Come join Pulumi for the industry's first Cloud Engineering Summit! October 7–8. Save Your Spot
  1. Docs
  2. Reference
  3. API
  4. @pulumi/aws
  5. ec2

Module ec2

This page documents the language specification for the aws package. If you're looking for help working with the inputs, outputs, or functions of aws resources in a Pulumi program, please see the resource documentation for examples and API reference.

namespace InstancePlatforms

namespace InstanceTypes

namespace Tenancies

Resources

Functions

Others

namespace InstancePlatforms

const LinuxUnixPlatform

const LinuxUnixPlatform: InstancePlatform = "Linux/UNIX";

const RedHatEnterpriseLinuxPlatform

const RedHatEnterpriseLinuxPlatform: InstancePlatform = "Red Hat Enterprise Linux";

const SuseLinuxPlatform

const SuseLinuxPlatform: InstancePlatform = "SUSE Linux";

const WindowsPlatform

const WindowsPlatform: InstancePlatform = "Windows";

const WindowsWithSqlServerEnterprisePlatform

const WindowsWithSqlServerEnterprisePlatform: InstancePlatform = "Windows with SQL Server Enterprise";

const WindowsWithSqlServerPlatform

const WindowsWithSqlServerPlatform: InstancePlatform = "Windows with SQL Server";

const WindowsWithSqlServerStandardPlatform

const WindowsWithSqlServerStandardPlatform: InstancePlatform = "Windows with SQL Server Standard";

const WindowsWithSqlServerWebPlatform

const WindowsWithSqlServerWebPlatform: InstancePlatform = "Windows with SQL Server Web";

namespace InstanceTypes

const A1_2XLarge

const A1_2XLarge: InstanceType = "a1.2xlarge";

const A1_4XLarge

const A1_4XLarge: InstanceType = "a1.4xlarge";

const A1_Large

const A1_Large: InstanceType = "a1.large";

const A1_Medium

const A1_Medium: InstanceType = "a1.medium";

const A1_XLarge

const A1_XLarge: InstanceType = "a1.xlarge";

const C3_2XLarge

const C3_2XLarge: InstanceType = "c3.2xlarge";

const C3_4XLarge

const C3_4XLarge: InstanceType = "c3.4xlarge";

const C3_8XLarge

const C3_8XLarge: InstanceType = "c3.8xlarge";

const C3_Large

const C3_Large: InstanceType = "c3.large";

const C3_XLarge

const C3_XLarge: InstanceType = "c3.xlarge";

const C4_2XLarge

const C4_2XLarge: InstanceType = "c4.2xlarge";

const C4_4XLarge

const C4_4XLarge: InstanceType = "c4.4xlarge";

const C4_8XLarge

const C4_8XLarge: InstanceType = "c4.8xlarge";

const C4_Large

const C4_Large: InstanceType = "c4.large";

const C4_XLarge

const C4_XLarge: InstanceType = "c4.xlarge";

const C5_18XLarge

const C5_18XLarge: InstanceType = "c5.18xlarge";

const C5_2XLarge

const C5_2XLarge: InstanceType = "c5.2xlarge";

const C5_4XLarge

const C5_4XLarge: InstanceType = "c5.4xlarge";

const C5_9XLarge

const C5_9XLarge: InstanceType = "c5.9xlarge";

const C5_Large

const C5_Large: InstanceType = "c5.large";

const C5_XLarge

const C5_XLarge: InstanceType = "c5.xlarge";

const C5a_12XLarge

const C5a_12XLarge: InstanceType = "c5a.12xlarge";

const C5a_16XLarge

const C5a_16XLarge: InstanceType = "c5a.16xlarge";

const C5a_24XLarge

const C5a_24XLarge: InstanceType = "c5a.24xlarge";

const C5a_2XLarge

const C5a_2XLarge: InstanceType = "c5a.2xlarge";

const C5a_4XLarge

const C5a_4XLarge: InstanceType = "c5a.4xlarge";

const C5a_8XLarge

const C5a_8XLarge: InstanceType = "c5a.8xlarge";

const C5a_Large

const C5a_Large: InstanceType = "c5a.large";

const C5a_XLarge

const C5a_XLarge: InstanceType = "c5a.xlarge";

const C5d_18XLarge

const C5d_18XLarge: InstanceType = "c5d.18xlarge";

const C5d_2XLarge

const C5d_2XLarge: InstanceType = "c5d.2xlarge";

const C5d_4XLarge

const C5d_4XLarge: InstanceType = "c5d.4xlarge";

const C5d_9XLarge

const C5d_9XLarge: InstanceType = "c5d.9xlarge";

const C5d_Large

const C5d_Large: InstanceType = "c5d.large";

const C5d_XLarge

const C5d_XLarge: InstanceType = "c5d.xlarge";

const C5n_18XLarge

const C5n_18XLarge: InstanceType = "c5n.18xlarge";

const C5n_2XLarge

const C5n_2XLarge: InstanceType = "c5n.2xlarge";

const C5n_4XLarge

const C5n_4XLarge: InstanceType = "c5n.4xlarge";

const C5n_9XLarge

const C5n_9XLarge: InstanceType = "c5n.9xlarge";

const C5n_Large

const C5n_Large: InstanceType = "c5n.large";

const C5n_XLarge

const C5n_XLarge: InstanceType = "c5n.xlarge";

const D2_2XLarge

const D2_2XLarge: InstanceType = "d2.2xlarge";

const D2_4XLarge

const D2_4XLarge: InstanceType = "d2.4xlarge";

const D2_8XLarge

const D2_8XLarge: InstanceType = "d2.8xlarge";

const D2_XLarge

const D2_XLarge: InstanceType = "d2.xlarge";

const F1_16XLarge

const F1_16XLarge: InstanceType = "f1.16xlarge";

const F1_2XLarge

const F1_2XLarge: InstanceType = "f1.2xlarge";

const G2_2XLarge

const G2_2XLarge: InstanceType = "g2.2xlarge";

const G2_8XLarge

const G2_8XLarge: InstanceType = "g2.8xlarge";

const G3_16XLarge

const G3_16XLarge: InstanceType = "g3.16xlarge";

const G3_4XLarge

const G3_4XLarge: InstanceType = "g3.4xlarge";

const G3_8XLarge

const G3_8XLarge: InstanceType = "g3.8xlarge";

const G3s_XLarge

const G3s_XLarge: InstanceType = "g3s.xlarge";

const H1_16XLarge

const H1_16XLarge: InstanceType = "h1.16xlarge";

const H1_2XLarge

const H1_2XLarge: InstanceType = "h1.2xlarge";

const H1_4XLarge

const H1_4XLarge: InstanceType = "h1.4xlarge";

const H1_8XLarge

const H1_8XLarge: InstanceType = "h1.8xlarge";

const Hs1_8XLarge

const Hs1_8XLarge: InstanceType = "hs1.8xlarge";

const I3_16XLarge

const I3_16XLarge: InstanceType = "i3.16xlarge";

const I3_2XLarge

const I3_2XLarge: InstanceType = "i3.2xlarge";

const I3_4XLarge

const I3_4XLarge: InstanceType = "i3.4xlarge";

const I3_8XLarge

const I3_8XLarge: InstanceType = "i3.8xlarge";

const I3_Large

const I3_Large: InstanceType = "i3.large";

const I3_Metal

const I3_Metal: InstanceType = "i3.metal";

const I3_XLarge

const I3_XLarge: InstanceType = "i3.xlarge";

const M3_2XLarge

const M3_2XLarge: InstanceType = "m3.2xlarge";

const M3_Large

const M3_Large: InstanceType = "m3.large";

const M3_Medium

const M3_Medium: InstanceType = "m3.medium";

const M3_XLarge

const M3_XLarge: InstanceType = "m3.xlarge";

const M4_10XLarge

const M4_10XLarge: InstanceType = "m4.10xlarge";

const M4_16XLarge

const M4_16XLarge: InstanceType = "m4.16xlarge";

const M4_2XLarge

const M4_2XLarge: InstanceType = "m4.2xlarge";

const M4_4XLarge

const M4_4XLarge: InstanceType = "m4.4xlarge";

const M4_Large

const M4_Large: InstanceType = "m4.large";

const M4_XLarge

const M4_XLarge: InstanceType = "m4.xlarge";

const M5_12XLarge

const M5_12XLarge: InstanceType = "m5.12xlarge";

const M5_24XLarge

const M5_24XLarge: InstanceType = "m5.24xlarge";

const M5_2XLarge

const M5_2XLarge: InstanceType = "m5.2xlarge";

const M5_4XLarge

const M5_4XLarge: InstanceType = "m5.4xlarge";

const M5_Large

const M5_Large: InstanceType = "m5.large";

const M5_XLarge

const M5_XLarge: InstanceType = "m5.xlarge";

const M5a_12XLarge

const M5a_12XLarge: InstanceType = "m5a.12xlarge";

const M5a_24XLarge

const M5a_24XLarge: InstanceType = "m5a.24xlarge";

const M5a_2XLarge

const M5a_2XLarge: InstanceType = "m5a.2xlarge";

const M5a_4XLarge

const M5a_4XLarge: InstanceType = "m5a.4xlarge";

const M5a_Large

const M5a_Large: InstanceType = "m5a.large";

const M5a_XLarge

const M5a_XLarge: InstanceType = "m5a.xlarge";

const M5d_12XLarge

const M5d_12XLarge: InstanceType = "m5d.12xlarge";

const M5d_24XLarge

const M5d_24XLarge: InstanceType = "m5d.24xlarge";

const M5d_2XLarge

const M5d_2XLarge: InstanceType = "m5d.2xlarge";

const M5d_4XLarge

const M5d_4XLarge: InstanceType = "m5d.4xlarge";

const M5d_Large

const M5d_Large: InstanceType = "m5d.large";

const M5d_XLarge

const M5d_XLarge: InstanceType = "m5d.xlarge";

const P2_16XLarge

const P2_16XLarge: InstanceType = "p2.16xlarge";

const P2_8XLarge

const P2_8XLarge: InstanceType = "p2.8xlarge";

const P2_XLarge

const P2_XLarge: InstanceType = "p2.xlarge";

const P3_16XLarge

const P3_16XLarge: InstanceType = "p3.16xlarge";

const P3_2XLarge

const P3_2XLarge: InstanceType = "p3.2xlarge";

const P3_8XLarge

const P3_8XLarge: InstanceType = "p3.8xlarge";

const P3dn_24XLarge

const P3dn_24XLarge: InstanceType = "p3dn.24xlarge";

const R3_2XLarge

const R3_2XLarge: InstanceType = "r3.2xlarge";

const R3_4XLarge

const R3_4XLarge: InstanceType = "r3.4xlarge";

const R3_8XLarge

const R3_8XLarge: InstanceType = "r3.8xlarge";

const R3_Large

const R3_Large: InstanceType = "r3.large";

const R3_XLarge

const R3_XLarge: InstanceType = "r3.xlarge";

const R4_16XLarge

const R4_16XLarge: InstanceType = "r4.16xlarge";

const R4_2XLarge

const R4_2XLarge: InstanceType = "r4.2xlarge";

const R4_4XLarge

const R4_4XLarge: InstanceType = "r4.4xlarge";

const R4_8XLarge

const R4_8XLarge: InstanceType = "r4.8xlarge";

const R4_Large

const R4_Large: InstanceType = "r4.large";

const R4_XLarge

const R4_XLarge: InstanceType = "r4.xlarge";

const R5_12XLarge

const R5_12XLarge: InstanceType = "r5.12xlarge";

const R5_24XLarge

const R5_24XLarge: InstanceType = "r5.24xlarge";

const R5_2XLarge

const R5_2XLarge: InstanceType = "r5.2xlarge";

const R5_4XLarge

const R5_4XLarge: InstanceType = "r5.4xlarge";

const R5_Large

const R5_Large: InstanceType = "r5.large";

const R5_XLarge

const R5_XLarge: InstanceType = "r5.xlarge";

const R5a_12XLarge

const R5a_12XLarge: InstanceType = "r5a.12xlarge";

const R5a_24XLarge

const R5a_24XLarge: InstanceType = "r5a.24xlarge";

const R5a_2XLarge

const R5a_2XLarge: InstanceType = "r5a.2xlarge";

const R5a_4XLarge

const R5a_4XLarge: InstanceType = "r5a.4xlarge";

const R5a_Large

const R5a_Large: InstanceType = "r5a.large";

const R5a_XLarge

const R5a_XLarge: InstanceType = "r5a.xlarge";

const R5d_12XLarge

const R5d_12XLarge: InstanceType = "r5d.12xlarge";

const R5d_24XLarge

const R5d_24XLarge: InstanceType = "r5d.24xlarge";

const R5d_2XLarge

const R5d_2XLarge: InstanceType = "r5d.2xlarge";

const R5d_4XLarge

const R5d_4XLarge: InstanceType = "r5d.4xlarge";

const R5d_Large

const R5d_Large: InstanceType = "r5d.large";

const R5d_XLarge

const R5d_XLarge: InstanceType = "r5d.xlarge";

const T2_2XLarge

const T2_2XLarge: InstanceType = "t2.2xlarge";

const T2_Large

const T2_Large: InstanceType = "t2.large";

const T2_Medium

const T2_Medium: InstanceType = "t2.medium";

const T2_Micro

const T2_Micro: InstanceType = "t2.micro";

const T2_Nano

const T2_Nano: InstanceType = "t2.nano";

const T2_Small

const T2_Small: InstanceType = "t2.small";

const T2_XLarge

const T2_XLarge: InstanceType = "t2.xlarge";

const T3_2XLarge

const T3_2XLarge: InstanceType = "t3.2xlarge";

const T3_Large

const T3_Large: InstanceType = "t3.large";

const T3_Medium

const T3_Medium: InstanceType = "t3.medium";

const T3_Micro

const T3_Micro: InstanceType = "t3.micro";

const T3_Nano

const T3_Nano: InstanceType = "t3.nano";

const T3_Small

const T3_Small: InstanceType = "t3.small";

const T3_XLarge

const T3_XLarge: InstanceType = "t3.xlarge";

const T3a_2XLarge

const T3a_2XLarge: InstanceType = "t3a.2xlarge";

const T3a_Large

const T3a_Large: InstanceType = "t3a.large";

const T3a_Medium

const T3a_Medium: InstanceType = "t3a.medium";

const T3a_Micro

const T3a_Micro: InstanceType = "t3a.micro";

const T3a_Nano

const T3a_Nano: InstanceType = "t3a.nano";

const T3a_Small

const T3a_Small: InstanceType = "t3a.small";

const T3a_XLarge

const T3a_XLarge: InstanceType = "t3a.xlarge";

const U_12tb1Metal

const U_12tb1Metal: InstanceType = "u-12tb1.metal";

const U_6tb1Metal

const U_6tb1Metal: InstanceType = "u-6tb1.metal";

const U_9tb1Metal

const U_9tb1Metal: InstanceType = "u-9tb1.metal";

const X1_16XLarge

const X1_16XLarge: InstanceType = "x1.16xlarge";

const X1_32XLarge

const X1_32XLarge: InstanceType = "x1.32xlarge";

const X1e_16XLarge

const X1e_16XLarge: InstanceType = "x1e.16xlarge";

const X1e_2XLarge

const X1e_2XLarge: InstanceType = "x1e.2xlarge";

const X1e_32XLarge

const X1e_32XLarge: InstanceType = "x1e.32xlarge";

const X1e_4XLarge

const X1e_4XLarge: InstanceType = "x1e.4xlarge";

const X1e_8XLarge

const X1e_8XLarge: InstanceType = "x1e.8xlarge";

const X1e_XLarge

const X1e_XLarge: InstanceType = "x1e.xlarge";

const Z1d_12XLarge

const Z1d_12XLarge: InstanceType = "z1d.12xlarge";

const Z1d_2XLarge

const Z1d_2XLarge: InstanceType = "z1d.2xlarge";

const Z1d_3XLarge

const Z1d_3XLarge: InstanceType = "z1d.3xlarge";

const Z1d_6XLarge

const Z1d_6XLarge: InstanceType = "z1d.6xlarge";

const Z1d_Large

const Z1d_Large: InstanceType = "z1d.large";

const Z1d_XLarge

const Z1d_XLarge: InstanceType = "z1d.xlarge";

namespace Tenancies

const DedicatedTenancy

const DedicatedTenancy: Tenancy = "dedicated";

const DefaultTenancy

const DefaultTenancy: Tenancy = "default";

Resources

Resource Ami

class Ami extends CustomResource

The AMI resource allows the creation and management of a completely-custom Amazon Machine Image (AMI).

If you just want to duplicate an existing AMI, possibly copying it to another region, it’s better to use aws.ec2.AmiCopy instead.

If you just want to share an existing AMI with another AWS account, it’s better to use aws.ec2.AmiLaunchPermission instead.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create an AMI that will start a machine whose root device is backed by
// an EBS volume populated from a snapshot. It is assumed that such a snapshot
// already exists with the id "snap-xxxxxxxx".
const example = new aws.ec2.Ami("example", {
    ebsBlockDevices: [{
        deviceName: "/dev/xvda",
        snapshotId: "snap-xxxxxxxx",
        volumeSize: 8,
    }],
    rootDeviceName: "/dev/xvda",
    virtualizationType: "hvm",
});

constructor

new Ami(name: string, args?: AmiArgs, opts?: pulumi.CustomResourceOptions)

Create a Ami resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AmiState, opts?: pulumi.CustomResourceOptions): Ami

Get an existing Ami resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Ami

Returns true if the given object is an instance of Ami. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property architecture

public architecture: pulumi.Output<string | undefined>;

Machine architecture for created instances. Defaults to “x8664”.

property arn

public arn: pulumi.Output<string>;

The ARN of the AMI.

property description

public description: pulumi.Output<string | undefined>;

A longer, human-readable description for the AMI.

property ebsBlockDevices

public ebsBlockDevices: pulumi.Output<AmiEbsBlockDevice[]>;

Nested block describing an EBS block device that should be attached to created instances. The structure of this block is described below.

property enaSupport

public enaSupport: pulumi.Output<boolean | undefined>;

Specifies whether enhanced networking with ENA is enabled. Defaults to false.

property ephemeralBlockDevices

public ephemeralBlockDevices: pulumi.Output<AmiEphemeralBlockDevice[]>;

Nested block describing an ephemeral block device that should be attached to created instances. The structure of this block is described below.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property imageLocation

public imageLocation: pulumi.Output<string>;

Path to an S3 object containing an image manifest, e.g. created by the ec2-upload-bundle command in the EC2 command line tools.

property kernelId

public kernelId: pulumi.Output<string | undefined>;

The id of the kernel image (AKI) that will be used as the paravirtual kernel in created instances.

property manageEbsSnapshots

public manageEbsSnapshots: pulumi.Output<boolean>;

property name

public name: pulumi.Output<string>;

A region-unique name for the AMI.

property ramdiskId

public ramdiskId: pulumi.Output<string | undefined>;

The id of an initrd image (ARI) that will be used when booting the created instances.

property rootDeviceName

public rootDeviceName: pulumi.Output<string | undefined>;

The name of the root device (for example, /dev/sda1, or /dev/xvda).

property rootSnapshotId

public rootSnapshotId: pulumi.Output<string>;

The Snapshot ID for the root volume (for EBS-backed AMIs)

property sriovNetSupport

public sriovNetSupport: pulumi.Output<string | undefined>;

When set to “simple” (the default), enables enhanced networking for created instances. No other value is supported at this time.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property virtualizationType

public virtualizationType: pulumi.Output<string | undefined>;

Keyword to choose what virtualization mode created instances will use. Can be either “paravirtual” (the default) or “hvm”. The choice of virtualization type changes the set of further arguments that are required, as described below.

Resource AmiCopy

class AmiCopy extends CustomResource

The “AMI copy” resource allows duplication of an Amazon Machine Image (AMI), including cross-region copies.

If the source AMI has associated EBS snapshots, those will also be duplicated along with the AMI.

This is useful for taking a single AMI provisioned in one region and making it available in another for a multi-region deployment.

Copying an AMI can take several minutes. The creation of this resource will block until the new AMI is available for use on new instances.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.ec2.AmiCopy("example", {
    description: "A copy of ami-xxxxxxxx",
    sourceAmiId: "ami-xxxxxxxx",
    sourceAmiRegion: "us-west-1",
    tags: {
        Name: "HelloWorld",
    },
});

constructor

new AmiCopy(name: string, args: AmiCopyArgs, opts?: pulumi.CustomResourceOptions)

Create a AmiCopy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AmiCopyState, opts?: pulumi.CustomResourceOptions): AmiCopy

Get an existing AmiCopy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AmiCopy

Returns true if the given object is an instance of AmiCopy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property architecture

public architecture: pulumi.Output<string>;

Machine architecture for created instances. Defaults to “x8664”.

property arn

public arn: pulumi.Output<string>;

The ARN of the AMI.

property description

public description: pulumi.Output<string | undefined>;

A longer, human-readable description for the AMI.

property ebsBlockDevices

public ebsBlockDevices: pulumi.Output<AmiCopyEbsBlockDevice[]>;

Nested block describing an EBS block device that should be attached to created instances. The structure of this block is described below.

property enaSupport

public enaSupport: pulumi.Output<boolean>;

Specifies whether enhanced networking with ENA is enabled. Defaults to false.

property encrypted

public encrypted: pulumi.Output<boolean | undefined>;

Boolean controlling whether the created EBS volumes will be encrypted. Can’t be used with snapshotId.

property ephemeralBlockDevices

public ephemeralBlockDevices: pulumi.Output<AmiCopyEphemeralBlockDevice[]>;

Nested block describing an ephemeral block device that should be attached to created instances. The structure of this block is described below.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property imageLocation

public imageLocation: pulumi.Output<string>;

Path to an S3 object containing an image manifest, e.g. created by the ec2-upload-bundle command in the EC2 command line tools.

property kernelId

public kernelId: pulumi.Output<string>;

The id of the kernel image (AKI) that will be used as the paravirtual kernel in created instances.

property kmsKeyId

public kmsKeyId: pulumi.Output<string>;

The full ARN of the AWS Key Management Service (AWS KMS) CMK to use when encrypting the snapshots of an image during a copy operation. This parameter is only required if you want to use a non-default CMK; if this parameter is not specified, the default CMK for EBS is used

property manageEbsSnapshots

public manageEbsSnapshots: pulumi.Output<boolean>;

property name

public name: pulumi.Output<string>;

A region-unique name for the AMI.

property ramdiskId

public ramdiskId: pulumi.Output<string>;

The id of an initrd image (ARI) that will be used when booting the created instances.

property rootDeviceName

public rootDeviceName: pulumi.Output<string>;

The name of the root device (for example, /dev/sda1, or /dev/xvda).

property rootSnapshotId

public rootSnapshotId: pulumi.Output<string>;

property sourceAmiId

public sourceAmiId: pulumi.Output<string>;

The id of the AMI to copy. This id must be valid in the region given by sourceAmiRegion.

property sourceAmiRegion

public sourceAmiRegion: pulumi.Output<string>;

The region from which the AMI will be copied. This may be the same as the AWS provider region in order to create a copy within the same region.

property sriovNetSupport

public sriovNetSupport: pulumi.Output<string>;

When set to “simple” (the default), enables enhanced networking for created instances. No other value is supported at this time.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property virtualizationType

public virtualizationType: pulumi.Output<string>;

Keyword to choose what virtualization mode created instances will use. Can be either “paravirtual” (the default) or “hvm”. The choice of virtualization type changes the set of further arguments that are required, as described below.

Resource AmiFromInstance

class AmiFromInstance extends CustomResource

The “AMI from instance” resource allows the creation of an Amazon Machine Image (AMI) modelled after an existing EBS-backed EC2 instance.

The created AMI will refer to implicitly-created snapshots of the instance’s EBS volumes and mimick its assigned block device configuration at the time the resource is created.

This resource is best applied to an instance that is stopped when this instance is created, so that the contents of the created image are predictable. When applied to an instance that is running, the instance will be stopped before taking the snapshots and then started back up again, resulting in a period of downtime.

Note that the source instance is inspected only at the initial creation of this resource. Ongoing updates to the referenced instance will not be propagated into the generated AMI. Users may taint or otherwise recreate the resource in order to produce a fresh snapshot.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.ec2.AmiFromInstance("example", {
    sourceInstanceId: "i-xxxxxxxx",
});

constructor

new AmiFromInstance(name: string, args: AmiFromInstanceArgs, opts?: pulumi.CustomResourceOptions)

Create a AmiFromInstance resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AmiFromInstanceState, opts?: pulumi.CustomResourceOptions): AmiFromInstance

Get an existing AmiFromInstance resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AmiFromInstance

Returns true if the given object is an instance of AmiFromInstance. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property architecture

public architecture: pulumi.Output<string>;

Machine architecture for created instances. Defaults to “x8664”.

property arn

public arn: pulumi.Output<string>;

The ARN of the AMI.

property description

public description: pulumi.Output<string | undefined>;

A longer, human-readable description for the AMI.

property ebsBlockDevices

public ebsBlockDevices: pulumi.Output<AmiFromInstanceEbsBlockDevice[]>;

Nested block describing an EBS block device that should be attached to created instances. The structure of this block is described below.

property enaSupport

public enaSupport: pulumi.Output<boolean>;

Specifies whether enhanced networking with ENA is enabled. Defaults to false.

property ephemeralBlockDevices

public ephemeralBlockDevices: pulumi.Output<AmiFromInstanceEphemeralBlockDevice[]>;

Nested block describing an ephemeral block device that should be attached to created instances. The structure of this block is described below.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property imageLocation

public imageLocation: pulumi.Output<string>;

Path to an S3 object containing an image manifest, e.g. created by the ec2-upload-bundle command in the EC2 command line tools.

property kernelId

public kernelId: pulumi.Output<string>;

The id of the kernel image (AKI) that will be used as the paravirtual kernel in created instances.

property manageEbsSnapshots

public manageEbsSnapshots: pulumi.Output<boolean>;

property name

public name: pulumi.Output<string>;

A region-unique name for the AMI.

property ramdiskId

public ramdiskId: pulumi.Output<string>;

The id of an initrd image (ARI) that will be used when booting the created instances.

property rootDeviceName

public rootDeviceName: pulumi.Output<string>;

The name of the root device (for example, /dev/sda1, or /dev/xvda).

property rootSnapshotId

public rootSnapshotId: pulumi.Output<string>;

property snapshotWithoutReboot

public snapshotWithoutReboot: pulumi.Output<boolean | undefined>;

Boolean that overrides the behavior of stopping the instance before snapshotting. This is risky since it may cause a snapshot of an inconsistent filesystem state, but can be used to avoid downtime if the user otherwise guarantees that no filesystem writes will be underway at the time of snapshot.

property sourceInstanceId

public sourceInstanceId: pulumi.Output<string>;

The id of the instance to use as the basis of the AMI.

property sriovNetSupport

public sriovNetSupport: pulumi.Output<string>;

When set to “simple” (the default), enables enhanced networking for created instances. No other value is supported at this time.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property virtualizationType

public virtualizationType: pulumi.Output<string>;

Keyword to choose what virtualization mode created instances will use. Can be either “paravirtual” (the default) or “hvm”. The choice of virtualization type changes the set of further arguments that are required, as described below.

Resource AmiLaunchPermission

class AmiLaunchPermission extends CustomResource

Adds launch permission to Amazon Machine Image (AMI) from another AWS account.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.ec2.AmiLaunchPermission("example", {
    accountId: "123456789012",
    imageId: "ami-12345678",
});

constructor

new AmiLaunchPermission(name: string, args: AmiLaunchPermissionArgs, opts?: pulumi.CustomResourceOptions)

Create a AmiLaunchPermission resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AmiLaunchPermissionState, opts?: pulumi.CustomResourceOptions): AmiLaunchPermission

Get an existing AmiLaunchPermission resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AmiLaunchPermission

Returns true if the given object is an instance of AmiLaunchPermission. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountId

public accountId: pulumi.Output<string>;

An AWS Account ID to add launch permissions.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property imageId

public imageId: pulumi.Output<string>;

A region-unique name for the AMI.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource AvailabilityZoneGroup

class AvailabilityZoneGroup extends CustomResource

Manages an EC2 Availability Zone Group, such as updating its opt-in status.

NOTE: This is an advanced resource. The provider will automatically assume management of the EC2 Availability Zone Group without import and perform no actions on removal from configuration.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.ec2.AvailabilityZoneGroup("example", {
    groupName: "us-west-2-lax-1",
    optInStatus: "opted-in",
});

constructor

new AvailabilityZoneGroup(name: string, args: AvailabilityZoneGroupArgs, opts?: pulumi.CustomResourceOptions)

Create a AvailabilityZoneGroup resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AvailabilityZoneGroupState, opts?: pulumi.CustomResourceOptions): AvailabilityZoneGroup

Get an existing AvailabilityZoneGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AvailabilityZoneGroup

Returns true if the given object is an instance of AvailabilityZoneGroup. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property groupName

public groupName: pulumi.Output<string>;

Name of the Availability Zone Group.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property optInStatus

public optInStatus: pulumi.Output<string>;

Indicates whether to enable or disable Availability Zone Group. Valid values: opted-in or not-opted-in.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource CapacityReservation

class CapacityReservation extends CustomResource

Provides an EC2 Capacity Reservation. This allows you to reserve capacity for your Amazon EC2 instances in a specific Availability Zone for any duration.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const defaultCapacityReservation = new aws.ec2.CapacityReservation("default", {
    availabilityZone: "eu-west-1a",
    instanceCount: 1,
    instancePlatform: "Linux/UNIX",
    instanceType: "t2.micro",
});

constructor

new CapacityReservation(name: string, args: CapacityReservationArgs, opts?: pulumi.CustomResourceOptions)

Create a CapacityReservation resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: CapacityReservationState, opts?: pulumi.CustomResourceOptions): CapacityReservation

Get an existing CapacityReservation resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is CapacityReservation

Returns true if the given object is an instance of CapacityReservation. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN of the Capacity Reservation.

property availabilityZone

public availabilityZone: pulumi.Output<string>;

The Availability Zone in which to create the Capacity Reservation.

property ebsOptimized

public ebsOptimized: pulumi.Output<boolean | undefined>;

Indicates whether the Capacity Reservation supports EBS-optimized instances.

property endDate

public endDate: pulumi.Output<string | undefined>;

The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. Valid values: RFC3339 time string (YYYY-MM-DDTHH:MM:SSZ)

property endDateType

public endDateType: pulumi.Output<string | undefined>;

Indicates the way in which the Capacity Reservation ends. Specify either unlimited or limited.

property ephemeralStorage

public ephemeralStorage: pulumi.Output<boolean | undefined>;

Indicates whether the Capacity Reservation supports instances with temporary, block-level storage.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instanceCount

public instanceCount: pulumi.Output<number>;

The number of instances for which to reserve capacity.

property instanceMatchCriteria

public instanceMatchCriteria: pulumi.Output<string | undefined>;

Indicates the type of instance launches that the Capacity Reservation accepts. Specify either open or targeted.

property instancePlatform

public instancePlatform: pulumi.Output<InstancePlatform>;

The type of operating system for which to reserve capacity. Valid options are Linux/UNIX, Red Hat Enterprise Linux, SUSE Linux, Windows, Windows with SQL Server, Windows with SQL Server Enterprise, Windows with SQL Server Standard or Windows with SQL Server Web.

property instanceType

public instanceType: pulumi.Output<InstanceType>;

The instance type for which to reserve capacity.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the resource.

property tenancy

public tenancy: pulumi.Output<Tenancy | undefined>;

Indicates the tenancy of the Capacity Reservation. Specify either default or dedicated.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource CustomerGateway

class CustomerGateway extends CustomResource

Provides a customer gateway inside a VPC. These objects can be connected to VPN gateways via VPN connections, and allow you to establish tunnels between your network and the VPC.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const main = new aws.ec2.CustomerGateway("main", {
    bgpAsn: "65000",
    ipAddress: "172.83.124.10",
    tags: {
        Name: "main-customer-gateway",
    },
    type: "ipsec.1",
});

constructor

new CustomerGateway(name: string, args: CustomerGatewayArgs, opts?: pulumi.CustomResourceOptions)

Create a CustomerGateway resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: CustomerGatewayState, opts?: pulumi.CustomResourceOptions): CustomerGateway

Get an existing CustomerGateway resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is CustomerGateway

Returns true if the given object is an instance of CustomerGateway. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN of the customer gateway.

property bgpAsn

public bgpAsn: pulumi.Output<string>;

The gateway’s Border Gateway Protocol (BGP) Autonomous System Number (ASN).

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property ipAddress

public ipAddress: pulumi.Output<string>;

The IP address of the gateway’s Internet-routable external interface.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

Tags to apply to the gateway.

property type

public type: pulumi.Output<string>;

The type of customer gateway. The only type AWS supports at this time is “ipsec.1”.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource DefaultNetworkAcl

class DefaultNetworkAcl extends CustomResource

Provides a resource to manage the default AWS Network ACL. VPC Only.

Each VPC created in AWS comes with a Default Network ACL that can be managed, but not destroyed. This is an advanced resource, and has special caveats to be aware of when using it. Please read this document in its entirety before using this resource.

The aws.ec2.DefaultNetworkAcl behaves differently from normal resources, in that this provider does not create this resource, but instead attempts to “adopt” it into management. We can do this because each VPC created has a Default Network ACL that cannot be destroyed, and is created with a known set of default rules.

When this provider first adopts the Default Network ACL, it immediately removes all rules in the ACL. It then proceeds to create any rules specified in the configuration. This step is required so that only the rules specified in the configuration are created.

This resource treats its inline rules as absolute; only the rules defined inline are created, and any additions/removals external to this resource will result in diffs being shown. For these reasons, this resource is incompatible with the aws.ec2.NetworkAclRule resource.

For more information about Network ACLs, see the AWS Documentation on [Network ACLs][aws-network-acls].

Basic Example Usage, with default rules

The following config gives the Default Network ACL the same rules that AWS includes, but pulls the resource under management by this provider. This means that any ACL rules added or changed will be detected as drift.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const mainvpc = new aws.ec2.Vpc("mainvpc", {cidrBlock: "10.1.0.0/16"});
const _default = new aws.ec2.DefaultNetworkAcl("default", {
    defaultNetworkAclId: mainvpc.defaultNetworkAclId,
    ingress: [{
        protocol: -1,
        ruleNo: 100,
        action: "allow",
        cidrBlock: mainvpc.cidrBlock,
        fromPort: 0,
        toPort: 0,
    }],
    egress: [{
        protocol: -1,
        ruleNo: 100,
        action: "allow",
        cidrBlock: "0.0.0.0/0",
        fromPort: 0,
        toPort: 0,
    }],
});

Example config to deny all Egress traffic, allowing Ingress

The following denies all Egress traffic by omitting any egress rules, while including the default ingress rule to allow all traffic.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const mainvpc = new aws.ec2.Vpc("mainvpc", {cidrBlock: "10.1.0.0/16"});
const _default = new aws.ec2.DefaultNetworkAcl("default", {
    defaultNetworkAclId: mainvpc.defaultNetworkAclId,
    ingress: [{
        protocol: -1,
        ruleNo: 100,
        action: "allow",
        cidrBlock: mainvpc.cidrBlock,
        fromPort: 0,
        toPort: 0,
    }],
});

Example config to deny all traffic to any Subnet in the Default Network ACL

This config denies all traffic in the Default ACL. This can be useful if you want a locked down default to force all resources in the VPC to assign a non-default ACL.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const mainvpc = new aws.ec2.Vpc("mainvpc", {cidrBlock: "10.1.0.0/16"});
const _default = new aws.ec2.DefaultNetworkAcl("default", {defaultNetworkAclId: mainvpc.defaultNetworkAclId});
// no rules defined, deny all traffic in this ACL

constructor

new DefaultNetworkAcl(name: string, args: DefaultNetworkAclArgs, opts?: pulumi.CustomResourceOptions)

Create a DefaultNetworkAcl resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DefaultNetworkAclState, opts?: pulumi.CustomResourceOptions): DefaultNetworkAcl

Get an existing DefaultNetworkAcl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is DefaultNetworkAcl

Returns true if the given object is an instance of DefaultNetworkAcl. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN of the Default Network ACL

property defaultNetworkAclId

public defaultNetworkAclId: pulumi.Output<string>;

The Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

property egress

public egress: pulumi.Output<DefaultNetworkAclEgress[] | undefined>;

Specifies an egress rule. Parameters defined below.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property ingress

public ingress: pulumi.Output<DefaultNetworkAclIngress[] | undefined>;

Specifies an ingress rule. Parameters defined below.

property ownerId

public ownerId: pulumi.Output<string>;

The ID of the AWS account that owns the Default Network ACL

property subnetIds

public subnetIds: pulumi.Output<string[] | undefined>;

A list of Subnet IDs to apply the ACL to. See the notes below on managing Subnets in the Default Network ACL

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpcId

public vpcId: pulumi.Output<string>;

The ID of the associated VPC

Resource DefaultRouteTable

class DefaultRouteTable extends CustomResource

Provides a resource to manage a Default VPC Routing Table.

Each VPC created in AWS comes with a Default Route Table that can be managed, but not destroyed. This is an advanced resource, and has special caveats to be aware of when using it. Please read this document in its entirety before using this resource. It is recommended you do not use both aws.ec2.DefaultRouteTable to manage the default route table and use the aws.ec2.MainRouteTableAssociation, due to possible conflict in routes.

The aws.ec2.DefaultRouteTable behaves differently from normal resources, in that this provider does not create this resource, but instead attempts to “adopt” it into management. We can do this because each VPC created has a Default Route Table that cannot be destroyed, and is created with a single route.

When this provider first adopts the Default Route Table, it immediately removes all defined routes. It then proceeds to create any routes specified in the configuration. This step is required so that only the routes specified in the configuration present in the Default Route Table.

For more information about Route Tables, see the AWS Documentation on [Route Tables][aws-route-tables].

For more information about managing normal Route Tables in this provider, see our documentation on [aws.ec2.RouteTable][tf-route-tables].

NOTE on Route Tables and Routes: This provider currently provides both a standalone Route resource and a Route Table resource with routes defined in-line. At this time you cannot use a Route Table with in-line routes in conjunction with any Route resources. Doing so will cause a conflict of rule settings and will overwrite routes.

Example Usage

With Tags
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const defaultRouteTable = new aws.ec2.DefaultRouteTable("defaultRouteTable", {
    defaultRouteTableId: aws_vpc.foo.default_route_table_id,
    routes: [{}],
    tags: {
        Name: "default table",
    },
});

constructor

new DefaultRouteTable(name: string, args: DefaultRouteTableArgs, opts?: pulumi.CustomResourceOptions)

Create a DefaultRouteTable resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DefaultRouteTableState, opts?: pulumi.CustomResourceOptions): DefaultRouteTable

Get an existing DefaultRouteTable resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is DefaultRouteTable

Returns true if the given object is an instance of DefaultRouteTable. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property defaultRouteTableId

public defaultRouteTableId: pulumi.Output<string>;

The ID of the Default Routing Table.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property ownerId

public ownerId: pulumi.Output<string>;

The ID of the AWS account that owns the route table

property propagatingVgws

public propagatingVgws: pulumi.Output<string[] | undefined>;

A list of virtual gateways for propagation.

property routes

public routes: pulumi.Output<DefaultRouteTableRoute[]>;

A list of route objects. Their keys are documented below.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A mapping of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpcId

public vpcId: pulumi.Output<string>;

Resource DefaultSecurityGroup

class DefaultSecurityGroup extends CustomResource

Provides a resource to manage the default AWS Security Group.

For EC2 Classic accounts, each region comes with a Default Security Group. Additionally, each VPC created in AWS comes with a Default Security Group that can be managed, but not destroyed. This is an advanced resource, and has special caveats to be aware of when using it. Please read this document in its entirety before using this resource.

The aws.ec2.DefaultSecurityGroup behaves differently from normal resources, in that this provider does not create this resource, but instead “adopts” it into management. We can do this because these default security groups cannot be destroyed, and are created with a known set of default ingress/egress rules.

When this provider first adopts the Default Security Group, it immediately removes all ingress and egress rules in the Security Group. It then proceeds to create any rules specified in the configuration. This step is required so that only the rules specified in the configuration are created.

This resource treats its inline rules as absolute; only the rules defined inline are created, and any additions/removals external to this resource will result in diff shown. For these reasons, this resource is incompatible with the aws.ec2.SecurityGroupRule resource.

For more information about Default Security Groups, see the AWS Documentation on [Default Security Groups][aws-default-security-groups].

Basic Example Usage, with default rules

The following config gives the Default Security Group the same rules that AWS provides by default, but pulls the resource under management by this provider. This means that any ingress or egress rules added or changed will be detected as drift.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const mainvpc = new aws.ec2.Vpc("mainvpc", {cidrBlock: "10.1.0.0/16"});
const _default = new aws.ec2.DefaultSecurityGroup("default", {
    vpcId: mainvpc.id,
    ingress: [{
        protocol: -1,
        self: true,
        fromPort: 0,
        toPort: 0,
    }],
    egress: [{
        fromPort: 0,
        toPort: 0,
        protocol: "-1",
        cidrBlocks: ["0.0.0.0/0"],
    }],
});

Example config to deny all Egress traffic, allowing Ingress

The following denies all Egress traffic by omitting any egress rules, while including the default ingress rule to allow all traffic.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const mainvpc = new aws.ec2.Vpc("mainvpc", {cidrBlock: "10.1.0.0/16"});
const _default = new aws.ec2.DefaultSecurityGroup("default", {
    vpcId: mainvpc.id,
    ingress: [{
        protocol: -1,
        self: true,
        fromPort: 0,
        toPort: 0,
    }],
});

Usage

With the exceptions mentioned above, aws.ec2.DefaultSecurityGroup should identical behavior to aws.ec2.SecurityGroup. Please consult AWS_SECURITY_GROUP for further usage documentation.

Removing aws.ec2.DefaultSecurityGroup from your configuration

Each AWS VPC (or region, if using EC2 Classic) comes with a Default Security Group that cannot be deleted. The aws.ec2.DefaultSecurityGroup allows you to manage this Security Group, but this provider cannot destroy it. Removing this resource from your configuration will remove it from your statefile and management, but will not destroy the Security Group. All ingress or egress rules will be left as they are at the time of removal. You can resume managing them via the AWS Console.

constructor

new DefaultSecurityGroup(name: string, args?: DefaultSecurityGroupArgs, opts?: pulumi.CustomResourceOptions)

Create a DefaultSecurityGroup resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DefaultSecurityGroupState, opts?: pulumi.CustomResourceOptions): DefaultSecurityGroup

Get an existing DefaultSecurityGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is DefaultSecurityGroup

Returns true if the given object is an instance of DefaultSecurityGroup. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN of the security group

property description

public description: pulumi.Output<string>;

Description of this egress rule.

property egress

public egress: pulumi.Output<DefaultSecurityGroupEgress[]>;

Can be specified multiple times for each egress rule. Each egress block supports fields documented below.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property ingress

public ingress: pulumi.Output<DefaultSecurityGroupIngress[]>;

Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below.

property name

public name: pulumi.Output<string>;

The name of the security group

property ownerId

public ownerId: pulumi.Output<string>;

The owner ID.

property revokeRulesOnDelete

public revokeRulesOnDelete: pulumi.Output<boolean | undefined>;

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpcId

public vpcId: pulumi.Output<string>;

The VPC ID. Note that changing the vpcId will not restore any default security group rules that were modified, added, or removed. It will be left in its current state

Resource DefaultSubnet

class DefaultSubnet extends CustomResource

Provides a resource to manage a default AWS VPC subnet in the current region.

The aws.ec2.DefaultSubnet behaves differently from normal resources, in that this provider does not create this resource, but instead “adopts” it into management.

Example Usage

Basic usage with tags:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const defaultAz1 = new aws.ec2.DefaultSubnet("default_az1", {
    availabilityZone: "us-west-2a",
    tags: {
        Name: "Default subnet for us-west-2a",
    },
});

constructor

new DefaultSubnet(name: string, args: DefaultSubnetArgs, opts?: pulumi.CustomResourceOptions)

Create a DefaultSubnet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DefaultSubnetState, opts?: pulumi.CustomResourceOptions): DefaultSubnet

Get an existing DefaultSubnet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is DefaultSubnet

Returns true if the given object is an instance of DefaultSubnet. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

property assignIpv6AddressOnCreation

public assignIpv6AddressOnCreation: pulumi.Output<boolean>;

property availabilityZone

public availabilityZone: pulumi.Output<string>;

property availabilityZoneId

public availabilityZoneId: pulumi.Output<string>;

property cidrBlock

public cidrBlock: pulumi.Output<string>;

The CIDR block for the subnet.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property ipv6CidrBlock

public ipv6CidrBlock: pulumi.Output<string>;

The IPv6 CIDR block.

property ipv6CidrBlockAssociationId

public ipv6CidrBlockAssociationId: pulumi.Output<string>;

property mapPublicIpOnLaunch

public mapPublicIpOnLaunch: pulumi.Output<boolean>;

Specify true to indicate that instances launched into the subnet should be assigned a public IP address.

property outpostArn

public outpostArn: pulumi.Output<string | undefined>;

property ownerId

public ownerId: pulumi.Output<string>;

The ID of the AWS account that owns the subnet.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpcId

public vpcId: pulumi.Output<string>;

The VPC ID.

Resource DefaultVpc

class DefaultVpc extends CustomResource

Provides a resource to manage the default AWS VPC in the current region.

For AWS accounts created after 2013-12-04, each region comes with a Default VPC. This is an advanced resource, and has special caveats to be aware of when using it. Please read this document in its entirety before using this resource.

The aws.ec2.DefaultVpc behaves differently from normal resources, in that this provider does not create this resource, but instead “adopts” it into management.

Example Usage

Basic usage with tags:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const defaultDefaultVpc = new aws.ec2.DefaultVpc("default", {
    tags: {
        Name: "Default VPC",
    },
});

constructor

new DefaultVpc(name: string, args?: DefaultVpcArgs, opts?: pulumi.CustomResourceOptions)

Create a DefaultVpc resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DefaultVpcState, opts?: pulumi.CustomResourceOptions): DefaultVpc

Get an existing DefaultVpc resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is DefaultVpc

Returns true if the given object is an instance of DefaultVpc. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

Amazon Resource Name (ARN) of VPC

property assignGeneratedIpv6CidrBlock

public assignGeneratedIpv6CidrBlock: pulumi.Output<boolean>;

Whether or not an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC was assigned

property cidrBlock

public cidrBlock: pulumi.Output<string>;

The CIDR block of the VPC

property defaultNetworkAclId

public defaultNetworkAclId: pulumi.Output<string>;

The ID of the network ACL created by default on VPC creation

property defaultRouteTableId

public defaultRouteTableId: pulumi.Output<string>;

The ID of the route table created by default on VPC creation

property defaultSecurityGroupId

public defaultSecurityGroupId: pulumi.Output<string>;

The ID of the security group created by default on VPC creation

property dhcpOptionsId

public dhcpOptionsId: pulumi.Output<string>;
public enableClassiclink: pulumi.Output<boolean>;

A boolean flag to enable/disable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. See the ClassicLink documentation for more information. Defaults false.

property enableClassiclinkDnsSupport

public enableClassiclinkDnsSupport: pulumi.Output<boolean>;

property enableDnsHostnames

public enableDnsHostnames: pulumi.Output<boolean>;

A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false.

property enableDnsSupport

public enableDnsSupport: pulumi.Output<boolean | undefined>;

A boolean flag to enable/disable DNS support in the VPC. Defaults true.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instanceTenancy

public instanceTenancy: pulumi.Output<string>;

Tenancy of instances spin up within VPC.

property ipv6AssociationId

public ipv6AssociationId: pulumi.Output<string>;

The association ID for the IPv6 CIDR block of the VPC

property ipv6CidrBlock

public ipv6CidrBlock: pulumi.Output<string>;

The IPv6 CIDR block of the VPC

property mainRouteTableId

public mainRouteTableId: pulumi.Output<string>;

The ID of the main route table associated with this VPC. Note that you can change a VPC’s main route table by using an aws.ec2.MainRouteTableAssociation

property ownerId

public ownerId: pulumi.Output<string>;

The ID of the AWS account that owns the VPC.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource DefaultVpcDhcpOptions

class DefaultVpcDhcpOptions extends CustomResource

Provides a resource to manage the default AWS DHCP Options Set in the current region.

Each AWS region comes with a default set of DHCP options. This is an advanced resource, and has special caveats to be aware of when using it. Please read this document in its entirety before using this resource.

The aws.ec2.DefaultVpcDhcpOptions behaves differently from normal resources, in that this provider does not create this resource, but instead “adopts” it into management.

Example Usage

Basic usage with tags:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const defaultDefaultVpcDhcpOptions = new aws.ec2.DefaultVpcDhcpOptions("default", {
    tags: {
        Name: "Default DHCP Option Set",
    },
});

constructor

new DefaultVpcDhcpOptions(name: string, args?: DefaultVpcDhcpOptionsArgs, opts?: pulumi.CustomResourceOptions)

Create a DefaultVpcDhcpOptions resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DefaultVpcDhcpOptionsState, opts?: pulumi.CustomResourceOptions): DefaultVpcDhcpOptions

Get an existing DefaultVpcDhcpOptions resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is DefaultVpcDhcpOptions

Returns true if the given object is an instance of DefaultVpcDhcpOptions. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN of the DHCP Options Set.

property domainName

public domainName: pulumi.Output<string>;

property domainNameServers

public domainNameServers: pulumi.Output<string>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property netbiosNameServers

public netbiosNameServers: pulumi.Output<string[] | undefined>;

List of NETBIOS name servers.

property netbiosNodeType

public netbiosNodeType: pulumi.Output<string | undefined>;

The NetBIOS node type (1, 2, 4, or 8). AWS recommends to specify 2 since broadcast and multicast are not supported in their network. For more information about these node types, see RFC 2132.

property ntpServers

public ntpServers: pulumi.Output<string>;

property ownerId

public ownerId: pulumi.Output<string>;

The ID of the AWS account that owns the DHCP options set.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource EgressOnlyInternetGateway

class EgressOnlyInternetGateway extends CustomResource

[IPv6 only] Creates an egress-only Internet gateway for your VPC. An egress-only Internet gateway is used to enable outbound communication over IPv6 from instances in your VPC to the Internet, and prevents hosts outside of your VPC from initiating an IPv6 connection with your instance.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleVpc = new aws.ec2.Vpc("exampleVpc", {
    cidrBlock: "10.1.0.0/16",
    assignGeneratedIpv6CidrBlock: true,
});
const exampleEgressOnlyInternetGateway = new aws.ec2.EgressOnlyInternetGateway("exampleEgressOnlyInternetGateway", {
    vpcId: exampleVpc.id,
    tags: {
        Name: "main",
    },
});

constructor

new EgressOnlyInternetGateway(name: string, args: EgressOnlyInternetGatewayArgs, opts?: pulumi.CustomResourceOptions)

Create a EgressOnlyInternetGateway resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: EgressOnlyInternetGatewayState, opts?: pulumi.CustomResourceOptions): EgressOnlyInternetGateway

Get an existing EgressOnlyInternetGateway resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is EgressOnlyInternetGateway

Returns true if the given object is an instance of EgressOnlyInternetGateway. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpcId

public vpcId: pulumi.Output<string>;

The VPC ID to create in.

Resource Eip

class Eip extends CustomResource

Provides an Elastic IP resource.

Note: EIP may require IGW to exist prior to association. Use dependsOn to set an explicit dependency on the IGW.

Note: Do not use networkInterface to associate the EIP to aws.lb.LoadBalancer or aws.ec2.NatGateway resources. Instead use the allocationId available in those resources to allow AWS to manage the association, otherwise you will see AuthFailure errors.

Example Usage

Single EIP associated with an instance:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const lb = new aws.ec2.Eip("lb", {
    instance: aws_instance.web.id,
    vpc: true,
});

Multiple EIPs associated with a single network interface:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const multi_ip = new aws.ec2.NetworkInterface("multi-ip", {
    subnetId: aws_subnet.main.id,
    privateIps: [
        "10.0.0.10",
        "10.0.0.11",
    ],
});
const one = new aws.ec2.Eip("one", {
    vpc: true,
    networkInterface: multi_ip.id,
    associateWithPrivateIp: "10.0.0.10",
});
const two = new aws.ec2.Eip("two", {
    vpc: true,
    networkInterface: multi_ip.id,
    associateWithPrivateIp: "10.0.0.11",
});

Attaching an EIP to an Instance with a pre-assigned private ip (VPC Only):

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const _default = new aws.ec2.Vpc("default", {
    cidrBlock: "10.0.0.0/16",
    enableDnsHostnames: true,
});
const gw = new aws.ec2.InternetGateway("gw", {vpcId: _default.id});
const tfTestSubnet = new aws.ec2.Subnet("tfTestSubnet", {
    vpcId: _default.id,
    cidrBlock: "10.0.0.0/24",
    mapPublicIpOnLaunch: true,
}, {
    dependsOn: [gw],
});
const foo = new aws.ec2.Instance("foo", {
    ami: "ami-5189a661",
    instanceType: "t2.micro",
    privateIp: "10.0.0.12",
    subnetId: tfTestSubnet.id,
});
const bar = new aws.ec2.Eip("bar", {
    vpc: true,
    instance: foo.id,
    associateWithPrivateIp: "10.0.0.12",
}, {
    dependsOn: [gw],
});

Allocating EIP from the BYOIP pool:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const byoip_ip = new aws.ec2.Eip("byoip-ip", {
    publicIpv4Pool: "ipv4pool-ec2-012345",
    vpc: true,
});

constructor

new Eip(name: string, args?: EipArgs, opts?: pulumi.CustomResourceOptions)

Create a Eip resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: EipState, opts?: pulumi.CustomResourceOptions): Eip

Get an existing Eip resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Eip

Returns true if the given object is an instance of Eip. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property allocationId

public allocationId: pulumi.Output<string>;

property associateWithPrivateIp

public associateWithPrivateIp: pulumi.Output<string | undefined>;

A user specified primary or secondary private IP address to associate with the Elastic IP address. If no private IP address is specified, the Elastic IP address is associated with the primary private IP address.

property associationId

public associationId: pulumi.Output<string>;

property customerOwnedIp

public customerOwnedIp: pulumi.Output<string>;

Customer owned IP.

property customerOwnedIpv4Pool

public customerOwnedIpv4Pool: pulumi.Output<string | undefined>;

The ID of a customer-owned address pool. For more on customer owned IP addressed check out Customer-owned IP addresses guide

property domain

public domain: pulumi.Output<string>;

Indicates if this EIP is for use in VPC (vpc) or EC2 Classic (standard).

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instance

public instance: pulumi.Output<string>;

EC2 instance ID.

property networkInterface

public networkInterface: pulumi.Output<string>;

Network interface ID to associate with.

property privateDns

public privateDns: pulumi.Output<string>;

The Private DNS associated with the Elastic IP address (if in VPC).

property privateIp

public privateIp: pulumi.Output<string>;

Contains the private IP address (if in VPC).

property publicDns

public publicDns: pulumi.Output<string>;

Public DNS associated with the Elastic IP address.

property publicIp

public publicIp: pulumi.Output<string>;

Contains the public IP address.

property publicIpv4Pool

public publicIpv4Pool: pulumi.Output<string>;

EC2 IPv4 address pool identifier or amazon. This option is only available for VPC EIPs.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the resource. Tags can only be applied to EIPs in a VPC.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpc

public vpc: pulumi.Output<boolean>;

Boolean if the EIP is in a VPC or not.

Resource EipAssociation

class EipAssociation extends CustomResource

Provides an AWS EIP Association as a top level resource, to associate and disassociate Elastic IPs from AWS Instances and Network Interfaces.

NOTE: Do not use this resource to associate an EIP to aws.lb.LoadBalancer or aws.ec2.NatGateway resources. Instead use the allocationId available in those resources to allow AWS to manage the association, otherwise you will see AuthFailure errors.

NOTE: aws.ec2.EipAssociation is useful in scenarios where EIPs are either pre-existing or distributed to customers or users and therefore cannot be changed.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const web = new aws.ec2.Instance("web", {
    ami: "ami-21f78e11",
    availabilityZone: "us-west-2a",
    instanceType: "t2.micro",
    tags: {
        Name: "HelloWorld",
    },
});
const example = new aws.ec2.Eip("example", {vpc: true});
const eipAssoc = new aws.ec2.EipAssociation("eipAssoc", {
    instanceId: web.id,
    allocationId: example.id,
});

constructor

new EipAssociation(name: string, args?: EipAssociationArgs, opts?: pulumi.CustomResourceOptions)

Create a EipAssociation resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: EipAssociationState, opts?: pulumi.CustomResourceOptions): EipAssociation

Get an existing EipAssociation resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is EipAssociation

Returns true if the given object is an instance of EipAssociation. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property allocationId

public allocationId: pulumi.Output<string>;

The allocation ID. This is required for EC2-VPC.

property allowReassociation

public allowReassociation: pulumi.Output<boolean | undefined>;

Whether to allow an Elastic IP to be re-associated. Defaults to true in VPC.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instanceId

public instanceId: pulumi.Output<string>;

The ID of the instance. This is required for EC2-Classic. For EC2-VPC, you can specify either the instance ID or the network interface ID, but not both. The operation fails if you specify an instance ID unless exactly one network interface is attached.

property networkInterfaceId

public networkInterfaceId: pulumi.Output<string>;

The ID of the network interface. If the instance has more than one network interface, you must specify a network interface ID.

property privateIpAddress

public privateIpAddress: pulumi.Output<string>;

The primary or secondary private IP address to associate with the Elastic IP address. If no private IP address is specified, the Elastic IP address is associated with the primary private IP address.

property publicIp

public publicIp: pulumi.Output<string>;

The Elastic IP address. This is required for EC2-Classic.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Fleet

class Fleet extends CustomResource

Provides a resource to manage EC2 Fleets.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.ec2.Fleet("example", {
    launchTemplateConfig: {
        launchTemplateSpecification: {
            launchTemplateId: aws_launch_template.example.id,
            version: aws_launch_template.example.latest_version,
        },
    },
    targetCapacitySpecification: {
        defaultTargetCapacityType: "spot",
        totalTargetCapacity: 5,
    },
});

constructor

new Fleet(name: string, args: FleetArgs, opts?: pulumi.CustomResourceOptions)

Create a Fleet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: FleetState, opts?: pulumi.CustomResourceOptions): Fleet

Get an existing Fleet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Fleet

Returns true if the given object is an instance of Fleet. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property excessCapacityTerminationPolicy

public excessCapacityTerminationPolicy: pulumi.Output<string | undefined>;

Whether running instances should be terminated if the total target capacity of the EC2 Fleet is decreased below the current size of the EC2. Valid values: no-termination, termination. Defaults to termination.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property launchTemplateConfig

public launchTemplateConfig: pulumi.Output<FleetLaunchTemplateConfig>;

Nested argument containing EC2 Launch Template configurations. Defined below.

property onDemandOptions

public onDemandOptions: pulumi.Output<FleetOnDemandOptions | undefined>;

Nested argument containing On-Demand configurations. Defined below.

property replaceUnhealthyInstances

public replaceUnhealthyInstances: pulumi.Output<boolean | undefined>;

Whether EC2 Fleet should replace unhealthy instances. Defaults to false.

property spotOptions

public spotOptions: pulumi.Output<FleetSpotOptions | undefined>;

Nested argument containing Spot configurations. Defined below.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

Map of Fleet tags. To tag instances at launch, specify the tags in the Launch Template.

property targetCapacitySpecification

public targetCapacitySpecification: pulumi.Output<FleetTargetCapacitySpecification>;

Nested argument containing target capacity configurations. Defined below.

property terminateInstances

public terminateInstances: pulumi.Output<boolean | undefined>;

Whether to terminate instances for an EC2 Fleet if it is deleted successfully. Defaults to false.

property terminateInstancesWithExpiration

public terminateInstancesWithExpiration: pulumi.Output<boolean | undefined>;

Whether running instances should be terminated when the EC2 Fleet expires. Defaults to false.

property type

public type: pulumi.Output<string | undefined>;

The type of request. Indicates whether the EC2 Fleet only requests the target capacity, or also attempts to maintain it. Valid values: maintain, request. Defaults to maintain.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource FlowLog

class FlowLog extends CustomResource

Provides a VPC/Subnet/ENI Flow Log to capture IP traffic for a specific network interface, subnet, or VPC. Logs are sent to a CloudWatch Log Group or a S3 Bucket.

Example Usage

CloudWatch Logging
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleLogGroup = new aws.cloudwatch.LogGroup("exampleLogGroup", {});
const exampleRole = new aws.iam.Role("exampleRole", {assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "vpc-flow-logs.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
`});
const exampleFlowLog = new aws.ec2.FlowLog("exampleFlowLog", {
    iamRoleArn: exampleRole.arn,
    logDestination: exampleLogGroup.arn,
    trafficType: "ALL",
    vpcId: aws_vpc.example.id,
});
const exampleRolePolicy = new aws.iam.RolePolicy("exampleRolePolicy", {
    role: exampleRole.id,
    policy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents",
        "logs:DescribeLogGroups",
        "logs:DescribeLogStreams"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}
`,
});
S3 Logging
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleBucket = new aws.s3.Bucket("exampleBucket", {});
const exampleFlowLog = new aws.ec2.FlowLog("exampleFlowLog", {
    logDestination: exampleBucket.arn,
    logDestinationType: "s3",
    trafficType: "ALL",
    vpcId: aws_vpc.example.id,
});

constructor

new FlowLog(name: string, args: FlowLogArgs, opts?: pulumi.CustomResourceOptions)

Create a FlowLog resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: FlowLogState, opts?: pulumi.CustomResourceOptions): FlowLog

Get an existing FlowLog resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is FlowLog

Returns true if the given object is an instance of FlowLog. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN of the Flow Log.

property eniId

public eniId: pulumi.Output<string | undefined>;

Elastic Network Interface ID to attach to

property iamRoleArn

public iamRoleArn: pulumi.Output<string | undefined>;

The ARN for the IAM role that’s used to post flow logs to a CloudWatch Logs log group

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property logDestination

public logDestination: pulumi.Output<string>;

The ARN of the logging destination.

property logDestinationType

public logDestinationType: pulumi.Output<string | undefined>;

The type of the logging destination. Valid values: cloud-watch-logs, s3. Default: cloud-watch-logs.

property logFormat

public logFormat: pulumi.Output<string>;

The fields to include in the flow log record, in the order in which they should appear.

property logGroupName

DEPRECATED use 'log_destination' argument instead
public logGroupName: pulumi.Output<string>;

Deprecated: Use logDestination instead. The name of the CloudWatch log group.

property maxAggregationInterval

public maxAggregationInterval: pulumi.Output<number | undefined>;

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. Valid Values: 60 seconds (1 minute) or 600 seconds (10 minutes). Default: 600.

property subnetId

public subnetId: pulumi.Output<string | undefined>;

Subnet ID to attach to

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

Key-value map of resource tags

property trafficType

public trafficType: pulumi.Output<string>;

The type of traffic to capture. Valid values: ACCEPT,REJECT, ALL.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpcId

public vpcId: pulumi.Output<string | undefined>;

VPC ID to attach to

Resource Instance

class Instance extends CustomResource

Provides an EC2 instance resource. This allows instances to be created, updated, and deleted.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const ubuntu = aws.getAmi({
    mostRecent: true,
    filters: [
        {
            name: "name",
            values: ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"],
        },
        {
            name: "virtualization-type",
            values: ["hvm"],
        },
    ],
    owners: ["099720109477"],
});
const web = new aws.ec2.Instance("web", {
    ami: ubuntu.then(ubuntu => ubuntu.id),
    instanceType: "t3.micro",
    tags: {
        Name: "HelloWorld",
    },
});

constructor

new Instance(name: string, args: InstanceArgs, opts?: pulumi.CustomResourceOptions)

Create a Instance resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: InstanceState, opts?: pulumi.CustomResourceOptions): Instance

Get an existing Instance resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Instance

Returns true if the given object is an instance of Instance. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property ami

public ami: pulumi.Output<string>;

The AMI to use for the instance.

property arn

public arn: pulumi.Output<string>;

The ARN of the instance.

property associatePublicIpAddress

public associatePublicIpAddress: pulumi.Output<boolean>;

Associate a public ip address with an instance in a VPC. Boolean value.

property availabilityZone

public availabilityZone: pulumi.Output<string>;

The AZ to start the instance in.

property cpuCoreCount

public cpuCoreCount: pulumi.Output<number>;

Sets the number of CPU cores for an instance. This option is only supported on creation of instance type that support CPU Options CPU Cores and Threads Per CPU Core Per Instance Type - specifying this option for unsupported instance types will return an error from the EC2 API.

property cpuThreadsPerCore

public cpuThreadsPerCore: pulumi.Output<number>;

If set to to 1, hyperthreading is disabled on the launched instance. Defaults to 2 if not set. See Optimizing CPU Options for more information.

property creditSpecification

public creditSpecification: pulumi.Output<InstanceCreditSpecification | undefined>;

Customize the credit specification of the instance. See Credit Specification below for more details.

property disableApiTermination

public disableApiTermination: pulumi.Output<boolean | undefined>;

If true, enables EC2 Instance Termination Protection

property ebsBlockDevices

public ebsBlockDevices: pulumi.Output<InstanceEbsBlockDevice[]>;

Additional EBS block devices to attach to the instance. Block device configurations only apply on resource creation. See Block Devices below for details on attributes and drift detection.

property ebsOptimized

public ebsOptimized: pulumi.Output<boolean | undefined>;

If true, the launched EC2 instance will be EBS-optimized. Note that if this is not set on an instance type that is optimized by default then this will show as disabled but if the instance type is optimized by default then there is no need to set this and there is no effect to disabling it. See the EBS Optimized section of the AWS User Guide for more information.

property ephemeralBlockDevices

public ephemeralBlockDevices: pulumi.Output<InstanceEphemeralBlockDevice[]>;

Customize Ephemeral (also known as “Instance Store”) volumes on the instance. See Block Devices below for details.

property getPasswordData

public getPasswordData: pulumi.Output<boolean | undefined>;

If true, wait for password data to become available and retrieve it. Useful for getting the administrator password for instances running Microsoft Windows. The password data is exported to the passwordData attribute. See GetPasswordData for more information.

property hibernation

public hibernation: pulumi.Output<boolean | undefined>;

If true, the launched EC2 instance will support hibernation.

property hostId

public hostId: pulumi.Output<string>;

The Id of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host.

property iamInstanceProfile

public iamInstanceProfile: pulumi.Output<string | undefined>;

The IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. Ensure your credentials have the correct permission to assign the instance profile according to the EC2 documentation, notably iam:PassRole.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instanceInitiatedShutdownBehavior

public instanceInitiatedShutdownBehavior: pulumi.Output<string | undefined>;

Shutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instances. See Shutdown Behavior for more information.

property instanceState

public instanceState: pulumi.Output<string>;

The state of the instance. One of: pending, running, shutting-down, terminated, stopping, stopped. See Instance Lifecycle for more information.

property instanceType

public instanceType: pulumi.Output<InstanceType>;

The type of instance to start. Updates to this field will trigger a stop/start of the EC2 instance.

property ipv6AddressCount

public ipv6AddressCount: pulumi.Output<number>;

A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet.

property ipv6Addresses

public ipv6Addresses: pulumi.Output<string[]>;

Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface

property keyName

public keyName: pulumi.Output<string>;

The key name of the Key Pair to use for the instance; which can be managed using the aws.ec2.KeyPair resource.

property metadataOptions

public metadataOptions: pulumi.Output<InstanceMetadataOptions>;

Customize the metadata options of the instance. See Metadata Options below for more details.

property monitoring

public monitoring: pulumi.Output<boolean | undefined>;

If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0)

property networkInterfaces

public networkInterfaces: pulumi.Output<InstanceNetworkInterface[]>;

Customize network interfaces to be attached at instance boot time. See Network Interfaces below for more details.

property outpostArn

public outpostArn: pulumi.Output<string>;

The ARN of the Outpost the instance is assigned to.

property passwordData

public passwordData: pulumi.Output<string>;

Base-64 encoded encrypted password data for the instance. Useful for getting the administrator password for instances running Microsoft Windows. This attribute is only exported if getPasswordData is true. Note that this encrypted value will be stored in the state file, as with all exported attributes. See GetPasswordData for more information.

property placementGroup

public placementGroup: pulumi.Output<string>;

The Placement Group to start the instance in.

property primaryNetworkInterfaceId

public primaryNetworkInterfaceId: pulumi.Output<string>;

The ID of the instance’s primary network interface.

property privateDns

public privateDns: pulumi.Output<string>;

The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you’ve enabled DNS hostnames for your VPC

property privateIp

public privateIp: pulumi.Output<string>;

Private IP address to associate with the instance in a VPC.

property publicDns

public publicDns: pulumi.Output<string>;

The public DNS name assigned to the instance. For EC2-VPC, this is only available if you’ve enabled DNS hostnames for your VPC

property publicIp

public publicIp: pulumi.Output<string>;

The public IP address assigned to the instance, if applicable. NOTE: If you are using an aws.ec2.Eip with your instance, you should refer to the EIP’s address directly and not use publicIp, as this field will change after the EIP is attached.

property rootBlockDevice

public rootBlockDevice: pulumi.Output<InstanceRootBlockDevice>;

Customize details about the root block device of the instance. See Block Devices below for details.

property secondaryPrivateIps

public secondaryPrivateIps: pulumi.Output<string[]>;

A list of secondary private IPv4 addresses to assign to the instance’s primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a networkInterface block. Refer to the Elastic network interfaces documentation to see the maximum number of private IP addresses allowed per instance type.

property securityGroups

DEPRECATED Use of securityGroups is discouraged as it does not allow for changes and will force your instance to be replaced if changes are made. To avoid this, use vpcSecurityGroupIds which allows for updates.
public securityGroups: pulumi.Output<string[]>;

A list of security group names (EC2-Classic) or IDs (default VPC) to associate with.

property sourceDestCheck

public sourceDestCheck: pulumi.Output<boolean | undefined>;

Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. Defaults true.

property subnetId

public subnetId: pulumi.Output<string>;

The VPC Subnet ID to launch in.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the resource.

property tenancy

public tenancy: pulumi.Output<string>;

The tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the import-instance command.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userData

public userData: pulumi.Output<string | undefined>;

The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see userDataBase64 instead.

property userDataBase64

public userDataBase64: pulumi.Output<string | undefined>;

Can be used instead of userData to pass base64-encoded binary data directly. Use this instead of userData whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption.

property volumeTags

public volumeTags: pulumi.Output<{[key: string]: string}>;

A map of tags to assign to the devices created by the instance at launch time.

property vpcSecurityGroupIds

public vpcSecurityGroupIds: pulumi.Output<string[]>;

A list of security group IDs to associate with.

Resource InternetGateway

class InternetGateway extends CustomResource

Provides a resource to create a VPC Internet Gateway.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const gw = new aws.ec2.InternetGateway("gw", {
    vpcId: aws_vpc.main.id,
    tags: {
        Name: "main",
    },
});

constructor

new InternetGateway(name: string, args?: InternetGatewayArgs, opts?: pulumi.CustomResourceOptions)

Create a InternetGateway resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: InternetGatewayState, opts?: pulumi.CustomResourceOptions): InternetGateway

Get an existing InternetGateway resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is InternetGateway

Returns true if the given object is an instance of InternetGateway. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN of the Internet Gateway.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property ownerId

public ownerId: pulumi.Output<string>;

The ID of the AWS account that owns the internet gateway.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpcId

public vpcId: pulumi.Output<string | undefined>;

The VPC ID to create in.

Resource KeyPair

class KeyPair extends CustomResource

Provides an EC2 key pair resource. A key pair is used to control login access to EC2 instances.

Currently this resource requires an existing user-supplied key pair. This key pair’s public key will be registered with AWS to allow logging-in to EC2 instances.

When importing an existing key pair the public key material may be in any format supported by AWS. Supported formats (per the AWS documentation) are:

  • OpenSSH public key format (the format in ~/.ssh/authorized_keys)
  • Base64 encoded DER format
  • SSH public key file format as specified in RFC4716

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const deployer = new aws.ec2.KeyPair("deployer", {
    publicKey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 email@example.com",
});

constructor

new KeyPair(name: string, args: KeyPairArgs, opts?: pulumi.CustomResourceOptions)

Create a KeyPair resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: KeyPairState, opts?: pulumi.CustomResourceOptions): KeyPair

Get an existing KeyPair resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is KeyPair

Returns true if the given object is an instance of KeyPair. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The key pair ARN.

property fingerprint

public fingerprint: pulumi.Output<string>;

The MD5 public key fingerprint as specified in section 4 of RFC 4716.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property keyName

public keyName: pulumi.Output<string>;

The name for the key pair.

property keyNamePrefix

public keyNamePrefix: pulumi.Output<string | undefined>;

Creates a unique name beginning with the specified prefix. Conflicts with keyName.

property keyPairId

public keyPairId: pulumi.Output<string>;

The key pair ID.

property publicKey

public publicKey: pulumi.Output<string>;

The public key material.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

Key-value map of resource tags

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource LaunchConfiguration

class LaunchConfiguration extends CustomResource

Provides a resource to create a new launch configuration, used for autoscaling groups.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const ubuntu = aws.getAmi({
    mostRecent: true,
    filters: [
        {
            name: "name",
            values: ["ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*"],
        },
        {
            name: "virtualization-type",
            values: ["hvm"],
        },
    ],
    owners: ["099720109477"],
});
const asConf = new aws.ec2.LaunchConfiguration("asConf", {
    imageId: ubuntu.then(ubuntu => ubuntu.id),
    instanceType: "t2.micro",
});

Using with AutoScaling Groups

Launch Configurations cannot be updated after creation with the Amazon Web Service API. In order to update a Launch Configuration, this provider will destroy the existing resource and create a replacement. In order to effectively use a Launch Configuration resource with an AutoScaling Group resource, it’s recommended to specify createBeforeDestroy in a lifecycle block. Either omit the Launch Configuration name attribute, or specify a partial name with namePrefix. Example:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const ubuntu = aws.getAmi({
    mostRecent: true,
    filters: [
        {
            name: "name",
            values: ["ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*"],
        },
        {
            name: "virtualization-type",
            values: ["hvm"],
        },
    ],
    owners: ["099720109477"],
});
const asConf = new aws.ec2.LaunchConfiguration("asConf", {
    namePrefix: "lc-example-",
    imageId: ubuntu.then(ubuntu => ubuntu.id),
    instanceType: "t2.micro",
});
const bar = new aws.autoscaling.Group("bar", {
    launchConfiguration: asConf.name,
    minSize: 1,
    maxSize: 2,
});

With this setup this provider generates a unique name for your Launch Configuration and can then update the AutoScaling Group without conflict before destroying the previous Launch Configuration.

Using with Spot Instances

Launch configurations can set the spot instance pricing to be used for the Auto Scaling Group to reserve instances. Simply specifying the spotPrice parameter will set the price on the Launch Configuration which will attempt to reserve your instances at this price. See the AWS Spot Instance documentation for more information or how to launch Spot Instances with this provider.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const ubuntu = aws.getAmi({
    mostRecent: true,
    filters: [
        {
            name: "name",
            values: ["ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*"],
        },
        {
            name: "virtualization-type",
            values: ["hvm"],
        },
    ],
    owners: ["099720109477"],
});
const asConf = new aws.ec2.LaunchConfiguration("asConf", {
    imageId: ubuntu.then(ubuntu => ubuntu.id),
    instanceType: "m4.large",
    spotPrice: "0.001",
});
const bar = new aws.autoscaling.Group("bar", {launchConfiguration: asConf.name});

Block devices

Each of the *_block_device attributes controls a portion of the AWS Launch Configuration’s “Block Device Mapping”. It’s a good idea to familiarize yourself with AWS’s Block Device Mapping docs to understand the implications of using these attributes.

The rootBlockDevice mapping supports the following:

  • volumeType - (Optional) The type of volume. Can be "standard", "gp2", or "io1". (Default: "standard").
  • volumeSize - (Optional) The size of the volume in gigabytes.
  • iops - (Optional) The amount of provisioned IOPS. This must be set with a volumeType of "io1".
  • deleteOnTermination - (Optional) Whether the volume should be destroyed on instance termination (Default: true).
  • encrypted - (Optional) Whether the volume should be encrypted or not. (Default: false).

Modifying any of the rootBlockDevice settings requires resource replacement.

Each ebsBlockDevice supports the following:

  • deviceName - (Required) The name of the device to mount.
  • snapshotId - (Optional) The Snapshot ID to mount.
  • volumeType - (Optional) The type of volume. Can be "standard", "gp2", or "io1". (Default: "standard").
  • volumeSize - (Optional) The size of the volume in gigabytes.
  • iops - (Optional) The amount of provisioned IOPS. This must be set with a volumeType of "io1".
  • deleteOnTermination - (Optional) Whether the volume should be destroyed on instance termination (Default: true).
  • encrypted - (Optional) Whether the volume should be encrypted or not. Do not use this option if you are using snapshotId as the encrypted flag will be determined by the snapshot. (Default: false).
  • noDevice - (Optional) Whether the device in the block device mapping of the AMI is suppressed.

Modifying any ebsBlockDevice currently requires resource replacement.

Each ephemeralBlockDevice supports the following:

  • deviceName - The name of the block device to mount on the instance.
  • virtualName - The Instance Store Device Name (e.g. "ephemeral0")

Each AWS Instance type has a different set of Instance Store block devices available for attachment. AWS publishes a list of which ephemeral devices are available on each type. The devices are always identified by the virtualName in the format "ephemeral{0..N}".

NOTE: Changes to *_block_device configuration of existing resources cannot currently be detected by this provider. After updating to block device configuration, resource recreation can be manually triggered by using the up command with the –replace argument.

constructor

new LaunchConfiguration(name: string, args: LaunchConfigurationArgs, opts?: pulumi.CustomResourceOptions)

Create a LaunchConfiguration resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: LaunchConfigurationState, opts?: pulumi.CustomResourceOptions): LaunchConfiguration

Get an existing LaunchConfiguration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is LaunchConfiguration

Returns true if the given object is an instance of LaunchConfiguration. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The Amazon Resource Name of the launch configuration.

property associatePublicIpAddress

public associatePublicIpAddress: pulumi.Output<boolean | undefined>;

Associate a public ip address with an instance in a VPC.

property ebsBlockDevices

public ebsBlockDevices: pulumi.Output<LaunchConfigurationEbsBlockDevice[]>;

Additional EBS block devices to attach to the instance. See Block Devices below for details.

property ebsOptimized

public ebsOptimized: pulumi.Output<boolean>;

If true, the launched EC2 instance will be EBS-optimized.

property enableMonitoring

public enableMonitoring: pulumi.Output<boolean | undefined>;

Enables/disables detailed monitoring. This is enabled by default.

property ephemeralBlockDevices

public ephemeralBlockDevices: pulumi.Output<LaunchConfigurationEphemeralBlockDevice[] | undefined>;

Customize Ephemeral (also known as “Instance Store”) volumes on the instance. See Block Devices below for details.

property iamInstanceProfile

public iamInstanceProfile: pulumi.Output<string | undefined>;

The name attribute of the IAM instance profile to associate with launched instances.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property imageId

public imageId: pulumi.Output<string>;

The EC2 image ID to launch.

property instanceType

public instanceType: pulumi.Output<string>;

The size of instance to launch.

property keyName

public keyName: pulumi.Output<string>;

The key name that should be used for the instance.

property name

public name: pulumi.Output<string>;

The name of the launch configuration. If you leave this blank, this provider will auto-generate a unique name.

property namePrefix

public namePrefix: pulumi.Output<string | undefined>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

property placementTenancy

public placementTenancy: pulumi.Output<string | undefined>;

The tenancy of the instance. Valid values are "default" or "dedicated", see AWS’s Create Launch Configuration for more details

property rootBlockDevice

public rootBlockDevice: pulumi.Output<LaunchConfigurationRootBlockDevice>;

Customize details about the root block device of the instance. See Block Devices below for details.

property securityGroups

public securityGroups: pulumi.Output<string[] | undefined>;

A list of associated security group IDS.

property spotPrice

public spotPrice: pulumi.Output<string | undefined>;

The maximum price to use for reserving spot instances.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userData

public userData: pulumi.Output<string | undefined>;

The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see userDataBase64 instead.

property userDataBase64

public userDataBase64: pulumi.Output<string | undefined>;

Can be used instead of userData to pass base64-encoded binary data directly. Use this instead of userData whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption.

property vpcClassicLinkId

public vpcClassicLinkId: pulumi.Output<string | undefined>;

The ID of a ClassicLink-enabled VPC. Only applies to EC2-Classic instances. (eg. vpc-2730681a)

property vpcClassicLinkSecurityGroups

public vpcClassicLinkSecurityGroups: pulumi.Output<string[] | undefined>;

The IDs of one or more security groups for the specified ClassicLink-enabled VPC (eg. sg-46ae3d11).

Resource LaunchTemplate

class LaunchTemplate extends CustomResource

Provides an EC2 launch template resource. Can be used to create instances or auto scaling groups.

constructor

new LaunchTemplate(name: string, args?: LaunchTemplateArgs, opts?: pulumi.CustomResourceOptions)

Create a LaunchTemplate resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: LaunchTemplateState, opts?: pulumi.CustomResourceOptions): LaunchTemplate

Get an existing LaunchTemplate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is LaunchTemplate

Returns true if the given object is an instance of LaunchTemplate. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The Amazon Resource Name (ARN) of the instance profile.

property blockDeviceMappings

public blockDeviceMappings: pulumi.Output<LaunchTemplateBlockDeviceMapping[] | undefined>;

Specify volumes to attach to the instance besides the volumes specified by the AMI. See Block Devices below for details.

property capacityReservationSpecification

public capacityReservationSpecification: pulumi.Output<LaunchTemplateCapacityReservationSpecification | undefined>;

Targeting for EC2 capacity reservations. See Capacity Reservation Specification below for more details.

property cpuOptions

public cpuOptions: pulumi.Output<LaunchTemplateCpuOptions | undefined>;

The CPU options for the instance. See CPU Options below for more details.

property creditSpecification

public creditSpecification: pulumi.Output<LaunchTemplateCreditSpecification | undefined>;

Customize the credit specification of the instance. See Credit Specification below for more details.

property defaultVersion

public defaultVersion: pulumi.Output<number>;

Default Version of the launch template.

property description

public description: pulumi.Output<string | undefined>;

Description of the launch template.

property disableApiTermination

public disableApiTermination: pulumi.Output<boolean | undefined>;

If true, enables EC2 Instance Termination Protection

property ebsOptimized

public ebsOptimized: pulumi.Output<string | undefined>;

If true, the launched EC2 instance will be EBS-optimized.

property elasticGpuSpecifications

public elasticGpuSpecifications: pulumi.Output<LaunchTemplateElasticGpuSpecification[] | undefined>;

The elastic GPU to attach to the instance. See Elastic GPU below for more details.

property elasticInferenceAccelerator

public elasticInferenceAccelerator: pulumi.Output<LaunchTemplateElasticInferenceAccelerator | undefined>;

Configuration block containing an Elastic Inference Accelerator to attach to the instance. See Elastic Inference Accelerator below for more details.

property hibernationOptions

public hibernationOptions: pulumi.Output<LaunchTemplateHibernationOptions | undefined>;

The hibernation options for the instance. See Hibernation Options below for more details.

property iamInstanceProfile

public iamInstanceProfile: pulumi.Output<LaunchTemplateIamInstanceProfile | undefined>;

The IAM Instance Profile to launch the instance with. See Instance Profile below for more details.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property imageId

public imageId: pulumi.Output<string | undefined>;

The AMI from which to launch the instance.

property instanceInitiatedShutdownBehavior

public instanceInitiatedShutdownBehavior: pulumi.Output<string | undefined>;

Shutdown behavior for the instance. Can be stop or terminate. (Default: stop).

property instanceMarketOptions

public instanceMarketOptions: pulumi.Output<LaunchTemplateInstanceMarketOptions | undefined>;

The market (purchasing) option for the instance. See Market Options below for details.

property instanceType

public instanceType: pulumi.Output<string | undefined>;

The type of the instance.

property kernelId

public kernelId: pulumi.Output<string | undefined>;

The kernel ID.

property keyName

public keyName: pulumi.Output<string | undefined>;

The key name to use for the instance.

property latestVersion

public latestVersion: pulumi.Output<number>;

The latest version of the launch template.

property licenseSpecifications

public licenseSpecifications: pulumi.Output<LaunchTemplateLicenseSpecification[] | undefined>;

A list of license specifications to associate with. See License Specification below for more details.

property metadataOptions

public metadataOptions: pulumi.Output<LaunchTemplateMetadataOptions>;

Customize the metadata options for the instance. See Metadata Options below for more details.

property monitoring

public monitoring: pulumi.Output<LaunchTemplateMonitoring | undefined>;

The monitoring option for the instance. See Monitoring below for more details.

property name

public name: pulumi.Output<string>;

The name of the launch template. If you leave this blank, this provider will auto-generate a unique name.

property namePrefix

public namePrefix: pulumi.Output<string | undefined>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

property networkInterfaces

public networkInterfaces: pulumi.Output<LaunchTemplateNetworkInterface[] | undefined>;

Customize network interfaces to be attached at instance boot time. See Network Interfaces below for more details.

property placement

public placement: pulumi.Output<LaunchTemplatePlacement | undefined>;

The placement of the instance. See Placement below for more details.

property ramDiskId

public ramDiskId: pulumi.Output<string | undefined>;

The ID of the RAM disk.

property securityGroupNames

public securityGroupNames: pulumi.Output<string[] | undefined>;

A list of security group names to associate with. If you are creating Instances in a VPC, use vpcSecurityGroupIds instead.

property tagSpecifications

public tagSpecifications: pulumi.Output<LaunchTemplateTagSpecification[] | undefined>;

The tags to apply to the resources during launch. See Tag Specifications below for more details.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the launch template.

property updateDefaultVersion

public updateDefaultVersion: pulumi.Output<boolean | undefined>;

Whether to update Default Version each update. Conflicts with defaultVersion.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userData

public userData: pulumi.Output<string | undefined>;

The Base64-encoded user data to provide when launching the instance.

property vpcSecurityGroupIds

public vpcSecurityGroupIds: pulumi.Output<string[] | undefined>;

A list of security group IDs to associate with.

Resource LocalGatewayRoute

class LocalGatewayRoute extends CustomResource

Manages an EC2 Local Gateway Route. More information can be found in the Outposts User Guide.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.ec2.LocalGatewayRoute("example", {
    destinationCidrBlock: "172.16.0.0/16",
    localGatewayRouteTableId: data.aws_ec2_local_gateway_route_table.example.id,
    localGatewayVirtualInterfaceGroupId: data.aws_ec2_local_gateway_virtual_interface_group.example.id,
});

constructor

new LocalGatewayRoute(name: string, args: LocalGatewayRouteArgs, opts?: pulumi.CustomResourceOptions)

Create a LocalGatewayRoute resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: LocalGatewayRouteState, opts?: pulumi.CustomResourceOptions): LocalGatewayRoute

Get an existing LocalGatewayRoute resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is LocalGatewayRoute

Returns true if the given object is an instance of LocalGatewayRoute. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property destinationCidrBlock

public destinationCidrBlock: pulumi.Output<string>;

IPv4 CIDR range used for destination matches. Routing decisions are based on the most specific match.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property localGatewayRouteTableId

public localGatewayRouteTableId: pulumi.Output<string>;

Identifier of EC2 Local Gateway Route Table.

property localGatewayVirtualInterfaceGroupId

public localGatewayVirtualInterfaceGroupId: pulumi.Output<string>;

Identifier of EC2 Local Gateway Virtual Interface Group.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource LocalGatewayRouteTableVpcAssociation

class LocalGatewayRouteTableVpcAssociation extends CustomResource

Manages an EC2 Local Gateway Route Table VPC Association. More information can be found in the Outposts User Guide.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleLocalGatewayRouteTable = aws.ec2.getLocalGatewayRouteTable({
    outpostArn: "arn:aws:outposts:us-west-2:123456789012:outpost/op-1234567890abcdef",
});
const exampleVpc = new aws.ec2.Vpc("exampleVpc", {cidrBlock: "10.0.0.0/16"});
const exampleLocalGatewayRouteTableVpcAssociation = new aws.ec2.LocalGatewayRouteTableVpcAssociation("exampleLocalGatewayRouteTableVpcAssociation", {
    localGatewayRouteTableId: exampleLocalGatewayRouteTable.then(exampleLocalGatewayRouteTable => exampleLocalGatewayRouteTable.id),
    vpcId: exampleVpc.id,
});

constructor

new LocalGatewayRouteTableVpcAssociation(name: string, args: LocalGatewayRouteTableVpcAssociationArgs, opts?: pulumi.CustomResourceOptions)

Create a LocalGatewayRouteTableVpcAssociation resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: LocalGatewayRouteTableVpcAssociationState, opts?: pulumi.CustomResourceOptions): LocalGatewayRouteTableVpcAssociation

Get an existing LocalGatewayRouteTableVpcAssociation resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is LocalGatewayRouteTableVpcAssociation

Returns true if the given object is an instance of LocalGatewayRouteTableVpcAssociation. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property localGatewayId

public localGatewayId: pulumi.Output<string>;

property localGatewayRouteTableId

public localGatewayRouteTableId: pulumi.Output<string>;

Identifier of EC2 Local Gateway Route Table.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

Key-value map of resource tags.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpcId

public vpcId: pulumi.Output<string>;

Identifier of EC2 VPC.

Resource MainRouteTableAssociation

class MainRouteTableAssociation extends CustomResource

Provides a resource for managing the main routing table of a VPC.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const mainRouteTableAssociation = new aws.ec2.MainRouteTableAssociation("mainRouteTableAssociation", {
    vpcId: aws_vpc.foo.id,
    routeTableId: aws_route_table.bar.id,
});

Notes

On VPC creation, the AWS API always creates an initial Main Route Table. This resource records the ID of that Route Table under originalRouteTableId. The “Delete” action for a mainRouteTableAssociation consists of resetting this original table as the Main Route Table for the VPC. You’ll see this additional Route Table in the AWS console; it must remain intact in order for the mainRouteTableAssociation delete to work properly.

constructor

new MainRouteTableAssociation(name: string, args: MainRouteTableAssociationArgs, opts?: pulumi.CustomResourceOptions)

Create a MainRouteTableAssociation resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: MainRouteTableAssociationState, opts?: pulumi.CustomResourceOptions): MainRouteTableAssociation

Get an existing MainRouteTableAssociation resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is MainRouteTableAssociation

Returns true if the given object is an instance of MainRouteTableAssociation. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property originalRouteTableId

public originalRouteTableId: pulumi.Output<string>;

Used internally, see Notes below

property routeTableId

public routeTableId: pulumi.Output<string>;

The ID of the Route Table to set as the new main route table for the target VPC

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpcId

public vpcId: pulumi.Output<string>;

The ID of the VPC whose main route table should be set

Resource NatGateway

class NatGateway extends CustomResource

Provides a resource to create a VPC NAT Gateway.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const gw = new aws.ec2.NatGateway("gw", {
    allocationId: aws_eip.nat.id,
    subnetId: aws_subnet.example.id,
});

Usage with tags:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const gw = new aws.ec2.NatGateway("gw", {
    allocationId: aws_eip.nat.id,
    subnetId: aws_subnet.example.id,
    tags: {
        Name: "gw NAT",
    },
});

constructor

new NatGateway(name: string, args: NatGatewayArgs, opts?: pulumi.CustomResourceOptions)

Create a NatGateway resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: NatGatewayState, opts?: pulumi.CustomResourceOptions): NatGateway

Get an existing NatGateway resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is NatGateway

Returns true if the given object is an instance of NatGateway. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property allocationId

public allocationId: pulumi.Output<string>;

The Allocation ID of the Elastic IP address for the gateway.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property networkInterfaceId

public networkInterfaceId: pulumi.Output<string>;

The ENI ID of the network interface created by the NAT gateway.

property privateIp

public privateIp: pulumi.Output<string>;

The private IP address of the NAT Gateway.

property publicIp

public publicIp: pulumi.Output<string>;

The public IP address of the NAT Gateway.

property subnetId

public subnetId: pulumi.Output<string>;

The Subnet ID of the subnet in which to place the gateway.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource NetworkAcl

class NetworkAcl extends CustomResource

Provides an network ACL resource. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC.

NOTE on Network ACLs and Network ACL Rules: This provider currently provides both a standalone Network ACL Rule resource and a Network ACL resource with rules defined in-line. At this time you cannot use a Network ACL with in-line rules in conjunction with any Network ACL Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const main = new aws.ec2.NetworkAcl("main", {
    vpcId: aws_vpc.main.id,
    egress: [{
        protocol: "tcp",
        ruleNo: 200,
        action: "allow",
        cidrBlock: "10.3.0.0/18",
        fromPort: 443,
        toPort: 443,
    }],
    ingress: [{
        protocol: "tcp",
        ruleNo: 100,
        action: "allow",
        cidrBlock: "10.3.0.0/18",
        fromPort: 80,
        toPort: 80,
    }],
    tags: {
        Name: "main",
    },
});

constructor

new NetworkAcl(name: string, args: NetworkAclArgs, opts?: pulumi.CustomResourceOptions)

Create a NetworkAcl resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: NetworkAclState, opts?: pulumi.CustomResourceOptions): NetworkAcl

Get an existing NetworkAcl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is NetworkAcl

Returns true if the given object is an instance of NetworkAcl. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN of the network ACL

property egress

public egress: pulumi.Output<NetworkAclEgress[]>;

Specifies an egress rule. Parameters defined below.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property ingress

public ingress: pulumi.Output<NetworkAclIngress[]>;

Specifies an ingress rule. Parameters defined below.

property ownerId

public ownerId: pulumi.Output<string>;

The ID of the AWS account that owns the network ACL.

property subnetIds

public subnetIds: pulumi.Output<string[]>;

A list of Subnet IDs to apply the ACL to

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A mapping of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpcId

public vpcId: pulumi.Output<string>;

The ID of the associated VPC.

Resource NetworkAclRule

class NetworkAclRule extends CustomResource

Creates an entry (a rule) in a network ACL with the specified rule number.

NOTE on Network ACLs and Network ACL Rules: This provider currently provides both a standalone Network ACL Rule resource and a Network ACL resource with rules defined in-line. At this time you cannot use a Network ACL with in-line rules in conjunction with any Network ACL Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const barNetworkAcl = new aws.ec2.NetworkAcl("barNetworkAcl", {vpcId: aws_vpc.foo.id});
const barNetworkAclRule = new aws.ec2.NetworkAclRule("barNetworkAclRule", {
    networkAclId: barNetworkAcl.id,
    ruleNumber: 200,
    egress: false,
    protocol: "tcp",
    ruleAction: "allow",
    cidrBlock: aws_vpc.foo.cidr_block,
    fromPort: 22,
    toPort: 22,
});

Note: One of either cidrBlock or ipv6CidrBlock is required.

constructor

new NetworkAclRule(name: string, args: NetworkAclRuleArgs, opts?: pulumi.CustomResourceOptions)

Create a NetworkAclRule resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: NetworkAclRuleState, opts?: pulumi.CustomResourceOptions): NetworkAclRule

Get an existing NetworkAclRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is NetworkAclRule

Returns true if the given object is an instance of NetworkAclRule. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property cidrBlock

public cidrBlock: pulumi.Output<string | undefined>;

The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).

property egress

public egress: pulumi.Output<boolean | undefined>;

Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.

property fromPort

public fromPort: pulumi.Output<number | undefined>;

The from port to match.

property icmpCode

public icmpCode: pulumi.Output<string | undefined>;

ICMP protocol: The ICMP code. Required if specifying ICMP for the protocol. e.g. -1

property icmpType

public icmpType: pulumi.Output<string | undefined>;

ICMP protocol: The ICMP type. Required if specifying ICMP for the protocol. e.g. -1

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property ipv6CidrBlock

public ipv6CidrBlock: pulumi.Output<string | undefined>;

The IPv6 CIDR block to allow or deny.

property networkAclId

public networkAclId: pulumi.Output<string>;

The ID of the network ACL.

property protocol

public protocol: pulumi.Output<string>;

The protocol. A value of -1 means all protocols.

property ruleAction

public ruleAction: pulumi.Output<string>;

Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny

property ruleNumber

public ruleNumber: pulumi.Output<number>;

The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.

property toPort

public toPort: pulumi.Output<number | undefined>;

The to port to match.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource NetworkInterface

class NetworkInterface extends CustomResource

Provides an Elastic network interface (ENI) resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const test = new aws.ec2.NetworkInterface("test", {
    subnetId: aws_subnet.public_a.id,
    privateIps: ["10.0.0.50"],
    securityGroups: [aws_security_group.web.id],
    attachments: [{
        instance: aws_instance.test.id,
        deviceIndex: 1,
    }],
});

constructor

new NetworkInterface(name: string, args: NetworkInterfaceArgs, opts?: pulumi.CustomResourceOptions)

Create a NetworkInterface resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: NetworkInterfaceState, opts?: pulumi.CustomResourceOptions): NetworkInterface

Get an existing NetworkInterface resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is NetworkInterface

Returns true if the given object is an instance of NetworkInterface. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property attachments

public attachments: pulumi.Output<NetworkInterfaceAttachment[]>;

Block to define the attachment of the ENI. Documented below.

property description

public description: pulumi.Output<string | undefined>;

A description for the network interface.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property macAddress

public macAddress: pulumi.Output<string>;

The MAC address of the network interface.

property outpostArn

public outpostArn: pulumi.Output<string>;

property privateDnsName

public privateDnsName: pulumi.Output<string>;

The private DNS name of the network interface (IPv4).

property privateIp

public privateIp: pulumi.Output<string>;

property privateIps

public privateIps: pulumi.Output<string[]>;

List of private IPs to assign to the ENI.

property privateIpsCount

public privateIpsCount: pulumi.Output<number>;

Number of secondary private IPs to assign to the ENI. The total number of private IPs will be 1 + private_ips_count, as a primary private IP will be assiged to an ENI by default.

property securityGroups

public securityGroups: pulumi.Output<string[]>;

List of security group IDs to assign to the ENI.

property sourceDestCheck

public sourceDestCheck: pulumi.Output<boolean | undefined>;

Whether to enable source destination checking for the ENI. Default true.

property subnetId

public subnetId: pulumi.Output<string>;

Subnet ID to create the ENI in.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource NetworkInterfaceAttachment

class NetworkInterfaceAttachment extends CustomResource

Attach an Elastic network interface (ENI) resource with EC2 instance.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const test = new aws.ec2.NetworkInterfaceAttachment("test", {
    instanceId: aws_instance.test.id,
    networkInterfaceId: aws_network_interface.test.id,
    deviceIndex: 0,
});

constructor

new NetworkInterfaceAttachment(name: string, args: NetworkInterfaceAttachmentArgs, opts?: pulumi.CustomResourceOptions)

Create a NetworkInterfaceAttachment resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: NetworkInterfaceAttachmentState, opts?: pulumi.CustomResourceOptions): NetworkInterfaceAttachment

Get an existing NetworkInterfaceAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is NetworkInterfaceAttachment

Returns true if the given object is an instance of NetworkInterfaceAttachment. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property attachmentId

public attachmentId: pulumi.Output<string>;

The ENI Attachment ID.

property deviceIndex

public deviceIndex: pulumi.Output<number>;

Network interface index (int).

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instanceId

public instanceId: pulumi.Output<string>;

Instance ID to attach.

property networkInterfaceId

public networkInterfaceId: pulumi.Output<string>;

ENI ID to attach.

property status

public status: pulumi.Output<string>;

The status of the Network Interface Attachment.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource NetworkInterfaceSecurityGroupAttachment

class NetworkInterfaceSecurityGroupAttachment extends CustomResource

This resource attaches a security group to an Elastic Network Interface (ENI). It can be used to attach a security group to any existing ENI, be it a secondary ENI or one attached as the primary interface on an instance.

NOTE on instances, interfaces, and security groups: This provider currently provides the capability to assign security groups via the aws.ec2.Instance and the aws.ec2.NetworkInterface resources. Using this resource in conjunction with security groups provided in-line in those resources will cause conflicts, and will lead to spurious diffs and undefined behavior - please use one or the other.

Example Usage

The following provides a very basic example of setting up an instance (provided by instance) in the default security group, creating a security group (provided by sg) and then attaching the security group to the instance’s primary network interface via the aws.ec2.NetworkInterfaceSecurityGroupAttachment resource, named sgAttachment:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const ami = aws.getAmi({
    mostRecent: true,
    filters: [{
        name: "name",
        values: ["amzn-ami-hvm-*"],
    }],
    owners: ["amazon"],
});
const instance = new aws.ec2.Instance("instance", {
    instanceType: "t2.micro",
    ami: ami.then(ami => ami.id),
    tags: {
        type: "test-instance",
    },
});
const sg = new aws.ec2.SecurityGroup("sg", {tags: {
    type: "test-security-group",
}});
const sgAttachment = new aws.ec2.NetworkInterfaceSecurityGroupAttachment("sgAttachment", {
    securityGroupId: sg.id,
    networkInterfaceId: instance.primaryNetworkInterfaceId,
});

In this example, instance is provided by the aws.ec2.Instance data source, fetching an external instance, possibly not managed by this provider. sgAttachment then attaches to the output instance’s networkInterfaceId:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const instance = aws.ec2.getInstance({
    instanceId: "i-1234567890abcdef0",
});
const sg = new aws.ec2.SecurityGroup("sg", {tags: {
    type: "test-security-group",
}});
const sgAttachment = new aws.ec2.NetworkInterfaceSecurityGroupAttachment("sgAttachment", {
    securityGroupId: sg.id,
    networkInterfaceId: instance.then(instance => instance.networkInterfaceId),
});

Output Reference

There are no outputs for this resource.

constructor

new NetworkInterfaceSecurityGroupAttachment(name: string, args: NetworkInterfaceSecurityGroupAttachmentArgs, opts?: pulumi.CustomResourceOptions)

Create a NetworkInterfaceSecurityGroupAttachment resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: NetworkInterfaceSecurityGroupAttachmentState, opts?: pulumi.CustomResourceOptions): NetworkInterfaceSecurityGroupAttachment

Get an existing NetworkInterfaceSecurityGroupAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is NetworkInterfaceSecurityGroupAttachment

Returns true if the given object is an instance of NetworkInterfaceSecurityGroupAttachment. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property networkInterfaceId

public networkInterfaceId: pulumi.Output<string>;

The ID of the network interface to attach to.

property securityGroupId

public securityGroupId: pulumi.Output<string>;

The ID of the security group.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource PeeringConnectionOptions

class PeeringConnectionOptions extends CustomResource

Provides a resource to manage VPC peering connection options.

NOTE on VPC Peering Connections and VPC Peering Connection Options: This provider provides both a standalone VPC Peering Connection Options and a VPC Peering Connection resource with accepter and requester attributes. Do not manage options for the same VPC peering connection in both a VPC Peering Connection resource and a VPC Peering Connection Options resource. Doing so will cause a conflict of options and will overwrite the options. Using a VPC Peering Connection Options resource decouples management of the connection options from management of the VPC Peering Connection and allows options to be set correctly in cross-region and cross-account scenarios.

Basic usage:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const fooVpc = new aws.ec2.Vpc("fooVpc", {cidrBlock: "10.0.0.0/16"});
const bar = new aws.ec2.Vpc("bar", {cidrBlock: "10.1.0.0/16"});
const fooVpcPeeringConnection = new aws.ec2.VpcPeeringConnection("fooVpcPeeringConnection", {
    vpcId: fooVpc.id,
    peerVpcId: bar.id,
    autoAccept: true,
});
const fooPeeringConnectionOptions = new aws.ec2.PeeringConnectionOptions("fooPeeringConnectionOptions", {
    vpcPeeringConnectionId: fooVpcPeeringConnection.id,
    accepter: {
        allowRemoteVpcDnsResolution: true,
    },
    requester: {
        allowVpcToRemoteClassicLink: true,
        allowClassicLinkToRemoteVpc: true,
    },
});

Basic cross-account usage:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const requester = new aws.Provider("requester", {});
// Requester's credentials.
const accepter = new aws.Provider("accepter", {});
// Accepter's credentials.
const main = new aws.ec2.Vpc("main", {
    cidrBlock: "10.0.0.0/16",
    enableDnsSupport: true,
    enableDnsHostnames: true,
}, {
    provider: aws.requester,
});
const peerVpc = new aws.ec2.Vpc("peerVpc", {
    cidrBlock: "10.1.0.0/16",
    enableDnsSupport: true,
    enableDnsHostnames: true,
}, {
    provider: aws.accepter,
});
const peerCallerIdentity = aws.getCallerIdentity({});
const peerVpcPeeringConnection = new aws.ec2.VpcPeeringConnection("peerVpcPeeringConnection", {
    vpcId: main.id,
    peerVpcId: peerVpc.id,
    peerOwnerId: peerCallerIdentity.then(peerCallerIdentity => peerCallerIdentity.accountId),
    autoAccept: false,
    tags: {
        Side: "Requester",
    },
}, {
    provider: aws.requester,
});
const peerVpcPeeringConnectionAccepter = new aws.ec2.VpcPeeringConnectionAccepter("peerVpcPeeringConnectionAccepter", {
    vpcPeeringConnectionId: peerVpcPeeringConnection.id,
    autoAccept: true,
    tags: {
        Side: "Accepter",
    },
}, {
    provider: aws.accepter,
});
const requesterPeeringConnectionOptions = new aws.ec2.PeeringConnectionOptions("requesterPeeringConnectionOptions", {
    vpcPeeringConnectionId: peerVpcPeeringConnectionAccepter.id,
    requester: {
        allowRemoteVpcDnsResolution: true,
    },
}, {
    provider: aws.requester,
});
const accepterPeeringConnectionOptions = new aws.ec2.PeeringConnectionOptions("accepterPeeringConnectionOptions", {
    vpcPeeringConnectionId: peerVpcPeeringConnectionAccepter.id,
    accepter: {
        allowRemoteVpcDnsResolution: true,
    },
}, {
    provider: aws.accepter,
});

constructor

new PeeringConnectionOptions(name: string, args: PeeringConnectionOptionsArgs, opts?: pulumi.CustomResourceOptions)

Create a PeeringConnectionOptions resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PeeringConnectionOptionsState, opts?: pulumi.CustomResourceOptions): PeeringConnectionOptions

Get an existing PeeringConnectionOptions resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is PeeringConnectionOptions

Returns true if the given object is an instance of PeeringConnectionOptions. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accepter

public accepter: pulumi.Output<PeeringConnectionOptionsAccepter>;

An optional configuration block that allows for VPC Peering Connection options to be set for the VPC that accepts the peering connection (a maximum of one).

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property requester

public requester: pulumi.Output<PeeringConnectionOptionsRequester>;

A optional configuration block that allows for VPC Peering Connection options to be set for the VPC that requests the peering connection (a maximum of one).

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpcPeeringConnectionId

public vpcPeeringConnectionId: pulumi.Output<string>;

The ID of the requester VPC peering connection.

Resource PlacementGroup

class PlacementGroup extends CustomResource

Provides an EC2 placement group. Read more about placement groups in AWS Docs.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const web = new aws.ec2.PlacementGroup("web", {
    strategy: "cluster",
});

constructor

new PlacementGroup(name: string, args: PlacementGroupArgs, opts?: pulumi.CustomResourceOptions)

Create a PlacementGroup resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PlacementGroupState, opts?: pulumi.CustomResourceOptions): PlacementGroup

Get an existing PlacementGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is PlacementGroup

Returns true if the given object is an instance of PlacementGroup. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

Amazon Resource Name (ARN) of the placement group.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the placement group.

property placementGroupId

public placementGroupId: pulumi.Output<string>;

The ID of the placement group.

property strategy

public strategy: pulumi.Output<PlacementStrategy>;

The placement strategy. Can be "cluster", "partition" or "spread".

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

Key-value map of resource tags.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ProxyProtocolPolicy

class ProxyProtocolPolicy extends CustomResource

Provides a proxy protocol policy, which allows an ELB to carry a client connection information to a backend.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const lb = new aws.elb.LoadBalancer("lb", {
    availabilityZones: ["us-east-1a"],
    listeners: [
        {
            instancePort: 25,
            instanceProtocol: "tcp",
            lbPort: 25,
            lbProtocol: "tcp",
        },
        {
            instancePort: 587,
            instanceProtocol: "tcp",
            lbPort: 587,
            lbProtocol: "tcp",
        },
    ],
});
const smtp = new aws.ec2.ProxyProtocolPolicy("smtp", {
    loadBalancer: lb.name,
    instancePorts: [
        "25",
        "587",
    ],
});

constructor

new ProxyProtocolPolicy(name: string, args: ProxyProtocolPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a ProxyProtocolPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ProxyProtocolPolicyState, opts?: pulumi.CustomResourceOptions): ProxyProtocolPolicy

Get an existing ProxyProtocolPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ProxyProtocolPolicy

Returns true if the given object is an instance of ProxyProtocolPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instancePorts

public instancePorts: pulumi.Output<string[]>;

List of instance ports to which the policy should be applied. This can be specified if the protocol is SSL or TCP.

property loadBalancer

public loadBalancer: pulumi.Output<string>;

The load balancer to which the policy should be attached.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Route

class Route extends CustomResource

Provides a resource to create a routing table entry (a route) in a VPC routing table.

NOTE on Route Tables and Routes: This provider currently provides both a standalone Route resource and a Route Table resource with routes defined in-line. At this time you cannot use a Route Table with in-line routes in conjunction with any Route resources. Doing so will cause a conflict of rule settings and will overwrite rules.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const route = new aws.ec2.Route("route", {
    routeTableId: "rtb-4fbb3ac4",
    destinationCidrBlock: "10.0.1.0/22",
    vpcPeeringConnectionId: "pcx-45ff3dc1",
}, {
    dependsOn: [aws_route_table.testing],
});

Example IPv6 Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const vpc = new aws.ec2.Vpc("vpc", {
    cidrBlock: "10.1.0.0/16",
    assignGeneratedIpv6CidrBlock: true,
});
const egress = new aws.ec2.EgressOnlyInternetGateway("egress", {vpcId: vpc.id});
const route = new aws.ec2.Route("route", {
    routeTableId: "rtb-4fbb3ac4",
    destinationIpv6CidrBlock: "::/0",
    egressOnlyGatewayId: egress.id,
});

constructor

new Route(name: string, args: RouteArgs, opts?: pulumi.CustomResourceOptions)

Create a Route resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RouteState, opts?: pulumi.CustomResourceOptions): Route

Get an existing Route resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Route

Returns true if the given object is an instance of Route. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property destinationCidrBlock

public destinationCidrBlock: pulumi.Output<string | undefined>;

The destination CIDR block.

property destinationIpv6CidrBlock

public destinationIpv6CidrBlock: pulumi.Output<string | undefined>;

The destination IPv6 CIDR block.

property destinationPrefixListId

public destinationPrefixListId: pulumi.Output<string>;

property egressOnlyGatewayId

public egressOnlyGatewayId: pulumi.Output<string>;

Identifier of a VPC Egress Only Internet Gateway.

property gatewayId

public gatewayId: pulumi.Output<string>;

Identifier of a VPC internet gateway or a virtual private gateway.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instanceId

public instanceId: pulumi.Output<string>;

Identifier of an EC2 instance.

property instanceOwnerId

public instanceOwnerId: pulumi.Output<string>;

property localGatewayId

public localGatewayId: pulumi.Output<string>;

Identifier of a Outpost local gateway.

property natGatewayId

public natGatewayId: pulumi.Output<string>;

Identifier of a VPC NAT gateway.

property networkInterfaceId

public networkInterfaceId: pulumi.Output<string>;

Identifier of an EC2 network interface.

property origin

public origin: pulumi.Output<string>;

property routeTableId

public routeTableId: pulumi.Output<string>;

The ID of the routing table.

property state

public state: pulumi.Output<string>;

property transitGatewayId

public transitGatewayId: pulumi.Output<string | undefined>;

Identifier of an EC2 Transit Gateway.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpcPeeringConnectionId

public vpcPeeringConnectionId: pulumi.Output<string | undefined>;

Identifier of a VPC peering connection.

Resource RouteTable

class RouteTable extends CustomResource

Provides a resource to create a VPC routing table.

NOTE on Route Tables and Routes: This provider currently provides both a standalone Route resource and a Route Table resource with routes defined in-line. At this time you cannot use a Route Table with in-line routes in conjunction with any Route resources. Doing so will cause a conflict of rule settings and will overwrite rules.

NOTE on gatewayId and natGatewayId: The AWS API is very forgiving with these two attributes and the aws.ec2.RouteTable resource can be created with a NAT ID specified as a Gateway ID attribute. This will lead to a permanent diff between your configuration and statefile, as the API returns the correct parameters in the returned route table. If you’re experiencing constant diffs in your aws.ec2.RouteTable resources, the first thing to check is whether or not you’re specifying a NAT ID instead of a Gateway ID, or vice-versa.

NOTE on propagatingVgws and the aws.ec2.VpnGatewayRoutePropagation resource: If the propagatingVgws argument is present, it’s not supported to also define route propagations using aws.ec2.VpnGatewayRoutePropagation, since this resource will delete any propagating gateways not explicitly listed in propagatingVgws. Omit this argument when defining route propagation using the separate resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const routeTable = new aws.ec2.RouteTable("routeTable", {
    vpcId: aws_vpc["default"].id,
    routes: [
        {
            cidrBlock: "10.0.1.0/24",
            gatewayId: aws_internet_gateway.main.id,
        },
        {
            ipv6CidrBlock: "::/0",
            egressOnlyGatewayId: aws_egress_only_internet_gateway.foo.id,
        },
    ],
    tags: {
        Name: "main",
    },
});

constructor

new RouteTable(name: string, args: RouteTableArgs, opts?: pulumi.CustomResourceOptions)

Create a RouteTable resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RouteTableState, opts?: pulumi.CustomResourceOptions): RouteTable

Get an existing RouteTable resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is RouteTable

Returns true if the given object is an instance of RouteTable. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property ownerId

public ownerId: pulumi.Output<string>;

The ID of the AWS account that owns the route table.

property propagatingVgws

public propagatingVgws: pulumi.Output<string[]>;

A list of virtual gateways for propagation.

property routes

public routes: pulumi.Output<RouteTableRoute[]>;

A list of route objects. Their keys are documented below.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A mapping of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpcId

public vpcId: pulumi.Output<string>;

The VPC ID.

Resource RouteTableAssociation

class RouteTableAssociation extends CustomResource

Provides a resource to create an association between a route table and a subnet or a route table and an internet gateway or virtual private gateway.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const routeTableAssociation = new aws.ec2.RouteTableAssociation("routeTableAssociation", {
    subnetId: aws_subnet.foo.id,
    routeTableId: aws_route_table.bar.id,
});
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const routeTableAssociation = new aws.ec2.RouteTableAssociation("routeTableAssociation", {
    gatewayId: aws_internet_gateway.foo.id,
    routeTableId: aws_route_table.bar.id,
});

constructor

new RouteTableAssociation(name: string, args: RouteTableAssociationArgs, opts?: pulumi.CustomResourceOptions)

Create a RouteTableAssociation resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RouteTableAssociationState, opts?: pulumi.CustomResourceOptions): RouteTableAssociation

Get an existing RouteTableAssociation resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is RouteTableAssociation

Returns true if the given object is an instance of RouteTableAssociation. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property gatewayId

public gatewayId: pulumi.Output<string | undefined>;

The gateway ID to create an association. Conflicts with subnetId.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property routeTableId

public routeTableId: pulumi.Output<string>;

The ID of the routing table to associate with.

property subnetId

public subnetId: pulumi.Output<string | undefined>;

The subnet ID to create an association. Conflicts with gatewayId.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource SecurityGroup

class SecurityGroup extends CustomResource

Provides a security group resource.

NOTE on Security Groups and Security Group Rules: This provider currently provides both a standalone Security Group Rule resource (a single ingress or egress rule), and a Security Group resource with ingress and egress rules defined in-line. At this time you cannot use a Security Group with in-line rules in conjunction with any Security Group Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules.

NOTE: Referencing Security Groups across VPC peering has certain restrictions. More information is available in the VPC Peering User Guide.

NOTE: Due to AWS Lambda improved VPC networking changes that began deploying in September 2019, security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.

Example Usage

Basic usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const allowTls = new aws.ec2.SecurityGroup("allowTls", {
    description: "Allow TLS inbound traffic",
    vpcId: aws_vpc.main.id,
    ingress: [{
        description: "TLS from VPC",
        fromPort: 443,
        toPort: 443,
        protocol: "tcp",
        cidrBlocks: [aws_vpc.main.cidr_block],
    }],
    egress: [{
        fromPort: 0,
        toPort: 0,
        protocol: "-1",
        cidrBlocks: ["0.0.0.0/0"],
    }],
    tags: {
        Name: "allow_tls",
    },
});

Usage with prefix list IDs

Prefix list IDs are managed by AWS internally. Prefix list IDs are associated with a prefix list name, or service name, that is linked to a specific region. Prefix list IDs are exported on VPC Endpoints, so you can use this format:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const myEndpoint = new aws.ec2.VpcEndpoint("myEndpoint", {});
// ... other configuration ...
// ... other configuration ...
const example = new aws.ec2.SecurityGroup("example", {egress: [{
    fromPort: 0,
    toPort: 0,
    protocol: "-1",
    prefixListIds: [myEndpoint.prefixListId],
}]});

constructor

new SecurityGroup(name: string, args?: SecurityGroupArgs, opts?: pulumi.CustomResourceOptions)

Create a SecurityGroup resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecurityGroupState, opts?: pulumi.CustomResourceOptions): SecurityGroup

Get an existing SecurityGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is SecurityGroup

Returns true if the given object is an instance of SecurityGroup. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN of the security group

property description

public description: pulumi.Output<string>;

Description of this egress rule.

property egress

public egress: pulumi.Output<SecurityGroupEgress[]>;

Can be specified multiple times for each egress rule. Each egress block supports fields documented below.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property ingress

public ingress: pulumi.Output<SecurityGroupIngress[]>;

Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below.

property name

public name: pulumi.Output<string>;

The name of the security group. If omitted, this provider will assign a random, unique name

property namePrefix

public namePrefix: pulumi.Output<string | undefined>;

Creates a unique name beginning with the specified prefix. Conflicts with name.

property ownerId

public ownerId: pulumi.Output<string>;

The owner ID.

property revokeRulesOnDelete

public revokeRulesOnDelete: pulumi.Output<boolean | undefined>;

Instruct this provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpcId

public vpcId: pulumi.Output<string>;

The VPC ID.

Resource SecurityGroupRule

class SecurityGroupRule extends CustomResource

Provides a security group rule resource. Represents a single ingress or egress group rule, which can be added to external Security Groups.

NOTE on Security Groups and Security Group Rules: This provider currently provides both a standalone Security Group Rule resource (a single ingress or egress rule), and a Security Group resource with ingress and egress rules defined in-line. At this time you cannot use a Security Group with in-line rules in conjunction with any Security Group Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules.

NOTE: Setting protocol = "all" or protocol = -1 with fromPort and toPort will result in the EC2 API creating a security group rule with all ports open. This API behavior cannot be controlled by this provider and may generate warnings in the future.

NOTE: Referencing Security Groups across VPC peering has certain restrictions. More information is available in the VPC Peering User Guide.

Example Usage

Basic usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.ec2.SecurityGroupRule("example", {
    type: "ingress",
    fromPort: 0,
    toPort: 65535,
    protocol: "tcp",
    cidrBlocks: [aws_vpc.example.cidr_block],
    securityGroupId: "sg-123456",
});

Usage with prefix list IDs

Prefix list IDs are manged by AWS internally. Prefix list IDs are associated with a prefix list name, or service name, that is linked to a specific region. Prefix list IDs are exported on VPC Endpoints, so you can use this format:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// ...
const myEndpoint = new aws.ec2.VpcEndpoint("myEndpoint", {});
// ...
const allowAll = new aws.ec2.SecurityGroupRule("allowAll", {
    type: "egress",
    toPort: 0,
    protocol: "-1",
    prefixListIds: [myEndpoint.prefixListId],
    fromPort: 0,
    securityGroupId: "sg-123456",
});

constructor

new SecurityGroupRule(name: string, args: SecurityGroupRuleArgs, opts?: pulumi.CustomResourceOptions)

Create a SecurityGroupRule resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecurityGroupRuleState, opts?: pulumi.CustomResourceOptions): SecurityGroupRule

Get an existing SecurityGroupRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is SecurityGroupRule

Returns true if the given object is an instance of SecurityGroupRule. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property cidrBlocks

public cidrBlocks: pulumi.Output<string[] | undefined>;

List of CIDR blocks. Cannot be specified with sourceSecurityGroupId.

property description

public description: pulumi.Output<string | undefined>;

Description of the rule.

property fromPort

public fromPort: pulumi.Output<number>;

The start port (or ICMP type number if protocol is “icmp” or “icmpv6”).

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property ipv6CidrBlocks

public ipv6CidrBlocks: pulumi.Output<string[] | undefined>;

List of IPv6 CIDR blocks.

property prefixListIds

public prefixListIds: pulumi.Output<string[] | undefined>;

List of prefix list IDs (for allowing access to VPC endpoints). Only valid with egress.

property protocol

public protocol: pulumi.Output<string>;

The protocol. If not icmp, icmpv6, tcp, udp, or all use the protocol number

property securityGroupId

public securityGroupId: pulumi.Output<string>;

The security group to apply this rule to.

property self

public self: pulumi.Output<boolean | undefined>;

If true, the security group itself will be added as a source to this ingress rule. Cannot be specified with sourceSecurityGroupId.

property sourceSecurityGroupId

public sourceSecurityGroupId: pulumi.Output<string>;

The security group id to allow access to/from, depending on the type. Cannot be specified with cidrBlocks and self.

property toPort

public toPort: pulumi.Output<number>;

The end port (or ICMP code if protocol is “icmp”).

property type

public type: pulumi.Output<string>;

The type of rule being created. Valid options are ingress (inbound) or egress (outbound).

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource SnapshotCreateVolumePermission

class SnapshotCreateVolumePermission extends CustomResource

Adds permission to create volumes off of a given EBS Snapshot.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.ebs.Volume("example", {
    availabilityZone: "us-west-2a",
    size: 40,
});
const exampleSnapshot = new aws.ebs.Snapshot("exampleSnapshot", {volumeId: example.id});
const examplePerm = new aws.ec2.SnapshotCreateVolumePermission("examplePerm", {
    snapshotId: exampleSnapshot.id,
    accountId: "12345678",
});

constructor

new SnapshotCreateVolumePermission(name: string, args: SnapshotCreateVolumePermissionArgs, opts?: pulumi.CustomResourceOptions)

Create a SnapshotCreateVolumePermission resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SnapshotCreateVolumePermissionState, opts?: pulumi.CustomResourceOptions): SnapshotCreateVolumePermission

Get an existing SnapshotCreateVolumePermission resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is SnapshotCreateVolumePermission

Returns true if the given object is an instance of SnapshotCreateVolumePermission. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accountId

public accountId: pulumi.Output<string>;

An AWS Account ID to add create volume permissions

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property snapshotId

public snapshotId: pulumi.Output<string>;

A snapshot ID

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource SpotDatafeedSubscription

class SpotDatafeedSubscription extends CustomResource

Note: There is only a single subscription allowed per account.

To help you understand the charges for your Spot instances, Amazon EC2 provides a data feed that describes your Spot instance usage and pricing. This data feed is sent to an Amazon S3 bucket that you specify when you subscribe to the data feed.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const defaultBucket = new aws.s3.Bucket("defaultBucket", {});
const defaultSpotDatafeedSubscription = new aws.ec2.SpotDatafeedSubscription("defaultSpotDatafeedSubscription", {
    bucket: defaultBucket.bucket,
    prefix: "my_subdirectory",
});

constructor

new SpotDatafeedSubscription(name: string, args: SpotDatafeedSubscriptionArgs, opts?: pulumi.CustomResourceOptions)

Create a SpotDatafeedSubscription resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SpotDatafeedSubscriptionState, opts?: pulumi.CustomResourceOptions): SpotDatafeedSubscription

Get an existing SpotDatafeedSubscription resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is SpotDatafeedSubscription

Returns true if the given object is an instance of SpotDatafeedSubscription. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property bucket

public bucket: pulumi.Output<string>;

The Amazon S3 bucket in which to store the Spot instance data feed.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property prefix

public prefix: pulumi.Output<string | undefined>;

Path of folder inside bucket to place spot pricing data.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource SpotFleetRequest

class SpotFleetRequest extends CustomResource

Provides an EC2 Spot Fleet Request resource. This allows a fleet of Spot instances to be requested on the Spot market.

Example Usage

Using launch specifications
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Request a Spot fleet
const cheapCompute = new aws.ec2.SpotFleetRequest("cheapCompute", {
    iamFleetRole: "arn:aws:iam::12345678:role/spot-fleet",
    spotPrice: "0.03",
    allocationStrategy: "diversified",
    targetCapacity: 6,
    validUntil: "2019-11-04T20:44:20Z",
    launchSpecifications: [
        {
            instanceType: "m4.10xlarge",
            ami: "ami-1234",
            spotPrice: "2.793",
            placementTenancy: "dedicated",
            iamInstanceProfileArn: aws_iam_instance_profile.example.arn,
        },
        {
            instanceType: "m4.4xlarge",
            ami: "ami-5678",
            keyName: "my-key",
            spotPrice: "1.117",
            iamInstanceProfileArn: aws_iam_instance_profile.example.arn,
            availabilityZone: "us-west-1a",
            subnetId: "subnet-1234",
            weightedCapacity: 35,
            rootBlockDevices: [{
                volumeSize: "300",
                volumeType: "gp2",
            }],
            tags: {
                Name: "spot-fleet-example",
            },
        },
    ],
});
Using launch templates
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const fooLaunchTemplate = new aws.ec2.LaunchTemplate("fooLaunchTemplate", {
    imageId: "ami-516b9131",
    instanceType: "m1.small",
    keyName: "some-key",
});
const fooSpotFleetRequest = new aws.ec2.SpotFleetRequest("fooSpotFleetRequest", {
    iamFleetRole: "arn:aws:iam::12345678:role/spot-fleet",
    spotPrice: "0.005",
    targetCapacity: 2,
    validUntil: "2019-11-04T20:44:20Z",
    launchTemplateConfigs: [{
        launchTemplateSpecification: {
            id: fooLaunchTemplate.id,
            version: fooLaunchTemplate.latestVersion,
        },
    }],
}, {
    dependsOn: [aws_iam_policy_attachment["test-attach"]],
});

NOTE: This provider does not support the functionality where multiple subnetId or availabilityZone parameters can be specified in the same launch configuration block. If you want to specify multiple values, then separate launch configuration blocks should be used:

Using multiple launch specifications
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const foo = new aws.ec2.SpotFleetRequest("foo", {
    iamFleetRole: "arn:aws:iam::12345678:role/spot-fleet",
    launchSpecifications: [
        {
            ami: "ami-d06a90b0",
            availabilityZone: "us-west-2a",
            instanceType: "m1.small",
            keyName: "my-key",
        },
        {
            ami: "ami-d06a90b0",
            availabilityZone: "us-west-2a",
            instanceType: "m5.large",
            keyName: "my-key",
        },
    ],
    spotPrice: "0.005",
    targetCapacity: 2,
    validUntil: "2019-11-04T20:44:20Z",
});
Using multiple launch configurations
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = aws.ec2.getSubnetIds({
    vpcId: _var.vpc_id,
});
const fooLaunchTemplate = new aws.ec2.LaunchTemplate("fooLaunchTemplate", {
    imageId: "ami-516b9131",
    instanceType: "m1.small",
    keyName: "some-key",
});
const fooSpotFleetRequest = new aws.ec2.SpotFleetRequest("fooSpotFleetRequest", {
    iamFleetRole: "arn:aws:iam::12345678:role/spot-fleet",
    spotPrice: "0.005",
    targetCapacity: 2,
    validUntil: "2019-11-04T20:44:20Z",
    launchTemplateConfigs: [{
        launchTemplateSpecification: {
            id: fooLaunchTemplate.id,
            version: fooLaunchTemplate.latestVersion,
        },
        overrides: [
            {
                subnetId: data.aws_subnets.example.ids[0],
            },
            {
                subnetId: data.aws_subnets.example.ids[1],
            },
            {
                subnetId: data.aws_subnets.example.ids[2],
            },
        ],
    }],
}, {
    dependsOn: [aws_iam_policy_attachment["test-attach"]],
});

constructor

new SpotFleetRequest(name: string, args: SpotFleetRequestArgs, opts?: pulumi.CustomResourceOptions)

Create a SpotFleetRequest resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SpotFleetRequestState, opts?: pulumi.CustomResourceOptions): SpotFleetRequest

Get an existing SpotFleetRequest resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is SpotFleetRequest

Returns true if the given object is an instance of SpotFleetRequest. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property allocationStrategy

public allocationStrategy: pulumi.Output<string | undefined>;

Indicates how to allocate the target capacity across the Spot pools specified by the Spot fleet request. The default is lowestPrice.

property clientToken

public clientToken: pulumi.Output<string>;

property excessCapacityTerminationPolicy

public excessCapacityTerminationPolicy: pulumi.Output<string | undefined>;

Indicates whether running Spot instances should be terminated if the target capacity of the Spot fleet request is decreased below the current size of the Spot fleet.

property fleetType

public fleetType: pulumi.Output<string | undefined>;

The type of fleet request. Indicates whether the Spot Fleet only requests the target capacity or also attempts to maintain it. Default is maintain.

property iamFleetRole

public iamFleetRole: pulumi.Output<string>;

Grants the Spot fleet permission to terminate Spot instances on your behalf when you cancel its Spot fleet request using CancelSpotFleetRequests or when the Spot fleet request expires, if you set terminateInstancesWithExpiration.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instanceInterruptionBehaviour

public instanceInterruptionBehaviour: pulumi.Output<string | undefined>;

Indicates whether a Spot instance stops or terminates when it is interrupted. Default is terminate.

property instancePoolsToUseCount

public instancePoolsToUseCount: pulumi.Output<number | undefined>;

The number of Spot pools across which to allocate your target Spot capacity. Valid only when allocationStrategy is set to lowestPrice. Spot Fleet selects the cheapest Spot pools and evenly allocates your target Spot capacity across the number of Spot pools that you specify.

property launchSpecifications

public launchSpecifications: pulumi.Output<SpotFleetRequestLaunchSpecification[] | undefined>;

Used to define the launch configuration of the spot-fleet request. Can be specified multiple times to define different bids across different markets and instance types. Conflicts with launchTemplateConfig. At least one of launchSpecification or launchTemplateConfig is required.

property launchTemplateConfigs

public launchTemplateConfigs: pulumi.Output<SpotFleetRequestLaunchTemplateConfig[] | undefined>;

Launch template configuration block. See Launch Template Configs below for more details. Conflicts with launchSpecification. At least one of launchSpecification or launchTemplateConfig is required.

property loadBalancers

public loadBalancers: pulumi.Output<string[]>;

A list of elastic load balancer names to add to the Spot fleet.

property replaceUnhealthyInstances

public replaceUnhealthyInstances: pulumi.Output<boolean | undefined>;

Indicates whether Spot fleet should replace unhealthy instances. Default false.

property spotPrice

public spotPrice: pulumi.Output<string | undefined>;

The maximum spot bid for this override request.

property spotRequestState

public spotRequestState: pulumi.Output<string>;

The state of the Spot fleet request.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the resource.

property targetCapacity

public targetCapacity: pulumi.Output<number>;

The number of units to request. You can choose to set the target capacity in terms of instances or a performance characteristic that is important to your application workload, such as vCPUs, memory, or I/O.

property targetGroupArns

public targetGroupArns: pulumi.Output<string[]>;

A list of aws.alb.TargetGroup ARNs, for use with Application Load Balancing.

property terminateInstancesWithExpiration

public terminateInstancesWithExpiration: pulumi.Output<boolean | undefined>;

Indicates whether running Spot instances should be terminated when the Spot fleet request expires.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property validFrom

public validFrom: pulumi.Output<string | undefined>;

The start date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ). The default is to start fulfilling the request immediately.

property validUntil

public validUntil: pulumi.Output<string | undefined>;

The end date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ). At this point, no new Spot instance requests are placed or enabled to fulfill the request.

property waitForFulfillment

public waitForFulfillment: pulumi.Output<boolean | undefined>;

If set, this provider will wait for the Spot Request to be fulfilled, and will throw an error if the timeout of 10m is reached.

Resource SpotInstanceRequest

class SpotInstanceRequest extends CustomResource

Provides an EC2 Spot Instance Request resource. This allows instances to be requested on the spot market.

By default this provider creates Spot Instance Requests with a persistent type, which means that for the duration of their lifetime, AWS will launch an instance with the configured details if and when the spot market will accept the requested price.

On destruction, this provider will make an attempt to terminate the associated Spot Instance if there is one present.

Spot Instances requests with a one-time type will close the spot request when the instance is terminated either by the request being below the current spot price availability or by a user.

NOTE: Because their behavior depends on the live status of the spot market, Spot Instance Requests have a unique lifecycle that makes them behave differently than other resources. Most importantly: there is no guarantee that a Spot Instance exists to fulfill the request at any given point in time. See the AWS Spot Instance documentation for more information.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Request a spot instance at $0.03
const cheapWorker = new aws.ec2.SpotInstanceRequest("cheap_worker", {
    ami: "ami-1234",
    instanceType: "c4.xlarge",
    spotPrice: "0.03",
    tags: {
        Name: "CheapWorker",
    },
});

constructor

new SpotInstanceRequest(name: string, args: SpotInstanceRequestArgs, opts?: pulumi.CustomResourceOptions)

Create a SpotInstanceRequest resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SpotInstanceRequestState, opts?: pulumi.CustomResourceOptions): SpotInstanceRequest

Get an existing SpotInstanceRequest resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is SpotInstanceRequest

Returns true if the given object is an instance of SpotInstanceRequest. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property ami

public ami: pulumi.Output<string>;

The AMI to use for the instance.

property arn

public arn: pulumi.Output<string>;

property associatePublicIpAddress

public associatePublicIpAddress: pulumi.Output<boolean>;

Associate a public ip address with an instance in a VPC. Boolean value.

property availabilityZone

public availabilityZone: pulumi.Output<string>;

The AZ to start the instance in.

property blockDurationMinutes

public blockDurationMinutes: pulumi.Output<number | undefined>;

The required duration for the Spot instances, in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360). The duration period starts as soon as your Spot instance receives its instance ID. At the end of the duration period, Amazon EC2 marks the Spot instance for termination and provides a Spot instance termination notice, which gives the instance a two-minute warning before it terminates. Note that you can’t specify an Availability Zone group or a launch group if you specify a duration.

property cpuCoreCount

public cpuCoreCount: pulumi.Output<number>;

Sets the number of CPU cores for an instance. This option is only supported on creation of instance type that support CPU Options CPU Cores and Threads Per CPU Core Per Instance Type - specifying this option for unsupported instance types will return an error from the EC2 API.

property cpuThreadsPerCore

public cpuThreadsPerCore: pulumi.Output<number>;

If set to to 1, hyperthreading is disabled on the launched instance. Defaults to 2 if not set. See Optimizing CPU Options for more information.

property creditSpecification

public creditSpecification: pulumi.Output<SpotInstanceRequestCreditSpecification | undefined>;

Customize the credit specification of the instance. See Credit Specification below for more details.

property disableApiTermination

public disableApiTermination: pulumi.Output<boolean | undefined>;

If true, enables EC2 Instance Termination Protection

property ebsBlockDevices

public ebsBlockDevices: pulumi.Output<SpotInstanceRequestEbsBlockDevice[]>;

Additional EBS block devices to attach to the instance. Block device configurations only apply on resource creation. See Block Devices below for details on attributes and drift detection.

property ebsOptimized

public ebsOptimized: pulumi.Output<boolean | undefined>;

If true, the launched EC2 instance will be EBS-optimized. Note that if this is not set on an instance type that is optimized by default then this will show as disabled but if the instance type is optimized by default then there is no need to set this and there is no effect to disabling it. See the EBS Optimized section of the AWS User Guide for more information.

property ephemeralBlockDevices

public ephemeralBlockDevices: pulumi.Output<SpotInstanceRequestEphemeralBlockDevice[]>;

Customize Ephemeral (also known as “Instance Store”) volumes on the instance. See Block Devices below for details.

property getPasswordData

public getPasswordData: pulumi.Output<boolean | undefined>;

If true, wait for password data to become available and retrieve it. Useful for getting the administrator password for instances running Microsoft Windows. The password data is exported to the passwordData attribute. See GetPasswordData for more information.

property hibernation

public hibernation: pulumi.Output<boolean | undefined>;

If true, the launched EC2 instance will support hibernation.

property hostId

public hostId: pulumi.Output<string>;

The Id of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host.

property iamInstanceProfile

public iamInstanceProfile: pulumi.Output<string | undefined>;

The IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. Ensure your credentials have the correct permission to assign the instance profile according to the EC2 documentation, notably iam:PassRole.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instanceInitiatedShutdownBehavior

public instanceInitiatedShutdownBehavior: pulumi.Output<string | undefined>;

Shutdown behavior for the instance. Amazon defaults this to stop for EBS-backed instances and terminate for instance-store instances. Cannot be set on instance-store instances. See Shutdown Behavior for more information.

property instanceInterruptionBehaviour

public instanceInterruptionBehaviour: pulumi.Output<string | undefined>;

Indicates whether a Spot instance stops or terminates when it is interrupted. Default is terminate as this is the current AWS behaviour.

property instanceState

public instanceState: pulumi.Output<string>;

property instanceType

public instanceType: pulumi.Output<string>;

The type of instance to start. Updates to this field will trigger a stop/start of the EC2 instance.

property ipv6AddressCount

public ipv6AddressCount: pulumi.Output<number>;

A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet.

property ipv6Addresses

public ipv6Addresses: pulumi.Output<string[]>;

Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface

property keyName

public keyName: pulumi.Output<string>;

The key name of the Key Pair to use for the instance; which can be managed using the aws.ec2.KeyPair resource.

property launchGroup

public launchGroup: pulumi.Output<string | undefined>;

A launch group is a group of spot instances that launch together and terminate together. If left empty instances are launched and terminated individually.

property metadataOptions

public metadataOptions: pulumi.Output<SpotInstanceRequestMetadataOptions>;

Customize the metadata options of the instance. See Metadata Options below for more details.

property monitoring

public monitoring: pulumi.Output<boolean | undefined>;

If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0)

property networkInterfaces

public networkInterfaces: pulumi.Output<SpotInstanceRequestNetworkInterface[]>;

Customize network interfaces to be attached at instance boot time. See Network Interfaces below for more details.

property outpostArn

public outpostArn: pulumi.Output<string>;

property passwordData

public passwordData: pulumi.Output<string>;

property placementGroup

public placementGroup: pulumi.Output<string>;

The Placement Group to start the instance in.

property primaryNetworkInterfaceId

public primaryNetworkInterfaceId: pulumi.Output<string>;

property privateDns

public privateDns: pulumi.Output<string>;

The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you’ve enabled DNS hostnames for your VPC

property privateIp

public privateIp: pulumi.Output<string>;

Private IP address to associate with the instance in a VPC.

property publicDns

public publicDns: pulumi.Output<string>;

The public DNS name assigned to the instance. For EC2-VPC, this is only available if you’ve enabled DNS hostnames for your VPC

property publicIp

public publicIp: pulumi.Output<string>;

The public IP address assigned to the instance, if applicable.

property rootBlockDevice

public rootBlockDevice: pulumi.Output<SpotInstanceRequestRootBlockDevice>;

Customize details about the root block device of the instance. See Block Devices below for details.

property secondaryPrivateIps

public secondaryPrivateIps: pulumi.Output<string[]>;

A list of secondary private IPv4 addresses to assign to the instance’s primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a networkInterface block. Refer to the Elastic network interfaces documentation to see the maximum number of private IP addresses allowed per instance type.

property securityGroups

public securityGroups: pulumi.Output<string[]>;

A list of security group names (EC2-Classic) or IDs (default VPC) to associate with.

property sourceDestCheck

public sourceDestCheck: pulumi.Output<boolean | undefined>;

Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. Defaults true.

property spotBidStatus

public spotBidStatus: pulumi.Output<string>;

The current bid status of the Spot Instance Request. * spotRequestState The current request state of the Spot Instance Request.

property spotInstanceId

public spotInstanceId: pulumi.Output<string>;

The Instance ID (if any) that is currently fulfilling the Spot Instance request.

property spotPrice

public spotPrice: pulumi.Output<string | undefined>;

The maximum price to request on the spot market.

property spotRequestState

public spotRequestState: pulumi.Output<string>;

property spotType

public spotType: pulumi.Output<string | undefined>;

If set to one-time, after the instance is terminated, the spot request will be closed.

property subnetId

public subnetId: pulumi.Output<string>;

The VPC Subnet ID to launch in.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the resource.

property tenancy

public tenancy: pulumi.Output<string>;

The tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the import-instance command.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userData

public userData: pulumi.Output<string | undefined>;

The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see userDataBase64 instead.

property userDataBase64

public userDataBase64: pulumi.Output<string | undefined>;

Can be used instead of userData to pass base64-encoded binary data directly. Use this instead of userData whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption.

property validFrom

public validFrom: pulumi.Output<string>;

The start date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ). The default is to start fulfilling the request immediately.

property validUntil

public validUntil: pulumi.Output<string>;

The end date and time of the request, in UTC RFC3339 format(for example, YYYY-MM-DDTHH:MM:SSZ). At this point, no new Spot instance requests are placed or enabled to fulfill the request. The default end date is 7 days from the current date.

property volumeTags

public volumeTags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the devices created by the instance at launch time.

property vpcSecurityGroupIds

public vpcSecurityGroupIds: pulumi.Output<string[]>;

A list of security group IDs to associate with.

property waitForFulfillment

public waitForFulfillment: pulumi.Output<boolean | undefined>;

If set, this provider will wait for the Spot Request to be fulfilled, and will throw an error if the timeout of 10m is reached.

Resource Subnet

class Subnet extends CustomResource

Provides an VPC subnet resource.

NOTE: Due to AWS Lambda improved VPC networking changes that began deploying in September 2019, subnets associated with Lambda Functions can take up to 45 minutes to successfully delete.

Example Usage

Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const main = new aws.ec2.Subnet("main", {
    vpcId: aws_vpc.main.id,
    cidrBlock: "10.0.1.0/24",
    tags: {
        Name: "Main",
    },
});
Subnets In Secondary VPC CIDR Blocks

When managing subnets in one of a VPC’s secondary CIDR blocks created using a aws.ec2.VpcIpv4CidrBlockAssociation resource, it is recommended to reference that resource’s vpcId attribute to ensure correct dependency ordering.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const secondaryCidr = new aws.ec2.VpcIpv4CidrBlockAssociation("secondaryCidr", {
    vpcId: aws_vpc.main.id,
    cidrBlock: "172.2.0.0/16",
});
const inSecondaryCidr = new aws.ec2.Subnet("inSecondaryCidr", {
    vpcId: secondaryCidr.vpcId,
    cidrBlock: "172.2.0.0/24",
});

constructor

new Subnet(name: string, args: SubnetArgs, opts?: pulumi.CustomResourceOptions)

Create a Subnet resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SubnetState, opts?: pulumi.CustomResourceOptions): Subnet

Get an existing Subnet resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Subnet

Returns true if the given object is an instance of Subnet. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN of the subnet.

property assignIpv6AddressOnCreation

public assignIpv6AddressOnCreation: pulumi.Output<boolean | undefined>;

Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default is false

property availabilityZone

public availabilityZone: pulumi.Output<string>;

The AZ for the subnet.

property availabilityZoneId

public availabilityZoneId: pulumi.Output<string>;

The AZ ID of the subnet.

property cidrBlock

public cidrBlock: pulumi.Output<string>;

The CIDR block for the subnet.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property ipv6CidrBlock

public ipv6CidrBlock: pulumi.Output<string | undefined>;

The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length.

property ipv6CidrBlockAssociationId

public ipv6CidrBlockAssociationId: pulumi.Output<string>;

The association ID for the IPv6 CIDR block.

property mapPublicIpOnLaunch

public mapPublicIpOnLaunch: pulumi.Output<boolean | undefined>;

Specify true to indicate that instances launched into the subnet should be assigned a public IP address. Default is false.

property outpostArn

public outpostArn: pulumi.Output<string | undefined>;

The Amazon Resource Name (ARN) of the Outpost.

property ownerId

public ownerId: pulumi.Output<string>;

The ID of the AWS account that owns the subnet.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpcId

public vpcId: pulumi.Output<string>;

The VPC ID.

Resource Tag

class Tag extends CustomResource

constructor

new Tag(name: string, args: TagArgs, opts?: pulumi.CustomResourceOptions)

Create a Tag resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: TagState, opts?: pulumi.CustomResourceOptions): Tag

Get an existing Tag resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Tag

Returns true if the given object is an instance of Tag. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property key

public key: pulumi.Output<string>;

The tag name.

property resourceId

public resourceId: pulumi.Output<string>;

The ID of the EC2 resource to manage the tag for.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property value

public value: pulumi.Output<string>;

The value of the tag.

Resource TrafficMirrorFilter

class TrafficMirrorFilter extends CustomResource

Provides an Traffic mirror filter.
Read limits and considerations for traffic mirroring

Example Usage

To create a basic traffic mirror filter

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const foo = new aws.ec2.TrafficMirrorFilter("foo", {
    description: "traffic mirror filter - example",
    networkServices: ["amazon-dns"],
});

constructor

new TrafficMirrorFilter(name: string, args?: TrafficMirrorFilterArgs, opts?: pulumi.CustomResourceOptions)

Create a TrafficMirrorFilter resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: TrafficMirrorFilterState, opts?: pulumi.CustomResourceOptions): TrafficMirrorFilter

Get an existing TrafficMirrorFilter resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is TrafficMirrorFilter

Returns true if the given object is an instance of TrafficMirrorFilter. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property description

public description: pulumi.Output<string | undefined>;

A description of the filter.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property networkServices

public networkServices: pulumi.Output<string[] | undefined>;

List of amazon network services that should be mirrored. Valid values: amazon-dns.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

Key-value map of resource tags.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource TrafficMirrorFilterRule

class TrafficMirrorFilterRule extends CustomResource

Provides an Traffic mirror filter rule.
Read limits and considerations for traffic mirroring

Example Usage

To create a basic traffic mirror session

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const filter = new aws.ec2.TrafficMirrorFilter("filter", {
    description: "traffic mirror filter - example",
    networkServices: ["amazon-dns"],
});
const ruleout = new aws.ec2.TrafficMirrorFilterRule("ruleout", {
    description: "test rule",
    trafficMirrorFilterId: filter.id,
    destinationCidrBlock: "10.0.0.0/8",
    sourceCidrBlock: "10.0.0.0/8",
    ruleNumber: 1,
    ruleAction: "accept",
    trafficDirection: "egress",
});
const rulein = new aws.ec2.TrafficMirrorFilterRule("rulein", {
    description: "test rule",
    trafficMirrorFilterId: filter.id,
    destinationCidrBlock: "10.0.0.0/8",
    sourceCidrBlock: "10.0.0.0/8",
    ruleNumber: 1,
    ruleAction: "accept",
    trafficDirection: "ingress",
    protocol: 6,
    destinationPortRange: {
        fromPort: 22,
        toPort: 53,
    },
    sourcePortRange: {
        fromPort: 0,
        toPort: 10,
    },
});

constructor

new TrafficMirrorFilterRule(name: string, args: TrafficMirrorFilterRuleArgs, opts?: pulumi.CustomResourceOptions)

Create a TrafficMirrorFilterRule resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: TrafficMirrorFilterRuleState, opts?: pulumi.CustomResourceOptions): TrafficMirrorFilterRule

Get an existing TrafficMirrorFilterRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is TrafficMirrorFilterRule

Returns true if the given object is an instance of TrafficMirrorFilterRule. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property description

public description: pulumi.Output<string | undefined>;

A description of the traffic mirror filter rule.

property destinationCidrBlock

public destinationCidrBlock: pulumi.Output<string>;

The destination CIDR block to assign to the Traffic Mirror rule.

property destinationPortRange

public destinationPortRange: pulumi.Output<TrafficMirrorFilterRuleDestinationPortRange | undefined>;

The destination port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property protocol

public protocol: pulumi.Output<number | undefined>;

The protocol number, for example 17 (UDP), to assign to the Traffic Mirror rule. For information about the protocol value, see Protocol Numbers on the Internet Assigned Numbers Authority (IANA) website.

property ruleAction

public ruleAction: pulumi.Output<string>;

The action to take (accept | reject) on the filtered traffic. Valid values are accept and reject

property ruleNumber

public ruleNumber: pulumi.Output<number>;

The number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.

property sourceCidrBlock

public sourceCidrBlock: pulumi.Output<string>;

The source CIDR block to assign to the Traffic Mirror rule.

property sourcePortRange

public sourcePortRange: pulumi.Output<TrafficMirrorFilterRuleSourcePortRange | undefined>;

The source port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below

property trafficDirection

public trafficDirection: pulumi.Output<string>;

The direction of traffic to be captured. Valid values are ingress and egress

property trafficMirrorFilterId

public trafficMirrorFilterId: pulumi.Output<string>;

ID of the traffic mirror filter to which this rule should be added

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource TrafficMirrorSession

class TrafficMirrorSession extends CustomResource

Provides an Traffic mirror session.
Read limits and considerations for traffic mirroring

Example Usage

To create a basic traffic mirror session

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const filter = new aws.ec2.TrafficMirrorFilter("filter", {
    description: "traffic mirror filter - example",
    networkServices: ["amazon-dns"],
});
const target = new aws.ec2.TrafficMirrorTarget("target", {networkLoadBalancerArn: aws_lb.lb.arn});
const session = new aws.ec2.TrafficMirrorSession("session", {
    description: "traffic mirror session - example",
    networkInterfaceId: aws_instance.test.primary_network_interface_id,
    trafficMirrorFilterId: filter.id,
    trafficMirrorTargetId: target.id,
});

constructor

new TrafficMirrorSession(name: string, args: TrafficMirrorSessionArgs, opts?: pulumi.CustomResourceOptions)

Create a TrafficMirrorSession resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: TrafficMirrorSessionState, opts?: pulumi.CustomResourceOptions): TrafficMirrorSession

Get an existing TrafficMirrorSession resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is TrafficMirrorSession

Returns true if the given object is an instance of TrafficMirrorSession. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN of the traffic mirror session.

property description

public description: pulumi.Output<string | undefined>;

A description of the traffic mirror session.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property networkInterfaceId

public networkInterfaceId: pulumi.Output<string>;

ID of the source network interface. Not all network interfaces are eligible as mirror sources. On EC2 instances only nitro based instances support mirroring.

property packetLength

public packetLength: pulumi.Output<number | undefined>;

The number of bytes in each packet to mirror. These are bytes after the VXLAN header. Do not specify this parameter when you want to mirror the entire packet. To mirror a subset of the packet, set this to the length (in bytes) that you want to mirror.

property sessionNumber

public sessionNumber: pulumi.Output<number>;
  • The session number determines the order in which sessions are evaluated when an interface is used by multiple sessions. The first session with a matching filter is the one that mirrors the packets.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

Key-value map of resource tags.

property trafficMirrorFilterId

public trafficMirrorFilterId: pulumi.Output<string>;

ID of the traffic mirror filter to be used

property trafficMirrorTargetId

public trafficMirrorTargetId: pulumi.Output<string>;

ID of the traffic mirror target to be used

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property virtualNetworkId

public virtualNetworkId: pulumi.Output<number>;
  • The VXLAN ID for the Traffic Mirror session. For more information about the VXLAN protocol, see RFC 7348. If you do not specify a VirtualNetworkId, an account-wide unique id is chosen at random.

Resource TrafficMirrorTarget

class TrafficMirrorTarget extends CustomResource

Provides an Traffic mirror target.
Read limits and considerations for traffic mirroring

Example Usage

To create a basic traffic mirror session

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const nlb = new aws.ec2.TrafficMirrorTarget("nlb", {
    description: "NLB target",
    networkLoadBalancerArn: aws_lb.lb.arn,
});
const eni = new aws.ec2.TrafficMirrorTarget("eni", {
    description: "ENI target",
    networkInterfaceId: aws_instance.test.primary_network_interface_id,
});

constructor

new TrafficMirrorTarget(name: string, args?: TrafficMirrorTargetArgs, opts?: pulumi.CustomResourceOptions)

Create a TrafficMirrorTarget resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: TrafficMirrorTargetState, opts?: pulumi.CustomResourceOptions): TrafficMirrorTarget

Get an existing TrafficMirrorTarget resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is TrafficMirrorTarget

Returns true if the given object is an instance of TrafficMirrorTarget. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN of the traffic mirror target.

property description

public description: pulumi.Output<string | undefined>;

A description of the traffic mirror session.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property networkInterfaceId

public networkInterfaceId: pulumi.Output<string | undefined>;

The network interface ID that is associated with the target.

property networkLoadBalancerArn

public networkLoadBalancerArn: pulumi.Output<string | undefined>;

The Amazon Resource Name (ARN) of the Network Load Balancer that is associated with the target.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

Key-value map of resource tags.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource TransitGatewayPeeringAttachmentAccepter

class TransitGatewayPeeringAttachmentAccepter extends CustomResource

Manages the accepter’s side of an EC2 Transit Gateway Peering Attachment.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.ec2.TransitGatewayPeeringAttachmentAccepter("example", {
    transitGatewayAttachmentId: aws_ec2_transit_gateway_peering_attachment.example.id,
    tags: {
        Name: "Example cross-account attachment",
    },
});

constructor

new TransitGatewayPeeringAttachmentAccepter(name: string, args: TransitGatewayPeeringAttachmentAccepterArgs, opts?: pulumi.CustomResourceOptions)

Create a TransitGatewayPeeringAttachmentAccepter resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: TransitGatewayPeeringAttachmentAccepterState, opts?: pulumi.CustomResourceOptions): TransitGatewayPeeringAttachmentAccepter

Get an existing TransitGatewayPeeringAttachmentAccepter resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is TransitGatewayPeeringAttachmentAccepter

Returns true if the given object is an instance of TransitGatewayPeeringAttachmentAccepter. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property peerAccountId

public peerAccountId: pulumi.Output<string>;

Identifier of the AWS account that owns the EC2 TGW peering.

property peerRegion

public peerRegion: pulumi.Output<string>;

property peerTransitGatewayId

public peerTransitGatewayId: pulumi.Output<string>;

Identifier of EC2 Transit Gateway to peer with.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

Key-value tags for the EC2 Transit Gateway Peering Attachment.

property transitGatewayAttachmentId

public transitGatewayAttachmentId: pulumi.Output<string>;

The ID of the EC2 Transit Gateway Peering Attachment to manage.

property transitGatewayId

public transitGatewayId: pulumi.Output<string>;

Identifier of EC2 Transit Gateway.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource VolumeAttachment

class VolumeAttachment extends CustomResource

Provides an AWS EBS Volume Attachment as a top level resource, to attach and detach volumes from AWS Instances.

NOTE on EBS block devices: If you use ebsBlockDevice on an aws.ec2.Instance, this provider will assume management over the full set of non-root EBS block devices for the instance, and treats additional block devices as drift. For this reason, ebsBlockDevice cannot be mixed with external aws.ebs.Volume + awsEbsVolumeAttachment resources for a given instance.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const web = new aws.ec2.Instance("web", {
    ami: "ami-21f78e11",
    availabilityZone: "us-west-2a",
    instanceType: "t2.micro",
    tags: {
        Name: "HelloWorld",
    },
});
const example = new aws.ebs.Volume("example", {
    availabilityZone: "us-west-2a",
    size: 1,
});
const ebsAtt = new aws.ec2.VolumeAttachment("ebsAtt", {
    deviceName: "/dev/sdh",
    volumeId: example.id,
    instanceId: web.id,
});

constructor

new VolumeAttachment(name: string, args: VolumeAttachmentArgs, opts?: pulumi.CustomResourceOptions)

Create a VolumeAttachment resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: VolumeAttachmentState, opts?: pulumi.CustomResourceOptions): VolumeAttachment

Get an existing VolumeAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is VolumeAttachment

Returns true if the given object is an instance of VolumeAttachment. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property deviceName

public deviceName: pulumi.Output<string>;

The device name to expose to the instance (for example, /dev/sdh or xvdh). See Device Naming on Linux Instances and Device Naming on Windows Instances for more information.

property forceDetach

public forceDetach: pulumi.Output<boolean | undefined>;

Set to true if you want to force the volume to detach. Useful if previous attempts failed, but use this option only as a last resort, as this can result in data loss. See Detaching an Amazon EBS Volume from an Instance for more information.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instanceId

public instanceId: pulumi.Output<string>;

ID of the Instance to attach to

property skipDestroy

public skipDestroy: pulumi.Output<boolean | undefined>;

Set this to true if you do not wish to detach the volume from the instance to which it is attached at destroy time, and instead just remove the attachment from this provider state. This is useful when destroying an instance which has volumes created by some other means attached.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property volumeId

public volumeId: pulumi.Output<string>;

ID of the Volume to be attached

Resource Vpc

class Vpc extends CustomResource

Provides a VPC resource.

Example Usage

Basic usage:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const main = new aws.ec2.Vpc("main", {
    cidrBlock: "10.0.0.0/16",
});

Basic usage with tags:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const main = new aws.ec2.Vpc("main", {
    cidrBlock: "10.0.0.0/16",
    instanceTenancy: "default",
    tags: {
        Name: "main",
    },
});

constructor

new Vpc(name: string, args: VpcArgs, opts?: pulumi.CustomResourceOptions)

Create a Vpc resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: VpcState, opts?: pulumi.CustomResourceOptions): Vpc

Get an existing Vpc resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Vpc

Returns true if the given object is an instance of Vpc. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

Amazon Resource Name (ARN) of VPC

property assignGeneratedIpv6CidrBlock

public assignGeneratedIpv6CidrBlock: pulumi.Output<boolean | undefined>;

Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block. Default is false.

property cidrBlock

public cidrBlock: pulumi.Output<string>;

The CIDR block for the VPC.

property defaultNetworkAclId

public defaultNetworkAclId: pulumi.Output<string>;

The ID of the network ACL created by default on VPC creation

property defaultRouteTableId

public defaultRouteTableId: pulumi.Output<string>;

The ID of the route table created by default on VPC creation

property defaultSecurityGroupId

public defaultSecurityGroupId: pulumi.Output<string>;

The ID of the security group created by default on VPC creation

property dhcpOptionsId

public dhcpOptionsId: pulumi.Output<string>;
public enableClassiclink: pulumi.Output<boolean>;

A boolean flag to enable/disable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. See the ClassicLink documentation for more information. Defaults false.

property enableClassiclinkDnsSupport

public enableClassiclinkDnsSupport: pulumi.Output<boolean>;

A boolean flag to enable/disable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic.

property enableDnsHostnames

public enableDnsHostnames: pulumi.Output<boolean>;

A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false.

property enableDnsSupport

public enableDnsSupport: pulumi.Output<boolean | undefined>;

A boolean flag to enable/disable DNS support in the VPC. Defaults true.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instanceTenancy

public instanceTenancy: pulumi.Output<string | undefined>;

A tenancy option for instances launched into the VPC. Default is default, which makes your instances shared on the host. Using either of the other options (dedicated or host) costs at least $2/hr.

property ipv6AssociationId

public ipv6AssociationId: pulumi.Output<string>;

The association ID for the IPv6 CIDR block.

property ipv6CidrBlock

public ipv6CidrBlock: pulumi.Output<string>;

The IPv6 CIDR block.

property mainRouteTableId

public mainRouteTableId: pulumi.Output<string>;

The ID of the main route table associated with this VPC. Note that you can change a VPC’s main route table by using an aws.ec2.MainRouteTableAssociation.

property ownerId

public ownerId: pulumi.Output<string>;

The ID of the AWS account that owns the VPC.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource VpcDhcpOptions

class VpcDhcpOptions extends CustomResource

Provides a VPC DHCP Options resource.

Example Usage

Basic usage:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const dnsResolver = new aws.ec2.VpcDhcpOptions("dns_resolver", {
    domainNameServers: [
        "8.8.8.8",
        "8.8.4.4",
    ],
});

Full usage:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const foo = new aws.ec2.VpcDhcpOptions("foo", {
    domainName: "service.consul",
    domainNameServers: [
        "127.0.0.1",
        "10.0.0.2",
    ],
    netbiosNameServers: ["127.0.0.1"],
    netbiosNodeType: "2",
    ntpServers: ["127.0.0.1"],
    tags: {
        Name: "foo-name",
    },
});

Remarks

  • Notice that all arguments are optional but you have to specify at least one argument.
  • domainNameServers, netbiosNameServers, ntpServers are limited by AWS to maximum four servers only.
  • To actually use the DHCP Options Set you need to associate it to a VPC using aws.ec2.VpcDhcpOptionsAssociation.
  • If you delete a DHCP Options Set, all VPCs using it will be associated to AWS’s default DHCP Option Set.
  • In most cases unless you’re configuring your own DNS you’ll want to set domainNameServers to AmazonProvidedDNS.

constructor

new VpcDhcpOptions(name: string, args?: VpcDhcpOptionsArgs, opts?: pulumi.CustomResourceOptions)

Create a VpcDhcpOptions resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: VpcDhcpOptionsState, opts?: pulumi.CustomResourceOptions): VpcDhcpOptions

Get an existing VpcDhcpOptions resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is VpcDhcpOptions

Returns true if the given object is an instance of VpcDhcpOptions. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN of the DHCP Options Set.

property domainName

public domainName: pulumi.Output<string | undefined>;

the suffix domain name to use by default when resolving non Fully Qualified Domain Names. In other words, this is what ends up being the search value in the /etc/resolv.conf file.

property domainNameServers

public domainNameServers: pulumi.Output<string[] | undefined>;

List of name servers to configure in /etc/resolv.conf. If you want to use the default AWS nameservers you should set this to AmazonProvidedDNS.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property netbiosNameServers

public netbiosNameServers: pulumi.Output<string[] | undefined>;

List of NETBIOS name servers.

property netbiosNodeType

public netbiosNodeType: pulumi.Output<string | undefined>;

The NetBIOS node type (1, 2, 4, or 8). AWS recommends to specify 2 since broadcast and multicast are not supported in their network. For more information about these node types, see RFC 2132.

property ntpServers

public ntpServers: pulumi.Output<string[] | undefined>;

List of NTP servers to configure.

property ownerId

public ownerId: pulumi.Output<string>;

The ID of the AWS account that owns the DHCP options set.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource VpcDhcpOptionsAssociation

class VpcDhcpOptionsAssociation extends CustomResource

Provides a VPC DHCP Options Association resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const dnsResolver = new aws.ec2.VpcDhcpOptionsAssociation("dnsResolver", {
    vpcId: aws_vpc.foo.id,
    dhcpOptionsId: aws_vpc_dhcp_options.foo.id,
});

Remarks

  • You can only associate one DHCP Options Set to a given VPC ID.
  • Removing the DHCP Options Association automatically sets AWS’s default DHCP Options Set to the VPC.

constructor

new VpcDhcpOptionsAssociation(name: string, args: VpcDhcpOptionsAssociationArgs, opts?: pulumi.CustomResourceOptions)

Create a VpcDhcpOptionsAssociation resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: VpcDhcpOptionsAssociationState, opts?: pulumi.CustomResourceOptions): VpcDhcpOptionsAssociation

Get an existing VpcDhcpOptionsAssociation resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is VpcDhcpOptionsAssociation

Returns true if the given object is an instance of VpcDhcpOptionsAssociation. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property dhcpOptionsId

public dhcpOptionsId: pulumi.Output<string>;

The ID of the DHCP Options Set to associate to the VPC.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpcId

public vpcId: pulumi.Output<string>;

The ID of the VPC to which we would like to associate a DHCP Options Set.

Resource VpcEndpoint

class VpcEndpoint extends CustomResource

Provides a VPC Endpoint resource.

NOTE on VPC Endpoints and VPC Endpoint Associations: This provider provides both standalone VPC Endpoint Associations for Route Tables - (an association between a VPC endpoint and a single routeTableId) and Subnets - (an association between a VPC endpoint and a single subnetId) and a VPC Endpoint resource with routeTableIds and subnetIds attributes. Do not use the same resource ID in both a VPC Endpoint resource and a VPC Endpoint Association resource. Doing so will cause a conflict of associations and will overwrite the association.

Example Usage

Basic
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const s3 = new aws.ec2.VpcEndpoint("s3", {
    vpcId: aws_vpc.main.id,
    serviceName: "com.amazonaws.us-west-2.s3",
});
Basic w/ Tags
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const s3 = new aws.ec2.VpcEndpoint("s3", {
    vpcId: aws_vpc.main.id,
    serviceName: "com.amazonaws.us-west-2.s3",
    tags: {
        Environment: "test",
    },
});
Interface Endpoint Type
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const ec2 = new aws.ec2.VpcEndpoint("ec2", {
    vpcId: aws_vpc.main.id,
    serviceName: "com.amazonaws.us-west-2.ec2",
    vpcEndpointType: "Interface",
    securityGroupIds: [aws_security_group.sg1.id],
    privateDnsEnabled: true,
});

constructor

new VpcEndpoint(name: string, args: VpcEndpointArgs, opts?: pulumi.CustomResourceOptions)

Create a VpcEndpoint resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: VpcEndpointState, opts?: pulumi.CustomResourceOptions): VpcEndpoint

Get an existing VpcEndpoint resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is VpcEndpoint

Returns true if the given object is an instance of VpcEndpoint. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The Amazon Resource Name (ARN) of the VPC endpoint.

property autoAccept

public autoAccept: pulumi.Output<boolean | undefined>;

Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).

property cidrBlocks

public cidrBlocks: pulumi.Output<string[]>;

The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type Gateway.

property dnsEntries

public dnsEntries: pulumi.Output<VpcEndpointDnsEntry[]>;

The DNS entries for the VPC Endpoint. Applicable for endpoints of type Interface. DNS blocks are documented below.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property networkInterfaceIds

public networkInterfaceIds: pulumi.Output<string[]>;

One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type Interface.

property ownerId

public ownerId: pulumi.Output<string>;

The ID of the AWS account that owns the VPC endpoint.

property policy

public policy: pulumi.Output<string>;

A policy to attach to the endpoint that controls access to the service. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.

property prefixListId

public prefixListId: pulumi.Output<string>;

The prefix list ID of the exposed AWS service. Applicable for endpoints of type Gateway.

property privateDnsEnabled

public privateDnsEnabled: pulumi.Output<boolean | undefined>;

Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Defaults to false.

property requesterManaged

public requesterManaged: pulumi.Output<boolean>;

Whether or not the VPC Endpoint is being managed by its service - true or false.

property routeTableIds

public routeTableIds: pulumi.Output<string[]>;

One or more route table IDs. Applicable for endpoints of type Gateway.

property securityGroupIds

public securityGroupIds: pulumi.Output<string[]>;

The ID of one or more security groups to associate with the network interface. Required for endpoints of type Interface.

property serviceName

public serviceName: pulumi.Output<string>;

The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook).

property state

public state: pulumi.Output<string>;

The state of the VPC endpoint.

property subnetIds

public subnetIds: pulumi.Output<string[]>;

The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type Interface.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpcEndpointType

public vpcEndpointType: pulumi.Output<string | undefined>;

The VPC endpoint type, Gateway or Interface. Defaults to Gateway.

property vpcId

public vpcId: pulumi.Output<string>;

The ID of the VPC in which the endpoint will be used.

Resource VpcEndpointConnectionNotification

class VpcEndpointConnectionNotification extends CustomResource

Provides a VPC Endpoint connection notification resource. Connection notifications notify subscribers of VPC Endpoint events.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const topic = new aws.sns.Topic("topic", {policy: `{
    "Version":"2012-10-17",
    "Statement":[{
        "Effect": "Allow",
        "Principal": {
            "Service": "vpce.amazonaws.com"
        },
        "Action": "SNS:Publish",
        "Resource": "arn:aws:sns:*:*:vpce-notification-topic"
    }]
}
`});
const fooVpcEndpointService = new aws.ec2.VpcEndpointService("fooVpcEndpointService", {
    acceptanceRequired: false,
    networkLoadBalancerArns: [aws_lb.test.arn],
});
const fooVpcEndpointConnectionNotification = new aws.ec2.VpcEndpointConnectionNotification("fooVpcEndpointConnectionNotification", {
    vpcEndpointServiceId: fooVpcEndpointService.id,
    connectionNotificationArn: topic.arn,
    connectionEvents: [
        "Accept",
        "Reject",
    ],
});

constructor

new VpcEndpointConnectionNotification(name: string, args: VpcEndpointConnectionNotificationArgs, opts?: pulumi.CustomResourceOptions)

Create a VpcEndpointConnectionNotification resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: VpcEndpointConnectionNotificationState, opts?: pulumi.CustomResourceOptions): VpcEndpointConnectionNotification

Get an existing VpcEndpointConnectionNotification resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is VpcEndpointConnectionNotification

Returns true if the given object is an instance of VpcEndpointConnectionNotification. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property connectionEvents

public connectionEvents: pulumi.Output<string[]>;

One or more endpoint events for which to receive notifications.

property connectionNotificationArn

public connectionNotificationArn: pulumi.Output<string>;

The ARN of the SNS topic for the notifications.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property notificationType

public notificationType: pulumi.Output<string>;

The type of notification.

property state

public state: pulumi.Output<string>;

The state of the notification.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpcEndpointId

public vpcEndpointId: pulumi.Output<string | undefined>;

The ID of the VPC Endpoint to receive notifications for.

property vpcEndpointServiceId

public vpcEndpointServiceId: pulumi.Output<string | undefined>;

The ID of the VPC Endpoint Service to receive notifications for.

Resource VpcEndpointRouteTableAssociation

class VpcEndpointRouteTableAssociation extends CustomResource

Manages a VPC Endpoint Route Table Association

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.ec2.VpcEndpointRouteTableAssociation("example", {
    routeTableId: aws_route_table.example.id,
    vpcEndpointId: aws_vpc_endpoint.example.id,
});

constructor

new VpcEndpointRouteTableAssociation(name: string, args: VpcEndpointRouteTableAssociationArgs, opts?: pulumi.CustomResourceOptions)

Create a VpcEndpointRouteTableAssociation resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: VpcEndpointRouteTableAssociationState, opts?: pulumi.CustomResourceOptions): VpcEndpointRouteTableAssociation

Get an existing VpcEndpointRouteTableAssociation resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is VpcEndpointRouteTableAssociation

Returns true if the given object is an instance of VpcEndpointRouteTableAssociation. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property routeTableId

public routeTableId: pulumi.Output<string>;

Identifier of the EC2 Route Table to be associated with the VPC Endpoint.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpcEndpointId

public vpcEndpointId: pulumi.Output<string>;

Identifier of the VPC Endpoint with which the EC2 Route Table will be associated.

Resource VpcEndpointService

class VpcEndpointService extends CustomResource

Provides a VPC Endpoint Service resource. Service consumers can create an Interface VPC Endpoint to connect to the service.

NOTE on VPC Endpoint Services and VPC Endpoint Service Allowed Principals: This provider provides both a standalone VPC Endpoint Service Allowed Principal resource and a VPC Endpoint Service resource with an allowedPrincipals attribute. Do not use the same principal ARN in both a VPC Endpoint Service resource and a VPC Endpoint Service Allowed Principal resource. Doing so will cause a conflict and will overwrite the association.

Example Usage

Basic
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.ec2.VpcEndpointService("example", {
    acceptanceRequired: false,
    networkLoadBalancerArns: [aws_lb.example.arn],
});
Basic w/ Tags
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.ec2.VpcEndpointService("example", {
    acceptanceRequired: false,
    networkLoadBalancerArns: [aws_lb.example.arn],
    tags: {
        Environment: "test",
    },
});

constructor

new VpcEndpointService(name: string, args: VpcEndpointServiceArgs, opts?: pulumi.CustomResourceOptions)

Create a VpcEndpointService resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: VpcEndpointServiceState, opts?: pulumi.CustomResourceOptions): VpcEndpointService

Get an existing VpcEndpointService resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is VpcEndpointService

Returns true if the given object is an instance of VpcEndpointService. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property acceptanceRequired

public acceptanceRequired: pulumi.Output<boolean>;

Whether or not VPC endpoint connection requests to the service must be accepted by the service owner - true or false.

property allowedPrincipals

public allowedPrincipals: pulumi.Output<string[]>;

The ARNs of one or more principals allowed to discover the endpoint service.

property arn

public arn: pulumi.Output<string>;

The Amazon Resource Name (ARN) of the VPC endpoint service.

property availabilityZones

public availabilityZones: pulumi.Output<string[]>;

The Availability Zones in which the service is available.

property baseEndpointDnsNames

public baseEndpointDnsNames: pulumi.Output<string[]>;

The DNS names for the service.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property managesVpcEndpoints

public managesVpcEndpoints: pulumi.Output<boolean>;

Whether or not the service manages its VPC endpoints - true or false.

property networkLoadBalancerArns

public networkLoadBalancerArns: pulumi.Output<string[]>;

The ARNs of one or more Network Load Balancers for the endpoint service.

property privateDnsName

public privateDnsName: pulumi.Output<string>;

The private DNS name for the service.

property serviceName

public serviceName: pulumi.Output<string>;

The service name.

property serviceType

public serviceType: pulumi.Output<string>;

The service type, Gateway or Interface.

property state

public state: pulumi.Output<string>;

The state of the VPC endpoint service.

property tags

public tags: pulumi.Output<{[key: string]: string} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource VpcEndpointServiceAllowedPrinciple

class VpcEndpointServiceAllowedPrinciple extends CustomResource

Provides a resource to allow a principal to discover a VPC endpoint service.

NOTE on VPC Endpoint Services and VPC Endpoint Service Allowed Principals: This provider provides both a standalone VPC Endpoint Service Allowed Principal resource and a VPC Endpoint Service resource with an allowedPrincipals attribute. Do not use the same principal ARN in both a VPC Endpoint Service resource and a VPC Endpoint Service Allowed Principal resource. Doing so will cause a conflict and will overwrite the association.

Example Usage

Basic usage:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const current = aws.getCallerIdentity({});
const allowMeToFoo = new aws.ec2.VpcEndpointServiceAllowedPrinciple("allowMeToFoo", {
    vpcEndpointServiceId: aws_vpc_endpoint_service.foo.id,
    principalArn: current.then(current => current.arn),
});

constructor

new VpcEndpointServiceAllowedPrinciple(name: string, args: VpcEndpointServiceAllowedPrincipleArgs, opts?: pulumi.CustomResourceOptions)

Create a VpcEndpointServiceAllowedPrinciple resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get