1. Docs
  2. @pulumi/awsx
  3. classic
  4. ec2

Module classic/ec2

    Pulumi EC2 Components

    Pulumi’s API’s for simplifying workin with EC2. The API currently primarily provides ways to define and configure a Virtual Private Cloud (VPC), as well as customize the Security Groups around it.

    The Default VPC

    By default, Amazon will create a ‘Default VPC’ in all regions of your account. You can read more about this Default VPC here. This VPC can be easily acquired in the following manner:

    import * as aws from "@pulumi/aws";
    import * as awsx from "@pulumi/awsx";
    
    const vpc = awsx.ec2.Vpc.getDefault();
    

    Many components in awsx work with a specific VPC (for example, Clusters and LoadBalancers). However, if a specific VPC is not provided, they will use this default VPC instead. This makes it simple to set up infrastructure for the default VPC without having to explicitly provide it all the time.

    Custom VPCs

    While using the default VPC can be very simple and convenient, it is not always desirable to do so, and it can often be advantageous to define your own VPCs with their own custom topology. Doing this allows more fine grained control over many parts of the network structure including, but not limited to, controlling IP address configuration, as well as ingress/egress security filtering.

    When you create a VPC, you must specify a range of IPv4 addresses for the VPC in the form of a Classless Inter-Domain Routing (CIDR) block. If one is not specified then 10.0.0.0/16 will be used by default. This is the primary CIDR block for your VPC. For more information about CIDR notation, see RFC 4632. For example:

    import * as aws from "@pulumi/aws";
    import * as awsx from "@pulumi/awsx";
    
    const vpc = new awsx.ec2.Vpc("custom", {
       cidrBlock: "10.0.0.0/16",
       // other args
       // ...
    });
    

    This range will then be partitioned accordingly into the VPC depending on the other arguments provided. The additional arguments that affect this partitioning are subnets and requestedAvailabilityZones.

    Availability Zones

    Availability Zones are distinct locations that are engineered to be isolated from failures in other Availability Zones. By launching instances in separate Availability Zones, you can protect your applications from the failure of a single location

    Not providing a list of zones for requestedAvailabilityZones will default to 2, but a different value can be specified like so if appropriate for your region:

    import * as aws from "@pulumi/aws";
    import * as awsx from "@pulumi/awsx";
    
    const vpc = new awsx.ec2.Vpc("custom", {
       cidrBlock: "10.0.0.0/16",
       requestedAvailabilityZones: 3,
    });
    

    Each availability zone will get an approximately equal share of the total CIDR address space for the VPC.

    Subnets

    Subnets allow you partition each availability zone into regions with different levels of access. A public subnet is one whose traffic is routed to an Internet Gateway (IG). A private subnet is one that is configured to use a NAT Gateway(NAT) so that it can reach the internet, but which prevents the internet from initiating connections to it. Finally, an isolated subnet is one that cannot reach the internet either through an IG or with NAT.

    By default, if unspecified, a VPC will automatically partition each availability zone into a public subnet and a private subnet. i.e. not providing a subnet configuration is equivalent to writing:

    import * as aws from "@pulumi/aws";
    import * as awsx from "@pulumi/awsx";
    
    const vpc = new awsx.ec2.Vpc("custom", {
       ...
       subnets: [{ type: "public" }, { type: "private" }],
    });
    

    To specify your own subnet configuration you can do the following:

    import * as aws from "@pulumi/aws";
    import * as awsx from "@pulumi/awsx";
    
    const vpc = new awsx.ec2.Vpc("custom", {
       cidrBlock: "10.0.0.0/16",
       requestedAvailabilityZones: 3,
       subnets: [{ type: "public" }, { type: "private" }, { type: isolated }],
    });
    

    There is no restriction on the number of public/private/isolated subnets in an availability zone. For example, it might be useful to have multiple isolated subnets, one for DB instances and another for Redis instances. To facilitate this sort of arrangement, subnets can be named for clarity. i.e.:

    import * as aws from "@pulumi/aws";
    import * as awsx from "@pulumi/awsx";
    
    const vpc = new awsx.ec2.Vpc("custom", {
       cidrBlock: "10.0.0.0/16",
       requestedAvailabilityZones: 3,
       subnets: [
         { type: "public" },
         { type: "private" },
         { type: isolated, name: "db" },
         { type: isolated, name: "redis" }],
    });
    

    By default the subnets will divide the CIDR space for each availability zone equally. If this is not desired, a particular size for each zone can be requested by passing in an appropriate netmask value between 16 and 28. See VPC and Subnet Sizing for more details. This value can be provided for specific subnets you know the number of instances you want IP addresses for. Whatever IP addresses are remaining in the availability zone will be split over the subnets that do not provide a defined size.

    Gateways

    By default any VPC with public subnets will have an Internet Gateway created for it. All public subnets will be routable for all IPv4 addresses connections.

    To allow connections from private subnets to the internet, NAT gateways will be created. If not specified, one NAT Gateway will be created for each availability zone. Because the NAT gateway must be in a public subnet, then NAT gateways will only be created if there is at least one public subnet. However, less NAT gateways can be requested (i.e. to save on costs). To do that, provide the numberOfNatGateways property like so:

    import * as aws from "@pulumi/aws";
    import * as awsx from "@pulumi/awsx";
    
    const vpc = new awsx.ec2.Vpc("custom", {
       cidrBlock: "10.0.0.0/16",
       requestedAvailabilityZones: 3,
       numberOfNatGateways: 1,
    });
    

    In the case where there is one NAT gateway per availability zone, then routing is very simple. Each private subnet will have have connections routed through gateway in that availability zone. In the case where there are less NAT gateways than availability zones, then routing works slightly differently. If there are N NAT gateways requested, then the first N availability zones will get a NAT gateway. Routing to private subnets in those availability zones works as above. However, all remaining availability zones will have their private subnets routed to in a round-robin fashion from the availability zones with NAT gateways. While this can save money, it also introduces higher risk as failure of one availability zone may impact others.

    Security Groups

    All traffic in and out of a VPC is controlled by Security Groups. Security groups can control incoming traffic through ingress rules and outgoing traffic through egress rules. ingress and egress can be customized like so:

    import * as aws from "@pulumi/aws";
    import * as awsx from "@pulumi/awsx";
    
    const vpc = new awsx.ec2.Vpc("custom", {
       // ...
    });
    
    const sg = new awsx.ec2.SecurityGroup("custom", { vpc });
    awsx.ec2.SecurityGroupRule.ingress("https-access", sg,
       new awsx.ec2.AnyIPv4Location(),
       new awsx.ec2.TcpPorts(443),
       "allow https access");
    awsx.ec2.SecurityGroupRule.ingress("ssd-access", sg,
       new awsx.ec2.AnyIPv4Location(),
       new awsx.ec2.TcpPorts(22),
       "allow ssh access");
    

    For detailed reference documentation, please visit the API docs.

    Resources

    Others

    Resources

    Resource InternetGateway

     implements SubnetRouteProvider

    constructor

    new InternetGateway(name: string, vpc: Vpc, args: InternetGatewayArgs, opts?: pulumi.ComponentResourceOptions)
    new InternetGateway(name: string, vpc: Vpc, args: ExistingInternetGatewayArgs, opts?: pulumi.ComponentResourceOptions)

    method getData

    protected getData(): Promise<TData>

    Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

    method getProvider

    getProvider(moduleMember: string): ProviderResource | undefined

    method initialize

    protected initialize(args: Inputs): Promise<TData>

    Can be overridden by a subclass to asynchronously initialize data for this Component automatically when constructed. The data will be available immediately for subclass constructors to use. To access the data use .getData.

    method isInstance

    static isInstance(obj: any): obj is ComponentResource

    Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

    method registerOutputs

    protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

    registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

    ComponentResources can call this at the end of their constructor to indicate that they are done creating child resources. This is not strictly necessary as this will automatically be called after the initialize method completes.

    method route

    public route(name: string, opts: ComponentResourceOptions): RouteArgs

    property internetGateway

    public internetGateway: InternetGateway;

    property urn

    urn: Output<URN>;

    urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

    property vpc

    public vpc: Vpc;

    Resource NatGateway

     implements SubnetRouteProvider

    constructor

    new NatGateway(name: string, vpc: Vpc, args: NatGatewayArgs, opts?: pulumi.ComponentResourceOptions)
    new NatGateway(name: string, vpc: Vpc, args: ExistingNatGatewayArgs, opts?: pulumi.ComponentResourceOptions)

    method getData

    protected getData(): Promise<TData>

    Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

    method getProvider

    getProvider(moduleMember: string): ProviderResource | undefined

    method initialize

    protected initialize(args: Inputs): Promise<TData>

    Can be overridden by a subclass to asynchronously initialize data for this Component automatically when constructed. The data will be available immediately for subclass constructors to use. To access the data use .getData.

    method isInstance

    static isInstance(obj: any): obj is ComponentResource

    Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

    method registerOutputs

    protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

    registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

    ComponentResources can call this at the end of their constructor to indicate that they are done creating child resources. This is not strictly necessary as this will automatically be called after the initialize method completes.

    method route

    public route(name: string, opts: ComponentResourceOptions): RouteArgs

    property elasticIP

    public elasticIP: Eip | undefined;

    property natGateway

    public natGateway: NatGateway;

    property natGatewayName

    public natGatewayName: string;

    property urn

    urn: Output<URN>;

    urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

    property vpc

    public vpc: Vpc;

    Resource SecurityGroup

    class SecurityGroup extends ComponentResource

    constructor

    new SecurityGroup(name: string, args: SecurityGroupArgs, opts: ComponentResourceOptions)

    method createEgressRule

    public createEgressRule(name: string, args: SimpleSecurityGroupRuleArgs, opts?: pulumi.ComponentResourceOptions): EgressSecurityGroupRule
    public createEgressRule(name: string, args: EgressSecurityGroupRuleArgs, opts?: pulumi.ComponentResourceOptions): EgressSecurityGroupRule

    method createIngressRule

    public createIngressRule(name: string, args: SimpleSecurityGroupRuleArgs, opts?: pulumi.ComponentResourceOptions): IngressSecurityGroupRule
    public createIngressRule(name: string, args: IngressSecurityGroupRuleArgs, opts?: pulumi.ComponentResourceOptions): IngressSecurityGroupRule

    method fromExistingId

    public static fromExistingId(name: string, id: pulumi.Input<string>, args: SecurityGroupArgs, opts: ComponentResourceOptions): SecurityGroup

    Get an existing SecurityGroup resource’s state with the given name and ID. This will not cause a SecurityGroup to be created, and removing this SecurityGroup from your pulumi application will not cause the existing cloud resource to be destroyed.

    method getData

    protected getData(): Promise<TData>

    Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

    method getProvider

    getProvider(moduleMember: string): ProviderResource | undefined

    method initialize

    protected initialize(args: Inputs): Promise<TData>

    Can be overridden by a subclass to asynchronously initialize data for this Component automatically when constructed. The data will be available immediately for subclass constructors to use. To access the data use .getData.

    method isInstance

    static isInstance(obj: any): obj is ComponentResource

    Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

    method registerOutputs

    protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

    registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

    ComponentResources can call this at the end of their constructor to indicate that they are done creating child resources. This is not strictly necessary as this will automatically be called after the initialize method completes.

    property egressRules

    public egressRules: EgressSecurityGroupRule[] = [];

    property id

    public id: pulumi.Output<string>;

    property ingressRules

    public ingressRules: IngressSecurityGroupRule[] = [];

    property securityGroup

    public securityGroup: SecurityGroup;

    property urn

    urn: Output<URN>;

    urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

    property vpc

    public vpc: Vpc;

    Resource SecurityGroupRule

    class SecurityGroupRule extends ComponentResource

    constructor

    new SecurityGroupRule(type: string, name: string, securityGroup: SecurityGroup, args: SecurityGroupRuleArgs, opts: ComponentResourceOptions)

    method egress

    public static egress(name: string, securityGroup: SecurityGroup, destination: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>, opts?: pulumi.ComponentResourceOptions): EgressSecurityGroupRule

    method egressArgs

    public static egressArgs(destination: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>): EgressSecurityGroupRuleArgs

    method getData

    protected getData(): Promise<TData>

    Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

    method getProvider

    getProvider(moduleMember: string): ProviderResource | undefined

    method ingress

    public static ingress(name: string, securityGroup: SecurityGroup, source: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>, opts?: pulumi.ComponentResourceOptions): IngressSecurityGroupRule

    method ingressArgs

    public static ingressArgs(source: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>): IngressSecurityGroupRuleArgs

    method initialize

    protected initialize(args: Inputs): Promise<TData>

    Can be overridden by a subclass to asynchronously initialize data for this Component automatically when constructed. The data will be available immediately for subclass constructors to use. To access the data use .getData.

    method isInstance

    static isInstance(obj: any): obj is ComponentResource

    Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

    method registerOutputs

    protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

    registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

    ComponentResources can call this at the end of their constructor to indicate that they are done creating child resources. This is not strictly necessary as this will automatically be called after the initialize method completes.

    property securityGroup

    public securityGroup: SecurityGroup;

    property securityGroupRule

    public securityGroupRule: SecurityGroupRule;

    property urn

    urn: Output<URN>;

    urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

    Resource Subnet

    class Subnet extends ComponentResource

    constructor

    new Subnet(name: string, vpc: Vpc, args: SubnetArgs, opts?: pulumi.ComponentResourceOptions)
    new Subnet(name: string, vpc: Vpc, args: ExistingSubnetArgs, opts?: pulumi.ComponentResourceOptions)

    method createRoute

    public createRoute(name: string, args: RouteArgs, opts?: pulumi.ComponentResourceOptions): void
    public createRoute(name: string, provider: SubnetRouteProvider, opts?: pulumi.ComponentResourceOptions): void

    method getData

    protected getData(): Promise<TData>

    Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

    method getProvider

    getProvider(moduleMember: string): ProviderResource | undefined

    method initialize

    protected initialize(args: Inputs): Promise<TData>

    Can be overridden by a subclass to asynchronously initialize data for this Component automatically when constructed. The data will be available immediately for subclass constructors to use. To access the data use .getData.

    method isInstance

    static isInstance(obj: any): obj is ComponentResource

    Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

    method registerOutputs

    protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

    registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

    ComponentResources can call this at the end of their constructor to indicate that they are done creating child resources. This is not strictly necessary as this will automatically be called after the initialize method completes.

    property id

    public id: pulumi.Output<string>;

    Underlying id for the aws subnet. This should be used over [this.subnet.id] as this Output will only resolve once the route table and all associations are resolved.

    property routeTable

    public routeTable: RouteTable | undefined;

    property routeTableAssociation

    public routeTableAssociation: RouteTableAssociation | undefined;

    property routes

    public routes: Route[] = [];

    property subnet

    public subnet: Subnet;

    property subnetName

    public subnetName: string;

    property urn

    urn: Output<URN>;

    urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

    property vpc

    public vpc: Vpc;

    Resource Vpc

    class Vpc extends ComponentResource<VpcData>

    accessor internetGateway

    public get internetGateway(): Promise<undefined | InternetGateway>;

    The internet gateway created to allow traffic to/from the internet to the public subnets. Only available if this was created using [VpcArgs].

    accessor isolatedSubnetIds

    public get isolatedSubnetIds(): Promise<Output<string>[]>;

    Asynchronously retrieves the IDs for the isolated subnets in this Vpc. This will only retrieve data for the subnets specified when the Vpc was created. If subnets were created externally, they will not be included.

    accessor isolatedSubnets

    public get isolatedSubnets(): Promise<Subnet[]>;

    Asynchronously retrieves the isolated subnets in this Vpc. This will only retrieve data for the subnets specified when the Vpc was created. If subnets were created externally, they will not be included.

    accessor natGateways

    public get natGateways(): Promise<NatGateway[]>;

    The nat gateways created to allow private subnets access to the internet. Only available if this was created using [VpcArgs].

    accessor privateSubnetIds

    public get privateSubnetIds(): Promise<Output<string>[]>;

    Asynchronously retrieves the IDs for the private subnets in this Vpc. This will only retrieve data for the subnets specified when the Vpc was created. If subnets were created externally, they will not be included.

    accessor privateSubnets

    public get privateSubnets(): Promise<Subnet[]>;

    Asynchronously retrieves the private subnets in this Vpc. This will only retrieve data for the subnets specified when the Vpc was created. If subnets were created externally, they will not be included.

    accessor publicSubnetIds

    public get publicSubnetIds(): Promise<Output<string>[]>;

    Asynchronously retrieves the IDs for the public subnets in this Vpc. This will only retrieve data for the subnets specified when the Vpc was created. If subnets were created externally, they will not be included.

    accessor publicSubnets

    public get publicSubnets(): Promise<Subnet[]>;

    Asynchronously retrieves the public subnets in this Vpc. This will only retrieve data for the subnets specified when the Vpc was created. If subnets were created externally, they will not be included.

    method addInternetGateway

    public addInternetGateway(name: string, subnets?: Subnet[], args: InternetGatewayArgs, opts: ComponentResourceOptions): Promise<void>

    method addNatGateway

    public addNatGateway(name: string, args: NatGatewayArgs, opts: ComponentResourceOptions): Promise<void>

    method fromExistingIds

    public static fromExistingIds(name: string, idArgs: ExistingVpcIdArgs, opts?: pulumi.ComponentResourceOptions): Vpc

    Get an existing Vpc resource’s state with the given name and IDs of its relevant sub-resources. This will not cause a VPC (or any sub-resources) to be created, and removing this Vpc from your pulumi application will not cause the existing cloud resource (or sub-resources) to be destroyed.

    method getData

    protected getData(): Promise<VpcData>

    Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

    method getDefault

    public static getDefault(opts: InvokeOptions): Vpc

    Gets the default vpc for the current aws account and region.

    See https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html for more details.

    Note: the no-arg version of this call is not recommended. It will acquire the default Vpc for the current region and cache it. Instead, it is recommended that the getDefault(opts) version be used instead with either opts.provider or opts.parent set. This version will properly get the default vpc for the region the provider specifies.

    This method will return the same Vpc instance when passed the same provider.

    method getProvider

    getProvider(moduleMember: string): ProviderResource | undefined

    method getSubnets

    public getSubnets(type: VpcSubnetType): Promise<Subnet[]>

    Asynchronously retrieves the subnets of a particular type in this Vpc. This will only retrieve data for the subnets specified when the Vpc was created. If subnets were created externally, they will not be included.

    method getSubnetsIds

    public getSubnetsIds(type: VpcSubnetType): Promise<Output<string>[]>

    Asynchronously retrieves the IDs for the subnets of a particular type in this Vpc. This will only retrieve data for the subnets specified when the Vpc was created. If subnets were created externally, they will not be included.

    method initialize

    protected initialize(props: {
        args: any;
        name: string;
        opts: ComponentResourceOptions;
    }): Promise<VpcData>

    method isInstance

    static isInstance(obj: any): obj is ComponentResource

    Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

    method registerOutputs

    protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

    registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

    ComponentResources can call this at the end of their constructor to indicate that they are done creating child resources. This is not strictly necessary as this will automatically be called after the initialize method completes.

    property id

    public id: pulumi.Output<string>;

    property urn

    urn: Output<URN>;

    urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

    property vpc

    public vpc: pulumi.Output<Vpc>;

    Others

    class AllTcpPorts

     implements SecurityGroupRulePorts

    constructor

    new AllTcpPorts()

    property fromPort

    public fromPort: pulumi.Input<number>;

    property protocol

    public protocol: "tcp" = "tcp";

    property toPort

    public toPort?: pulumi.Input<number>;

    class AllTraffic

     implements SecurityGroupRulePorts

    property fromPort

    public fromPort: 0 = 0;

    property protocol

    public protocol: "-1" = "-1";

    property toPort

    public toPort: 0 = 0;

    class AllUdpPorts

     implements SecurityGroupRulePorts

    constructor

    new AllUdpPorts()

    property fromPort

    public fromPort: pulumi.Input<number>;

    property protocol

    public protocol: "udp" = "udp";

    property toPort

    public toPort?: pulumi.Input<number>;

    class AnyIPv4Location

     implements SecurityGroupRuleLocation

    property cidrBlocks

    public cidrBlocks: string[] = ["0.0.0.0/0"];

    class AnyIPv6Location

     implements SecurityGroupRuleLocation

    property ipv6CidrBlocks

    public ipv6CidrBlocks: string[] = ["::/0"];

    interface AvailabilityZoneDescription

    interface AvailabilityZoneDescription

    property id

    id: string;

    property name

    name: string;

    class Cidr32Block

    class Cidr32Block

    constructor

    new Cidr32Block(startIpAddressInclusive: number, subnetMaskLeading1Bits: number)

    Do not call directly. Use the static factory methods to generate a cidr block

    method fromCidrNotation

    public static fromCidrNotation(cidr: string): Cidr32Block

    Returns a cidr block given notation like “a.b.c.d/n”

    method nextBlock

    public nextBlock(): Cidr32Block

    method toString

    public toString(): string

    property endIpAddressExclusive

    public endIpAddressExclusive: number;

    property startIpAddressInclusive

    public startIpAddressInclusive: number;

    property subnetMaskLeading1Bits

    public subnetMaskLeading1Bits: number;

    type CidrBlock

    type CidrBlock = string;

    Alias for a cidr block.

    function create

    create(resource: Resource | undefined, vpcName: string, vpcCidr: string, ipv6CidrBlock: pulumi.Output<string> | undefined, availabilityZones: AvailabilityZoneDescription[], numberOfNatGateways: number, assignGeneratedIpv6CidrBlock: pulumi.Input<boolean>, subnetArgsArray: VpcSubnetArgs[]): VpcTopologyDescription

    class EgressSecurityGroupRule

    class EgressSecurityGroupRule extends SecurityGroupRule

    constructor

    new EgressSecurityGroupRule(name: string, securityGroup: SecurityGroup, args: SimpleSecurityGroupRuleArgs | EgressSecurityGroupRuleArgs, opts: ComponentResourceOptions)

    method egress

    public static egress(name: string, securityGroup: SecurityGroup, destination: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>, opts?: pulumi.ComponentResourceOptions): EgressSecurityGroupRule

    method egressArgs

    public static egressArgs(destination: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>): EgressSecurityGroupRuleArgs

    method getData

    protected getData(): Promise<TData>

    Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

    method getProvider

    getProvider(moduleMember: string): ProviderResource | undefined

    method ingress

    public static ingress(name: string, securityGroup: SecurityGroup, source: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>, opts?: pulumi.ComponentResourceOptions): IngressSecurityGroupRule

    method ingressArgs

    public static ingressArgs(source: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>): IngressSecurityGroupRuleArgs

    method initialize

    protected initialize(args: Inputs): Promise<TData>

    Can be overridden by a subclass to asynchronously initialize data for this Component automatically when constructed. The data will be available immediately for subclass constructors to use. To access the data use .getData.

    method isInstance

    static isInstance(obj: any): obj is ComponentResource

    Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

    method registerOutputs

    protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

    registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

    ComponentResources can call this at the end of their constructor to indicate that they are done creating child resources. This is not strictly necessary as this will automatically be called after the initialize method completes.

    property securityGroup

    public securityGroup: SecurityGroup;

    property securityGroupRule

    public securityGroupRule: SecurityGroupRule;

    property urn

    urn: Output<URN>;

    urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

    interface EgressSecurityGroupRuleArgs

    interface EgressSecurityGroupRuleArgs

    property cidrBlocks

    cidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;

    List of CIDR blocks. Cannot be specified with source_security_group_id.

    property description

    description?: pulumi.Input<string>;

    Description of the rule.

    property fromPort

    fromPort: pulumi.Input<number>;

    The start port (or ICMP type number if protocol is “icmp”).

    property ipv6CidrBlocks

    ipv6CidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;

    List of IPv6 CIDR blocks.

    property prefixListIds

    prefixListIds?: pulumi.Input<pulumi.Input<string>[]>;

    List of prefix list IDs (for allowing access to VPC endpoints).

    property protocol

    protocol: pulumi.Input<string>;

    The protocol. If not icmp, tcp, udp, or all use the protocol number

    property self

    self?: pulumi.Input<boolean>;

    If true, the security group itself will be added as a source to this ingress rule.

    property sourceSecurityGroupId

    sourceSecurityGroupId?: pulumi.Input<string>;

    The security group id to allow access to/from, depending on the type. Cannot be specified with cidr_blocks.

    property toPort

    toPort: pulumi.Input<number>;

    The end port (or ICMP code if protocol is “icmp”).

    interface ExistingInternetGatewayArgs

    interface ExistingInternetGatewayArgs

    property internetGateway

    internetGateway: InternetGateway;

    Optional existing instance to use to make the [awsx.ec2.InternetGateway] out of.

    interface ExistingNatGatewayArgs

    interface ExistingNatGatewayArgs

    property natGateway

    natGateway: NatGateway;

    interface ExistingSubnetArgs

    interface ExistingSubnetArgs

    property subnet

    subnet: Subnet;

    Optional existing instance to use to make the awsx Subnet out of. If this is provided No RouteTable or RouteTableAssociation will be automatically be created.

    interface ExistingVpcArgs

    interface ExistingVpcArgs

    property vpc

    vpc: Vpc;

    The id of the VPC.

    interface ExistingVpcIdArgs

    interface ExistingVpcIdArgs

    property internetGatewayId

    internetGatewayId?: pulumi.Input<string>;

    The id of the internet gateway for this VPC

    property isolatedSubnetIds

    isolatedSubnetIds?: pulumi.Input<string>[];

    The isolated subnets for the vpc.

    property natGatewayIds

    natGatewayIds?: pulumi.Input<string>[];

    The ids of the nat gateways for this VPC

    property privateSubnetIds

    privateSubnetIds?: pulumi.Input<string>[];

    The private subnets for the vpc.

    property publicSubnetIds

    publicSubnetIds?: pulumi.Input<string>[];

    The public subnets for the vpc.

    property vpcId

    vpcId: pulumi.Input<string>;

    The id of the VPC.

    function getIPv4Address

    getIPv4Address(value: number): string

    class IcmpPorts

     implements SecurityGroupRulePorts

    constructor

    new IcmpPorts(fromPort: pulumi.Input<number>, toPort?: pulumi.Input<number>)

    property fromPort

    public fromPort: pulumi.Input<number>;

    property protocol

    public protocol: "icmp" = "icmp";

    property toPort

    public toPort?: pulumi.Input<number>;

    class IngressSecurityGroupRule

    class IngressSecurityGroupRule extends SecurityGroupRule

    constructor

    new IngressSecurityGroupRule(name: string, securityGroup: SecurityGroup, args: SimpleSecurityGroupRuleArgs | IngressSecurityGroupRuleArgs, opts: ComponentResourceOptions)

    method egress

    public static egress(name: string, securityGroup: SecurityGroup, destination: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>, opts?: pulumi.ComponentResourceOptions): EgressSecurityGroupRule

    method egressArgs

    public static egressArgs(destination: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>): EgressSecurityGroupRuleArgs

    method getData

    protected getData(): Promise<TData>

    Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

    method getProvider

    getProvider(moduleMember: string): ProviderResource | undefined

    method ingress

    public static ingress(name: string, securityGroup: SecurityGroup, source: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>, opts?: pulumi.ComponentResourceOptions): IngressSecurityGroupRule

    method ingressArgs

    public static ingressArgs(source: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>): IngressSecurityGroupRuleArgs

    method initialize

    protected initialize(args: Inputs): Promise<TData>

    Can be overridden by a subclass to asynchronously initialize data for this Component automatically when constructed. The data will be available immediately for subclass constructors to use. To access the data use .getData.

    method isInstance

    static isInstance(obj: any): obj is ComponentResource

    Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

    method registerOutputs

    protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

    registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

    ComponentResources can call this at the end of their constructor to indicate that they are done creating child resources. This is not strictly necessary as this will automatically be called after the initialize method completes.

    property securityGroup

    public securityGroup: SecurityGroup;

    property securityGroupRule

    public securityGroupRule: SecurityGroupRule;

    property urn

    urn: Output<URN>;

    urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

    interface IngressSecurityGroupRuleArgs

    interface IngressSecurityGroupRuleArgs

    property cidrBlocks

    cidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;

    List of CIDR blocks. Cannot be specified with source_security_group_id.

    property description

    description?: pulumi.Input<string>;

    Description of the rule.

    property fromPort

    fromPort: pulumi.Input<number>;

    The start port (or ICMP type number if protocol is “icmp”).

    property ipv6CidrBlocks

    ipv6CidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;

    List of IPv6 CIDR blocks.

    property protocol

    protocol: pulumi.Input<string>;

    The protocol. If not icmp, tcp, udp, or all use the protocol number

    property self

    self?: pulumi.Input<boolean>;

    If true, the security group itself will be added as a source to this ingress rule.

    property sourceSecurityGroupId

    sourceSecurityGroupId?: pulumi.Input<string>;

    The security group id to allow access to/from, depending on the type. Cannot be specified with cidr_blocks.

    property toPort

    toPort: pulumi.Input<number>;

    The end port (or ICMP code if protocol is “icmp”).

    namespace metrics

    function cpuCreditBalance

    cpuCreditBalance(change?: Ec2MetricChange): Metric

    The number of earned CPU credits that an instance has accrued since it was launched or started. For T2 Standard, the CPUCreditBalance also includes the number of launch credits that have been accrued.

    Credits are accrued in the credit balance after they are earned, and removed from the credit balance when they are spent. The credit balance has a maximum limit, determined by the instance size. After the limit is reached, any new credits that are earned are discarded. For T2 Standard, launch credits do not count towards the limit.

    The credits in the CPUCreditBalance are available for the instance to spend to burst beyond its baseline CPU utilization.

    When an instance is running, credits in the CPUCreditBalance do not expire. When a T3 instance stops, the CPUCreditBalance value persists for seven days. Thereafter, all accrued credits are lost. When a T2 instance stops, the CPUCreditBalance value does not persist, and all accrued credits are lost.

    CPU credit metrics are available at a five-minute frequency only.

    function cpuCreditUsage

    cpuCreditUsage(change?: Ec2MetricChange): Metric

    The number of CPU credits spent by the instance for CPU utilization. One CPU credit equals one vCPU running at 100% utilization for one minute or an equivalent combination of vCPUs, utilization, and time (for example, one vCPU running at 50% utilization for two minutes or two vCPUs running at 25% utilization for two minutes).

    CPU credit metrics are available at a five-minute frequency only. If you specify a period greater than five minutes, use the Sum statistic instead of the Average statistic.

    function cpuSurplusCreditBalance

    cpuSurplusCreditBalance(change?: Ec2MetricChange): Metric

    The number of surplus credits that have been spent by an unlimited instance when its CPUCreditBalance value is zero.

    The CPUSurplusCreditBalance value is paid down by earned CPU credits. If the number of surplus credits exceeds the maximum number of credits that the instance can earn in a 24-hour period, the spent surplus credits above the maximum incur an additional charge.

    function cpuSurplusCreditsCharged

    cpuSurplusCreditsCharged(change?: Ec2MetricChange): Metric

    The number of spent surplus credits that are not paid down by earned CPU credits, and which thus incur an additional charge.

    Spent surplus credits are charged when any of the following occurs:

    • The spent surplus credits exceed the maximum number of credits that the instance can earn in a 24-hour period. Spent surplus credits above the maximum are charged at the end of the hour.
    • The instance is stopped or terminated.
    • The instance is switched from unlimited to standard.

    function cpuUtilization

    cpuUtilization(change?: Ec2MetricChange): Metric

    The percentage of allocated EC2 compute units that are currently in use on the instance. This metric identifies the processing power required to run an application upon a selected instance.

    Depending on the instance type, tools in your operating system can show a lower percentage than CloudWatch when the instance is not allocated a full processor core.

    Units: Percent

    function diskReadBytes

    diskReadBytes(change?: Ec2MetricChange): Metric

    Bytes read from all instance store volumes available to the instance.

    This metric is used to determine the volume of the data the application reads from the hard disk of the instance. This can be used to determine the speed of the application.

    The number reported is the number of bytes received during the period. If you are using basic (five-minute) monitoring, you can divide this number by 300 to find Bytes/second. If you have detailed (one-minute) monitoring, divide it by 60.

    If there are no instance store volumes, either the value is 0 or the metric is not reported.

    Units: Bytes

    function diskReadOps

    diskReadOps(change?: Ec2MetricChange): Metric

    Completed read operations from all instance store volumes available to the instance in a specified period of time.

    To calculate the average I/O operations per second (IOPS) for the period, divide the total operations in the period by the number of seconds in that period.

    If there are no instance store volumes, either the value is 0 or the metric is not reported.

    Units: Count

    function diskWriteBytes

    diskWriteBytes(change?: Ec2MetricChange): Metric

    Bytes written to all instance store volumes available to the instance.

    This metric is used to determine the volume of the data the application writes onto the hard disk of the instance. This can be used to determine the speed of the application.

    The number reported is the number of bytes received during the period. If you are using basic (five-minute) monitoring, you can divide this number by 300 to find Bytes/second. If you have detailed (one-minute) monitoring, divide it by 60.

    If there are no instance store volumes, either the value is 0 or the metric is not reported.

    Units: Bytes

    function diskWriteOps

    diskWriteOps(change?: Ec2MetricChange): Metric

    Completed write operations to all instance store volumes available to the instance in a specified period of time.

    To calculate the average I/O operations per second (IOPS) for the period, divide the total operations in the period by the number of seconds in that period.

    If there are no instance store volumes, either the value is 0 or the metric is not reported.

    Units: Count

    function ebsByteBalance

    ebsByteBalance(change?: Ec2MetricChange): Metric

    Available only for the smaller instance sizes. Provides information about the percentage of throughput credits remaining in the burst bucket. This metric is available for basic monitoring only.

    Unit: Percent

    function ebsIOBalance

    ebsIOBalance(change?: Ec2MetricChange): Metric

    Available only for the smaller instance sizes. Provides information about the percentage of I/O credits remaining in the burst bucket. This metric is available for basic monitoring only.

    Unit: Percent

    function ebsReadBytes

    ebsReadBytes(change?: Ec2MetricChange): Metric

    Bytes read from all EBS volumes attached to the instance in a specified period of time.

    The number reported is the number of bytes read during the period. If you are using basic (five-minute) monitoring, you can divide this number by 300 to find Read Bytes/second. If you have detailed (one-minute) monitoring, divide it by 60.

    Unit: Bytes

    function ebsReadOps

    ebsReadOps(change?: Ec2MetricChange): Metric

    Completed read operations from all Amazon EBS volumes attached to the instance in a specified period of time.

    To calculate the average read I/O operations per second (Read IOPS) for the period, divide the total operations in the period by the number of seconds in that period. If you are using basic (five-minute) monitoring, you can divide this number by 300 to calculate the Read IOPS. If you have detailed (one-minute) monitoring, divide it by 60.

    Unit: Count

    function ebsWriteBytes

    ebsWriteBytes(change?: Ec2MetricChange): Metric

    Bytes written to all EBS volumes attached to the instance in a specified period of time.

    The number reported is the number of bytes written during the period. If you are using basic (five-minute) monitoring, you can divide this number by 300 to find Write Bytes/second. If you have detailed (one-minute) monitoring, divide it by 60.

    Unit: Bytes

    function ebsWriteOps

    ebsWriteOps(change?: Ec2MetricChange): Metric

    Completed write operations to all EBS volumes attached to the instance in a specified period of time.

    To calculate the average write I/O operations per second (Write IOPS) for the period, divide the total operations in the period by the number of seconds in that period. If you are using basic (five-minute) monitoring, you can divide this number by 300 to calculate the Write IOPS. If you have detailed (one-minute) monitoring, divide it by 60.

    Unit: Count

    interface Ec2MetricChange

    interface Ec2MetricChange extends MetricChange

    property color

    color?: pulumi.Input<string>;

    The six-digit HTML hex color code to be used for this metric.

    Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].

    property dimensions

    dimensions?: pulumi.Input<Record<string, pulumi.Input<string>>>;

    The new dimension for this metric. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be cleared.

    property extendedStatistic

    extendedStatistic?: pulumi.Input<number>;

    The new percentile statistic for the metric associated with the alarm. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default.

    property imageId

    imageId?: undefined | string;

    This dimension filters the data you request for all instances running this Amazon EC2 Amazon Machine Image (AMI). Available for instances with Detailed Monitoring enabled.

    property instance

    instance?: aws.ec2.Instance;

    Optional [Instance] this metric should be filtered down to.

    property instanceType

    instanceType?: aws.ec2.InstanceType;

    This dimension filters the data you request for all instances running with this specified instance type. This helps you categorize your data by the type of instance running. For example, you might compare data from an m1.small instance and an m1.large instance to determine which has the better business value for your application. Available for instances with Detailed Monitoring enabled.

    property label

    label?: pulumi.Input<string>;

    The label to display for this metric in the graph legend. If this is not specified, the metric is given an autogenerated label that distinguishes it from the other metrics in the widget.

    Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].

    property period

    period?: pulumi.Input<number>;

    The new period in seconds over which the specified stat is applied. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default (300s).

    property statistic

    statistic?: pulumi.Input<MetricStatistic>;

    The new statistic to apply to the alarm’s associated metric. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default.

    property unit

    unit?: pulumi.Input<MetricUnit>;

    The new unit for this metric. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default.

    property visible

    visible?: pulumi.Input<boolean>;

    Set this to true to have the metric appear in the graph, or false to have it be hidden. The default is true.

    Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].

    property yAxis

    yAxis?: pulumi.Input<"left" | "right">;

    Where on the graph to display the y-axis for this metric. The default is left.

    Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].

    type Ec2MetricName

    type Ec2MetricName = "CPUCreditUsage" | "CPUCreditBalance" | "CPUSurplusCreditBalance" | "CPUSurplusCreditsCharged" | "CPUUtilization" | "DiskReadOps" | "DiskWriteOps" | "DiskReadBytes" | "DiskWriteBytes" | "NetworkIn" | "NetworkOut" | "NetworkPacketsIn" | "NetworkPacketsOut" | "StatusCheckFailed" | "StatusCheckFailed_Instance" | "StatusCheckFailed_System" | "EBSReadOps" | "EBSWriteOps" | "EBSReadBytes" | "EBSWriteBytes" | "EBSIOBalance%" | "EBSByteBalance%";

    function metric

    metric(metricName: Ec2MetricName, change: Ec2MetricChange): Metric

    Creates an AWS/EC2 metric with the requested [metricName]. See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/viewing_metrics_with_cloudwatch.html for list of all metric-names.

    Note, individual metrics can easily be obtained without supplying the name using the other [metricXXX] functions.

    Amazon EC2 sends metrics to Amazon CloudWatch. You can use the AWS Management Console, the AWS CLI, or an API to list the metrics that Amazon EC2 sends to CloudWatch. By default, each data point covers the 5 minutes that follow the start time of activity for the instance. If you’ve enabled detailed monitoring, each data point covers the next minute of activity from the start time.

    You can use the following dimensions to refine the metrics returned for your instances.

    1. “AutoScalingGroupName”: This dimension filters the data you request for all instances in a specified capacity group. An Auto Scaling group is a collection of instances you define if you’re using Auto Scaling. This dimension is available only for Amazon EC2 metrics when the instances are in such an Auto Scaling group. Available for instances with Detailed or Basic Monitoring enabled.
    2. “ImageId”: This dimension filters the data you request for all instances running this Amazon EC2 Amazon Machine Image (AMI). Available for instances with Detailed Monitoring enabled.
    3. “InstanceId”: This dimension filters the data you request for the identified instance only. This helps you pinpoint an exact instance from which to monitor data.
    4. “InstanceType”: This dimension filters the data you request for all instances running with this specified instance type. This helps you categorize your data by the type of instance running. For example, you might compare data from an m1.small instance and an m1.large instance to determine which has the better business value for your application. Available for instances with Detailed Monitoring enabled.

    function networkIn

    networkIn(change?: Ec2MetricChange): Metric

    The number of bytes received on all network interfaces by the instance. This metric identifies the volume of incoming network traffic to a single instance.

    The number reported is the number of bytes received during the period. If you are using basic (five-minute) monitoring, you can divide this number by 300 to find Bytes/second. If you have detailed (one-minute) monitoring, divide it by 60.

    Units: Bytes

    function networkOut

    networkOut(change?: Ec2MetricChange): Metric

    The number of bytes sent out on all network interfaces by the instance. This metric identifies the volume of outgoing network traffic from a single instance.

    The number reported is the number of bytes sent during the period. If you are using basic (five-minute) monitoring, you can divide this number by 300 to find Bytes/second. If you have detailed (one-minute) monitoring, divide it by 60.

    Units: Bytes

    function networkPacketsIn

    networkPacketsIn(change?: Ec2MetricChange): Metric

    The number of packets received on all network interfaces by the instance. This metric identifies the volume of incoming traffic in terms of the number of packets on a single instance. This metric is available for basic monitoring only.

    Units: Count

    Statistics: Minimum, Maximum, Average

    function networkPacketsOut

    networkPacketsOut(change?: Ec2MetricChange): Metric

    The number of packets sent out on all network interfaces by the instance. This metric identifies the volume of outgoing traffic in terms of the number of packets on a single instance. This metric is available for basic monitoring only.

    Units: Count

    Statistics: Minimum, Maximum, Average

    function statusCheckFailed

    statusCheckFailed(change?: Ec2MetricChange): Metric

    Reports whether the instance has passed both the instance status check and the system status check in the last minute.

    This metric can be either 0 (passed) or 1 (failed).

    By default, this metric is available at a 1-minute frequency at no charge.

    Units: Count

    function statusCheckFailed_Instance

    statusCheckFailed_Instance(change?: Ec2MetricChange): Metric

    Reports whether the instance has passed the instance status check in the last minute.

    This metric can be either 0 (passed) or 1 (failed).

    By default, this metric is available at a 1-minute frequency at no charge.

    Units: Count

    function statusCheckFailed_System

    statusCheckFailed_System(change?: Ec2MetricChange): Metric

    Reports whether the instance has passed the system status check in the last minute.

    This metric can be either 0 (passed) or 1 (failed).

    By default, this metric is available at a 1-minute frequency at no charge.

    Units: Count

    interface NatGatewayArgs

    interface NatGatewayArgs

    property subnet

    subnet: SubnetOrId;

    The subnet the NatGateway should be placed in.

    property tags

    tags?: pulumi.Input<{[key: string]: any}>;

    A mapping of tags to assign to the resource.

    interface NatGatewayDescription

    interface NatGatewayDescription

    property name

    name: string;

    property publicSubnet

    publicSubnet: string;

    index of the public subnet that this nat gateway should live in.

    interface NatRouteDescription

    interface NatRouteDescription

    property name

    name: string;

    property natGateway

    natGateway: string;

    The name of the nat gateway this private subnet is getting a route to.

    property privateSubnet

    privateSubnet: string;

    The name of the private subnet that is getting the route

    interface RouteArgs

    interface RouteArgs

    The set of arguments for constructing a Route resource.

    property destinationCidrBlock

    destinationCidrBlock?: pulumi.Input<string>;

    The destination CIDR block.

    property destinationIpv6CidrBlock

    destinationIpv6CidrBlock?: pulumi.Input<string>;

    The destination IPv6 CIDR block.

    property egressOnlyGatewayId

    egressOnlyGatewayId?: pulumi.Input<string>;

    Identifier of a VPC Egress Only Internet Gateway.

    property gatewayId

    gatewayId?: pulumi.Input<string>;

    Identifier of a VPC internet gateway or a virtual private gateway.

    property instanceId

    instanceId?: pulumi.Input<string>;

    Identifier of an EC2 instance.

    property natGatewayId

    natGatewayId?: pulumi.Input<string>;

    Identifier of a VPC NAT gateway.

    property networkInterfaceId

    networkInterfaceId?: pulumi.Input<string>;

    Identifier of an EC2 network interface.

    property transitGatewayId

    transitGatewayId?: pulumi.Input<string>;

    Identifier of an EC2 Transit Gateway.

    property vpcPeeringConnectionId

    vpcPeeringConnectionId?: pulumi.Input<string>;

    Identifier of a VPC peering connection.

    interface SecurityGroupArgs

    interface SecurityGroupArgs

    property description

    description?: pulumi.Input<string>;

    The security group description. Defaults to “Managed by Terraform”. Cannot be “”. NOTE: This field maps to the AWS GroupDescription attribute, for which there is no Update API. If you’d like to classify your security groups in a way that can be updated, use tags.

    property egress

    egress?: EgressSecurityGroupRuleArgs[];

    Can be specified multiple times for each egress rule. Each egress block supports fields documented below.

    property ingress

    ingress?: IngressSecurityGroupRuleArgs[];

    Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below.

    property revokeRulesOnDelete

    revokeRulesOnDelete?: pulumi.Input<boolean>;

    Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false

    property securityGroup

    securityGroup?: aws.ec2.SecurityGroup;

    An existing SecurityGroup to use for this awsx SecurityGroup. If not provided, a default one will be created.

    property tags

    tags?: pulumi.Input<Tags>;

    property vpc

    vpc?: Vpc;

    The vpc this security group applies to. Or [Vpc.getDefault] if unspecified.

    type SecurityGroupOrId

    type SecurityGroupOrId = SecurityGroup | pulumi.Input<string>;

    interface SecurityGroupRuleArgs

    interface SecurityGroupRuleArgs

    property cidrBlocks

    cidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;

    List of CIDR blocks. Cannot be specified with source_security_group_id.

    property description

    description?: pulumi.Input<string>;

    Description of the rule.

    property fromPort

    fromPort: pulumi.Input<number>;

    The start port (or ICMP type number if protocol is “icmp”).

    property ipv6CidrBlocks

    ipv6CidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;

    List of IPv6 CIDR blocks.

    property prefixListIds

    prefixListIds?: pulumi.Input<pulumi.Input<string>[]>;

    List of prefix list IDs (for allowing access to VPC endpoints). Only valid with egress.

    property protocol

    protocol: pulumi.Input<string>;

    The protocol. If not icmp, tcp, udp, or all use the protocol number

    property self

    self?: pulumi.Input<boolean>;

    If true, the security group itself will be added as a source to this ingress rule.

    property sourceSecurityGroupId

    sourceSecurityGroupId?: pulumi.Input<string>;

    The security group id to allow access to/from, depending on the type. Cannot be specified with cidr_blocks.

    property toPort

    toPort: pulumi.Input<number>;

    The end port (or ICMP code if protocol is “icmp”).

    property type

    type: pulumi.Input<"ingress" | "egress">;

    The type of rule being created. Valid options are ingress (inbound) or egress (outbound).

    interface SecurityGroupRuleLocation

    interface SecurityGroupRuleLocation

    property cidrBlocks

    cidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;

    List of CIDR blocks. Cannot be specified with sourceSecurityGroupId.

    property ipv6CidrBlocks

    ipv6CidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;

    List of IPv6 CIDR blocks.

    property sourceSecurityGroupId

    sourceSecurityGroupId?: pulumi.Input<string>;

    The security group id to allow access to/from, depending on the type. Cannot be specified with cidrblocks.

    interface SecurityGroupRulePorts

    interface SecurityGroupRulePorts

    property fromPort

    fromPort: pulumi.Input<number>;

    The start port (or ICMP type number if protocol is “icmp”).

    property protocol

    protocol: pulumi.Input<SecurityGroupRuleProtocol>;

    The protocol. If not icmp, tcp, udp, or all use the protocol number

    property toPort

    toPort?: pulumi.Input<number>;

    The end port (or ICMP code if protocol is “icmp”). Defaults to ‘fromPort’ if not specified.

    type SecurityGroupRuleProtocol

    type SecurityGroupRuleProtocol = "-1" | "tcp" | "udp" | "icmp";

    interface SimpleSecurityGroupRuleArgs

    interface SimpleSecurityGroupRuleArgs

    property description

    description?: pulumi.Input<string>;

    Optional description for the rule to make it easier to document in the AWS console.

    property location

    location: SecurityGroupRuleLocation;

    The source or destination location of the rule. This allows controlling of the ipv4 or ipv6 cidr blocks for the rule, or the source security group.

    There are easy ways to provide ingress or egress to the entirety of the ipv4 or ipv6 space by using the AnyIPv4Location and AnyIPv6Location types.

    property ports

    ports: SecurityGroupRulePorts;

    The ports and protocol this rule allows access to/from. There are easy ways to open anything from a single port, to a wide set of ports, to all ports and all protocols using:

    [TcpPorts], [AllTcpPorts], [UdpPorts], [AllUdpPorts], [IcmpPorts], [AllTraffic]

    interface SubnetArgs

    interface SubnetArgs

    property assignIpv6AddressOnCreation

    assignIpv6AddressOnCreation?: pulumi.Input<boolean>;

    Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default’s to true if the Vpc this is associated with has assignGeneratedIpv6CidrBlock: true. false otherwise.

    property availabilityZone

    availabilityZone?: pulumi.Input<string>;

    The AZ for the subnet.

    property availabilityZoneId

    availabilityZoneId?: pulumi.Input<string>;

    The AZ ID of the subnet.

    property cidrBlock

    cidrBlock: pulumi.Input<string>;

    The CIDR block for the subnet.

    property ignoreChanges

    ignoreChanges?: string[];

    Ignore changes to any of the specified properties of the Subnet.

    property ipv6CidrBlock

    ipv6CidrBlock?: pulumi.Input<string>;

    The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length.

    property mapPublicIpOnLaunch

    mapPublicIpOnLaunch?: pulumi.Input<boolean>;

    Specify true to indicate that instances launched into the subnet should be assigned a public IP address. Default is false.

    property tags

    tags?: pulumi.Input<Tags>;

    A mapping of tags to assign to the resource.

    interface SubnetDescription

    interface SubnetDescription

    property args

    args: SubnetArgs;

    property ignoreChanges

    ignoreChanges?: string[];

    property subnetName

    subnetName: string;

    property type

    type: VpcSubnetType;

    type SubnetOrId

    type SubnetOrId = Subnet | pulumi.Input<string>;

    interface SubnetRouteProvider

    interface SubnetRouteProvider

    method route

    route(name: string, opts: ComponentResourceOptions): RouteArgs

    class TcpPorts

     implements SecurityGroupRulePorts

    constructor

    new TcpPorts(fromPort: pulumi.Input<number>, toPort?: pulumi.Input<number>)

    property fromPort

    public fromPort: pulumi.Input<number>;

    property protocol

    public protocol: "tcp" = "tcp";

    property toPort

    public toPort?: pulumi.Input<number>;

    class UdpPorts

     implements SecurityGroupRulePorts

    constructor

    new UdpPorts(fromPort: pulumi.Input<number>, toPort?: pulumi.Input<number>)

    property fromPort

    public fromPort: pulumi.Input<number>;

    property protocol

    public protocol: "udp" = "udp";

    property toPort

    public toPort?: pulumi.Input<number>;

    interface VpcArgs

    interface VpcArgs

    property assignGeneratedIpv6CidrBlock

    assignGeneratedIpv6CidrBlock?: pulumi.Input<boolean>;

    Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block. Default is false. If set to true, then subnets created will default to assignIpv6AddressOnCreation: true as well.

    property cidrBlock

    cidrBlock?: CidrBlock;

    The CIDR block for the VPC. Defaults to “10.0.0.0/16” if unspecified.

    enableClassiclink?: pulumi.Input<boolean>;

    A boolean flag to enable/disable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. See the [ClassicLink documentation][1] for more information. Defaults false.

    property enableClassiclinkDnsSupport

    enableClassiclinkDnsSupport?: pulumi.Input<boolean>;

    A boolean flag to enable/disable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic.

    property enableDnsHostnames

    enableDnsHostnames?: pulumi.Input<boolean>;

    A boolean flag to enable/disable DNS hostnames in the VPC. Defaults to true if unspecified.

    property enableDnsSupport

    enableDnsSupport?: pulumi.Input<boolean>;

    A boolean flag to enable/disable DNS support in the VPC. Defaults true if unspecified.

    property instanceTenancy

    instanceTenancy?: pulumi.Input<"default" | "dedicated">;

    A tenancy option for instances launched into the VPC. Defaults to “default” if unspecified.

    property numberOfAvailabilityZones

    numberOfAvailabilityZones?;

    property numberOfNatGateways

    numberOfNatGateways?: undefined | number;

    The max number of NAT gateways to create if there are any private subnets created. A NAT gateway enables instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances. A minimum of ‘1’ gateway is needed if an instance is to be allowed connection to the internet.

    If this is not set, a nat gateway will be made for each availability zone in the current region. The first public subnet for that availability zone will be the one used to place the nat gateway in. If less gateways are requested than availability zones, then only that many nat gateways will be created.

    Private subnets in an availability zone that contains a nat gateway will route through that gateway. Private subnets in an availability zone that does not contain a nat gateway will be routed to the other nat gateways in a round-robin fashion.

    See https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html for more details.

    Defaults to [numberOfAvailabilityZones].

    property requestedAvailabilityZones

    requestedAvailabilityZones?: number | "all" | [, string, string] | pulumi.Input<string[]>;

    The names of the availability zones to use in the current region. Defaults to 2 if unspecified. Use "all" to use all the availability zones in the current region.

    property subnets

    subnets?: VpcSubnetArgs[];

    The information about what subnets to create per availability zone. Defaults to one public and one private subnet if unspecified.

    property tags

    tags?: pulumi.Input<Tags>;

    A mapping of tags to assign to the resource.

    interface VpcSubnetArgs

    interface VpcSubnetArgs

    Information that controls how each vpc subnet should be created for each availability zone. By default, the Vpc will control actually creating the appropriate subnets in each zone depending on the values specified in this type. This help ensure that each subnet will reside entirely within one Availability Zone and cannot span zones.

    For finer control of the locations of the subnets, specify the [location] property for all the subnets.

    See https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html for more details.

    property assignIpv6AddressOnCreation

    assignIpv6AddressOnCreation?: pulumi.Input<boolean>;

    Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Defaults to the value of VpcArgs.assignGeneratedIpv6CidrBlock.

    property cidrMask

    cidrMask?: undefined | number;

    The number of leading bits in the Vpc cidrBlock to use to define the cidrBlock for this subnet. By providing masking bits, this can be computed in a way that ensures that each subnet has a distinct block.

    If this is not provided, the cidrBlock for the vpc will be appropriately split based on the number of subnets and availability zones there are.

    The allowed mask size is between a 28 netmask and 16 netmask. See https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html for more details.

    If this property is provided, [location] cannot be provided.

    property ignoreChanges

    ignoreChanges?: string[];

    Ignore changes to any of the specified properties of the Subnet.

    property location

    location?: CidrBlock | VpcSubnetLocation;

    More precise information about the location of this subnet. Can either be a simple CidrBlock (i.e. 10.0.0.0/24), or a richer object describing the CidrBlocks and Availability Zone for the subnet.

    If this property is provided, [cidrMask] cannot be provided.

    If only a CidrBlock is provided here, then the subnet will be placed in the first availability zone for the region.

    If this property is provided for one subnet, it must be provided for all subnets.

    property mapPublicIpOnLaunch

    mapPublicIpOnLaunch?: pulumi.Input<boolean>;

    Specify true to indicate that instances launched into the subnet should be assigned a public IP address. Default’s to true if type is public. false otherwise.

    property name

    name?: undefined | string;

    An optional name to use as part of the subnet name. If not provided, will be set to “public”/“private”/“isolated” depending on the [type] of this subnet. Required if making multiple subnets with the same type.

    property tags

    tags?: pulumi.Input<Tags>;

    property type

    type: VpcSubnetType;

    The type of subnet to make in each availability zone.

    interface VpcSubnetLocation

    interface VpcSubnetLocation

    property availabilityZone

    availabilityZone?: undefined | string;

    The AZ for the subnet.

    property availabilityZoneId

    availabilityZoneId?: undefined | string;

    The AZ ID of the subnet.

    property cidrBlock

    cidrBlock: pulumi.Input<CidrBlock>;

    The CIDR block for the subnet.

    property ipv6CidrBlock

    ipv6CidrBlock?: pulumi.Input<string>;

    The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length.

    type VpcSubnetType

    type VpcSubnetType = "public" | "private" | "isolated";

    The type of this subnet.

    1. A “public” subnet will route traffic to an [InternetGateway]. If you specify a public subnet this InternetGateway will be created on your behalf and traffic will be routed accordingly.
    2. A “private” subnet is similar to “public” except that the subnet will not have a route to the [InternetGateway]. Instead, there will be a route entry setup for the NatGateway in that availability zone to the subnet.
    3. Unlike “public” or “private” subnets, an “isolated” subnet has no routing specified at all.

    interface VpcTopologyDescription

    interface VpcTopologyDescription

    property natGateways

    natGateways: NatGatewayDescription[];

    property natRoutes

    natRoutes: NatRouteDescription[];

    property subnets

    subnets: SubnetDescription[];
      Pulumi AI - What cloud infrastructure would you like to build? Generate Program