently provides both a standalone Network ACL Rule resource and a Network ACL resource with rules defined in-line. At this time you cannot use a Network ACL with in-line rules in conjunction with any Network ACL Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var main = new Aws.Ec2.NetworkAcl("main", new Aws.Ec2.NetworkAclArgs
{
Egress =
{
new Aws.Ec2.Inputs.NetworkAclEgressArgs
{
Action = "allow",
CidrBlock = "10.3.0.0/18",
FromPort = 443,
Protocol = "tcp",
RuleNo = 200,
ToPort = 443,
},
},
Ingress =
{
new Aws.Ec2.Inputs.NetworkAclIngressArgs
{
Action = "allow",
CidrBlock = "10.3.0.0/18",
FromPort = 80,
Protocol = "tcp",
RuleNo = 100,
ToPort = 80,
},
},
Tags =
{
{ "Name", "main" },
},
VpcId = aws_vpc.Main.Id,
});
}
}
NetworkAclArgs
NetworkAclRule
Creates an entry (a rule) in a network ACL with the specified rule number.
NOTE on Network ACLs and Network ACL Rules: This provider currently provides both a standalone Network ACL Rule resource and a Network ACL resource with rules defined in-line. At this time you cannot use a Network ACL with in-line rules in conjunction with any Network ACL Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var barNetworkAcl = new Aws.Ec2.NetworkAcl("barNetworkAcl", new Aws.Ec2.NetworkAclArgs
{
VpcId = aws_vpc.Foo.Id,
});
var barNetworkAclRule = new Aws.Ec2.NetworkAclRule("barNetworkAclRule", new Aws.Ec2.NetworkAclRuleArgs
{
NetworkAclId = barNetworkAcl.Id,
RuleNumber = 200,
Egress = false,
Protocol = "tcp",
RuleAction = "allow",
CidrBlock = aws_vpc.Foo.Cidr_block,
FromPort = 22,
ToPort = 22,
});
}
}
NetworkAclRuleArgs
NetworkAclRuleState
NetworkAclState
NetworkInterface
Provides an Elastic network interface (ENI) resource.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var test = new Aws.Ec2.NetworkInterface("test", new Aws.Ec2.NetworkInterfaceArgs
{
Attachments =
{
new Aws.Ec2.Inputs.NetworkInterfaceAttachmentArgs
{
DeviceIndex = 1,
Instance = aws_instance.Test.Id,
},
},
PrivateIps =
{
"10.0.0.50",
},
SecurityGroups =
{
aws_security_group.Web.Id,
},
SubnetId = aws_subnet.Public_a.Id,
});
}
}
NetworkInterfaceArgs
NetworkInterfaceAttachment
Attach an Elastic network interface (ENI) resource with EC2 instance.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var test = new Aws.Ec2.NetworkInterfaceAttachment("test", new Aws.Ec2.NetworkInterfaceAttachmentArgs
{
DeviceIndex = 0,
InstanceId = aws_instance.Test.Id,
NetworkInterfaceId = aws_network_interface.Test.Id,
});
}
}
NetworkInterfaceAttachmentArgs
NetworkInterfaceAttachmentState
NetworkInterfaceSecurityGroupAttachment
This resource attaches a security group to an Elastic Network Interface (ENI). It can be used to attach a security group to any existing ENI, be it a secondary ENI or one attached as the primary interface on an instance.
NOTE on instances, interfaces, and security groups: This provider currently provides the capability to assign security groups via the
aws.ec2.Instanceand theaws.ec2.NetworkInterfaceresources. Using this resource in conjunction with security groups provided in-line in those resources will cause conflicts, and will lead to spurious diffs and undefined behavior - please use one or the other.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var ami = Output.Create(Aws.GetAmi.InvokeAsync(new Aws.GetAmiArgs
{
Filters =
{
new Aws.Inputs.GetAmiFilterArgs
{
Name = "name",
Values =
{
"amzn-ami-hvm-*",
},
},
},
MostRecent = true,
Owners =
{
"amazon",
},
}));
var instance = new Aws.Ec2.Instance("instance", new Aws.Ec2.InstanceArgs
{
Ami = ami.Apply(ami => ami.Id),
InstanceType = "t2.micro",
Tags =
{
{ "type", "test-instance" },
},
});
var sg = new Aws.Ec2.SecurityGroup("sg", new Aws.Ec2.SecurityGroupArgs
{
Tags =
{
{ "type", "test-security-group" },
},
});
var sgAttachment = new Aws.Ec2.NetworkInterfaceSecurityGroupAttachment("sgAttachment", new Aws.Ec2.NetworkInterfaceSecurityGroupAttachmentArgs
{
NetworkInterfaceId = instance.PrimaryNetworkInterfaceId,
SecurityGroupId = sg.Id,
});
}
}
Output Reference
There are no outputs for this resource.
NetworkInterfaceSecurityGroupAttachmentArgs
NetworkInterfaceSecurityGroupAttachmentState
NetworkInterfaceState
PeeringConnectionOptions
Provides a resource to manage VPC peering connection options.
NOTE on VPC Peering Connections and VPC Peering Connection Options: This provider provides both a standalone VPC Peering Connection Options and a VPC Peering Connection resource with
accepterandrequesterattributes. Do not manage options for the same VPC peering connection in both a VPC Peering Connection resource and a VPC Peering Connection Options resource. Doing so will cause a conflict of options and will overwrite the options. Using a VPC Peering Connection Options resource decouples management of the connection options from management of the VPC Peering Connection and allows options to be set correctly in cross-region and cross-account scenarios.
Basic usage:
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var fooVpc = new Aws.Ec2.Vpc("fooVpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
var bar = new Aws.Ec2.Vpc("bar", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.1.0.0/16",
});
var fooVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection("fooVpcPeeringConnection", new Aws.Ec2.VpcPeeringConnectionArgs
{
AutoAccept = true,
PeerVpcId = bar.Id,
VpcId = fooVpc.Id,
});
var fooPeeringConnectionOptions = new Aws.Ec2.PeeringConnectionOptions("fooPeeringConnectionOptions", new Aws.Ec2.PeeringConnectionOptionsArgs
{
Accepter = new Aws.Ec2.Inputs.PeeringConnectionOptionsAccepterArgs
{
AllowRemoteVpcDnsResolution = true,
},
Requester = new Aws.Ec2.Inputs.PeeringConnectionOptionsRequesterArgs
{
AllowClassicLinkToRemoteVpc = true,
AllowVpcToRemoteClassicLink = true,
},
VpcPeeringConnectionId = fooVpcPeeringConnection.Id,
});
}
}
Basic cross-account usage:
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var requester = new Aws.Provider("requester", new Aws.ProviderArgs
{
});
var accepter = new Aws.Provider("accepter", new Aws.ProviderArgs
{
});
var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
EnableDnsHostnames = true,
EnableDnsSupport = true,
});
var peerVpc = new Aws.Ec2.Vpc("peerVpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.1.0.0/16",
EnableDnsHostnames = true,
EnableDnsSupport = true,
});
var peerCallerIdentity = Output.Create(Aws.GetCallerIdentity.InvokeAsync());
// Requester's side of the connection.
var peerVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection("peerVpcPeeringConnection", new Aws.Ec2.VpcPeeringConnectionArgs
{
AutoAccept = false,
PeerOwnerId = peerCallerIdentity.Apply(peerCallerIdentity => peerCallerIdentity.AccountId),
PeerVpcId = peerVpc.Id,
Tags =
{
{ "Side", "Requester" },
},
VpcId = main.Id,
});
// Accepter's side of the connection.
var peerVpcPeeringConnectionAccepter = new Aws.Ec2.VpcPeeringConnectionAccepter("peerVpcPeeringConnectionAccepter", new Aws.Ec2.VpcPeeringConnectionAccepterArgs
{
AutoAccept = true,
Tags =
{
{ "Side", "Accepter" },
},
VpcPeeringConnectionId = peerVpcPeeringConnection.Id,
});
var requesterPeeringConnectionOptions = new Aws.Ec2.PeeringConnectionOptions("requesterPeeringConnectionOptions", new Aws.Ec2.PeeringConnectionOptionsArgs
{
Requester = new Aws.Ec2.Inputs.PeeringConnectionOptionsRequesterArgs
{
AllowRemoteVpcDnsResolution = true,
},
VpcPeeringConnectionId = peerVpcPeeringConnectionAccepter.Id,
});
var accepterPeeringConnectionOptions = new Aws.Ec2.PeeringConnectionOptions("accepterPeeringConnectionOptions", new Aws.Ec2.PeeringConnectionOptionsArgs
{
Accepter = new Aws.Ec2.Inputs.PeeringConnectionOptionsAccepterArgs
{
AllowRemoteVpcDnsResolution = true,
},
VpcPeeringConnectionId = peerVpcPeeringConnectionAccepter.Id,
});
}
}
PeeringConnectionOptionsArgs
PeeringConnectionOptionsState
PlacementGroup
Provides an EC2 placement group. Read more about placement groups in AWS Docs.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var web = new Aws.Ec2.PlacementGroup("web", new Aws.Ec2.PlacementGroupArgs
{
Strategy = "cluster",
});
}
}
PlacementGroupArgs
PlacementGroupState
ProxyProtocolPolicy
Provides a proxy protocol policy, which allows an ELB to carry a client connection information to a backend.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var lb = new Aws.Elb.LoadBalancer("lb", new Aws.Elb.LoadBalancerArgs
{
AvailabilityZones =
{
"us-east-1a",
},
Listeners =
{
new Aws.Elb.Inputs.LoadBalancerListenerArgs
{
InstancePort = 25,
InstanceProtocol = "tcp",
LbPort = 25,
LbProtocol = "tcp",
},
new Aws.Elb.Inputs.LoadBalancerListenerArgs
{
InstancePort = 587,
InstanceProtocol = "tcp",
LbPort = 587,
LbProtocol = "tcp",
},
},
});
var smtp = new Aws.Ec2.ProxyProtocolPolicy("smtp", new Aws.Ec2.ProxyProtocolPolicyArgs
{
InstancePorts =
{
"25",
"587",
},
LoadBalancer = lb.Name,
});
}
}
ProxyProtocolPolicyArgs
ProxyProtocolPolicyState
Route
Provides a resource to create a routing table entry (a route) in a VPC routing table.
NOTE on Route Tables and Routes: This provider currently provides both a standalone Route resource and a Route Table resource with routes defined in-line. At this time you cannot use a Route Table with in-line routes in conjunction with any Route resources. Doing so will cause a conflict of rule settings and will overwrite rules.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var route = new Aws.Ec2.Route("route", new Aws.Ec2.RouteArgs
{
RouteTableId = "rtb-4fbb3ac4",
DestinationCidrBlock = "10.0.1.0/22",
VpcPeeringConnectionId = "pcx-45ff3dc1",
});
}
}
Example IPv6 Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var vpc = new Aws.Ec2.Vpc("vpc", new Aws.Ec2.VpcArgs
{
AssignGeneratedIpv6CidrBlock = true,
CidrBlock = "10.1.0.0/16",
});
var egress = new Aws.Ec2.EgressOnlyInternetGateway("egress", new Aws.Ec2.EgressOnlyInternetGatewayArgs
{
VpcId = vpc.Id,
});
var route = new Aws.Ec2.Route("route", new Aws.Ec2.RouteArgs
{
DestinationIpv6CidrBlock = "::/0",
EgressOnlyGatewayId = egress.Id,
RouteTableId = "rtb-4fbb3ac4",
});
}
}
RouteArgs
RouteState
RouteTable
Provides a resource to create a VPC routing table.
NOTE on Route Tables and Routes: This provider currently provides both a standalone Route resource and a Route Table resource with routes defined in-line. At this time you cannot use a Route Table with in-line routes in conjunction with any Route resources. Doing so will cause a conflict of rule settings and will overwrite rules.
NOTE on
gateway_idandnat_gateway_id: The AWS API is very forgiving with these two attributes and theaws.ec2.RouteTableresource can be created with a NAT ID specified as a Gateway ID attribute. This will lead to a permanent diff between your configuration and statefile, as the API returns the correct parameters in the returned route table. If you're experiencing constant diffs in youraws.ec2.RouteTableresources, the first thing to check is whether or not you're specifying a NAT ID instead of a Gateway ID, or vice-versa.
NOTE on
propagating_vgwsand theaws.ec2.VpnGatewayRoutePropagationresource: If thepropagating_vgwsargument is present, it's not supported to also define route propagations usingaws.ec2.VpnGatewayRoutePropagation, since this resource will delete any propagating gateways not explicitly listed inpropagating_vgws. Omit this argument when defining route propagation using the separate resource.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var routeTable = new Aws.Ec2.RouteTable("routeTable", new Aws.Ec2.RouteTableArgs
{
Routes =
{
new Aws.Ec2.Inputs.RouteTableRouteArgs
{
CidrBlock = "10.0.1.0/24",
GatewayId = aws_internet_gateway.Main.Id,
},
new Aws.Ec2.Inputs.RouteTableRouteArgs
{
EgressOnlyGatewayId = aws_egress_only_internet_gateway.Foo.Id,
Ipv6CidrBlock = "::/0",
},
},
Tags =
{
{ "Name", "main" },
},
VpcId = aws_vpc.Default.Id,
});
}
}
RouteTableArgs
RouteTableAssociation
Provides a resource to create an association between a route table and a subnet or a route table and an internet gateway or virtual private gateway.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var routeTableAssociation = new Aws.Ec2.RouteTableAssociation("routeTableAssociation", new Aws.Ec2.RouteTableAssociationArgs
{
SubnetId = aws_subnet.Foo.Id,
RouteTableId = aws_route_table.Bar.Id,
});
}
}
RouteTableAssociationArgs
RouteTableAssociationState
RouteTableState
SecurityGroup
Provides a security group resource.
NOTE on Security Groups and Security Group Rules: This provider currently provides both a standalone Security Group Rule resource (a single
ingressoregressrule), and a Security Group resource withingressandegressrules defined in-line. At this time you cannot use a Security Group with in-line rules in conjunction with any Security Group Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules.
NOTE: Referencing Security Groups across VPC peering has certain restrictions. More information is available in the VPC Peering User Guide.
NOTE: Due to AWS Lambda improved VPC networking changes that began deploying in September 2019, security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var allowTls = new Aws.Ec2.SecurityGroup("allowTls", new Aws.Ec2.SecurityGroupArgs
{
Description = "Allow TLS inbound traffic",
VpcId = aws_vpc.Main.Id,
Ingress =
{
new Aws.Ec2.Inputs.SecurityGroupIngressArgs
{
Description = "TLS from VPC",
FromPort = 443,
ToPort = 443,
Protocol = "tcp",
CidrBlocks = aws_vpc.Main.Cidr_block,
},
},
Egress =
{
new Aws.Ec2.Inputs.SecurityGroupEgressArgs
{
FromPort = 0,
ToPort = 0,
Protocol = "-1",
CidrBlocks =
{
"0.0.0.0/0",
},
},
},
Tags =
{
{ "Name", "allow_tls" },
},
});
}
}
Usage with prefix list IDs
Prefix list IDs are managed by AWS internally. Prefix list IDs are associated with a prefix list name, or service name, that is linked to a specific region. Prefix list IDs are exported on VPC Endpoints, so you can use this format:
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
// ...
var myEndpoint = new Aws.Ec2.VpcEndpoint("myEndpoint", new Aws.Ec2.VpcEndpointArgs
{
});
}
}
SecurityGroupArgs
SecurityGroupRule
Provides a security group rule resource. Represents a single ingress or
egress group rule, which can be added to external Security Groups.
NOTE on Security Groups and Security Group Rules: This provider currently provides both a standalone Security Group Rule resource (a single
ingressoregressrule), and a Security Group resource withingressandegressrules defined in-line. At this time you cannot use a Security Group with in-line rules in conjunction with any Security Group Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules.
NOTE: Setting
protocol = "all"orprotocol = -1withfrom_portandto_portwill result in the EC2 API creating a security group rule with all ports open. This API behavior cannot be controlled by this provider and may generate warnings in the future.
NOTE: Referencing Security Groups across VPC peering has certain restrictions. More information is available in the VPC Peering User Guide.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.Ec2.SecurityGroupRule("example", new Aws.Ec2.SecurityGroupRuleArgs
{
Type = "ingress",
FromPort = 0,
ToPort = 65535,
Protocol = "tcp",
CidrBlocks = aws_vpc.Example.Cidr_block,
SecurityGroupId = "sg-123456",
});
}
}
Usage with prefix list IDs
Prefix list IDs are manged by AWS internally. Prefix list IDs are associated with a prefix list name, or service name, that is linked to a specific region. Prefix list IDs are exported on VPC Endpoints, so you can use this format:
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
// ...
var myEndpoint = new Aws.Ec2.VpcEndpoint("myEndpoint", new Aws.Ec2.VpcEndpointArgs
{
});
var allowAll = new Aws.Ec2.SecurityGroupRule("allowAll", new Aws.Ec2.SecurityGroupRuleArgs
{
FromPort = 0,
PrefixListIds =
{
myEndpoint.PrefixListId,
},
Protocol = "-1",
SecurityGroupId = "sg-123456",
ToPort = 0,
Type = "egress",
});
}
}
SecurityGroupRuleArgs
SecurityGroupRuleState
SecurityGroupState
SnapshotCreateVolumePermission
Adds permission to create volumes off of a given EBS Snapshot.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.Ebs.Volume("example", new Aws.Ebs.VolumeArgs
{
AvailabilityZone = "us-west-2a",
Size = 40,
});
var exampleSnapshot = new Aws.Ebs.Snapshot("exampleSnapshot", new Aws.Ebs.SnapshotArgs
{
VolumeId = example.Id,
});
var examplePerm = new Aws.Ec2.SnapshotCreateVolumePermission("examplePerm", new Aws.Ec2.SnapshotCreateVolumePermissionArgs
{
AccountId = "12345678",
SnapshotId = exampleSnapshot.Id,
});
}
}
SnapshotCreateVolumePermissionArgs
SnapshotCreateVolumePermissionState
SpotDatafeedSubscription
Note: There is only a single subscription allowed per account.
To help you understand the charges for your Spot instances, Amazon EC2 provides a data feed that describes your Spot instance usage and pricing. This data feed is sent to an Amazon S3 bucket that you specify when you subscribe to the data feed.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var defaultBucket = new Aws.S3.Bucket("defaultBucket", new Aws.S3.BucketArgs
{
});
var defaultSpotDatafeedSubscription = new Aws.Ec2.SpotDatafeedSubscription("defaultSpotDatafeedSubscription", new Aws.Ec2.SpotDatafeedSubscriptionArgs
{
Bucket = defaultBucket.BucketName,
Prefix = "my_subdirectory",
});
}
}
SpotDatafeedSubscriptionArgs
SpotDatafeedSubscriptionState
SpotFleetRequest
Provides an EC2 Spot Fleet Request resource. This allows a fleet of Spot instances to be requested on the Spot market.
Example Usage
Using launch specifications
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
// Request a Spot fleet
var cheapCompute = new Aws.Ec2.SpotFleetRequest("cheapCompute", new Aws.Ec2.SpotFleetRequestArgs
{
AllocationStrategy = "diversified",
IamFleetRole = "arn:aws:iam::12345678:role/spot-fleet",
LaunchSpecifications =
{
new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs
{
Ami = "ami-1234",
IamInstanceProfileArn = aws_iam_instance_profile.Example.Arn,
InstanceType = "m4.10xlarge",
PlacementTenancy = "dedicated",
SpotPrice = "2.793",
},
new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs
{
Ami = "ami-5678",
AvailabilityZone = "us-west-1a",
IamInstanceProfileArn = aws_iam_instance_profile.Example.Arn,
InstanceType = "m4.4xlarge",
KeyName = "my-key",
RootBlockDevice =
{
{
{ "volumeSize", "300" },
{ "volumeType", "gp2" },
},
},
SpotPrice = "1.117",
SubnetId = "subnet-1234",
Tags =
{
{ "Name", "spot-fleet-example" },
},
WeightedCapacity = 35,
},
},
SpotPrice = "0.03",
TargetCapacity = 6,
ValidUntil = "2019-11-04T20:44:20Z",
});
}
}
Using multiple launch specifications
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var foo = new Aws.Ec2.SpotFleetRequest("foo", new Aws.Ec2.SpotFleetRequestArgs
{
IamFleetRole = "arn:aws:iam::12345678:role/spot-fleet",
LaunchSpecifications =
{
new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs
{
Ami = "ami-d06a90b0",
AvailabilityZone = "us-west-2a",
InstanceType = "m1.small",
KeyName = "my-key",
},
new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs
{
Ami = "ami-d06a90b0",
AvailabilityZone = "us-west-2a",
InstanceType = "m5.large",
KeyName = "my-key",
},
},
SpotPrice = "0.005",
TargetCapacity = 2,
ValidUntil = "2019-11-04T20:44:20Z",
});
}
}
SpotFleetRequestArgs
SpotFleetRequestState
SpotInstanceRequest
Provides an EC2 Spot Instance Request resource. This allows instances to be requested on the spot market.
By default this provider creates Spot Instance Requests with a persistent type,
which means that for the duration of their lifetime, AWS will launch an
instance with the configured details if and when the spot market will accept
the requested price.
On destruction, this provider will make an attempt to terminate the associated Spot Instance if there is one present.
Spot Instances requests with a one-time type will close the spot request
when the instance is terminated either by the request being below the current spot
price availability or by a user.
NOTE: Because their behavior depends on the live status of the spot market, Spot Instance Requests have a unique lifecycle that makes them behave differently than other resources. Most importantly: there is no guarantee that a Spot Instance exists to fulfill the request at any given point in time. See the AWS Spot Instance documentation for more information.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
// Request a spot instance at $0.03
var cheapWorker = new Aws.Ec2.SpotInstanceRequest("cheapWorker", new Aws.Ec2.SpotInstanceRequestArgs
{
Ami = "ami-1234",
InstanceType = "c4.xlarge",
SpotPrice = "0.03",
Tags =
{
{ "Name", "CheapWorker" },
},
});
}
}
SpotInstanceRequestArgs
SpotInstanceRequestState
Subnet
Provides an VPC subnet resource.
NOTE: Due to AWS Lambda improved VPC networking changes that began deploying in September 2019, subnets associated with Lambda Functions can take up to 45 minutes to successfully delete.
Example Usage
Basic Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var main = new Aws.Ec2.Subnet("main", new Aws.Ec2.SubnetArgs
{
CidrBlock = "10.0.1.0/24",
Tags =
{
{ "Name", "Main" },
},
VpcId = aws_vpc.Main.Id,
});
}
}
Subnets In Secondary VPC CIDR Blocks
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var secondaryCidr = new Aws.Ec2.VpcIpv4CidrBlockAssociation("secondaryCidr", new Aws.Ec2.VpcIpv4CidrBlockAssociationArgs
{
CidrBlock = "172.2.0.0/16",
VpcId = aws_vpc.Main.Id,
});
var inSecondaryCidr = new Aws.Ec2.Subnet("inSecondaryCidr", new Aws.Ec2.SubnetArgs
{
CidrBlock = "172.2.0.0/24",
VpcId = secondaryCidr.VpcId,
});
}
}
SubnetArgs
SubnetState
TrafficMirrorFilter
Provides an Traffic mirror filter.
Read limits and considerations for traffic mirroring
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var foo = new Aws.Ec2.TrafficMirrorFilter("foo", new Aws.Ec2.TrafficMirrorFilterArgs
{
Description = "traffic mirror filter - example",
NetworkServices =
{
"amazon-dns",
},
});
}
}
TrafficMirrorFilterArgs
TrafficMirrorFilterRule
Provides an Traffic mirror filter rule.
Read limits and considerations for traffic mirroring
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var filter = new Aws.Ec2.TrafficMirrorFilter("filter", new Aws.Ec2.TrafficMirrorFilterArgs
{
Description = "traffic mirror filter - example",
NetworkServices =
{
"amazon-dns",
},
});
var ruleout = new Aws.Ec2.TrafficMirrorFilterRule("ruleout", new Aws.Ec2.TrafficMirrorFilterRuleArgs
{
Description = "test rule",
DestinationCidrBlock = "10.0.0.0/8",
RuleAction = "accept",
RuleNumber = 1,
SourceCidrBlock = "10.0.0.0/8",
TrafficDirection = "egress",
TrafficMirrorFilterId = filter.Id,
});
var rulein = new Aws.Ec2.TrafficMirrorFilterRule("rulein", new Aws.Ec2.TrafficMirrorFilterRuleArgs
{
Description = "test rule",
DestinationCidrBlock = "10.0.0.0/8",
DestinationPortRange = new Aws.Ec2.Inputs.TrafficMirrorFilterRuleDestinationPortRangeArgs
{
FromPort = 22,
ToPort = 53,
},
Protocol = 6,
RuleAction = "accept",
RuleNumber = 1,
SourceCidrBlock = "10.0.0.0/8",
SourcePortRange = new Aws.Ec2.Inputs.TrafficMirrorFilterRuleSourcePortRangeArgs
{
FromPort = 0,
ToPort = 10,
},
TrafficDirection = "ingress",
TrafficMirrorFilterId = filter.Id,
});
}
}
TrafficMirrorFilterRuleArgs
TrafficMirrorFilterRuleState
TrafficMirrorFilterState
TrafficMirrorSession
Provides an Traffic mirror session.
Read limits and considerations for traffic mirroring
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var filter = new Aws.Ec2.TrafficMirrorFilter("filter", new Aws.Ec2.TrafficMirrorFilterArgs
{
Description = "traffic mirror filter - example",
NetworkServices =
{
"amazon-dns",
},
});
var target = new Aws.Ec2.TrafficMirrorTarget("target", new Aws.Ec2.TrafficMirrorTargetArgs
{
NetworkLoadBalancerArn = aws_lb.Lb.Arn,
});
var session = new Aws.Ec2.TrafficMirrorSession("session", new Aws.Ec2.TrafficMirrorSessionArgs
{
Description = "traffic mirror session - example",
NetworkInterfaceId = aws_instance.Test.Primary_network_interface_id,
TrafficMirrorFilterId = filter.Id,
TrafficMirrorTargetId = target.Id,
});
}
}
TrafficMirrorSessionArgs
TrafficMirrorSessionState
TrafficMirrorTarget
Provides an Traffic mirror target.
Read limits and considerations for traffic mirroring
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var nlb = new Aws.Ec2.TrafficMirrorTarget("nlb", new Aws.Ec2.TrafficMirrorTargetArgs
{
Description = "NLB target",
NetworkLoadBalancerArn = aws_lb.Lb.Arn,
});
var eni = new Aws.Ec2.TrafficMirrorTarget("eni", new Aws.Ec2.TrafficMirrorTargetArgs
{
Description = "ENI target",
NetworkInterfaceId = aws_instance.Test.Primary_network_interface_id,
});
}
}
TrafficMirrorTargetArgs
TrafficMirrorTargetState
TransitGatewayPeeringAttachmentAccepter
Manages the accepter's side of an EC2 Transit Gateway Peering Attachment.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.Ec2.TransitGatewayPeeringAttachmentAccepter("example", new Aws.Ec2.TransitGatewayPeeringAttachmentAccepterArgs
{
Tags =
{
{ "Name", "Example cross-account attachment" },
},
TransitGatewayAttachmentId = aws_ec2_transit_gateway_peering_attachment.Example.Id,
});
}
}
TransitGatewayPeeringAttachmentAccepterArgs
TransitGatewayPeeringAttachmentAccepterState
VolumeAttachment
Provides an AWS EBS Volume Attachment as a top level resource, to attach and detach volumes from AWS Instances.
NOTE on EBS block devices: If you use
ebs_block_deviceon anaws.ec2.Instance, this provider will assume management over the full set of non-root EBS block devices for the instance, and treats additional block devices as drift. For this reason,ebs_block_devicecannot be mixed with externalaws.ebs.Volume+aws_ebs_volume_attachmentresources for a given instance.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var web = new Aws.Ec2.Instance("web", new Aws.Ec2.InstanceArgs
{
Ami = "ami-21f78e11",
AvailabilityZone = "us-west-2a",
InstanceType = "t1.micro",
Tags =
{
{ "Name", "HelloWorld" },
},
});
var example = new Aws.Ebs.Volume("example", new Aws.Ebs.VolumeArgs
{
AvailabilityZone = "us-west-2a",
Size = 1,
});
var ebsAtt = new Aws.Ec2.VolumeAttachment("ebsAtt", new Aws.Ec2.VolumeAttachmentArgs
{
DeviceName = "/dev/sdh",
InstanceId = web.Id,
VolumeId = example.Id,
});
}
}
VolumeAttachmentArgs
VolumeAttachmentState
Vpc
Provides a VPC resource.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
}
}
VpcArgs
VpcDhcpOptions
Provides a VPC DHCP Options resource.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var dnsResolver = new Aws.Ec2.VpcDhcpOptions("dnsResolver", new Aws.Ec2.VpcDhcpOptionsArgs
{
DomainNameServers =
{
"8.8.8.8",
"8.8.4.4",
},
});
}
}
Remarks
- Notice that all arguments are optional but you have to specify at least one argument.
domain_name_servers,netbios_name_servers,ntp_serversare limited by AWS to maximum four servers only.- To actually use the DHCP Options Set you need to associate it to a VPC using
aws.ec2.VpcDhcpOptionsAssociation. - If you delete a DHCP Options Set, all VPCs using it will be associated to AWS's
defaultDHCP Option Set. - In most cases unless you're configuring your own DNS you'll want to set
domain_name_serverstoAmazonProvidedDNS.
VpcDhcpOptionsArgs
VpcDhcpOptionsAssociation
Provides a VPC DHCP Options Association resource.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var dnsResolver = new Aws.Ec2.VpcDhcpOptionsAssociation("dnsResolver", new Aws.Ec2.VpcDhcpOptionsAssociationArgs
{
DhcpOptionsId = aws_vpc_dhcp_options.Foo.Id,
VpcId = aws_vpc.Foo.Id,
});
}
}
Remarks
- You can only associate one DHCP Options Set to a given VPC ID.
- Removing the DHCP Options Association automatically sets AWS's
defaultDHCP Options Set to the VPC.
VpcDhcpOptionsAssociationArgs
VpcDhcpOptionsAssociationState
VpcDhcpOptionsState
VpcEndpoint
Provides a VPC Endpoint resource.
NOTE on VPC Endpoints and VPC Endpoint Associations: This provider provides both standalone VPC Endpoint Associations for Route Tables - (an association between a VPC endpoint and a single
route_table_id) and Subnets - (an association between a VPC endpoint and a singlesubnet_id) and a VPC Endpoint resource withroute_table_idsandsubnet_idsattributes. Do not use the same resource ID in both a VPC Endpoint resource and a VPC Endpoint Association resource. Doing so will cause a conflict of associations and will overwrite the association.
Example Usage
Basic
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var s3 = new Aws.Ec2.VpcEndpoint("s3", new Aws.Ec2.VpcEndpointArgs
{
ServiceName = "com.amazonaws.us-west-2.s3",
VpcId = aws_vpc.Main.Id,
});
}
}
Basic w/ Tags
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var s3 = new Aws.Ec2.VpcEndpoint("s3", new Aws.Ec2.VpcEndpointArgs
{
ServiceName = "com.amazonaws.us-west-2.s3",
Tags =
{
{ "Environment", "test" },
},
VpcId = aws_vpc.Main.Id,
});
}
}
Interface Endpoint Type
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var ec2 = new Aws.Ec2.VpcEndpoint("ec2", new Aws.Ec2.VpcEndpointArgs
{
PrivateDnsEnabled = true,
SecurityGroupIds =
{
aws_security_group.Sg1.Id,
},
ServiceName = "com.amazonaws.us-west-2.ec2",
VpcEndpointType = "Interface",
VpcId = aws_vpc.Main.Id,
});
}
}
Non-AWS Service
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var ptfeServiceVpcEndpoint = new Aws.Ec2.VpcEndpoint("ptfeServiceVpcEndpoint", new Aws.Ec2.VpcEndpointArgs
{
PrivateDnsEnabled = false,
SecurityGroupIds =
{
aws_security_group.Ptfe_service.Id,
},
ServiceName = @var.Ptfe_service,
SubnetIds =
{
local.Subnet_ids,
},
VpcEndpointType = "Interface",
VpcId = @var.Vpc_id,
});
var @internal = Output.Create(Aws.Route53.GetZone.InvokeAsync(new Aws.Route53.GetZoneArgs
{
Name = "vpc.internal.",
PrivateZone = true,
VpcId = @var.Vpc_id,
}));
var ptfeServiceRecord = new Aws.Route53.Record("ptfeServiceRecord", new Aws.Route53.RecordArgs
{
Name = @internal.Apply(@internal => $"ptfe.{@internal.Name}"),
Records =
{
ptfeServiceVpcEndpoint.DnsEntries.Apply(dnsEntries => dnsEntries[0])["dns_name"],
},
Ttl = "300",
Type = "CNAME",
ZoneId = @internal.Apply(@internal => @internal.ZoneId),
});
}
}
VpcEndpointArgs
VpcEndpointConnectionNotification
Provides a VPC Endpoint connection notification resource. Connection notifications notify subscribers of VPC Endpoint events.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var topic = new Aws.Sns.Topic("topic", new Aws.Sns.TopicArgs
{
Policy = @"{
""Version"":""2012-10-17"",
""Statement"":[{
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""vpce.amazonaws.com""
},
""Action"": ""SNS:Publish"",
""Resource"": ""arn:aws:sns:*:*:vpce-notification-topic""
}]
}
",
});
var fooVpcEndpointService = new Aws.Ec2.VpcEndpointService("fooVpcEndpointService", new Aws.Ec2.VpcEndpointServiceArgs
{
AcceptanceRequired = false,
NetworkLoadBalancerArns =
{
aws_lb.Test.Arn,
},
});
var fooVpcEndpointConnectionNotification = new Aws.Ec2.VpcEndpointConnectionNotification("fooVpcEndpointConnectionNotification", new Aws.Ec2.VpcEndpointConnectionNotificationArgs
{
ConnectionEvents =
{
"Accept",
"Reject",
},
ConnectionNotificationArn = topic.Arn,
VpcEndpointServiceId = fooVpcEndpointService.Id,
});
}
}
VpcEndpointConnectionNotificationArgs
VpcEndpointConnectionNotificationState
VpcEndpointRouteTableAssociation
Manages a VPC Endpoint Route Table Association
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.Ec2.VpcEndpointRouteTableAssociation("example", new Aws.Ec2.VpcEndpointRouteTableAssociationArgs
{
RouteTableId = aws_route_table.Example.Id,
VpcEndpointId = aws_vpc_endpoint.Example.Id,
});
}
}
VpcEndpointRouteTableAssociationArgs
VpcEndpointRouteTableAssociationState
VpcEndpointService
Provides a VPC Endpoint Service resource. Service consumers can create an Interface VPC Endpoint to connect to the service.
NOTE on VPC Endpoint Services and VPC Endpoint Service Allowed Principals: This provider provides both a standalone VPC Endpoint Service Allowed Principal resource and a VPC Endpoint Service resource with an
allowed_principalsattribute. Do not use the same principal ARN in both a VPC Endpoint Service resource and a VPC Endpoint Service Allowed Principal resource. Doing so will cause a conflict and will overwrite the association.
Example Usage
Basic
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.Ec2.VpcEndpointService("example", new Aws.Ec2.VpcEndpointServiceArgs
{
AcceptanceRequired = false,
NetworkLoadBalancerArns =
{
aws_lb.Example.Arn,
},
});
}
}
Basic w/ Tags
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.Ec2.VpcEndpointService("example", new Aws.Ec2.VpcEndpointServiceArgs
{
AcceptanceRequired = false,
NetworkLoadBalancerArns =
{
aws_lb.Example.Arn,
},
Tags =
{
{ "Environment", "test" },
},
});
}
}
VpcEndpointServiceAllowedPrinciple
Provides a resource to allow a principal to discover a VPC endpoint service.
NOTE on VPC Endpoint Services and VPC Endpoint Service Allowed Principals: This provider provides both a standalone VPC Endpoint Service Allowed Principal resource and a VPC Endpoint Service resource with an
allowed_principalsattribute. Do not use the same principal ARN in both a VPC Endpoint Service resource and a VPC Endpoint Service Allowed Principal resource. Doing so will cause a conflict and will overwrite the association.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var current = Output.Create(Aws.GetCallerIdentity.InvokeAsync());
var allowMeToFoo = new Aws.Ec2.VpcEndpointServiceAllowedPrinciple("allowMeToFoo", new Aws.Ec2.VpcEndpointServiceAllowedPrincipleArgs
{
PrincipalArn = current.Apply(current => current.Arn),
VpcEndpointServiceId = aws_vpc_endpoint_service.Foo.Id,
});
}
}
VpcEndpointServiceAllowedPrincipleArgs
VpcEndpointServiceAllowedPrincipleState
VpcEndpointServiceArgs
VpcEndpointServiceState
VpcEndpointState
VpcEndpointSubnetAssociation
Provides a resource to create an association between a VPC endpoint and a subnet.
NOTE on VPC Endpoints and VPC Endpoint Subnet Associations: This provider provides both a standalone VPC Endpoint Subnet Association (an association between a VPC endpoint and a single
subnet_id) and a VPC Endpoint resource with asubnet_idsattribute. Do not use the same subnet ID in both a VPC Endpoint resource and a VPC Endpoint Subnet Association resource. Doing so will cause a conflict of associations and will overwrite the association.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var snEc2 = new Aws.Ec2.VpcEndpointSubnetAssociation("snEc2", new Aws.Ec2.VpcEndpointSubnetAssociationArgs
{
SubnetId = aws_subnet.Sn.Id,
VpcEndpointId = aws_vpc_endpoint.Ec2.Id,
});
}
}
VpcEndpointSubnetAssociationArgs
VpcEndpointSubnetAssociationState
VpcIpv4CidrBlockAssociation
Provides a resource to associate additional IPv4 CIDR blocks with a VPC.
When a VPC is created, a primary IPv4 CIDR block for the VPC must be specified.
The aws.ec2.VpcIpv4CidrBlockAssociation resource allows further IPv4 CIDR blocks to be added to the VPC.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
var secondaryCidr = new Aws.Ec2.VpcIpv4CidrBlockAssociation("secondaryCidr", new Aws.Ec2.VpcIpv4CidrBlockAssociationArgs
{
CidrBlock = "172.2.0.0/16",
VpcId = main.Id,
});
}
}
VpcIpv4CidrBlockAssociationArgs
VpcIpv4CidrBlockAssociationState
VpcPeeringConnection
Provides a resource to manage a VPC peering connection.
NOTE on VPC Peering Connections and VPC Peering Connection Options: This provider provides both a standalone VPC Peering Connection Options and a VPC Peering Connection resource with
accepterandrequesterattributes. Do not manage options for the same VPC peering connection in both a VPC Peering Connection resource and a VPC Peering Connection Options resource. Doing so will cause a conflict of options and will overwrite the options. Using a VPC Peering Connection Options resource decouples management of the connection options from management of the VPC Peering Connection and allows options to be set correctly in cross-account scenarios.
Note: For cross-account (requester's AWS account differs from the accepter's AWS account) or inter-region VPC Peering Connections use the
aws.ec2.VpcPeeringConnectionresource to manage the requester's side of the connection and use theaws.ec2.VpcPeeringConnectionAccepterresource to manage the accepter's side of the connection.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var foo = new Aws.Ec2.VpcPeeringConnection("foo", new Aws.Ec2.VpcPeeringConnectionArgs
{
PeerOwnerId = @var.Peer_owner_id,
PeerVpcId = aws_vpc.Bar.Id,
VpcId = aws_vpc.Foo.Id,
});
}
}
Notes
If both VPCs are not in the same AWS account do not enable the auto_accept attribute.
The accepter can manage its side of the connection using the aws.ec2.VpcPeeringConnectionAccepter resource
or accept the connection manually using the AWS Management Console, AWS CLI, through SDKs, etc.
VpcPeeringConnectionAccepter
Provides a resource to manage the accepter's side of a VPC Peering Connection.
When a cross-account (requester's AWS account differs from the accepter's AWS account) or an inter-region
VPC Peering Connection is created, a VPC Peering Connection resource is automatically created in the
accepter's account.
The requester can use the aws.ec2.VpcPeeringConnection resource to manage its side of the connection
and the accepter can use the aws.ec2.VpcPeeringConnectionAccepter resource to "adopt" its side of the
connection into management.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var peer = new Aws.Provider("peer", new Aws.ProviderArgs
{
Region = "us-west-2",
});
var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
var peerVpc = new Aws.Ec2.Vpc("peerVpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.1.0.0/16",
});
var peerCallerIdentity = Output.Create(Aws.GetCallerIdentity.InvokeAsync());
// Requester's side of the connection.
var peerVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection("peerVpcPeeringConnection", new Aws.Ec2.VpcPeeringConnectionArgs
{
AutoAccept = false,
PeerOwnerId = peerCallerIdentity.Apply(peerCallerIdentity => peerCallerIdentity.AccountId),
PeerRegion = "us-west-2",
PeerVpcId = peerVpc.Id,
Tags =
{
{ "Side", "Requester" },
},
VpcId = main.Id,
});
// Accepter's side of the connection.
var peerVpcPeeringConnectionAccepter = new Aws.Ec2.VpcPeeringConnectionAccepter("peerVpcPeeringConnectionAccepter", new Aws.Ec2.VpcPeeringConnectionAccepterArgs
{
AutoAccept = true,
Tags =
{
{ "Side", "Accepter" },
},
VpcPeeringConnectionId = peerVpcPeeringConnection.Id,
});
}
}
VpcPeeringConnectionAccepterArgs
VpcPeeringConnectionAccepterState
VpcPeeringConnectionArgs
VpcPeeringConnectionState
VpcState
VpnConnection
Manages an EC2 VPN connection. These objects can be connected to customer gateways, and allow you to establish tunnels between your network and Amazon.
Note: All arguments including
tunnel1_preshared_keyandtunnel2_preshared_keywill be stored in the raw state as plain-text. Read more about sensitive data in state.
Note: The CIDR blocks in the arguments
tunnel1_inside_cidrandtunnel2_inside_cidrmust have a prefix of /30 and be a part of a specific range. Read more about this in the AWS documentation.
Example Usage
EC2 Transit Gateway
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var exampleTransitGateway = new Aws.Ec2TransitGateway.TransitGateway("exampleTransitGateway", new Aws.Ec2TransitGateway.TransitGatewayArgs
{
});
var exampleCustomerGateway = new Aws.Ec2.CustomerGateway("exampleCustomerGateway", new Aws.Ec2.CustomerGatewayArgs
{
BgpAsn = 65000,
IpAddress = "172.0.0.1",
Type = "ipsec.1",
});
var exampleVpnConnection = new Aws.Ec2.VpnConnection("exampleVpnConnection", new Aws.Ec2.VpnConnectionArgs
{
CustomerGatewayId = exampleCustomerGateway.Id,
TransitGatewayId = exampleTransitGateway.Id,
Type = exampleCustomerGateway.Type,
});
}
}
Virtual Private Gateway
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var vpc = new Aws.Ec2.Vpc("vpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
var vpnGateway = new Aws.Ec2.VpnGateway("vpnGateway", new Aws.Ec2.VpnGatewayArgs
{
VpcId = vpc.Id,
});
var customerGateway = new Aws.Ec2.CustomerGateway("customerGateway", new Aws.Ec2.CustomerGatewayArgs
{
BgpAsn = 65000,
IpAddress = "172.0.0.1",
Type = "ipsec.1",
});
var main = new Aws.Ec2.VpnConnection("main", new Aws.Ec2.VpnConnectionArgs
{
CustomerGatewayId = customerGateway.Id,
StaticRoutesOnly = true,
Type = "ipsec.1",
VpnGatewayId = vpnGateway.Id,
});
}
}
VpnConnectionArgs
VpnConnectionRoute
Provides a static route between a VPN connection and a customer gateway.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var vpc = new Aws.Ec2.Vpc("vpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
var vpnGateway = new Aws.Ec2.VpnGateway("vpnGateway", new Aws.Ec2.VpnGatewayArgs
{
VpcId = vpc.Id,
});
var customerGateway = new Aws.Ec2.CustomerGateway("customerGateway", new Aws.Ec2.CustomerGatewayArgs
{
BgpAsn = 65000,
IpAddress = "172.0.0.1",
Type = "ipsec.1",
});
var main = new Aws.Ec2.VpnConnection("main", new Aws.Ec2.VpnConnectionArgs
{
CustomerGatewayId = customerGateway.Id,
StaticRoutesOnly = true,
Type = "ipsec.1",
VpnGatewayId = vpnGateway.Id,
});
var office = new Aws.Ec2.VpnConnectionRoute("office", new Aws.Ec2.VpnConnectionRouteArgs
{
DestinationCidrBlock = "192.168.10.0/24",
VpnConnectionId = main.Id,
});
}
}
VpnConnectionRouteArgs
VpnConnectionRouteState
VpnConnectionState
VpnGateway
Provides a resource to create a VPC VPN Gateway.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var vpnGw = new Aws.Ec2.VpnGateway("vpnGw", new Aws.Ec2.VpnGatewayArgs
{
Tags =
{
{ "Name", "main" },
},
VpcId = aws_vpc.Main.Id,
});
}
}
VpnGatewayArgs
VpnGatewayAttachment
Provides a Virtual Private Gateway attachment resource, allowing for an existing hardware VPN gateway to be attached and/or detached from a VPC.
Note: The
aws.ec2.VpnGatewayresource can also automatically attach the Virtual Private Gateway it creates to an existing VPC by setting thevpc_idattribute accordingly.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var network = new Aws.Ec2.Vpc("network", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
var vpn = new Aws.Ec2.VpnGateway("vpn", new Aws.Ec2.VpnGatewayArgs
{
Tags =
{
{ "Name", "example-vpn-gateway" },
},
});
var vpnAttachment = new Aws.Ec2.VpnGatewayAttachment("vpnAttachment", new Aws.Ec2.VpnGatewayAttachmentArgs
{
VpcId = network.Id,
VpnGatewayId = vpn.Id,
});
}
}
VpnGatewayAttachmentArgs
VpnGatewayAttachmentState
VpnGatewayRoutePropagation
Requests automatic route propagation between a VPN gateway and a route table.
Note: This resource should not be used with a route table that has the
propagating_vgwsargument set. If that argument is set, any route propagation not explicitly listed in its value will be removed.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.Ec2.VpnGatewayRoutePropagation("example", new Aws.Ec2.VpnGatewayRoutePropagationArgs
{
RouteTableId = aws_route_table.Example.Id,
VpnGatewayId = aws_vpn_gateway.Example.Id,
});
}
}