1. Docs
2. Reference
3. API
4. @pulumi/aws

Package @pulumi/aws

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

var aws = require("@pulumi/aws");

import * as aws from "@pulumi/aws";

Modules

• accessanalyzer
• acm
• acmpca
• alb
• apigateway
• apigatewayv2
• appautoscaling
• appmesh
• appsync
• athena
• autoscaling
• autoscalingplans
• backup
• batch
• budgets
• cfg
• cloud9
• cloudformation
• cloudfront
• cloudhsmv2
• cloudtrail
• cloudwatch
• codeartifact
• codebuild
• codecommit
• codedeploy
• codepipeline
• codestarconnections
• codestarnotifications
• cognito
• config
• cur
• datapipeline
• datasync
• dax
• devicefarm
• directconnect
• directoryservice
• dlm
• dms
• docdb
• dynamodb
• ebs
• ec2
• ec2clientvpn
• ec2transitgateway
• ecr
• ecs
• efs
• eks
• elasticache
• elasticbeanstalk
• elasticsearch
• elastictranscoder
• elb
• emr
• fms
• fsx
• gamelift
• glacier
• globalaccelerator
• glue
• guardduty
• iam
• identitystore
• imagebuilder
• inspector
• iot
• kinesis
• kinesisanalyticsv2
• kms
• lakeformation
• lambda
• lb
• lex
• licensemanager
• lightsail
• macie
• mediaconvert
• mediapackage
• mediastore
• mq
• msk
• neptune
• networkfirewall
• opsworks
• organizations
• outposts
• pinpoint
• pricing
• qldb
• quicksight
• ram
• rds
• redshift
• resourcegroups
• route53
• s3
• s3control
• s3outposts
• sagemaker
• secretsmanager
• securityhub
• serverless
• serverlessrepository
• servicecatalog
• servicediscovery
• servicequotas
• ses
• sfn
• shield
• signer
• simpledb
• sns
• sqs
• ssm
• ssoadmin
• storagegateway
• swf
• transfer
• types
• waf
• wafregional
• wafv2
• worklink
• workspaces
• xray

namespace "."

• sdk

Resources

• Provider

Functions

• getAmi
• getAmiIds
• getArn
• getAutoscalingGroups
• getAvailabilityZone
• getAvailabilityZones
• getBillingServiceAccount
• getCallerIdentity
• getCanonicalUserId
• getElasticIp
• getIpRanges
• getPartition
• getPrefixList
• getRegion
• getRegions

Others

• AFSouth1Region
• APEast1Region
• APNortheast1Region
• APNortheast2Region
• APSouth1Region
• APSoutheast1Region
• APSouthEast2Region
• ARN
• CACentralRegion
• CNNorth1Region
• CNNorthWest1Region
• EUCentral1Region
• EUNorth1Region
• EUSouth1Region
• EUWest1Region
• EUWest2Region
• EUWest3Region
• GetAmiArgs
• GetAmiIdsArgs
• GetAmiIdsResult
• GetAmiResult
• GetArnArgs
• GetArnResult
• GetAutoscalingGroupsArgs
• GetAutoscalingGroupsResult
• GetAvailabilityZoneArgs
• GetAvailabilityZoneResult
• GetAvailabilityZonesArgs
• GetAvailabilityZonesResult
• GetBillingServiceAccountResult
• GetCallerIdentityResult
• GetCanonicalUserIdResult
• GetElasticIpArgs
• GetElasticIpResult
• getEnv
• getEnvBoolean
• getEnvNumber
• GetIpRangesArgs
• GetIpRangesResult
• GetPartitionResult
• GetPrefixListArgs
• GetPrefixListResult
• GetRegionArgs
• GetRegionResult
• GetRegionsArgs
• GetRegionsResult
• getVersion
• MESouth1Region
• Overwrite
• ProviderArgs
• SAEast1Region
• Tags
• USEast1Region
• USEast2Region
• USGovEast1Region
• USGovWest1Region
• USWest1Region
• USWest2Region

namespace "."

const sdk

const sdk: "/home/runner/work/docs/docs/pulumi-aws/sdk/nodejs/node_modules/aws-sdk/index";

Provides quick access to the “aws-sdk” SDK (https://github.com/aws/aws-sdk-js) within a javascript callback function that is serialized into an AWS Lambda. Inside a Pulumi app a program can be written like so:

   import * as aws from "@pulumi/aws";

   // ...

   // inside the callback function for an AWS Lambda:
   const client = new aws.sdk.DynamoDB.DocumentClient(...opt-args...);

Note: this property will give you the aws-sdk module that AWS automatically includes with any javascript Lambda.

Resources

Resource Provider

class Provider extends ProviderResource

The provider type for the aws package. By default, resources use package-wide configuration settings, however an explicit Provider instance may be created and passed during resource construction to achieve fine-grained programmatic control over provider settings. See the documentation for more information.

constructor

new Provider(name: string, args?: ProviderArgs, opts?: pulumi.ResourceOptions)

Create a Provider resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Provider

Returns true if the given object is an instance of Provider. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method register

static register(provider: ProviderResource | undefined): Promise<string | undefined>

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Functions

Function getAmi

getAmi(args: GetAmiArgs, opts?: pulumi.InvokeOptions): Promise<GetAmiResult>

Use this data source to get the ID of a registered AMI for use in other resources.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = pulumi.output(aws.getAmi({
    executableUsers: ["self"],
    filters: [
        {
            name: "name",
            values: ["myami-*"],
        },
        {
            name: "root-device-type",
            values: ["ebs"],
        },
        {
            name: "virtualization-type",
            values: ["hvm"],
        },
    ],
    mostRecent: true,
    nameRegex: "^myami-\\d{3}",
    owners: ["self"],
}, { async: true }));

Function getAmiIds

getAmiIds(args: GetAmiIdsArgs, opts?: pulumi.InvokeOptions): Promise<GetAmiIdsResult>

Use this data source to get a list of AMI IDs matching the specified criteria.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const ubuntu = pulumi.output(aws.getAmiIds({
    filters: [{
        name: "name",
        values: ["ubuntu/images/ubuntu-*-*-amd64-server-*"],
    }],
    owners: ["099720109477"],
}, { async: true }));

Function getArn

getArn(args: GetArnArgs, opts?: pulumi.InvokeOptions): Promise<GetArnResult>

Parses an Amazon Resource Name (ARN) into its constituent parts.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const dbInstance = pulumi.output(aws.getArn({
    arn: "arn:aws:rds:eu-west-1:123456789012:db:mysql-db",
}, { async: true }));

Function getAutoscalingGroups

getAutoscalingGroups(args?: GetAutoscalingGroupsArgs, opts?: pulumi.InvokeOptions): Promise<GetAutoscalingGroupsResult>

The Autoscaling Groups data source allows access to the list of AWS ASGs within a specific region. This will allow you to pass a list of AutoScaling Groups to other resources.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const groups = aws.getAutoscalingGroups({
    filters: [
        {
            name: "key",
            values: ["Team"],
        },
        {
            name: "value",
            values: ["Pets"],
        },
    ],
});
const slackNotifications = new aws.autoscaling.Notification("slackNotifications", {
    groupNames: groups.then(groups => groups.names),
    notifications: [
        "autoscaling:EC2_INSTANCE_LAUNCH",
        "autoscaling:EC2_INSTANCE_TERMINATE",
        "autoscaling:EC2_INSTANCE_LAUNCH_ERROR",
        "autoscaling:EC2_INSTANCE_TERMINATE_ERROR",
    ],
    topicArn: "TOPIC ARN",
});

Function getAvailabilityZone

getAvailabilityZone(args?: GetAvailabilityZoneArgs, opts?: pulumi.InvokeOptions): Promise<GetAvailabilityZoneResult>

aws.getAvailabilityZone provides details about a specific availability zone (AZ) in the current region.

This can be used both to validate an availability zone given in a variable and to split the AZ name into its component parts of an AWS region and an AZ identifier letter. The latter may be useful e.g. for implementing a consistent subnet numbering scheme across several regions by mapping both the region and the subnet letter to network numbers.

This is different from the aws.getAvailabilityZones (plural) data source, which provides a list of the available zones.

Function getAvailabilityZones

getAvailabilityZones(args?: GetAvailabilityZonesArgs, opts?: pulumi.InvokeOptions): Promise<GetAvailabilityZonesResult>

The Availability Zones data source allows access to the list of AWS Availability Zones which can be accessed by an AWS account within the region configured in the provider.

This is different from the aws.getAvailabilityZone (singular) data source, which provides some details about a specific availability zone.

When Local Zones are enabled in a region, by default the API and this data source include both Local Zones and Availability Zones. To return only Availability Zones, see the example section below.

Example Usage

By State

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const available = aws.getAvailabilityZones({
    state: "available",
});
const primary = new aws.ec2.Subnet("primary", {availabilityZone: available.then(available => available.names[0])});
// ...
const secondary = new aws.ec2.Subnet("secondary", {availabilityZone: available.then(available => available.names[1])});
// ...

By Filter

All Local Zones (regardless of opt-in status):

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = pulumi.output(aws.getAvailabilityZones({
    allAvailabilityZones: true,
    filters: [{
        name: "opt-in-status",
        values: [
            "not-opted-in",
            "opted-in",
        ],
    }],
}, { async: true }));

Only Availability Zones (no Local Zones):

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = pulumi.output(aws.getAvailabilityZones({
    filters: [{
        name: "opt-in-status",
        values: ["opt-in-not-required"],
    }],
}, { async: true }));

Function getBillingServiceAccount

getBillingServiceAccount(opts?: pulumi.InvokeOptions): Promise<GetBillingServiceAccountResult>

Use this data source to get the Account ID of the AWS Billing and Cost Management Service Account for the purpose of permitting in S3 bucket policy.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const main = pulumi.output(aws.getBillingServiceAccount({ async: true }));
const billingLogs = new aws.s3.Bucket("billing_logs", {
    acl: "private",
    policy: pulumi.interpolate`{
  "Id": "Policy",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:GetBucketAcl", "s3:GetBucketPolicy"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::my-billing-tf-test-bucket",
      "Principal": {
        "AWS": [
          "${main.arn}"
        ]
      }
    },
    {
      "Action": [
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::my-billing-tf-test-bucket/*",
      "Principal": {
        "AWS": [
          "${main.arn}"
        ]
      }
    }
  ]
}
`,
});

Function getCallerIdentity

getCallerIdentity(opts?: pulumi.InvokeOptions): Promise<GetCallerIdentityResult>

Use this data source to get the access to the effective Account ID, User ID, and ARN in which this provider is authorized.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const current = aws.getCallerIdentity({});
export const accountId = current.then(current => current.accountId);
export const callerArn = current.then(current => current.arn);
export const callerUser = current.then(current => current.userId);

Function getCanonicalUserId

getCanonicalUserId(opts?: pulumi.InvokeOptions): Promise<GetCanonicalUserIdResult>

The Canonical User ID data source allows access to the canonical user ID for the effective account in which this provider is working.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const current = aws.getCanonicalUserId({});
export const canonicalUserId = current.then(current => current.id);

Function getElasticIp

getElasticIp(args?: GetElasticIpArgs, opts?: pulumi.InvokeOptions): Promise<GetElasticIpResult>

aws.ec2.Eip provides details about a specific Elastic IP.

Example Usage

Search By Allocation ID (VPC only)

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const byAllocationId = pulumi.output(aws.getElasticIp({
    id: "eipalloc-12345678",
}, { async: true }));

Search By Filters (EC2-Classic or VPC)

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const byFilter = pulumi.output(aws.getElasticIp({
    filters: [{
        name: "tag:Name",
        values: ["exampleNameTagValue"],
    }],
}, { async: true }));

Search By Public IP (EC2-Classic or VPC)

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const byPublicIp = pulumi.output(aws.getElasticIp({
    publicIp: "1.2.3.4",
}, { async: true }));

Search By Tags (EC2-Classic or VPC)

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const byTags = pulumi.output(aws.getElasticIp({
    tags: {
        Name: "exampleNameTagValue",
    },
}, { async: true }));

Function getIpRanges

getIpRanges(args: GetIpRangesArgs, opts?: pulumi.InvokeOptions): Promise<GetIpRangesResult>

Use this data source to get the IP ranges of various AWS products and services. For more information about the contents of this data source and required JSON syntax if referencing a custom URL, see the AWS IP Address Ranges documentation.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const europeanEc2 = aws.getIpRanges({
    regions: [
        "eu-west-1",
        "eu-central-1",
    ],
    services: ["ec2"],
});
const fromEurope = new aws.ec2.SecurityGroup("fromEurope", {
    ingress: [{
        fromPort: "443",
        toPort: "443",
        protocol: "tcp",
        cidrBlocks: europeanEc2.then(europeanEc2 => europeanEc2.cidrBlocks),
        ipv6CidrBlocks: europeanEc2.then(europeanEc2 => europeanEc2.ipv6CidrBlocks),
    }],
    tags: {
        CreateDate: europeanEc2.then(europeanEc2 => europeanEc2.createDate),
        SyncToken: europeanEc2.then(europeanEc2 => europeanEc2.syncToken),
    },
});

Function getPartition

getPartition(opts?: pulumi.InvokeOptions): Promise<GetPartitionResult>

Use this data source to lookup current AWS partition in which this provider is working

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const current = pulumi.output(aws.getPartition({ async: true }));
const s3Policy = current.apply(current => aws.iam.getPolicyDocument({
    statements: [{
        actions: ["s3:ListBucket"],
        resources: [`arn:${current.partition}:s3:::my-bucket`],
        sid: "1",
    }],
}, { async: true }));

Function getPrefixList

getPrefixList(args?: GetPrefixListArgs, opts?: pulumi.InvokeOptions): Promise<GetPrefixListResult>

aws.getPrefixList provides details about a specific prefix list (PL) in the current region.

This can be used both to validate a prefix list given in a variable and to obtain the CIDR blocks (IP address ranges) for the associated AWS service. The latter may be useful e.g. for adding network ACL rules.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const privateS3VpcEndpoint = new aws.ec2.VpcEndpoint("privateS3VpcEndpoint", {
    vpcId: aws_vpc.foo.id,
    serviceName: "com.amazonaws.us-west-2.s3",
});
const privateS3PrefixList = privateS3VpcEndpoint.prefixListId.apply(prefixListId => aws.getPrefixList({
    prefixListId: prefixListId,
}));
const bar = new aws.ec2.NetworkAcl("bar", {vpcId: aws_vpc.foo.id});
const privateS3NetworkAclRule = new aws.ec2.NetworkAclRule("privateS3NetworkAclRule", {
    networkAclId: bar.id,
    ruleNumber: 200,
    egress: false,
    protocol: "tcp",
    ruleAction: "allow",
    cidrBlock: privateS3PrefixList.cidrBlocks[0],
    fromPort: 443,
    toPort: 443,
});

Filter

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const test = pulumi.output(aws.getPrefixList({
    filters: [{
        name: "prefix-list-id",
        values: ["pl-68a54001"],
    }],
}, { async: true }));

Function getRegion

getRegion(args?: GetRegionArgs, opts?: pulumi.InvokeOptions): Promise<GetRegionResult>

aws.getRegion provides details about a specific AWS region.

As well as validating a given region name this resource can be used to discover the name of the region configured within the provider. The latter can be useful in a child module which is inheriting an AWS provider configuration from its parent module.

Example Usage

The following example shows how the resource might be used to obtain the name of the AWS region configured on the provider.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const current = pulumi.output(aws.getRegion({ async: true }));

Function getRegions

getRegions(args?: GetRegionsArgs, opts?: pulumi.InvokeOptions): Promise<GetRegionsResult>

Provides information about AWS Regions. Can be used to filter regions i.e. by Opt-In status or only regions enabled for current account. To get details like endpoint and description of each region the data source can be combined with the aws.getRegion data source.

Example Usage

Enabled AWS Regions:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const current = pulumi.output(aws.getRegions({ async: true }));

All the regions regardless of the availability

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const current = pulumi.output(aws.getRegions({
    allRegions: true,
}, { async: true }));

To see regions that are filtered by "not-opted-in", the allRegions argument needs to be set to true or no results will be returned.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const current = pulumi.output(aws.getRegions({
    allRegions: true,
    filters: [{
        name: "opt-in-status",
        values: ["not-opted-in"],
    }],
}, { async: true }));

Others

let AFSouth1Region

let AFSouth1Region: Region = "af-south-1";

The AFSouth1Region constant is deprecated, use Region.AFSouth1 instead.

let APEast1Region

let APEast1Region: Region = "ap-east-1";

The APEast1Region constant is deprecated, use Region.AFEast1 instead.

let APNortheast1Region

let APNortheast1Region: Region = "ap-northeast-1";

The APNortheast1Region constant is deprecated, use Region.AFNortheast1 instead.

let APNortheast2Region

let APNortheast2Region: Region = "ap-northeast-2";

The APNortheast2Region constant is deprecated, use Region.APNortheast2 instead.

let APSouth1Region

let APSouth1Region: Region = "ap-south-1";

The APSouth1Region constant is deprecated, use Region.APSouth1 instead.

let APSoutheast1Region

let APSoutheast1Region: Region = "ap-southeast-1";

The APSoutheast1Region constant is deprecated, use Region.APSoutheast1 instead.

let APSouthEast2Region

let APSouthEast2Region: Region = "ap-southeast-2";

The APSouthEast2Region constant is deprecated, use Region.APSoutheast2 instead.

type ARN

type ARN = string | ManagedPolicy;

An ARN is an Amazon Resource Name, and uniquely identifies a region globally across all accounts and regions.

let CACentralRegion

let CACentralRegion: Region = "ca-central-1";

The CACentralRegion constant is deprecated, use Region.CACentral1 instead.

let CNNorth1Region

let CNNorth1Region: Region = "cn-north-1";

The CNNorth1Region constant is deprecated, use Region.CNNorth1 instead.

let CNNorthWest1Region

let CNNorthWest1Region: Region = "cn-northwest-1";

The CNNorthWest1Region constant is deprecated, use Region.CNNorthwest1 instead.

let EUCentral1Region

let EUCentral1Region: Region = "eu-central-1";

The EUCentral1Region constant is deprecated, use Region.EUCentral1 instead.

let EUNorth1Region

let EUNorth1Region: Region = "eu-north-1";

The EUNorth1Region constant is deprecated, use Region.EUNorth1 instead.

let EUSouth1Region

let EUSouth1Region: Region = "eu-south-1";

The EUSouth1Region constant is deprecated, use Region.EUSouth1 instead.

let EUWest1Region

let EUWest1Region: Region = "eu-west-1";

The EUWest1Region constant is deprecated, use Region.EUWest1 instead.

let EUWest2Region

let EUWest2Region: Region = "eu-west-2";

The EUWest2Region constant is deprecated, use Region.EUWest2 instead.

let EUWest3Region

let EUWest3Region: Region = "eu-west-3";

The EUWest3Region constant is deprecated, use Region.EUWest3 instead.

interface GetAmiArgs

interface GetAmiArgs

A collection of arguments for invoking getAmi.

property executableUsers

executableUsers?: string[];

Limit search to users with explicit launch permission on the image. Valid items are the numeric account ID or self.

property filters

filters?: GetAmiFilter[];

One or more name/value pairs to filter off of. There are several valid keys, for a full reference, check out [describe-images in the AWS CLI reference][1].

property mostRecent

mostRecent?: undefined | false | true;

If more than one result is returned, use the most recent AMI.

property nameRegex

nameRegex?: undefined | string;

A regex string to apply to the AMI list returned by AWS. This allows more advanced filtering not supported from the AWS API. This filtering is done locally on what AWS returns, and could have a performance impact if the result is large. It is recommended to combine this with other options to narrow down the list AWS returns.

property owners

owners: string[];

List of AMI owners to limit search. At least 1 value must be specified. Valid values: an AWS account ID, self (the current account), or an AWS owner alias (e.g. amazon, aws-marketplace, microsoft).

property tags

tags?: undefined | {[key: string]: string};

Any tags assigned to the image. * tags.#.key - The key name of the tag. * tags.#.value - The value of the tag.

interface GetAmiIdsArgs

interface GetAmiIdsArgs

A collection of arguments for invoking getAmiIds.

property executableUsers

executableUsers?: string[];

Limit search to users with explicit launch permission on the image. Valid items are the numeric account ID or self.

property filters

filters?: GetAmiIdsFilter[];

One or more name/value pairs to filter off of. There are several valid keys, for a full reference, check out [describe-images in the AWS CLI reference][1].

property nameRegex

nameRegex?: undefined | string;

A regex string to apply to the AMI list returned by AWS. This allows more advanced filtering not supported from the AWS API. This filtering is done locally on what AWS returns, and could have a performance impact if the result is large. It is recommended to combine this with other options to narrow down the list AWS returns.

property owners

owners: string[];

List of AMI owners to limit search. At least 1 value must be specified. Valid values: an AWS account ID, self (the current account), or an AWS owner alias (e.g. amazon, aws-marketplace, microsoft).

property sortAscending

sortAscending?: undefined | false | true;

Used to sort AMIs by creation time.

interface GetAmiIdsResult

interface GetAmiIdsResult

A collection of values returned by getAmiIds.

property executableUsers

executableUsers?: string[];

property filters

filters?: GetAmiIdsFilter[];

property id

id: string;

The provider-assigned unique ID for this managed resource.

property ids

ids: string[];

property nameRegex

nameRegex?: undefined | string;

property owners

owners: string[];

property sortAscending

sortAscending?: undefined | false | true;

interface GetAmiResult

interface GetAmiResult

A collection of values returned by getAmi.

property architecture

architecture: string;

The OS architecture of the AMI (ie: i386 or x8664).

property arn

arn: string;

The ARN of the AMI.

property blockDeviceMappings

blockDeviceMappings: GetAmiBlockDeviceMapping[];

The block device mappings of the AMI. * block_device_mappings.#.device_name - The physical name of the device. * block_device_mappings.#.ebs.delete_on_termination - true if the EBS volume will be deleted on termination. * block_device_mappings.#.ebs.encrypted - true if the EBS volume is encrypted. * block_device_mappings.#.ebs.iops - 0 if the EBS volume is not a provisioned IOPS image, otherwise the supported IOPS count. * block_device_mappings.#.ebs.snapshot_id - The ID of the snapshot. * block_device_mappings.#.ebs.volume_size - The size of the volume, in GiB. * block_device_mappings.#.ebs.volume_type - The volume type. * block_device_mappings.#.no_device - Suppresses the specified device included in the block device mapping of the AMI. * block_device_mappings.#.virtual_name - The virtual device name (for instance stores).

property creationDate

creationDate: string;

The date and time the image was created.

property description

description: string;

The description of the AMI that was provided during image creation.

property executableUsers

executableUsers?: string[];

property filters

filters?: GetAmiFilter[];

property hypervisor

hypervisor: string;

The hypervisor type of the image.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property imageId

imageId: string;

The ID of the AMI. Should be the same as the resource id.

property imageLocation

imageLocation: string;

The location of the AMI.

property imageOwnerAlias

imageOwnerAlias: string;

The AWS account alias (for example, amazon, self) or the AWS account ID of the AMI owner.

property imageType

imageType: string;

The type of image.

property kernelId

kernelId: string;

The kernel associated with the image, if any. Only applicable for machine images.

property mostRecent

mostRecent?: undefined | false | true;

property name

name: string;

The name of the AMI that was provided during image creation.

property nameRegex

nameRegex?: undefined | string;

property ownerId

ownerId: string;

The AWS account ID of the image owner.

property owners

owners: string[];

property platform

platform: string;

The value is Windows for Windows AMIs; otherwise blank.

property productCodes

productCodes: GetAmiProductCode[];

Any product codes associated with the AMI. * product_codes.#.product_code_id - The product code. * product_codes.#.product_code_type - The type of product code.

property public

public: boolean;

true if the image has public launch permissions.

property ramdiskId

ramdiskId: string;

The RAM disk associated with the image, if any. Only applicable for machine images.

property rootDeviceName

rootDeviceName: string;

The device name of the root device.

property rootDeviceType

rootDeviceType: string;

The type of root device (ie: ebs or instance-store).

property rootSnapshotId

rootSnapshotId: string;

The snapshot id associated with the root device, if any (only applies to ebs root devices).

property sriovNetSupport

sriovNetSupport: string;

Specifies whether enhanced networking is enabled.

property state

state: string;

The current state of the AMI. If the state is available, the image is successfully registered and can be used to launch an instance.

property stateReason

stateReason: {[key: string]: string};

Describes a state change. Fields are UNSET if not available. * state_reason.code - The reason code for the state change. * state_reason.message - The message for the state change.

property tags

tags: {[key: string]: string};

Any tags assigned to the image. * tags.#.key - The key name of the tag. * tags.#.value - The value of the tag.

property virtualizationType

virtualizationType: string;

The type of virtualization of the AMI (ie: hvm or paravirtual).

interface GetArnArgs

interface GetArnArgs

A collection of arguments for invoking getArn.

property arn

arn: string;

The ARN to parse.

interface GetArnResult

interface GetArnResult

A collection of values returned by getArn.

property account

account: string;

The ID of the AWS account that owns the resource, without the hyphens.

property arn

arn: string;

property id

id: string;

The provider-assigned unique ID for this managed resource.

property partition

partition: string;

The partition that the resource is in.

property region

region: string;

The region the resource resides in. Note that the ARNs for some resources do not require a region, so this component might be omitted.

property resource

resource: string;

The content of this part of the ARN varies by service. It often includes an indicator of the type of resource—for example, an IAM user or Amazon RDS database —followed by a slash (/) or a colon (:), followed by the resource name itself.

property service

service: string;

The service namespace that identifies the AWS product.

interface GetAutoscalingGroupsArgs

interface GetAutoscalingGroupsArgs

A collection of arguments for invoking getAutoscalingGroups.

property filters

filters?: GetAutoscalingGroupsFilter[];

A filter used to scope the list e.g. by tags. See related docs.

interface GetAutoscalingGroupsResult

interface GetAutoscalingGroupsResult

A collection of values returned by getAutoscalingGroups.

property arns

arns: string[];

A list of the Autoscaling Groups Arns in the current region.

property filters

filters?: GetAutoscalingGroupsFilter[];

property id

id: string;

The provider-assigned unique ID for this managed resource.

property names

names: string[];

A list of the Autoscaling Groups in the current region.

interface GetAvailabilityZoneArgs

interface GetAvailabilityZoneArgs

A collection of arguments for invoking getAvailabilityZone.

property allAvailabilityZones

allAvailabilityZones?: undefined | false | true;

Set to true to include all Availability Zones and Local Zones regardless of your opt in status.

property filters

filters?: GetAvailabilityZoneFilter[];

Configuration block(s) for filtering. Detailed below.

property name

name?: undefined | string;

The name of the filter field. Valid values can be found in the EC2 DescribeAvailabilityZones API Reference.

property state

state?: undefined | string;

A specific availability zone state to require. May be any of "available", "information" or "impaired".

property zoneId

zoneId?: undefined | string;

The zone ID of the availability zone to select.

interface GetAvailabilityZoneResult

interface GetAvailabilityZoneResult

A collection of values returned by getAvailabilityZone.

property allAvailabilityZones

allAvailabilityZones?: undefined | false | true;

property filters

filters?: GetAvailabilityZoneFilter[];

property groupName

groupName: string;

For Availability Zones, this is the same value as the Region name. For Local Zones, the name of the associated group, for example us-west-2-lax-1.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property name

name: string;

property nameSuffix

nameSuffix: string;

The part of the AZ name that appears after the region name, uniquely identifying the AZ within its region. For Availability Zones this is usually a single letter, for example a for the us-west-2a zone. For Local and Wavelength Zones this is a longer string, for example wl1-sfo-wlz-1 for the us-west-2-wl1-sfo-wlz-1 zone.

property networkBorderGroup

networkBorderGroup: string;

The name of the location from which the address is advertised.

property optInStatus

optInStatus: string;

For Availability Zones, this always has the value of opt-in-not-required. For Local Zones, this is the opt in status. The possible values are opted-in and not-opted-in.

property parentZoneId

parentZoneId: string;

The ID of the zone that handles some of the Local Zone or Wavelength Zone control plane operations, such as API calls.

property parentZoneName

parentZoneName: string;

The name of the zone that handles some of the Local Zone or Wavelength Zone control plane operations, such as API calls.

property region

region: string;

The region where the selected availability zone resides. This is always the region selected on the provider, since this data source searches only within that region.

property state

state: string;

property zoneId

zoneId: string;

property zoneType

zoneType: string;

The type of zone. Values are availability-zone, local-zone, and wavelength-zone.

interface GetAvailabilityZonesArgs

interface GetAvailabilityZonesArgs

A collection of arguments for invoking getAvailabilityZones.

property allAvailabilityZones

allAvailabilityZones?: undefined | false | true;

Set to true to include all Availability Zones and Local Zones regardless of your opt in status.

property excludeNames

excludeNames?: string[];

List of Availability Zone names to exclude.

property excludeZoneIds

excludeZoneIds?: string[];

List of Availability Zone IDs to exclude.

property filters

filters?: GetAvailabilityZonesFilter[];

Configuration block(s) for filtering. Detailed below.

property state

state?: undefined | string;

Allows to filter list of Availability Zones based on their current state. Can be either "available", "information", "impaired" or "unavailable". By default the list includes a complete set of Availability Zones to which the underlying AWS account has access, regardless of their state.

interface GetAvailabilityZonesResult

interface GetAvailabilityZonesResult

A collection of values returned by getAvailabilityZones.

property allAvailabilityZones

allAvailabilityZones?: undefined | false | true;

property excludeNames

excludeNames?: string[];

property excludeZoneIds

excludeZoneIds?: string[];

property filters

filters?: GetAvailabilityZonesFilter[];

property groupNames

groupNames: string[];

property id

id: string;

The provider-assigned unique ID for this managed resource.

property names

names: string[];

A list of the Availability Zone names available to the account.

property state

state?: undefined | string;

property zoneIds

zoneIds: string[];

A list of the Availability Zone IDs available to the account.

interface GetBillingServiceAccountResult

interface GetBillingServiceAccountResult

A collection of values returned by getBillingServiceAccount.

property arn

arn: string;

The ARN of the AWS billing service account.

property id

id: string;

The provider-assigned unique ID for this managed resource.

interface GetCallerIdentityResult

interface GetCallerIdentityResult

A collection of values returned by getCallerIdentity.

property accountId

accountId: string;

The AWS Account ID number of the account that owns or contains the calling entity.

property arn

arn: string;

The AWS ARN associated with the calling entity.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property userId

userId: string;

The unique identifier of the calling entity.

interface GetCanonicalUserIdResult

interface GetCanonicalUserIdResult

A collection of values returned by getCanonicalUserId.

property displayName

displayName: string;

The human-friendly name linked to the canonical user ID. The bucket owner’s display name. NOTE: This value is only included in the response in the US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), EU (Ireland), and South America (São Paulo) regions.

property id

id: string;

The provider-assigned unique ID for this managed resource.

interface GetElasticIpArgs

interface GetElasticIpArgs

A collection of arguments for invoking getElasticIp.

property filters

filters?: GetElasticIpFilter[];

One or more name/value pairs to use as filters. There are several valid keys, for a full reference, check out the EC2 API Reference.

property id

id?: undefined | string;

The allocation id of the specific VPC EIP to retrieve. If a classic EIP is required, do NOT set id, only set publicIp

property publicIp

publicIp?: undefined | string;

The public IP of the specific EIP to retrieve.

property tags

tags?: undefined | {[key: string]: string};

A map of tags, each pair of which must exactly match a pair on the desired Elastic IP

interface GetElasticIpResult

interface GetElasticIpResult

A collection of values returned by getElasticIp.

property associationId

associationId: string;

The ID representing the association of the address with an instance in a VPC.

property carrierIp

carrierIp: string;

The carrier IP address.

property customerOwnedIp

customerOwnedIp: string;

Customer Owned IP.

property customerOwnedIpv4Pool

customerOwnedIpv4Pool: string;

The ID of a Customer Owned IP Pool. For more on customer owned IP addressed check out Customer-owned IP addresses guide

property domain

domain: string;

Indicates whether the address is for use in EC2-Classic (standard) or in a VPC (vpc).

property filters

filters?: GetElasticIpFilter[];

property id

id: string;

If VPC Elastic IP, the allocation identifier. If EC2-Classic Elastic IP, the public IP address.

property instanceId

instanceId: string;

The ID of the instance that the address is associated with (if any).

property networkInterfaceId

networkInterfaceId: string;

The ID of the network interface.

property networkInterfaceOwnerId

networkInterfaceOwnerId: string;

The ID of the AWS account that owns the network interface.

property privateDns

privateDns: string;

The Private DNS associated with the Elastic IP address.

property privateIp

privateIp: string;

The private IP address associated with the Elastic IP address.

property publicDns

publicDns: string;

Public DNS associated with the Elastic IP address.

property publicIp

publicIp: string;

Public IP address of Elastic IP.

property publicIpv4Pool

publicIpv4Pool: string;

The ID of an address pool.

property tags

tags: {[key: string]: string};

Key-value map of tags associated with Elastic IP.

function getEnv

getEnv(vars: string[]): string | undefined

function getEnvBoolean

getEnvBoolean(vars: string[]): boolean | undefined

function getEnvNumber

getEnvNumber(vars: string[]): number | undefined

interface GetIpRangesArgs

interface GetIpRangesArgs

A collection of arguments for invoking getIpRanges.

property regions

regions?: string[];

Filter IP ranges by regions (or include all regions, if omitted). Valid items are global (for cloudfront) as well as all AWS regions (e.g. eu-central-1)

property services

services: string[];

Filter IP ranges by services. Valid items are amazon (for amazon.com), amazonConnect, apiGateway, cloud9, cloudfront, codebuild, dynamodb, ec2, ec2InstanceConnect, globalaccelerator, route53, route53Healthchecks, s3 and workspacesGateways. See the [service attribute][2] documentation for other possible values.

property url

url?: undefined | string;

Custom URL for source JSON file. Syntax must match AWS IP Address Ranges documentation. Defaults to https://ip-ranges.amazonaws.com/ip-ranges.json.

interface GetIpRangesResult

interface GetIpRangesResult

A collection of values returned by getIpRanges.

property cidrBlocks

cidrBlocks: string[];

The lexically ordered list of CIDR blocks.

property createDate

createDate: string;

The publication time of the IP ranges (e.g. 2016-08-03-23-46-05).

property id

id: string;

The provider-assigned unique ID for this managed resource.

property ipv6CidrBlocks

ipv6CidrBlocks: string[];

The lexically ordered list of IPv6 CIDR blocks.

property regions

regions?: string[];

property services

services: string[];

property syncToken

syncToken: number;

The publication time of the IP ranges, in Unix epoch time format (e.g. 1470267965).

property url

url?: undefined | string;

interface GetPartitionResult

interface GetPartitionResult

A collection of values returned by getPartition.

property dnsSuffix

dnsSuffix: string;

Base DNS domain name for the current partition (e.g. amazonaws.com in AWS Commercial, amazonaws.com.cn in AWS China).

property id

id: string;

The provider-assigned unique ID for this managed resource.

property partition

partition: string;

Identifier of the current partition (e.g. aws in AWS Commercial, aws-cn in AWS China).

property reverseDnsPrefix

reverseDnsPrefix: string;

Prefix of service names (e.g. com.amazonaws in AWS Commercial, cn.com.amazonaws in AWS China).

interface GetPrefixListArgs

interface GetPrefixListArgs

A collection of arguments for invoking getPrefixList.

property filters

filters?: GetPrefixListFilter[];

Configuration block(s) for filtering. Detailed below.

property name

name?: undefined | string;

The name of the filter field. Valid values can be found in the EC2 DescribePrefixLists API Reference.

property prefixListId

prefixListId?: undefined | string;

The ID of the prefix list to select.

interface GetPrefixListResult

interface GetPrefixListResult

A collection of values returned by getPrefixList.

property cidrBlocks

cidrBlocks: string[];

The list of CIDR blocks for the AWS service associated with the prefix list.

property filters

filters?: GetPrefixListFilter[];

property id

id: string;

The provider-assigned unique ID for this managed resource.

property name

name: string;

The name of the selected prefix list.

property prefixListId

prefixListId?: undefined | string;

interface GetRegionArgs

interface GetRegionArgs

A collection of arguments for invoking getRegion.

property endpoint

endpoint?: undefined | string;

The EC2 endpoint of the region to select.

property name

name?: undefined | string;

The full name of the region to select.

interface GetRegionResult

interface GetRegionResult

A collection of values returned by getRegion.

property description

description: string;

The region’s description in this format: “Location (Region name)”.

property endpoint

endpoint: string;

The EC2 endpoint for the selected region.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property name

name: string;

The name of the selected region.

interface GetRegionsArgs

interface GetRegionsArgs

A collection of arguments for invoking getRegions.

property allRegions

allRegions?: undefined | false | true;

If true the source will query all regions regardless of availability.

property filters

filters?: GetRegionsFilter[];

Configuration block(s) to use as filters. Detailed below.

interface GetRegionsResult

interface GetRegionsResult

A collection of values returned by getRegions.

property allRegions

allRegions?: undefined | false | true;

property filters

filters?: GetRegionsFilter[];

property id

id: string;

The provider-assigned unique ID for this managed resource.

property names

names: string[];

Names of regions that meets the criteria.

function getVersion

getVersion(): string

let MESouth1Region

let MESouth1Region: Region = "me-south-1";

The MESouth1Region constant is deprecated, use Region.MESouth1 instead.

type Overwrite

type Overwrite = Pick<T, Diff<keyof T, keyof U>> & U;

interface ProviderArgs

interface ProviderArgs

The set of arguments for constructing a Provider resource.

property accessKey

accessKey?: pulumi.Input<string>;

The access key for API operations. You can retrieve this from the ‘Security & Credentials’ section of the AWS console.

property allowedAccountIds

allowedAccountIds?: pulumi.Input<pulumi.Input<string>[]>;

property assumeRole

assumeRole?: pulumi.Input<ProviderAssumeRole>;

property endpoints

endpoints?: pulumi.Input<pulumi.Input<ProviderEndpoint>[]>;

property forbiddenAccountIds

forbiddenAccountIds?: pulumi.Input<pulumi.Input<string>[]>;

property ignoreTags

ignoreTags?: pulumi.Input<ProviderIgnoreTags>;

Configuration block with settings to ignore resource tags across all resources.

property insecure

insecure?: pulumi.Input<boolean>;

Explicitly allow the provider to perform “insecure” SSL requests. If omitted,default value is false

property maxRetries

maxRetries?: pulumi.Input<number>;

The maximum number of times an AWS API request is being executed. If the API request still fails, an error is thrown.

property profile

profile?: pulumi.Input<string>;

The profile for API operations. If not set, the default profile created with aws configure will be used.

property region

region?: pulumi.Input<Region>;

The region where AWS operations will take place. Examples are us-east-1, us-west-2, etc.

property s3ForcePathStyle

s3ForcePathStyle?: pulumi.Input<boolean>;

Set this to true to force the request to use path-style addressing, i.e., http://s3.amazonaws.com/BUCKET/KEY. By default, the S3 client will use virtual hosted bucket addressing when possible (http://BUCKET.s3.amazonaws.com/KEY). Specific to the Amazon S3 service.

property secretKey

secretKey?: pulumi.Input<string>;

The secret key for API operations. You can retrieve this from the ‘Security & Credentials’ section of the AWS console.

property sharedCredentialsFile

sharedCredentialsFile?: pulumi.Input<string>;

The path to the shared credentials file. If not set this defaults to ~/.aws/credentials.

property skipCredentialsValidation

skipCredentialsValidation?: pulumi.Input<boolean>;

Skip the credentials validation via STS API. Used for AWS API implementations that do not have STS available/implemented.

property skipGetEc2Platforms

skipGetEc2Platforms?: pulumi.Input<boolean>;

Skip getting the supported EC2 platforms. Used by users that don’t have ec2:DescribeAccountAttributes permissions.

property skipMetadataApiCheck

skipMetadataApiCheck?: pulumi.Input<boolean>;

property skipRegionValidation

skipRegionValidation?: pulumi.Input<boolean>;

Skip static validation of region name. Used by users of alternative AWS-like APIs or users w/ access to regions that are not public (yet).

property skipRequestingAccountId

skipRequestingAccountId?: pulumi.Input<boolean>;

Skip requesting the account ID. Used for AWS API implementations that do not have IAM/STS API and/or metadata API.

property token

token?: pulumi.Input<string>;

session token. A session token is only required if you are using temporary security credentials.

let SAEast1Region

let SAEast1Region: Region = "sa-east-1";

The SAEast1Region constant is deprecated, use Region.SAEast1 instead.

interface Tags

interface Tags

Tags represents a set of key-value string pairs to which can be applied to an AWS resource.

let USEast1Region

let USEast1Region: Region = "us-east-1";

The USEast1Region constant is deprecated, use Region.USEast1 instead.

let USEast2Region

let USEast2Region: Region = "us-east-2";

The USEast2Region constant is deprecated, use Region.USEast2 instead.

let USGovEast1Region

let USGovEast1Region: Region = "us-gov-east-1";

The USGovEast1Region constant is deprecated, use Region.USGovEast1 instead.

let USGovWest1Region

let USGovWest1Region: Region = "us-gov-west-1";

The USGovWest1Region constant is deprecated, use Region.USGovWest1 instead.

let USWest1Region

let USWest1Region: Region = "us-west-1";

The USWest1Region constant is deprecated, use Region.USWest1 instead.

let USWest2Region

let USWest2Region: Region = "us-west-2";

The USWest2Region constant is deprecated, use Region.USWest2 instead.