Module classic/ec2

Pulumi EC2 Components

Pulumi’s API’s for simplifying workin with EC2. The API currently primarily provides ways to define and configure a Virtual Private Cloud (VPC), as well as customize the Security Groups around it.

The Default VPC

By default, Amazon will create a ‘Default VPC’ in all regions of your account. You can read more about this Default VPC here. This VPC can be easily acquired in the following manner:

import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";

const vpc = awsx.ec2.Vpc.getDefault();

Many components in awsx work with a specific VPC (for example, Clusters and LoadBalancers). However, if a specific VPC is not provided, they will use this default VPC instead. This makes it simple to set up infrastructure for the default VPC without having to explicitly provide it all the time.

Custom VPCs

While using the default VPC can be very simple and convenient, it is not always desirable to do so, and it can often be advantageous to define your own VPCs with their own custom topology. Doing this allows more fine grained control over many parts of the network structure including, but not limited to, controlling IP address configuration, as well as ingress/egress security filtering.

When you create a VPC, you must specify a range of IPv4 addresses for the VPC in the form of a Classless Inter-Domain Routing (CIDR) block. If one is not specified then 10.0.0.0/16 will be used by default. This is the primary CIDR block for your VPC. For more information about CIDR notation, see RFC 4632. For example:

import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";

const vpc = new awsx.ec2.Vpc("custom", {
   cidrBlock: "10.0.0.0/16",
   // other args
   // ...
});

This range will then be partitioned accordingly into the VPC depending on the other arguments provided. The additional arguments that affect this partitioning are subnets and requestedAvailabilityZones.

Availability Zones

Availability Zones are distinct locations that are engineered to be isolated from failures in other Availability Zones. By launching instances in separate Availability Zones, you can protect your applications from the failure of a single location

Not providing a list of zones for requestedAvailabilityZones will default to 2, but a different value can be specified like so if appropriate for your region:

import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";

const vpc = new awsx.ec2.Vpc("custom", {
   cidrBlock: "10.0.0.0/16",
   requestedAvailabilityZones: 3,
});

Each availability zone will get an approximately equal share of the total CIDR address space for the VPC.

Subnets

Subnets allow you partition each availability zone into regions with different levels of access. A public subnet is one whose traffic is routed to an Internet Gateway (IG). A private subnet is one that is configured to use a NAT Gateway(NAT) so that it can reach the internet, but which prevents the internet from initiating connections to it. Finally, an isolated subnet is one that cannot reach the internet either through an IG or with NAT.

By default, if unspecified, a VPC will automatically partition each availability zone into a public subnet and a private subnet. i.e. not providing a subnet configuration is equivalent to writing:

import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";

const vpc = new awsx.ec2.Vpc("custom", {
   ...
   subnets: [{ type: "public" }, { type: "private" }],
});

To specify your own subnet configuration you can do the following:

import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";

const vpc = new awsx.ec2.Vpc("custom", {
   cidrBlock: "10.0.0.0/16",
   requestedAvailabilityZones: 3,
   subnets: [{ type: "public" }, { type: "private" }, { type: isolated }],
});

There is no restriction on the number of public/private/isolated subnets in an availability zone. For example, it might be useful to have multiple isolated subnets, one for DB instances and another for Redis instances. To facilitate this sort of arrangement, subnets can be named for clarity. i.e.:

import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";

const vpc = new awsx.ec2.Vpc("custom", {
   cidrBlock: "10.0.0.0/16",
   requestedAvailabilityZones: 3,
   subnets: [
     { type: "public" },
     { type: "private" },
     { type: isolated, name: "db" },
     { type: isolated, name: "redis" }],
});

By default the subnets will divide the CIDR space for each availability zone equally. If this is not desired, a particular size for each zone can be requested by passing in an appropriate netmask value between 16 and 28. See VPC and Subnet Sizing for more details. This value can be provided for specific subnets you know the number of instances you want IP addresses for. Whatever IP addresses are remaining in the availability zone will be split over the subnets that do not provide a defined size.

Gateways

By default any VPC with public subnets will have an Internet Gateway created for it. All public subnets will be routable for all IPv4 addresses connections.

To allow connections from private subnets to the internet, NAT gateways will be created. If not specified, one NAT Gateway will be created for each availability zone. Because the NAT gateway must be in a public subnet, then NAT gateways will only be created if there is at least one public subnet. However, less NAT gateways can be requested (i.e. to save on costs). To do that, provide the numberOfNatGateways property like so:

import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";

const vpc = new awsx.ec2.Vpc("custom", {
   cidrBlock: "10.0.0.0/16",
   requestedAvailabilityZones: 3,
   numberOfNatGateways: 1,
});

In the case where there is one NAT gateway per availability zone, then routing is very simple. Each private subnet will have have connections routed through gateway in that availability zone. In the case where there are less NAT gateways than availability zones, then routing works slightly differently. If there are N NAT gateways requested, then the first N availability zones will get a NAT gateway. Routing to private subnets in those availability zones works as above. However, all remaining availability zones will have their private subnets routed to in a round-robin fashion from the availability zones with NAT gateways. While this can save money, it also introduces higher risk as failure of one availability zone may impact others.

Security Groups

All traffic in and out of a VPC is controlled by Security Groups. Security groups can control incoming traffic through ingress rules and outgoing traffic through egress rules. ingress and egress can be customized like so:

import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";

const vpc = new awsx.ec2.Vpc("custom", {
   // ...
});

const sg = new awsx.ec2.SecurityGroup("custom", { vpc });
awsx.ec2.SecurityGroupRule.ingress("https-access", sg,
   new awsx.ec2.AnyIPv4Location(),
   new awsx.ec2.TcpPorts(443),
   "allow https access");
awsx.ec2.SecurityGroupRule.ingress("ssd-access", sg,
   new awsx.ec2.AnyIPv4Location(),
   new awsx.ec2.TcpPorts(22),
   "allow ssh access");

For detailed reference documentation, please visit the API docs.

Others

Resources

Resource InternetGateway

 implements SubnetRouteProvider

constructor

new InternetGateway(name: string, vpc: Vpc, args: InternetGatewayArgs, opts?: pulumi.ComponentResourceOptions)

new InternetGateway(name: string, vpc: Vpc, args: ExistingInternetGatewayArgs, opts?: pulumi.ComponentResourceOptions)

method getData

protected getData(): Promise<TData>

Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method initialize

protected initialize(args: Inputs): Promise<TData>

Can be overridden by a subclass to asynchronously initialize data for this Component automatically when constructed. The data will be available immediately for subclass constructors to use. To access the data use .getData.

method isInstance

static isInstance(obj: any): obj is ComponentResource

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method registerOutputs

protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

ComponentResources can call this at the end of their constructor to indicate that they are done creating child resources. This is not strictly necessary as this will automatically be called after the initialize method completes.

method route

public route(name: string, opts: ComponentResourceOptions): RouteArgs

property internetGateway

public internetGateway: InternetGateway;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpc

public vpc: Vpc;

Resource NatGateway

 implements SubnetRouteProvider

constructor

new NatGateway(name: string, vpc: Vpc, args: NatGatewayArgs, opts?: pulumi.ComponentResourceOptions)

new NatGateway(name: string, vpc: Vpc, args: ExistingNatGatewayArgs, opts?: pulumi.ComponentResourceOptions)

method getData

protected getData(): Promise<TData>

Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method initialize

protected initialize(args: Inputs): Promise<TData>

method isInstance

static isInstance(obj: any): obj is ComponentResource

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method registerOutputs

protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

method route

public route(name: string, opts: ComponentResourceOptions): RouteArgs

property elasticIP

public elasticIP: Eip | undefined;

property natGateway

public natGateway: NatGateway;

property natGatewayName

public natGatewayName: string;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpc

public vpc: Vpc;

Resource SecurityGroup

class SecurityGroup extends ComponentResource

constructor

new SecurityGroup(name: string, args: SecurityGroupArgs, opts: ComponentResourceOptions)

method createEgressRule

public createEgressRule(name: string, args: SimpleSecurityGroupRuleArgs, opts?: pulumi.ComponentResourceOptions): EgressSecurityGroupRule

public createEgressRule(name: string, args: EgressSecurityGroupRuleArgs, opts?: pulumi.ComponentResourceOptions): EgressSecurityGroupRule

method createIngressRule

public createIngressRule(name: string, args: SimpleSecurityGroupRuleArgs, opts?: pulumi.ComponentResourceOptions): IngressSecurityGroupRule

public createIngressRule(name: string, args: IngressSecurityGroupRuleArgs, opts?: pulumi.ComponentResourceOptions): IngressSecurityGroupRule

method fromExistingId

public static fromExistingId(name: string, id: pulumi.Input<string>, args: SecurityGroupArgs, opts: ComponentResourceOptions): SecurityGroup

Get an existing SecurityGroup resource’s state with the given name and ID. This will not cause a SecurityGroup to be created, and removing this SecurityGroup from your pulumi application will not cause the existing cloud resource to be destroyed.

method getData

protected getData(): Promise<TData>

Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method initialize

protected initialize(args: Inputs): Promise<TData>

method isInstance

static isInstance(obj: any): obj is ComponentResource

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method registerOutputs

protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

property egressRules

public egressRules: EgressSecurityGroupRule[] = [];

property id

public id: pulumi.Output<string>;

property ingressRules

public ingressRules: IngressSecurityGroupRule[] = [];

property securityGroup

public securityGroup: SecurityGroup;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpc

public vpc: Vpc;

Resource SecurityGroupRule

class SecurityGroupRule extends ComponentResource

constructor

new SecurityGroupRule(type: string, name: string, securityGroup: SecurityGroup, args: SecurityGroupRuleArgs, opts: ComponentResourceOptions)

method egress

public static egress(name: string, securityGroup: SecurityGroup, destination: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>, opts?: pulumi.ComponentResourceOptions): EgressSecurityGroupRule

method egressArgs

public static egressArgs(destination: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>): EgressSecurityGroupRuleArgs

method getData

protected getData(): Promise<TData>

Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method ingress

public static ingress(name: string, securityGroup: SecurityGroup, source: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>, opts?: pulumi.ComponentResourceOptions): IngressSecurityGroupRule

method ingressArgs

public static ingressArgs(source: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>): IngressSecurityGroupRuleArgs

method initialize

protected initialize(args: Inputs): Promise<TData>

method isInstance

static isInstance(obj: any): obj is ComponentResource

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method registerOutputs

protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

property securityGroup

public securityGroup: SecurityGroup;

property securityGroupRule

public securityGroupRule: SecurityGroupRule;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Subnet

class Subnet extends ComponentResource

constructor

new Subnet(name: string, vpc: Vpc, args: SubnetArgs, opts?: pulumi.ComponentResourceOptions)

new Subnet(name: string, vpc: Vpc, args: ExistingSubnetArgs, opts?: pulumi.ComponentResourceOptions)

method createRoute

public createRoute(name: string, args: RouteArgs, opts?: pulumi.ComponentResourceOptions): void

public createRoute(name: string, provider: SubnetRouteProvider, opts?: pulumi.ComponentResourceOptions): void

method getData

protected getData(): Promise<TData>

Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method initialize

protected initialize(args: Inputs): Promise<TData>

method isInstance

static isInstance(obj: any): obj is ComponentResource

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method registerOutputs

protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

property id

public id: pulumi.Output<string>;

Underlying id for the aws subnet. This should be used over [this.subnet.id] as this Output will only resolve once the route table and all associations are resolved.

property routeTable

public routeTable: RouteTable | undefined;

property routeTableAssociation

public routeTableAssociation: RouteTableAssociation | undefined;

property routes

public routes: Route[] = [];

property subnet

public subnet: Subnet;

property subnetName

public subnetName: string;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpc

public vpc: Vpc;

Resource Vpc

class Vpc extends ComponentResource<VpcData>

accessor internetGateway

public get internetGateway(): Promise<undefined | InternetGateway>;

The internet gateway created to allow traffic to/from the internet to the public subnets. Only available if this was created using [VpcArgs].

accessor isolatedSubnetIds

public get isolatedSubnetIds(): Promise<Output<string>[]>;

Asynchronously retrieves the IDs for the isolated subnets in this Vpc. This will only retrieve data for the subnets specified when the Vpc was created. If subnets were created externally, they will not be included.

accessor isolatedSubnets

public get isolatedSubnets(): Promise<Subnet[]>;

Asynchronously retrieves the isolated subnets in this Vpc. This will only retrieve data for the subnets specified when the Vpc was created. If subnets were created externally, they will not be included.

accessor natGateways

public get natGateways(): Promise<NatGateway[]>;

The nat gateways created to allow private subnets access to the internet. Only available if this was created using [VpcArgs].

accessor privateSubnetIds

public get privateSubnetIds(): Promise<Output<string>[]>;

Asynchronously retrieves the IDs for the private subnets in this Vpc. This will only retrieve data for the subnets specified when the Vpc was created. If subnets were created externally, they will not be included.

accessor privateSubnets

public get privateSubnets(): Promise<Subnet[]>;

Asynchronously retrieves the private subnets in this Vpc. This will only retrieve data for the subnets specified when the Vpc was created. If subnets were created externally, they will not be included.

accessor publicSubnetIds

public get publicSubnetIds(): Promise<Output<string>[]>;

Asynchronously retrieves the IDs for the public subnets in this Vpc. This will only retrieve data for the subnets specified when the Vpc was created. If subnets were created externally, they will not be included.

accessor publicSubnets

public get publicSubnets(): Promise<Subnet[]>;

Asynchronously retrieves the public subnets in this Vpc. This will only retrieve data for the subnets specified when the Vpc was created. If subnets were created externally, they will not be included.

method addInternetGateway

public addInternetGateway(name: string, subnets?: Subnet[], args: InternetGatewayArgs, opts: ComponentResourceOptions): Promise<void>

method addNatGateway

public addNatGateway(name: string, args: NatGatewayArgs, opts: ComponentResourceOptions): Promise<void>

method fromExistingIds

public static fromExistingIds(name: string, idArgs: ExistingVpcIdArgs, opts?: pulumi.ComponentResourceOptions): Vpc

Get an existing Vpc resource’s state with the given name and IDs of its relevant sub-resources. This will not cause a VPC (or any sub-resources) to be created, and removing this Vpc from your pulumi application will not cause the existing cloud resource (or sub-resources) to be destroyed.

method getData

protected getData(): Promise<VpcData>

Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

method getDefault

public static getDefault(opts: InvokeOptions): Vpc

Gets the default vpc for the current aws account and region.

See https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html for more details.

Note: the no-arg version of this call is not recommended. It will acquire the default Vpc for the current region and cache it. Instead, it is recommended that the getDefault(opts) version be used instead with either opts.provider or opts.parent set. This version will properly get the default vpc for the region the provider specifies.

This method will return the same Vpc instance when passed the same provider.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method getSubnets

public getSubnets(type: VpcSubnetType): Promise<Subnet[]>

Asynchronously retrieves the subnets of a particular type in this Vpc. This will only retrieve data for the subnets specified when the Vpc was created. If subnets were created externally, they will not be included.

method getSubnetsIds

public getSubnetsIds(type: VpcSubnetType): Promise<Output<string>[]>

Asynchronously retrieves the IDs for the subnets of a particular type in this Vpc. This will only retrieve data for the subnets specified when the Vpc was created. If subnets were created externally, they will not be included.

method initialize

protected initialize(props: {
    args: any;
    name: string;
    opts: ComponentResourceOptions;
}): Promise<VpcData>

method isInstance

static isInstance(obj: any): obj is ComponentResource

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method registerOutputs

protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

property id

public id: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property vpc

public vpc: pulumi.Output<Vpc>;

Others

class AllTcpPorts

 implements SecurityGroupRulePorts

constructor

new AllTcpPorts()

property fromPort

public fromPort: pulumi.Input<number>;

property protocol

public protocol: "tcp" = "tcp";

property toPort

public toPort?: pulumi.Input<number>;

class AllTraffic

 implements SecurityGroupRulePorts

property fromPort

public fromPort: 0 = 0;

property protocol

public protocol: "-1" = "-1";

property toPort

public toPort: 0 = 0;

class AllUdpPorts

 implements SecurityGroupRulePorts

constructor

new AllUdpPorts()

property fromPort

public fromPort: pulumi.Input<number>;

property protocol

public protocol: "udp" = "udp";

property toPort

public toPort?: pulumi.Input<number>;

class AnyIPv4Location

 implements SecurityGroupRuleLocation

property cidrBlocks

public cidrBlocks: string[] = ["0.0.0.0/0"];

class AnyIPv6Location

 implements SecurityGroupRuleLocation

property ipv6CidrBlocks

public ipv6CidrBlocks: string[] = ["::/0"];

interface AvailabilityZoneDescription

interface AvailabilityZoneDescription

property id

id: string;

property name

name: string;

class Cidr32Block

class Cidr32Block

constructor

new Cidr32Block(startIpAddressInclusive: number, subnetMaskLeading1Bits: number)

Do not call directly. Use the static factory methods to generate a cidr block

method fromCidrNotation

public static fromCidrNotation(cidr: string): Cidr32Block

Returns a cidr block given notation like “a.b.c.d/n”

method nextBlock

public nextBlock(): Cidr32Block

method toString

public toString(): string

property endIpAddressExclusive

public endIpAddressExclusive: number;

property startIpAddressInclusive

public startIpAddressInclusive: number;

property subnetMaskLeading1Bits

public subnetMaskLeading1Bits: number;

type CidrBlock

type CidrBlock = string;

Alias for a cidr block.

function create

create(resource: Resource | undefined, vpcName: string, vpcCidr: string, ipv6CidrBlock: pulumi.Output<string> | undefined, availabilityZones: AvailabilityZoneDescription[], numberOfNatGateways: number, assignGeneratedIpv6CidrBlock: pulumi.Input<boolean>, subnetArgsArray: VpcSubnetArgs[]): VpcTopologyDescription

class EgressSecurityGroupRule

class EgressSecurityGroupRule extends SecurityGroupRule

constructor

new EgressSecurityGroupRule(name: string, securityGroup: SecurityGroup, args: SimpleSecurityGroupRuleArgs | EgressSecurityGroupRuleArgs, opts: ComponentResourceOptions)

method egress

public static egress(name: string, securityGroup: SecurityGroup, destination: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>, opts?: pulumi.ComponentResourceOptions): EgressSecurityGroupRule

method egressArgs

public static egressArgs(destination: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>): EgressSecurityGroupRuleArgs

method getData

protected getData(): Promise<TData>

Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method ingress

public static ingress(name: string, securityGroup: SecurityGroup, source: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>, opts?: pulumi.ComponentResourceOptions): IngressSecurityGroupRule

method ingressArgs

public static ingressArgs(source: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>): IngressSecurityGroupRuleArgs

method initialize

protected initialize(args: Inputs): Promise<TData>

method isInstance

static isInstance(obj: any): obj is ComponentResource

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method registerOutputs

protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

property securityGroup

public securityGroup: SecurityGroup;

property securityGroupRule

public securityGroupRule: SecurityGroupRule;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

interface EgressSecurityGroupRuleArgs

interface EgressSecurityGroupRuleArgs

property cidrBlocks

cidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;

List of CIDR blocks. Cannot be specified with source_security_group_id.

property description

description?: pulumi.Input<string>;

Description of the rule.

property fromPort

fromPort: pulumi.Input<number>;

The start port (or ICMP type number if protocol is “icmp”).

property ipv6CidrBlocks

ipv6CidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;

List of IPv6 CIDR blocks.

property prefixListIds

prefixListIds?: pulumi.Input<pulumi.Input<string>[]>;

List of prefix list IDs (for allowing access to VPC endpoints).

property protocol

protocol: pulumi.Input<string>;

The protocol. If not icmp, tcp, udp, or all use the protocol number

property self

self?: pulumi.Input<boolean>;

If true, the security group itself will be added as a source to this ingress rule.

property sourceSecurityGroupId

sourceSecurityGroupId?: pulumi.Input<string>;

The security group id to allow access to/from, depending on the type. Cannot be specified with cidr_blocks.

property toPort

toPort: pulumi.Input<number>;

The end port (or ICMP code if protocol is “icmp”).

interface ExistingInternetGatewayArgs

interface ExistingInternetGatewayArgs

property internetGateway

internetGateway: InternetGateway;

Optional existing instance to use to make the [awsx.ec2.InternetGateway] out of.

interface ExistingNatGatewayArgs

interface ExistingNatGatewayArgs

property natGateway

natGateway: NatGateway;

interface ExistingSubnetArgs

interface ExistingSubnetArgs

property subnet

subnet: Subnet;

Optional existing instance to use to make the awsx Subnet out of. If this is provided No RouteTable or RouteTableAssociation will be automatically be created.

interface ExistingVpcArgs

interface ExistingVpcArgs

property vpc

vpc: Vpc;

The id of the VPC.

interface ExistingVpcIdArgs

interface ExistingVpcIdArgs

property internetGatewayId

internetGatewayId?: pulumi.Input<string>;

The id of the internet gateway for this VPC

property isolatedSubnetIds

isolatedSubnetIds?: pulumi.Input<string>[];

The isolated subnets for the vpc.

property natGatewayIds

natGatewayIds?: pulumi.Input<string>[];

The ids of the nat gateways for this VPC

property privateSubnetIds

privateSubnetIds?: pulumi.Input<string>[];

The private subnets for the vpc.

property publicSubnetIds

publicSubnetIds?: pulumi.Input<string>[];

The public subnets for the vpc.

property vpcId

vpcId: pulumi.Input<string>;

The id of the VPC.

function getIPv4Address

getIPv4Address(value: number): string

class IcmpPorts

 implements SecurityGroupRulePorts

constructor

new IcmpPorts(fromPort: pulumi.Input<number>, toPort?: pulumi.Input<number>)

property fromPort

public fromPort: pulumi.Input<number>;

property protocol

public protocol: "icmp" = "icmp";

property toPort

public toPort?: pulumi.Input<number>;

class IngressSecurityGroupRule

class IngressSecurityGroupRule extends SecurityGroupRule

constructor

new IngressSecurityGroupRule(name: string, securityGroup: SecurityGroup, args: SimpleSecurityGroupRuleArgs | IngressSecurityGroupRuleArgs, opts: ComponentResourceOptions)

method egress

public static egress(name: string, securityGroup: SecurityGroup, destination: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>, opts?: pulumi.ComponentResourceOptions): EgressSecurityGroupRule

method egressArgs

public static egressArgs(destination: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>): EgressSecurityGroupRuleArgs

method getData

protected getData(): Promise<TData>

Retrieves the data produces by [initialize]. The data is immediately available in a derived class’s constructor after the super(...) call to ComponentResource.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method ingress

public static ingress(name: string, securityGroup: SecurityGroup, source: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>, opts?: pulumi.ComponentResourceOptions): IngressSecurityGroupRule

method ingressArgs

public static ingressArgs(source: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>): IngressSecurityGroupRuleArgs

method initialize

protected initialize(args: Inputs): Promise<TData>

method isInstance

static isInstance(obj: any): obj is ComponentResource

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method registerOutputs

protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void

registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.

property securityGroup

public securityGroup: SecurityGroup;

property securityGroupRule

public securityGroupRule: SecurityGroupRule;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

interface IngressSecurityGroupRuleArgs

interface IngressSecurityGroupRuleArgs

property cidrBlocks

cidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;

List of CIDR blocks. Cannot be specified with source_security_group_id.

property description

description?: pulumi.Input<string>;

Description of the rule.

property fromPort

fromPort: pulumi.Input<number>;

The start port (or ICMP type number if protocol is “icmp”).

property ipv6CidrBlocks

ipv6CidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;

List of IPv6 CIDR blocks.

property protocol

protocol: pulumi.Input<string>;

The protocol. If not icmp, tcp, udp, or all use the protocol number

property self

self?: pulumi.Input<boolean>;

If true, the security group itself will be added as a source to this ingress rule.

property sourceSecurityGroupId

sourceSecurityGroupId?: pulumi.Input<string>;

The security group id to allow access to/from, depending on the type. Cannot be specified with cidr_blocks.

property toPort

toPort: pulumi.Input<number>;

The end port (or ICMP code if protocol is “icmp”).

namespace metrics

function cpuCreditBalance

cpuCreditBalance(change?: Ec2MetricChange): Metric

The number of earned CPU credits that an instance has accrued since it was launched or started. For T2 Standard, the CPUCreditBalance also includes the number of launch credits that have been accrued.

Credits are accrued in the credit balance after they are earned, and removed from the credit balance when they are spent. The credit balance has a maximum limit, determined by the instance size. After the limit is reached, any new credits that are earned are discarded. For T2 Standard, launch credits do not count towards the limit.

The credits in the CPUCreditBalance are available for the instance to spend to burst beyond its baseline CPU utilization.

When an instance is running, credits in the CPUCreditBalance do not expire. When a T3 instance stops, the CPUCreditBalance value persists for seven days. Thereafter, all accrued credits are lost. When a T2 instance stops, the CPUCreditBalance value does not persist, and all accrued credits are lost.

CPU credit metrics are available at a five-minute frequency only.

function cpuCreditUsage

cpuCreditUsage(change?: Ec2MetricChange): Metric

The number of CPU credits spent by the instance for CPU utilization. One CPU credit equals one vCPU running at 100% utilization for one minute or an equivalent combination of vCPUs, utilization, and time (for example, one vCPU running at 50% utilization for two minutes or two vCPUs running at 25% utilization for two minutes).

CPU credit metrics are available at a five-minute frequency only. If you specify a period greater than five minutes, use the Sum statistic instead of the Average statistic.

function cpuSurplusCreditBalance

cpuSurplusCreditBalance(change?: Ec2MetricChange): Metric

The number of surplus credits that have been spent by an unlimited instance when its CPUCreditBalance value is zero.

The CPUSurplusCreditBalance value is paid down by earned CPU credits. If the number of surplus credits exceeds the maximum number of credits that the instance can earn in a 24-hour period, the spent surplus credits above the maximum incur an additional charge.

function cpuSurplusCreditsCharged

cpuSurplusCreditsCharged(change?: Ec2MetricChange): Metric

The number of spent surplus credits that are not paid down by earned CPU credits, and which thus incur an additional charge.

Spent surplus credits are charged when any of the following occurs:

The spent surplus credits exceed the maximum number of credits that the instance can earn in a 24-hour period. Spent surplus credits above the maximum are charged at the end of the hour.
The instance is stopped or terminated.
The instance is switched from unlimited to standard.

function cpuUtilization

cpuUtilization(change?: Ec2MetricChange): Metric

The percentage of allocated EC2 compute units that are currently in use on the instance. This metric identifies the processing power required to run an application upon a selected instance.

Depending on the instance type, tools in your operating system can show a lower percentage than CloudWatch when the instance is not allocated a full processor core.

Units: Percent

function diskReadBytes

diskReadBytes(change?: Ec2MetricChange): Metric

Bytes read from all instance store volumes available to the instance.

This metric is used to determine the volume of the data the application reads from the hard disk of the instance. This can be used to determine the speed of the application.

The number reported is the number of bytes received during the period. If you are using basic (five-minute) monitoring, you can divide this number by 300 to find Bytes/second. If you have detailed (one-minute) monitoring, divide it by 60.

If there are no instance store volumes, either the value is 0 or the metric is not reported.

Units: Bytes

function diskReadOps

diskReadOps(change?: Ec2MetricChange): Metric

Completed read operations from all instance store volumes available to the instance in a specified period of time.

To calculate the average I/O operations per second (IOPS) for the period, divide the total operations in the period by the number of seconds in that period.

If there are no instance store volumes, either the value is 0 or the metric is not reported.

Units: Count

function diskWriteBytes

diskWriteBytes(change?: Ec2MetricChange): Metric

Bytes written to all instance store volumes available to the instance.

This metric is used to determine the volume of the data the application writes onto the hard disk of the instance. This can be used to determine the speed of the application.

If there are no instance store volumes, either the value is 0 or the metric is not reported.

Units: Bytes

function diskWriteOps

diskWriteOps(change?: Ec2MetricChange): Metric

Completed write operations to all instance store volumes available to the instance in a specified period of time.

To calculate the average I/O operations per second (IOPS) for the period, divide the total operations in the period by the number of seconds in that period.

If there are no instance store volumes, either the value is 0 or the metric is not reported.

Units: Count

function ebsByteBalance

ebsByteBalance(change?: Ec2MetricChange): Metric

Available only for the smaller instance sizes. Provides information about the percentage of throughput credits remaining in the burst bucket. This metric is available for basic monitoring only.

Unit: Percent

function ebsIOBalance

ebsIOBalance(change?: Ec2MetricChange): Metric

Available only for the smaller instance sizes. Provides information about the percentage of I/O credits remaining in the burst bucket. This metric is available for basic monitoring only.

Unit: Percent

function ebsReadBytes

ebsReadBytes(change?: Ec2MetricChange): Metric

Bytes read from all EBS volumes attached to the instance in a specified period of time.

The number reported is the number of bytes read during the period. If you are using basic (five-minute) monitoring, you can divide this number by 300 to find Read Bytes/second. If you have detailed (one-minute) monitoring, divide it by 60.

Unit: Bytes

function ebsReadOps

ebsReadOps(change?: Ec2MetricChange): Metric

Completed read operations from all Amazon EBS volumes attached to the instance in a specified period of time.

To calculate the average read I/O operations per second (Read IOPS) for the period, divide the total operations in the period by the number of seconds in that period. If you are using basic (five-minute) monitoring, you can divide this number by 300 to calculate the Read IOPS. If you have detailed (one-minute) monitoring, divide it by 60.

Unit: Count

function ebsWriteBytes

ebsWriteBytes(change?: Ec2MetricChange): Metric

Bytes written to all EBS volumes attached to the instance in a specified period of time.

The number reported is the number of bytes written during the period. If you are using basic (five-minute) monitoring, you can divide this number by 300 to find Write Bytes/second. If you have detailed (one-minute) monitoring, divide it by 60.

Unit: Bytes

function ebsWriteOps

ebsWriteOps(change?: Ec2MetricChange): Metric

Completed write operations to all EBS volumes attached to the instance in a specified period of time.

To calculate the average write I/O operations per second (Write IOPS) for the period, divide the total operations in the period by the number of seconds in that period. If you are using basic (five-minute) monitoring, you can divide this number by 300 to calculate the Write IOPS. If you have detailed (one-minute) monitoring, divide it by 60.

Unit: Count

interface Ec2MetricChange

interface Ec2MetricChange extends MetricChange

property color

color?: pulumi.Input<string>;

The six-digit HTML hex color code to be used for this metric.

Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].

property dimensions

dimensions?: pulumi.Input<Record<string, pulumi.Input<string>>>;

The new dimension for this metric. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be cleared.

property extendedStatistic

extendedStatistic?: pulumi.Input<number>;

The new percentile statistic for the metric associated with the alarm. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default.

property imageId

imageId?: undefined | string;

This dimension filters the data you request for all instances running this Amazon EC2 Amazon Machine Image (AMI). Available for instances with Detailed Monitoring enabled.

property instance

instance?: aws.ec2.Instance;

Optional [Instance] this metric should be filtered down to.

property instanceType

instanceType?: aws.ec2.InstanceType;

This dimension filters the data you request for all instances running with this specified instance type. This helps you categorize your data by the type of instance running. For example, you might compare data from an m1.small instance and an m1.large instance to determine which has the better business value for your application. Available for instances with Detailed Monitoring enabled.

property label

label?: pulumi.Input<string>;

The label to display for this metric in the graph legend. If this is not specified, the metric is given an autogenerated label that distinguishes it from the other metrics in the widget.

Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].

property period

period?: pulumi.Input<number>;

The new period in seconds over which the specified stat is applied. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default (300s).

property statistic

statistic?: pulumi.Input<MetricStatistic>;

The new statistic to apply to the alarm’s associated metric. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default.

property unit

unit?: pulumi.Input<MetricUnit>;

The new unit for this metric. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default.

property visible

visible?: pulumi.Input<boolean>;

Set this to true to have the metric appear in the graph, or false to have it be hidden. The default is true.

Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].

property yAxis

yAxis?: pulumi.Input<"left" | "right">;

Where on the graph to display the y-axis for this metric. The default is left.

Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].

type Ec2MetricName

type Ec2MetricName = "CPUCreditUsage" | "CPUCreditBalance" | "CPUSurplusCreditBalance" | "CPUSurplusCreditsCharged" | "CPUUtilization" | "DiskReadOps" | "DiskWriteOps" | "DiskReadBytes" | "DiskWriteBytes" | "NetworkIn" | "NetworkOut" | "NetworkPacketsIn" | "NetworkPacketsOut" | "StatusCheckFailed" | "StatusCheckFailed_Instance" | "StatusCheckFailed_System" | "EBSReadOps" | "EBSWriteOps" | "EBSReadBytes" | "EBSWriteBytes" | "EBSIOBalance%" | "EBSByteBalance%";

function metric

metric(metricName: Ec2MetricName, change: Ec2MetricChange): Metric

Creates an AWS/EC2 metric with the requested [metricName]. See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/viewing_metrics_with_cloudwatch.html for list of all metric-names.

Note, individual metrics can easily be obtained without supplying the name using the other [metricXXX] functions.

Amazon EC2 sends metrics to Amazon CloudWatch. You can use the AWS Management Console, the AWS CLI, or an API to list the metrics that Amazon EC2 sends to CloudWatch. By default, each data point covers the 5 minutes that follow the start time of activity for the instance. If you’ve enabled detailed monitoring, each data point covers the next minute of activity from the start time.

You can use the following dimensions to refine the metrics returned for your instances.

“AutoScalingGroupName”: This dimension filters the data you request for all instances in a specified capacity group. An Auto Scaling group is a collection of instances you define if you’re using Auto Scaling. This dimension is available only for Amazon EC2 metrics when the instances are in such an Auto Scaling group. Available for instances with Detailed or Basic Monitoring enabled.
“ImageId”: This dimension filters the data you request for all instances running this Amazon EC2 Amazon Machine Image (AMI). Available for instances with Detailed Monitoring enabled.
“InstanceId”: This dimension filters the data you request for the identified instance only. This helps you pinpoint an exact instance from which to monitor data.
“InstanceType”: This dimension filters the data you request for all instances running with this specified instance type. This helps you categorize your data by the type of instance running. For example, you might compare data from an m1.small instance and an m1.large instance to determine which has the better business value for your application. Available for instances with Detailed Monitoring enabled.

function networkIn

networkIn(change?: Ec2MetricChange): Metric

The number of bytes received on all network interfaces by the instance. This metric identifies the volume of incoming network traffic to a single instance.

Units: Bytes

function networkOut

networkOut(change?: Ec2MetricChange): Metric

The number of bytes sent out on all network interfaces by the instance. This metric identifies the volume of outgoing network traffic from a single instance.

The number reported is the number of bytes sent during the period. If you are using basic (five-minute) monitoring, you can divide this number by 300 to find Bytes/second. If you have detailed (one-minute) monitoring, divide it by 60.

Units: Bytes

function networkPacketsIn

networkPacketsIn(change?: Ec2MetricChange): Metric

The number of packets received on all network interfaces by the instance. This metric identifies the volume of incoming traffic in terms of the number of packets on a single instance. This metric is available for basic monitoring only.

Units: Count

Statistics: Minimum, Maximum, Average

function networkPacketsOut

networkPacketsOut(change?: Ec2MetricChange): Metric

The number of packets sent out on all network interfaces by the instance. This metric identifies the volume of outgoing traffic in terms of the number of packets on a single instance. This metric is available for basic monitoring only.

Units: Count

Statistics: Minimum, Maximum, Average

function statusCheckFailed

statusCheckFailed(change?: Ec2MetricChange): Metric

Reports whether the instance has passed both the instance status check and the system status check in the last minute.

This metric can be either 0 (passed) or 1 (failed).

By default, this metric is available at a 1-minute frequency at no charge.

Units: Count

function statusCheckFailed_Instance

statusCheckFailed_Instance(change?: Ec2MetricChange): Metric

Reports whether the instance has passed the instance status check in the last minute.

This metric can be either 0 (passed) or 1 (failed).

By default, this metric is available at a 1-minute frequency at no charge.

Units: Count

function statusCheckFailed_System

statusCheckFailed_System(change?: Ec2MetricChange): Metric

Reports whether the instance has passed the system status check in the last minute.

This metric can be either 0 (passed) or 1 (failed).

By default, this metric is available at a 1-minute frequency at no charge.

Units: Count

interface NatGatewayArgs

interface NatGatewayArgs

property subnet

subnet: SubnetOrId;

The subnet the NatGateway should be placed in.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A mapping of tags to assign to the resource.

interface NatGatewayDescription

interface NatGatewayDescription

property name

name: string;

property publicSubnet

publicSubnet: string;

index of the public subnet that this nat gateway should live in.

interface NatRouteDescription

interface NatRouteDescription

property name

name: string;

property natGateway

natGateway: string;

The name of the nat gateway this private subnet is getting a route to.

property privateSubnet

privateSubnet: string;

The name of the private subnet that is getting the route

interface RouteArgs

interface RouteArgs

The set of arguments for constructing a Route resource.

property destinationCidrBlock

destinationCidrBlock?: pulumi.Input<string>;

The destination CIDR block.

property destinationIpv6CidrBlock

destinationIpv6CidrBlock?: pulumi.Input<string>;

The destination IPv6 CIDR block.

property egressOnlyGatewayId

egressOnlyGatewayId?: pulumi.Input<string>;

Identifier of a VPC Egress Only Internet Gateway.

property gatewayId

gatewayId?: pulumi.Input<string>;

Identifier of a VPC internet gateway or a virtual private gateway.

property instanceId

instanceId?: pulumi.Input<string>;

Identifier of an EC2 instance.

property natGatewayId

natGatewayId?: pulumi.Input<string>;

Identifier of a VPC NAT gateway.

property networkInterfaceId

networkInterfaceId?: pulumi.Input<string>;

Identifier of an EC2 network interface.

property transitGatewayId

transitGatewayId?: pulumi.Input<string>;

Identifier of an EC2 Transit Gateway.

property vpcPeeringConnectionId

vpcPeeringConnectionId?: pulumi.Input<string>;

Identifier of a VPC peering connection.

interface SecurityGroupArgs

interface SecurityGroupArgs

property description

description?: pulumi.Input<string>;

The security group description. Defaults to “Managed by Terraform”. Cannot be “”. NOTE: This field maps to the AWS GroupDescription attribute, for which there is no Update API. If you’d like to classify your security groups in a way that can be updated, use tags.

property egress

egress?: EgressSecurityGroupRuleArgs[];

Can be specified multiple times for each egress rule. Each egress block supports fields documented below.

property ingress

ingress?: IngressSecurityGroupRuleArgs[];

Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below.

property revokeRulesOnDelete

revokeRulesOnDelete?: pulumi.Input<boolean>;

Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false

property securityGroup

securityGroup?: aws.ec2.SecurityGroup;

An existing SecurityGroup to use for this awsx SecurityGroup. If not provided, a default one will be created.

property tags

tags?: pulumi.Input<Tags>;

property vpc

vpc?: Vpc;

The vpc this security group applies to. Or [Vpc.getDefault] if unspecified.

type SecurityGroupOrId

type SecurityGroupOrId = SecurityGroup | pulumi.Input<string>;

interface SecurityGroupRuleArgs

interface SecurityGroupRuleArgs

property cidrBlocks

cidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;

List of CIDR blocks. Cannot be specified with source_security_group_id.

property description

description?: pulumi.Input<string>;

Description of the rule.

property fromPort

fromPort: pulumi.Input<number>;

The start port (or ICMP type number if protocol is “icmp”).

property ipv6CidrBlocks

ipv6CidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;

List of IPv6 CIDR blocks.

property prefixListIds

prefixListIds?: pulumi.Input<pulumi.Input<string>[]>;

List of prefix list IDs (for allowing access to VPC endpoints). Only valid with egress.

property protocol

protocol: pulumi.Input<string>;

The protocol. If not icmp, tcp, udp, or all use the protocol number

property self

self?: pulumi.Input<boolean>;

If true, the security group itself will be added as a source to this ingress rule.

property sourceSecurityGroupId

sourceSecurityGroupId?: pulumi.Input<string>;

The security group id to allow access to/from, depending on the type. Cannot be specified with cidr_blocks.

property toPort

toPort: pulumi.Input<number>;

The end port (or ICMP code if protocol is “icmp”).

property type

type: pulumi.Input<"ingress" | "egress">;

The type of rule being created. Valid options are ingress (inbound) or egress (outbound).

interface SecurityGroupRuleLocation

interface SecurityGroupRuleLocation

property cidrBlocks

cidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;

List of CIDR blocks. Cannot be specified with sourceSecurityGroupId.

property ipv6CidrBlocks

ipv6CidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;

List of IPv6 CIDR blocks.

property sourceSecurityGroupId

sourceSecurityGroupId?: pulumi.Input<string>;

The security group id to allow access to/from, depending on the type. Cannot be specified with cidrblocks.

interface SecurityGroupRulePorts

interface SecurityGroupRulePorts

property fromPort

fromPort: pulumi.Input<number>;

The start port (or ICMP type number if protocol is “icmp”).

property protocol

protocol: pulumi.Input<SecurityGroupRuleProtocol>;

The protocol. If not icmp, tcp, udp, or all use the protocol number

property toPort

toPort?: pulumi.Input<number>;

The end port (or ICMP code if protocol is “icmp”). Defaults to ‘fromPort’ if not specified.

type SecurityGroupRuleProtocol

type SecurityGroupRuleProtocol = "-1" | "tcp" | "udp" | "icmp";

interface SimpleSecurityGroupRuleArgs

interface SimpleSecurityGroupRuleArgs

property description

description?: pulumi.Input<string>;

Optional description for the rule to make it easier to document in the AWS console.

property location

location: SecurityGroupRuleLocation;

The source or destination location of the rule. This allows controlling of the ipv4 or ipv6 cidr blocks for the rule, or the source security group.

There are easy ways to provide ingress or egress to the entirety of the ipv4 or ipv6 space by using the AnyIPv4Location and AnyIPv6Location types.

property ports

ports: SecurityGroupRulePorts;

The ports and protocol this rule allows access to/from. There are easy ways to open anything from a single port, to a wide set of ports, to all ports and all protocols using:

[TcpPorts], [AllTcpPorts], [UdpPorts], [AllUdpPorts], [IcmpPorts], [AllTraffic]

interface SubnetArgs

interface SubnetArgs

property assignIpv6AddressOnCreation

assignIpv6AddressOnCreation?: pulumi.Input<boolean>;

Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Default’s to true if the Vpc this is associated with has assignGeneratedIpv6CidrBlock: true. false otherwise.

property availabilityZone

availabilityZone?: pulumi.Input<string>;

The AZ for the subnet.

property availabilityZoneId

availabilityZoneId?: pulumi.Input<string>;

The AZ ID of the subnet.

property cidrBlock

cidrBlock: pulumi.Input<string>;

The CIDR block for the subnet.

property ignoreChanges

ignoreChanges?: string[];

Ignore changes to any of the specified properties of the Subnet.

property ipv6CidrBlock

ipv6CidrBlock?: pulumi.Input<string>;

The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length.

property mapPublicIpOnLaunch

mapPublicIpOnLaunch?: pulumi.Input<boolean>;

Specify true to indicate that instances launched into the subnet should be assigned a public IP address. Default is false.

property tags

tags?: pulumi.Input<Tags>;

A mapping of tags to assign to the resource.

interface SubnetDescription

interface SubnetDescription

property args

args: SubnetArgs;

property ignoreChanges

ignoreChanges?: string[];

property subnetName

subnetName: string;

property type

type: VpcSubnetType;

type SubnetOrId

type SubnetOrId = Subnet | pulumi.Input<string>;

interface SubnetRouteProvider

interface SubnetRouteProvider

method route

route(name: string, opts: ComponentResourceOptions): RouteArgs

class TcpPorts

 implements SecurityGroupRulePorts

constructor

new TcpPorts(fromPort: pulumi.Input<number>, toPort?: pulumi.Input<number>)

property fromPort

public fromPort: pulumi.Input<number>;

property protocol

public protocol: "tcp" = "tcp";

property toPort

public toPort?: pulumi.Input<number>;

class UdpPorts

 implements SecurityGroupRulePorts

constructor

new UdpPorts(fromPort: pulumi.Input<number>, toPort?: pulumi.Input<number>)

property fromPort

public fromPort: pulumi.Input<number>;

property protocol

public protocol: "udp" = "udp";

property toPort

public toPort?: pulumi.Input<number>;

interface VpcArgs

interface VpcArgs

property assignGeneratedIpv6CidrBlock

assignGeneratedIpv6CidrBlock?: pulumi.Input<boolean>;

Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block. Default is false. If set to true, then subnets created will default to assignIpv6AddressOnCreation: true as well.

property cidrBlock

cidrBlock?: CidrBlock;

The CIDR block for the VPC. Defaults to “10.0.0.0/16” if unspecified.

property enableClassiclink

enableClassiclink?: pulumi.Input<boolean>;

A boolean flag to enable/disable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. See the [ClassicLink documentation][1] for more information. Defaults false.

property enableClassiclinkDnsSupport

enableClassiclinkDnsSupport?: pulumi.Input<boolean>;

A boolean flag to enable/disable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic.

property enableDnsHostnames

enableDnsHostnames?: pulumi.Input<boolean>;

A boolean flag to enable/disable DNS hostnames in the VPC. Defaults to true if unspecified.

property enableDnsSupport

enableDnsSupport?: pulumi.Input<boolean>;

A boolean flag to enable/disable DNS support in the VPC. Defaults true if unspecified.

property instanceTenancy

instanceTenancy?: pulumi.Input<"default" | "dedicated">;

A tenancy option for instances launched into the VPC. Defaults to “default” if unspecified.

property numberOfAvailabilityZones

numberOfAvailabilityZones?;

property numberOfNatGateways

numberOfNatGateways?: undefined | number;

The max number of NAT gateways to create if there are any private subnets created. A NAT gateway enables instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances. A minimum of ‘1’ gateway is needed if an instance is to be allowed connection to the internet.

If this is not set, a nat gateway will be made for each availability zone in the current region. The first public subnet for that availability zone will be the one used to place the nat gateway in. If less gateways are requested than availability zones, then only that many nat gateways will be created.

Private subnets in an availability zone that contains a nat gateway will route through that gateway. Private subnets in an availability zone that does not contain a nat gateway will be routed to the other nat gateways in a round-robin fashion.

See https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html for more details.

Defaults to [numberOfAvailabilityZones].

property requestedAvailabilityZones

requestedAvailabilityZones?: number | "all" | [, string, string] | pulumi.Input<string[]>;

The names of the availability zones to use in the current region. Defaults to 2 if unspecified. Use "all" to use all the availability zones in the current region.

property subnets

subnets?: VpcSubnetArgs[];

The information about what subnets to create per availability zone. Defaults to one public and one private subnet if unspecified.

property tags

tags?: pulumi.Input<Tags>;

A mapping of tags to assign to the resource.

interface VpcSubnetArgs

interface VpcSubnetArgs

Information that controls how each vpc subnet should be created for each availability zone. By default, the Vpc will control actually creating the appropriate subnets in each zone depending on the values specified in this type. This help ensure that each subnet will reside entirely within one Availability Zone and cannot span zones.

For finer control of the locations of the subnets, specify the [location] property for all the subnets.

See https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html for more details.

property assignIpv6AddressOnCreation

assignIpv6AddressOnCreation?: pulumi.Input<boolean>;

Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Defaults to the value of VpcArgs.assignGeneratedIpv6CidrBlock.

property cidrMask

cidrMask?: undefined | number;

The number of leading bits in the Vpc cidrBlock to use to define the cidrBlock for this subnet. By providing masking bits, this can be computed in a way that ensures that each subnet has a distinct block.

If this is not provided, the cidrBlock for the vpc will be appropriately split based on the number of subnets and availability zones there are.

The allowed mask size is between a 28 netmask and 16 netmask. See https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html for more details.

If this property is provided, [location] cannot be provided.

property ignoreChanges

ignoreChanges?: string[];

Ignore changes to any of the specified properties of the Subnet.

property location

location?: CidrBlock | VpcSubnetLocation;

More precise information about the location of this subnet. Can either be a simple CidrBlock (i.e. 10.0.0.0/24), or a richer object describing the CidrBlocks and Availability Zone for the subnet.

If this property is provided, [cidrMask] cannot be provided.

If only a CidrBlock is provided here, then the subnet will be placed in the first availability zone for the region.

If this property is provided for one subnet, it must be provided for all subnets.

property mapPublicIpOnLaunch

mapPublicIpOnLaunch?: pulumi.Input<boolean>;

Specify true to indicate that instances launched into the subnet should be assigned a public IP address. Default’s to true if type is public. false otherwise.

property name

name?: undefined | string;

An optional name to use as part of the subnet name. If not provided, will be set to “public”/“private”/“isolated” depending on the [type] of this subnet. Required if making multiple subnets with the same type.

property tags

tags?: pulumi.Input<Tags>;

property type

type: VpcSubnetType;

The type of subnet to make in each availability zone.

interface VpcSubnetLocation

interface VpcSubnetLocation

property availabilityZone

availabilityZone?: undefined | string;

The AZ for the subnet.

property availabilityZoneId

availabilityZoneId?: undefined | string;

The AZ ID of the subnet.

property cidrBlock

cidrBlock: pulumi.Input<CidrBlock>;

The CIDR block for the subnet.

property ipv6CidrBlock

ipv6CidrBlock?: pulumi.Input<string>;

The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length.

type VpcSubnetType

type VpcSubnetType = "public" | "private" | "isolated";

The type of this subnet.

A “public” subnet will route traffic to an [InternetGateway]. If you specify a public subnet this InternetGateway will be created on your behalf and traffic will be routed accordingly.
A “private” subnet is similar to “public” except that the subnet will not have a route to the [InternetGateway]. Instead, there will be a route entry setup for the NatGateway in that availability zone to the subnet.
Unlike “public” or “private” subnets, an “isolated” subnet has no routing specified at all.