Module classic/ec2
Pulumi EC2 Components
Pulumi’s API’s for simplifying workin with EC2. The API currently primarily provides ways to define and configure a Virtual Private Cloud (VPC), as well as customize the Security Groups around it.
The Default VPC
By default, Amazon will create a ‘Default VPC’ in all regions of your account. You can read more about this Default VPC here. This VPC can be easily acquired in the following manner:
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
const vpc = awsx.ec2.Vpc.getDefault();
Many components in awsx work with a specific VPC (for example, Clusters and LoadBalancers). However, if a specific VPC is not provided, they will use this default VPC instead. This makes it simple to set up infrastructure for the default VPC without having to explicitly provide it all the time.
Custom VPCs
While using the default VPC can be very simple and convenient, it is not always desirable to do so, and it can often be advantageous to define your own VPCs with their own custom topology. Doing this allows more fine grained control over many parts of the network structure including, but not limited to, controlling IP address configuration, as well as ingress/egress security filtering.
When you create a VPC, you must specify a range of IPv4 addresses for the VPC in the form of a Classless Inter-Domain Routing (CIDR) block. If one is not specified then 10.0.0.0/16
will be used by default. This is the primary CIDR block for your VPC. For more information about CIDR notation, see RFC 4632. For example:
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
const vpc = new awsx.ec2.Vpc("custom", {
cidrBlock: "10.0.0.0/16",
// other args
// ...
});
This range will then be partitioned accordingly into the VPC depending on the other arguments provided. The additional arguments that affect this partitioning are subnets
and requestedAvailabilityZones
.
Availability Zones
Availability Zones are distinct locations that are engineered to be isolated from failures in other Availability Zones. By launching instances in separate Availability Zones, you can protect your applications from the failure of a single location
Not providing a list of zones for requestedAvailabilityZones
will default to 2
, but a different value can be specified like so if appropriate for your region:
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
const vpc = new awsx.ec2.Vpc("custom", {
cidrBlock: "10.0.0.0/16",
requestedAvailabilityZones: 3,
});
Each availability zone will get an approximately equal share of the total CIDR address space for the VPC.
Subnets
Subnets allow you partition each availability zone into regions with different levels of access. A public
subnet is one whose traffic is routed to an Internet Gateway (IG). A private
subnet is one that is configured to use a NAT Gateway(NAT) so that it can reach the internet, but which prevents the internet from initiating connections to it. Finally, an isolated
subnet is one that cannot reach the internet either through an IG or with NAT.
By default, if unspecified, a VPC will automatically partition each availability zone into a public
subnet and a private
subnet. i.e. not providing a subnet configuration is equivalent to writing:
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
const vpc = new awsx.ec2.Vpc("custom", {
...
subnets: [{ type: "public" }, { type: "private" }],
});
To specify your own subnet configuration you can do the following:
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
const vpc = new awsx.ec2.Vpc("custom", {
cidrBlock: "10.0.0.0/16",
requestedAvailabilityZones: 3,
subnets: [{ type: "public" }, { type: "private" }, { type: isolated }],
});
There is no restriction on the number of public/private/isolated subnets in an availability zone. For example, it might be useful to have multiple isolated subnets, one for DB instances and another for Redis instances. To facilitate this sort of arrangement, subnets can be named for clarity. i.e.:
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
const vpc = new awsx.ec2.Vpc("custom", {
cidrBlock: "10.0.0.0/16",
requestedAvailabilityZones: 3,
subnets: [
{ type: "public" },
{ type: "private" },
{ type: isolated, name: "db" },
{ type: isolated, name: "redis" }],
});
By default the subnets will divide the CIDR space for each availability zone equally. If this is not desired, a particular size for each zone can be requested by passing in an appropriate netmask value between 16 and 28. See VPC and Subnet Sizing for more details. This value can be provided for specific subnets you know the number of instances you want IP addresses for. Whatever IP addresses are remaining in the availability zone will be split over the subnets that do not provide a defined size.
Gateways
By default any VPC with public
subnets will have an Internet Gateway created for it. All public
subnets will be routable for all IPv4 addresses connections.
To allow connections from private
subnets to the internet, NAT gateways will be created. If not specified, one NAT Gateway will be created for each availability zone. Because the NAT gateway must be in a public
subnet, then NAT gateways will only be created if there is at least one public
subnet. However, less NAT gateways can be requested (i.e. to save on costs). To do that, provide the numberOfNatGateways
property like so:
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
const vpc = new awsx.ec2.Vpc("custom", {
cidrBlock: "10.0.0.0/16",
requestedAvailabilityZones: 3,
numberOfNatGateways: 1,
});
In the case where there is one NAT gateway per availability zone, then routing is very simple. Each private
subnet will have have connections routed through gateway in that availability zone. In the case where there are less NAT gateways than availability zones, then routing works slightly differently. If there are N NAT gateways requested, then the first N availability zones will get a NAT gateway. Routing to private
subnets in those availability zones works as above. However, all remaining availability zones will have their private
subnets routed to in a round-robin fashion from the availability zones with NAT gateways. While this can save money, it also introduces higher risk as failure of one availability zone may impact others.
Security Groups
All traffic in and out of a VPC is controlled by Security Groups. Security groups can control incoming traffic through ingress
rules and outgoing traffic through egress
rules. ingress
and egress
can be customized like so:
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
const vpc = new awsx.ec2.Vpc("custom", {
// ...
});
const sg = new awsx.ec2.SecurityGroup("custom", { vpc });
awsx.ec2.SecurityGroupRule.ingress("https-access", sg,
new awsx.ec2.AnyIPv4Location(),
new awsx.ec2.TcpPorts(443),
"allow https access");
awsx.ec2.SecurityGroupRule.ingress("ssd-access", sg,
new awsx.ec2.AnyIPv4Location(),
new awsx.ec2.TcpPorts(22),
"allow ssh access");
For detailed reference documentation, please visit the API docs.
Resources
Others
- AllTcpPorts
- AllTraffic
- AllUdpPorts
- AnyIPv4Location
- AnyIPv6Location
- AvailabilityZoneDescription
- Cidr32Block
- CidrBlock
- create
- EgressSecurityGroupRule
- EgressSecurityGroupRuleArgs
- ExistingInternetGatewayArgs
- ExistingNatGatewayArgs
- ExistingSubnetArgs
- ExistingVpcArgs
- ExistingVpcIdArgs
- getIPv4Address
- IcmpPorts
- IngressSecurityGroupRule
- IngressSecurityGroupRuleArgs
- metrics
- NatGatewayArgs
- NatGatewayDescription
- NatRouteDescription
- RouteArgs
- SecurityGroupArgs
- SecurityGroupOrId
- SecurityGroupRuleArgs
- SecurityGroupRuleLocation
- SecurityGroupRulePorts
- SecurityGroupRuleProtocol
- SimpleSecurityGroupRuleArgs
- SubnetArgs
- SubnetDescription
- SubnetOrId
- SubnetRouteProvider
- TcpPorts
- UdpPorts
- VpcArgs
- VpcSubnetArgs
- VpcSubnetLocation
- VpcSubnetType
- VpcTopologyDescription
Resources
Resource InternetGateway
implements SubnetRouteProvider
constructor
new InternetGateway(name: string, vpc: Vpc, args: InternetGatewayArgs, opts?: pulumi.ComponentResourceOptions)
new InternetGateway(name: string, vpc: Vpc, args: ExistingInternetGatewayArgs, opts?: pulumi.ComponentResourceOptions)
method getData
protected getData(): Promise<TData>
Retrieves the data produces by [initialize]. The data is immediately available in a
derived class’s constructor after the super(...)
call to ComponentResource
.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method initialize
protected initialize(args: Inputs): Promise<TData>
Can be overridden by a subclass to asynchronously initialize data for this Component
automatically when constructed. The data will be available immediately for subclass
constructors to use. To access the data use .getData
.
method isInstance
static isInstance(obj: any): obj is ComponentResource
Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
method registerOutputs
protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void
registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.
ComponentResources can call this at the end of their constructor to indicate that they are
done creating child resources. This is not strictly necessary as this will automatically be
called after the initialize
method completes.
method route
public route(name: string, opts: ComponentResourceOptions): RouteArgs
property internetGateway
public internetGateway: InternetGateway;
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property vpc
public vpc: Vpc;
Resource NatGateway
implements SubnetRouteProvider
constructor
new NatGateway(name: string, vpc: Vpc, args: NatGatewayArgs, opts?: pulumi.ComponentResourceOptions)
new NatGateway(name: string, vpc: Vpc, args: ExistingNatGatewayArgs, opts?: pulumi.ComponentResourceOptions)
method getData
protected getData(): Promise<TData>
Retrieves the data produces by [initialize]. The data is immediately available in a
derived class’s constructor after the super(...)
call to ComponentResource
.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method initialize
protected initialize(args: Inputs): Promise<TData>
Can be overridden by a subclass to asynchronously initialize data for this Component
automatically when constructed. The data will be available immediately for subclass
constructors to use. To access the data use .getData
.
method isInstance
static isInstance(obj: any): obj is ComponentResource
Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
method registerOutputs
protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void
registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.
ComponentResources can call this at the end of their constructor to indicate that they are
done creating child resources. This is not strictly necessary as this will automatically be
called after the initialize
method completes.
method route
public route(name: string, opts: ComponentResourceOptions): RouteArgs
property elasticIP
public elasticIP: Eip | undefined;
property natGateway
public natGateway: NatGateway;
property natGatewayName
public natGatewayName: string;
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property vpc
public vpc: Vpc;
Resource SecurityGroup
class SecurityGroup extends ComponentResource
constructor
new SecurityGroup(name: string, args: SecurityGroupArgs, opts: ComponentResourceOptions)
method createEgressRule
public createEgressRule(name: string, args: SimpleSecurityGroupRuleArgs, opts?: pulumi.ComponentResourceOptions): EgressSecurityGroupRule
public createEgressRule(name: string, args: EgressSecurityGroupRuleArgs, opts?: pulumi.ComponentResourceOptions): EgressSecurityGroupRule
method createIngressRule
public createIngressRule(name: string, args: SimpleSecurityGroupRuleArgs, opts?: pulumi.ComponentResourceOptions): IngressSecurityGroupRule
public createIngressRule(name: string, args: IngressSecurityGroupRuleArgs, opts?: pulumi.ComponentResourceOptions): IngressSecurityGroupRule
method fromExistingId
public static fromExistingId(name: string, id: pulumi.Input<string>, args: SecurityGroupArgs, opts: ComponentResourceOptions): SecurityGroup
Get an existing SecurityGroup resource’s state with the given name and ID. This will not cause a SecurityGroup to be created, and removing this SecurityGroup from your pulumi application will not cause the existing cloud resource to be destroyed.
method getData
protected getData(): Promise<TData>
Retrieves the data produces by [initialize]. The data is immediately available in a
derived class’s constructor after the super(...)
call to ComponentResource
.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method initialize
protected initialize(args: Inputs): Promise<TData>
Can be overridden by a subclass to asynchronously initialize data for this Component
automatically when constructed. The data will be available immediately for subclass
constructors to use. To access the data use .getData
.
method isInstance
static isInstance(obj: any): obj is ComponentResource
Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
method registerOutputs
protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void
registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.
ComponentResources can call this at the end of their constructor to indicate that they are
done creating child resources. This is not strictly necessary as this will automatically be
called after the initialize
method completes.
property egressRules
public egressRules: EgressSecurityGroupRule[] = [];
property id
public id: pulumi.Output<string>;
property ingressRules
public ingressRules: IngressSecurityGroupRule[] = [];
property securityGroup
public securityGroup: SecurityGroup;
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property vpc
public vpc: Vpc;
Resource SecurityGroupRule
class SecurityGroupRule extends ComponentResource
constructor
new SecurityGroupRule(type: string, name: string, securityGroup: SecurityGroup, args: SecurityGroupRuleArgs, opts: ComponentResourceOptions)
method egress
public static egress(name: string, securityGroup: SecurityGroup, destination: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>, opts?: pulumi.ComponentResourceOptions): EgressSecurityGroupRule
method egressArgs
public static egressArgs(destination: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>): EgressSecurityGroupRuleArgs
method getData
protected getData(): Promise<TData>
Retrieves the data produces by [initialize]. The data is immediately available in a
derived class’s constructor after the super(...)
call to ComponentResource
.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method ingress
public static ingress(name: string, securityGroup: SecurityGroup, source: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>, opts?: pulumi.ComponentResourceOptions): IngressSecurityGroupRule
method ingressArgs
public static ingressArgs(source: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>): IngressSecurityGroupRuleArgs
method initialize
protected initialize(args: Inputs): Promise<TData>
Can be overridden by a subclass to asynchronously initialize data for this Component
automatically when constructed. The data will be available immediately for subclass
constructors to use. To access the data use .getData
.
method isInstance
static isInstance(obj: any): obj is ComponentResource
Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
method registerOutputs
protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void
registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.
ComponentResources can call this at the end of their constructor to indicate that they are
done creating child resources. This is not strictly necessary as this will automatically be
called after the initialize
method completes.
property securityGroup
public securityGroup: SecurityGroup;
property securityGroupRule
public securityGroupRule: SecurityGroupRule;
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
Resource Subnet
class Subnet extends ComponentResource
constructor
new Subnet(name: string, vpc: Vpc, args: SubnetArgs, opts?: pulumi.ComponentResourceOptions)
new Subnet(name: string, vpc: Vpc, args: ExistingSubnetArgs, opts?: pulumi.ComponentResourceOptions)
method createRoute
public createRoute(name: string, args: RouteArgs, opts?: pulumi.ComponentResourceOptions): void
public createRoute(name: string, provider: SubnetRouteProvider, opts?: pulumi.ComponentResourceOptions): void
method getData
protected getData(): Promise<TData>
Retrieves the data produces by [initialize]. The data is immediately available in a
derived class’s constructor after the super(...)
call to ComponentResource
.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method initialize
protected initialize(args: Inputs): Promise<TData>
Can be overridden by a subclass to asynchronously initialize data for this Component
automatically when constructed. The data will be available immediately for subclass
constructors to use. To access the data use .getData
.
method isInstance
static isInstance(obj: any): obj is ComponentResource
Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
method registerOutputs
protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void
registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.
ComponentResources can call this at the end of their constructor to indicate that they are
done creating child resources. This is not strictly necessary as this will automatically be
called after the initialize
method completes.
property id
public id: pulumi.Output<string>;
Underlying id for the aws subnet. This should be used over [this.subnet.id] as this Output will only resolve once the route table and all associations are resolved.
property routeTable
public routeTable: RouteTable | undefined;
property routeTableAssociation
public routeTableAssociation: RouteTableAssociation | undefined;
property routes
public routes: Route[] = [];
property subnet
public subnet: Subnet;
property subnetName
public subnetName: string;
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property vpc
public vpc: Vpc;
Resource Vpc
class Vpc extends ComponentResource<VpcData>
accessor internetGateway
public get internetGateway(): Promise<undefined | InternetGateway>;
The internet gateway created to allow traffic to/from the internet to the public subnets. Only available if this was created using [VpcArgs].
accessor isolatedSubnetIds
public get isolatedSubnetIds(): Promise<Output<string>[]>;
Asynchronously retrieves the IDs for the isolated subnets in this Vpc. This will only retrieve data for the subnets specified when the Vpc was created. If subnets were created externally, they will not be included.
accessor isolatedSubnets
public get isolatedSubnets(): Promise<Subnet[]>;
Asynchronously retrieves the isolated subnets in this Vpc. This will only retrieve data for the subnets specified when the Vpc was created. If subnets were created externally, they will not be included.
accessor natGateways
public get natGateways(): Promise<NatGateway[]>;
The nat gateways created to allow private subnets access to the internet. Only available if this was created using [VpcArgs].
accessor privateSubnetIds
public get privateSubnetIds(): Promise<Output<string>[]>;
Asynchronously retrieves the IDs for the private subnets in this Vpc. This will only retrieve data for the subnets specified when the Vpc was created. If subnets were created externally, they will not be included.
accessor privateSubnets
public get privateSubnets(): Promise<Subnet[]>;
Asynchronously retrieves the private subnets in this Vpc. This will only retrieve data for the subnets specified when the Vpc was created. If subnets were created externally, they will not be included.
accessor publicSubnetIds
public get publicSubnetIds(): Promise<Output<string>[]>;
Asynchronously retrieves the IDs for the public subnets in this Vpc. This will only retrieve data for the subnets specified when the Vpc was created. If subnets were created externally, they will not be included.
accessor publicSubnets
public get publicSubnets(): Promise<Subnet[]>;
Asynchronously retrieves the public subnets in this Vpc. This will only retrieve data for the subnets specified when the Vpc was created. If subnets were created externally, they will not be included.
method addInternetGateway
public addInternetGateway(name: string, subnets?: Subnet[], args: InternetGatewayArgs, opts: ComponentResourceOptions): Promise<void>
method addNatGateway
public addNatGateway(name: string, args: NatGatewayArgs, opts: ComponentResourceOptions): Promise<void>
method fromExistingIds
public static fromExistingIds(name: string, idArgs: ExistingVpcIdArgs, opts?: pulumi.ComponentResourceOptions): Vpc
Get an existing Vpc resource’s state with the given name and IDs of its relevant sub-resources. This will not cause a VPC (or any sub-resources) to be created, and removing this Vpc from your pulumi application will not cause the existing cloud resource (or sub-resources) to be destroyed.
method getData
protected getData(): Promise<VpcData>
Retrieves the data produces by [initialize]. The data is immediately available in a
derived class’s constructor after the super(...)
call to ComponentResource
.
method getDefault
public static getDefault(opts: InvokeOptions): Vpc
Gets the default vpc for the current aws account and region.
See https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html for more details.
Note: the no-arg version of this call is not recommended. It will acquire the default Vpc
for the current region and cache it. Instead, it is recommended that the getDefault(opts)
version be used instead with either opts.provider
or opts.parent
set. This version will
properly get the default vpc for the region the provider specifies.
This method will return the same Vpc instance when passed the same provider
.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method getSubnets
public getSubnets(type: VpcSubnetType): Promise<Subnet[]>
Asynchronously retrieves the subnets of a particular type in this Vpc. This will only retrieve data for the subnets specified when the Vpc was created. If subnets were created externally, they will not be included.
method getSubnetsIds
public getSubnetsIds(type: VpcSubnetType): Promise<Output<string>[]>
Asynchronously retrieves the IDs for the subnets of a particular type in this Vpc. This will only retrieve data for the subnets specified when the Vpc was created. If subnets were created externally, they will not be included.
method initialize
protected initialize(props: {
args: any;
name: string;
opts: ComponentResourceOptions;
}): Promise<VpcData>
method isInstance
static isInstance(obj: any): obj is ComponentResource
Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
method registerOutputs
protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void
registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.
ComponentResources can call this at the end of their constructor to indicate that they are
done creating child resources. This is not strictly necessary as this will automatically be
called after the initialize
method completes.
property id
public id: pulumi.Output<string>;
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property vpc
public vpc: pulumi.Output<Vpc>;
Others
class AllTcpPorts
implements SecurityGroupRulePorts
constructor
new AllTcpPorts()
property fromPort
public fromPort: pulumi.Input<number>;
property protocol
public protocol: "tcp" = "tcp";
property toPort
public toPort?: pulumi.Input<number>;
class AllTraffic
implements SecurityGroupRulePorts
property fromPort
public fromPort: 0 = 0;
property protocol
public protocol: "-1" = "-1";
property toPort
public toPort: 0 = 0;
class AllUdpPorts
implements SecurityGroupRulePorts
constructor
new AllUdpPorts()
property fromPort
public fromPort: pulumi.Input<number>;
property protocol
public protocol: "udp" = "udp";
property toPort
public toPort?: pulumi.Input<number>;
class AnyIPv4Location
implements SecurityGroupRuleLocation
property cidrBlocks
public cidrBlocks: string[] = ["0.0.0.0/0"];
class AnyIPv6Location
implements SecurityGroupRuleLocation
property ipv6CidrBlocks
public ipv6CidrBlocks: string[] = ["::/0"];
interface AvailabilityZoneDescription
interface AvailabilityZoneDescription
property id
id: string;
property name
name: string;
class Cidr32Block
class Cidr32Block
constructor
new Cidr32Block(startIpAddressInclusive: number, subnetMaskLeading1Bits: number)
Do not call directly. Use the static factory methods to generate a cidr block
method fromCidrNotation
public static fromCidrNotation(cidr: string): Cidr32Block
Returns a cidr block given notation like “a.b.c.d/n”
method nextBlock
public nextBlock(): Cidr32Block
method toString
public toString(): string
property endIpAddressExclusive
public endIpAddressExclusive: number;
property startIpAddressInclusive
public startIpAddressInclusive: number;
property subnetMaskLeading1Bits
public subnetMaskLeading1Bits: number;
type CidrBlock
type CidrBlock = string;
Alias for a cidr block.
function create
create(resource: Resource | undefined, vpcName: string, vpcCidr: string, ipv6CidrBlock: pulumi.Output<string> | undefined, availabilityZones: AvailabilityZoneDescription[], numberOfNatGateways: number, assignGeneratedIpv6CidrBlock: pulumi.Input<boolean>, subnetArgsArray: VpcSubnetArgs[]): VpcTopologyDescription
class EgressSecurityGroupRule
class EgressSecurityGroupRule extends SecurityGroupRule
constructor
new EgressSecurityGroupRule(name: string, securityGroup: SecurityGroup, args: SimpleSecurityGroupRuleArgs | EgressSecurityGroupRuleArgs, opts: ComponentResourceOptions)
method egress
public static egress(name: string, securityGroup: SecurityGroup, destination: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>, opts?: pulumi.ComponentResourceOptions): EgressSecurityGroupRule
method egressArgs
public static egressArgs(destination: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>): EgressSecurityGroupRuleArgs
method getData
protected getData(): Promise<TData>
Retrieves the data produces by [initialize]. The data is immediately available in a
derived class’s constructor after the super(...)
call to ComponentResource
.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method ingress
public static ingress(name: string, securityGroup: SecurityGroup, source: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>, opts?: pulumi.ComponentResourceOptions): IngressSecurityGroupRule
method ingressArgs
public static ingressArgs(source: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>): IngressSecurityGroupRuleArgs
method initialize
protected initialize(args: Inputs): Promise<TData>
Can be overridden by a subclass to asynchronously initialize data for this Component
automatically when constructed. The data will be available immediately for subclass
constructors to use. To access the data use .getData
.
method isInstance
static isInstance(obj: any): obj is ComponentResource
Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
method registerOutputs
protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void
registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.
ComponentResources can call this at the end of their constructor to indicate that they are
done creating child resources. This is not strictly necessary as this will automatically be
called after the initialize
method completes.
property securityGroup
public securityGroup: SecurityGroup;
property securityGroupRule
public securityGroupRule: SecurityGroupRule;
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
interface EgressSecurityGroupRuleArgs
interface EgressSecurityGroupRuleArgs
property cidrBlocks
cidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;
List of CIDR blocks. Cannot be specified with source_security_group_id
.
property description
description?: pulumi.Input<string>;
Description of the rule.
property fromPort
fromPort: pulumi.Input<number>;
The start port (or ICMP type number if protocol is “icmp”).
property ipv6CidrBlocks
ipv6CidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;
List of IPv6 CIDR blocks.
property prefixListIds
prefixListIds?: pulumi.Input<pulumi.Input<string>[]>;
List of prefix list IDs (for allowing access to VPC endpoints).
property protocol
protocol: pulumi.Input<string>;
The protocol. If not icmp, tcp, udp, or all use the protocol number
property self
self?: pulumi.Input<boolean>;
If true, the security group itself will be added as a source to this ingress rule.
property sourceSecurityGroupId
sourceSecurityGroupId?: pulumi.Input<string>;
The security group id to allow access to/from,
depending on the type
. Cannot be specified with cidr_blocks
.
property toPort
toPort: pulumi.Input<number>;
The end port (or ICMP code if protocol is “icmp”).
interface ExistingInternetGatewayArgs
interface ExistingInternetGatewayArgs
property internetGateway
internetGateway: InternetGateway;
Optional existing instance to use to make the [awsx.ec2.InternetGateway] out of.
interface ExistingNatGatewayArgs
interface ExistingNatGatewayArgs
property natGateway
natGateway: NatGateway;
interface ExistingSubnetArgs
interface ExistingSubnetArgs
property subnet
subnet: Subnet;
Optional existing instance to use to make the awsx Subnet out of. If this is provided No RouteTable or RouteTableAssociation will be automatically be created.
interface ExistingVpcArgs
interface ExistingVpcArgs
property vpc
vpc: Vpc;
The id of the VPC.
interface ExistingVpcIdArgs
interface ExistingVpcIdArgs
property internetGatewayId
internetGatewayId?: pulumi.Input<string>;
The id of the internet gateway for this VPC
property isolatedSubnetIds
isolatedSubnetIds?: pulumi.Input<string>[];
The isolated subnets for the vpc.
property natGatewayIds
natGatewayIds?: pulumi.Input<string>[];
The ids of the nat gateways for this VPC
property privateSubnetIds
privateSubnetIds?: pulumi.Input<string>[];
The private subnets for the vpc.
property publicSubnetIds
publicSubnetIds?: pulumi.Input<string>[];
The public subnets for the vpc.
property vpcId
vpcId: pulumi.Input<string>;
The id of the VPC.
function getIPv4Address
getIPv4Address(value: number): string
class IcmpPorts
implements SecurityGroupRulePorts
constructor
new IcmpPorts(fromPort: pulumi.Input<number>, toPort?: pulumi.Input<number>)
property fromPort
public fromPort: pulumi.Input<number>;
property protocol
public protocol: "icmp" = "icmp";
property toPort
public toPort?: pulumi.Input<number>;
class IngressSecurityGroupRule
class IngressSecurityGroupRule extends SecurityGroupRule
constructor
new IngressSecurityGroupRule(name: string, securityGroup: SecurityGroup, args: SimpleSecurityGroupRuleArgs | IngressSecurityGroupRuleArgs, opts: ComponentResourceOptions)
method egress
public static egress(name: string, securityGroup: SecurityGroup, destination: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>, opts?: pulumi.ComponentResourceOptions): EgressSecurityGroupRule
method egressArgs
public static egressArgs(destination: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>): EgressSecurityGroupRuleArgs
method getData
protected getData(): Promise<TData>
Retrieves the data produces by [initialize]. The data is immediately available in a
derived class’s constructor after the super(...)
call to ComponentResource
.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefined
method ingress
public static ingress(name: string, securityGroup: SecurityGroup, source: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>, opts?: pulumi.ComponentResourceOptions): IngressSecurityGroupRule
method ingressArgs
public static ingressArgs(source: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>): IngressSecurityGroupRuleArgs
method initialize
protected initialize(args: Inputs): Promise<TData>
Can be overridden by a subclass to asynchronously initialize data for this Component
automatically when constructed. The data will be available immediately for subclass
constructors to use. To access the data use .getData
.
method isInstance
static isInstance(obj: any): obj is ComponentResource
Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
method registerOutputs
protected registerOutputs(outputs?: Inputs | Promise<Inputs> | Output<Inputs>): void
registerOutputs registers synthetic outputs that a component has initialized, usually by allocating other child sub-resources and propagating their resulting property values.
ComponentResources can call this at the end of their constructor to indicate that they are
done creating child resources. This is not strictly necessary as this will automatically be
called after the initialize
method completes.
property securityGroup
public securityGroup: SecurityGroup;
property securityGroupRule
public securityGroupRule: SecurityGroupRule;
property urn
urn: Output<URN>;
urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
interface IngressSecurityGroupRuleArgs
interface IngressSecurityGroupRuleArgs
property cidrBlocks
cidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;
List of CIDR blocks. Cannot be specified with source_security_group_id
.
property description
description?: pulumi.Input<string>;
Description of the rule.
property fromPort
fromPort: pulumi.Input<number>;
The start port (or ICMP type number if protocol is “icmp”).
property ipv6CidrBlocks
ipv6CidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;
List of IPv6 CIDR blocks.
property protocol
protocol: pulumi.Input<string>;
The protocol. If not icmp, tcp, udp, or all use the protocol number
property self
self?: pulumi.Input<boolean>;
If true, the security group itself will be added as a source to this ingress rule.
property sourceSecurityGroupId
sourceSecurityGroupId?: pulumi.Input<string>;
The security group id to allow access to/from,
depending on the type
. Cannot be specified with cidr_blocks
.
property toPort
toPort: pulumi.Input<number>;
The end port (or ICMP code if protocol is “icmp”).
namespace metrics
function cpuCreditBalance
cpuCreditBalance(change?: Ec2MetricChange): Metric
The number of earned CPU credits that an instance has accrued since it was launched or started. For T2 Standard, the CPUCreditBalance also includes the number of launch credits that have been accrued.
Credits are accrued in the credit balance after they are earned, and removed from the credit balance when they are spent. The credit balance has a maximum limit, determined by the instance size. After the limit is reached, any new credits that are earned are discarded. For T2 Standard, launch credits do not count towards the limit.
The credits in the CPUCreditBalance are available for the instance to spend to burst beyond its baseline CPU utilization.
When an instance is running, credits in the CPUCreditBalance do not expire. When a T3 instance stops, the CPUCreditBalance value persists for seven days. Thereafter, all accrued credits are lost. When a T2 instance stops, the CPUCreditBalance value does not persist, and all accrued credits are lost.
CPU credit metrics are available at a five-minute frequency only.
function cpuCreditUsage
cpuCreditUsage(change?: Ec2MetricChange): Metric
The number of CPU credits spent by the instance for CPU utilization. One CPU credit equals one vCPU running at 100% utilization for one minute or an equivalent combination of vCPUs, utilization, and time (for example, one vCPU running at 50% utilization for two minutes or two vCPUs running at 25% utilization for two minutes).
CPU credit metrics are available at a five-minute frequency only. If you specify a period greater than five minutes, use the Sum statistic instead of the Average statistic.
function cpuSurplusCreditBalance
cpuSurplusCreditBalance(change?: Ec2MetricChange): Metric
The number of surplus credits that have been spent by an unlimited instance when its CPUCreditBalance value is zero.
The CPUSurplusCreditBalance value is paid down by earned CPU credits. If the number of surplus credits exceeds the maximum number of credits that the instance can earn in a 24-hour period, the spent surplus credits above the maximum incur an additional charge.
function cpuSurplusCreditsCharged
cpuSurplusCreditsCharged(change?: Ec2MetricChange): Metric
The number of spent surplus credits that are not paid down by earned CPU credits, and which thus incur an additional charge.
Spent surplus credits are charged when any of the following occurs:
- The spent surplus credits exceed the maximum number of credits that the instance can earn in a 24-hour period. Spent surplus credits above the maximum are charged at the end of the hour.
- The instance is stopped or terminated.
- The instance is switched from unlimited to standard.
function cpuUtilization
cpuUtilization(change?: Ec2MetricChange): Metric
The percentage of allocated EC2 compute units that are currently in use on the instance. This metric identifies the processing power required to run an application upon a selected instance.
Depending on the instance type, tools in your operating system can show a lower percentage than CloudWatch when the instance is not allocated a full processor core.
Units: Percent
function diskReadBytes
diskReadBytes(change?: Ec2MetricChange): Metric
Bytes read from all instance store volumes available to the instance.
This metric is used to determine the volume of the data the application reads from the hard disk of the instance. This can be used to determine the speed of the application.
The number reported is the number of bytes received during the period. If you are using basic (five-minute) monitoring, you can divide this number by 300 to find Bytes/second. If you have detailed (one-minute) monitoring, divide it by 60.
If there are no instance store volumes, either the value is 0 or the metric is not reported.
Units: Bytes
function diskReadOps
diskReadOps(change?: Ec2MetricChange): Metric
Completed read operations from all instance store volumes available to the instance in a specified period of time.
To calculate the average I/O operations per second (IOPS) for the period, divide the total operations in the period by the number of seconds in that period.
If there are no instance store volumes, either the value is 0 or the metric is not reported.
Units: Count
function diskWriteBytes
diskWriteBytes(change?: Ec2MetricChange): Metric
Bytes written to all instance store volumes available to the instance.
This metric is used to determine the volume of the data the application writes onto the hard disk of the instance. This can be used to determine the speed of the application.
The number reported is the number of bytes received during the period. If you are using basic (five-minute) monitoring, you can divide this number by 300 to find Bytes/second. If you have detailed (one-minute) monitoring, divide it by 60.
If there are no instance store volumes, either the value is 0 or the metric is not reported.
Units: Bytes
function diskWriteOps
diskWriteOps(change?: Ec2MetricChange): Metric
Completed write operations to all instance store volumes available to the instance in a specified period of time.
To calculate the average I/O operations per second (IOPS) for the period, divide the total operations in the period by the number of seconds in that period.
If there are no instance store volumes, either the value is 0 or the metric is not reported.
Units: Count
function ebsByteBalance
ebsByteBalance(change?: Ec2MetricChange): Metric
Available only for the smaller instance sizes. Provides information about the percentage of throughput credits remaining in the burst bucket. This metric is available for basic monitoring only.
Unit: Percent
function ebsIOBalance
ebsIOBalance(change?: Ec2MetricChange): Metric
Available only for the smaller instance sizes. Provides information about the percentage of I/O credits remaining in the burst bucket. This metric is available for basic monitoring only.
Unit: Percent
function ebsReadBytes
ebsReadBytes(change?: Ec2MetricChange): Metric
Bytes read from all EBS volumes attached to the instance in a specified period of time.
The number reported is the number of bytes read during the period. If you are using basic (five-minute) monitoring, you can divide this number by 300 to find Read Bytes/second. If you have detailed (one-minute) monitoring, divide it by 60.
Unit: Bytes
function ebsReadOps
ebsReadOps(change?: Ec2MetricChange): Metric
Completed read operations from all Amazon EBS volumes attached to the instance in a specified period of time.
To calculate the average read I/O operations per second (Read IOPS) for the period, divide the total operations in the period by the number of seconds in that period. If you are using basic (five-minute) monitoring, you can divide this number by 300 to calculate the Read IOPS. If you have detailed (one-minute) monitoring, divide it by 60.
Unit: Count
function ebsWriteBytes
ebsWriteBytes(change?: Ec2MetricChange): Metric
Bytes written to all EBS volumes attached to the instance in a specified period of time.
The number reported is the number of bytes written during the period. If you are using basic (five-minute) monitoring, you can divide this number by 300 to find Write Bytes/second. If you have detailed (one-minute) monitoring, divide it by 60.
Unit: Bytes
function ebsWriteOps
ebsWriteOps(change?: Ec2MetricChange): Metric
Completed write operations to all EBS volumes attached to the instance in a specified period of time.
To calculate the average write I/O operations per second (Write IOPS) for the period, divide the total operations in the period by the number of seconds in that period. If you are using basic (five-minute) monitoring, you can divide this number by 300 to calculate the Write IOPS. If you have detailed (one-minute) monitoring, divide it by 60.
Unit: Count
interface Ec2MetricChange
interface Ec2MetricChange extends MetricChange
property color
color?: pulumi.Input<string>;
The six-digit HTML hex color code to be used for this metric.
Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].
property dimensions
dimensions?: pulumi.Input<Record<string, pulumi.Input<string>>>;
The new dimension for this metric. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be cleared.
property extendedStatistic
extendedStatistic?: pulumi.Input<number>;
The new percentile statistic for the metric associated with the alarm. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default.
property imageId
imageId?: undefined | string;
This dimension filters the data you request for all instances running this Amazon EC2 Amazon Machine Image (AMI). Available for instances with Detailed Monitoring enabled.
property instance
instance?: aws.ec2.Instance;
Optional [Instance] this metric should be filtered down to.
property instanceType
instanceType?: aws.ec2.InstanceType;
This dimension filters the data you request for all instances running with this specified instance type. This helps you categorize your data by the type of instance running. For example, you might compare data from an m1.small instance and an m1.large instance to determine which has the better business value for your application. Available for instances with Detailed Monitoring enabled.
property label
label?: pulumi.Input<string>;
The label to display for this metric in the graph legend. If this is not specified, the metric is given an autogenerated label that distinguishes it from the other metrics in the widget.
Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].
property period
period?: pulumi.Input<number>;
The new period in seconds over which the specified stat
is applied. If this object is
missing this property, then no change will be made. However, if the property is there by set
to [undefined] then the value will be set to the default (300s).
property statistic
statistic?: pulumi.Input<MetricStatistic>;
The new statistic to apply to the alarm’s associated metric. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default.
property unit
unit?: pulumi.Input<MetricUnit>;
The new unit for this metric. If this object is missing this property, then no change will be made. However, if the property is there by set to [undefined] then the value will be set to the default.
property visible
visible?: pulumi.Input<boolean>;
Set this to true to have the metric appear in the graph, or false to have it be hidden. The default is true.
Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].
property yAxis
yAxis?: pulumi.Input<"left" | "right">;
Where on the graph to display the y-axis for this metric. The default is left.
Only used if this metric is displayed in a [Dashboard] with a [MetricWidget].
type Ec2MetricName
type Ec2MetricName = "CPUCreditUsage" | "CPUCreditBalance" | "CPUSurplusCreditBalance" | "CPUSurplusCreditsCharged" | "CPUUtilization" | "DiskReadOps" | "DiskWriteOps" | "DiskReadBytes" | "DiskWriteBytes" | "NetworkIn" | "NetworkOut" | "NetworkPacketsIn" | "NetworkPacketsOut" | "StatusCheckFailed" | "StatusCheckFailed_Instance" | "StatusCheckFailed_System" | "EBSReadOps" | "EBSWriteOps" | "EBSReadBytes" | "EBSWriteBytes" | "EBSIOBalance%" | "EBSByteBalance%";
function metric
metric(metricName: Ec2MetricName, change: Ec2MetricChange): Metric
Creates an AWS/EC2 metric with the requested [metricName]. See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/viewing_metrics_with_cloudwatch.html for list of all metric-names.
Note, individual metrics can easily be obtained without supplying the name using the other [metricXXX] functions.
Amazon EC2 sends metrics to Amazon CloudWatch. You can use the AWS Management Console, the AWS CLI, or an API to list the metrics that Amazon EC2 sends to CloudWatch. By default, each data point covers the 5 minutes that follow the start time of activity for the instance. If you’ve enabled detailed monitoring, each data point covers the next minute of activity from the start time.
You can use the following dimensions to refine the metrics returned for your instances.
- “AutoScalingGroupName”: This dimension filters the data you request for all instances in a specified capacity group. An Auto Scaling group is a collection of instances you define if you’re using Auto Scaling. This dimension is available only for Amazon EC2 metrics when the instances are in such an Auto Scaling group. Available for instances with Detailed or Basic Monitoring enabled.
- “ImageId”: This dimension filters the data you request for all instances running this Amazon EC2 Amazon Machine Image (AMI). Available for instances with Detailed Monitoring enabled.
- “InstanceId”: This dimension filters the data you request for the identified instance only. This helps you pinpoint an exact instance from which to monitor data.
- “InstanceType”: This dimension filters the data you request for all instances running with this specified instance type. This helps you categorize your data by the type of instance running. For example, you might compare data from an m1.small instance and an m1.large instance to determine which has the better business value for your application. Available for instances with Detailed Monitoring enabled.
function networkIn
networkIn(change?: Ec2MetricChange): Metric
The number of bytes received on all network interfaces by the instance. This metric identifies the volume of incoming network traffic to a single instance.
The number reported is the number of bytes received during the period. If you are using basic (five-minute) monitoring, you can divide this number by 300 to find Bytes/second. If you have detailed (one-minute) monitoring, divide it by 60.
Units: Bytes
function networkOut
networkOut(change?: Ec2MetricChange): Metric
The number of bytes sent out on all network interfaces by the instance. This metric identifies the volume of outgoing network traffic from a single instance.
The number reported is the number of bytes sent during the period. If you are using basic (five-minute) monitoring, you can divide this number by 300 to find Bytes/second. If you have detailed (one-minute) monitoring, divide it by 60.
Units: Bytes
function networkPacketsIn
networkPacketsIn(change?: Ec2MetricChange): Metric
The number of packets received on all network interfaces by the instance. This metric identifies the volume of incoming traffic in terms of the number of packets on a single instance. This metric is available for basic monitoring only.
Units: Count
Statistics: Minimum, Maximum, Average
function networkPacketsOut
networkPacketsOut(change?: Ec2MetricChange): Metric
The number of packets sent out on all network interfaces by the instance. This metric identifies the volume of outgoing traffic in terms of the number of packets on a single instance. This metric is available for basic monitoring only.
Units: Count
Statistics: Minimum, Maximum, Average
function statusCheckFailed
statusCheckFailed(change?: Ec2MetricChange): Metric
Reports whether the instance has passed both the instance status check and the system status check in the last minute.
This metric can be either 0 (passed) or 1 (failed).
By default, this metric is available at a 1-minute frequency at no charge.
Units: Count
function statusCheckFailed_Instance
statusCheckFailed_Instance(change?: Ec2MetricChange): Metric
Reports whether the instance has passed the instance status check in the last minute.
This metric can be either 0 (passed) or 1 (failed).
By default, this metric is available at a 1-minute frequency at no charge.
Units: Count
function statusCheckFailed_System
statusCheckFailed_System(change?: Ec2MetricChange): Metric
Reports whether the instance has passed the system status check in the last minute.
This metric can be either 0 (passed) or 1 (failed).
By default, this metric is available at a 1-minute frequency at no charge.
Units: Count
interface NatGatewayArgs
interface NatGatewayArgs
property subnet
subnet: SubnetOrId;
The subnet the NatGateway should be placed in.
property tags
tags?: pulumi.Input<{[key: string]: any}>;
A mapping of tags to assign to the resource.
interface NatGatewayDescription
interface NatGatewayDescription
property name
name: string;
property publicSubnet
publicSubnet: string;
index of the public subnet that this nat gateway should live in.
interface NatRouteDescription
interface NatRouteDescription
property name
name: string;
property natGateway
natGateway: string;
The name of the nat gateway this private subnet is getting a route to.
property privateSubnet
privateSubnet: string;
The name of the private subnet that is getting the route
interface RouteArgs
interface RouteArgs
The set of arguments for constructing a Route resource.
property destinationCidrBlock
destinationCidrBlock?: pulumi.Input<string>;
The destination CIDR block.
property destinationIpv6CidrBlock
destinationIpv6CidrBlock?: pulumi.Input<string>;
The destination IPv6 CIDR block.
property egressOnlyGatewayId
egressOnlyGatewayId?: pulumi.Input<string>;
Identifier of a VPC Egress Only Internet Gateway.
property gatewayId
gatewayId?: pulumi.Input<string>;
Identifier of a VPC internet gateway or a virtual private gateway.
property instanceId
instanceId?: pulumi.Input<string>;
Identifier of an EC2 instance.
property natGatewayId
natGatewayId?: pulumi.Input<string>;
Identifier of a VPC NAT gateway.
property networkInterfaceId
networkInterfaceId?: pulumi.Input<string>;
Identifier of an EC2 network interface.
property transitGatewayId
transitGatewayId?: pulumi.Input<string>;
Identifier of an EC2 Transit Gateway.
property vpcPeeringConnectionId
vpcPeeringConnectionId?: pulumi.Input<string>;
Identifier of a VPC peering connection.
interface SecurityGroupArgs
interface SecurityGroupArgs
property description
description?: pulumi.Input<string>;
The security group description. Defaults to “Managed by Terraform”. Cannot be “”. NOTE:
This field maps to the AWS GroupDescription
attribute, for which there is no Update API. If
you’d like to classify your security groups in a way that can be updated, use tags
.
property egress
egress?: EgressSecurityGroupRuleArgs[];
Can be specified multiple times for each egress rule. Each egress block supports fields documented below.
property ingress
ingress?: IngressSecurityGroupRuleArgs[];
Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below.
property revokeRulesOnDelete
revokeRulesOnDelete?: pulumi.Input<boolean>;
Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules
before deleting the rule itself. This is normally not needed, however certain AWS services
such as Elastic Map Reduce may automatically add required rules to security groups used with
the service, and those rules may contain a cyclic dependency that prevent the security groups
from being destroyed without removing the dependency first. Default false
property securityGroup
securityGroup?: aws.ec2.SecurityGroup;
An existing SecurityGroup to use for this awsx SecurityGroup. If not provided, a default one will be created.
property tags
tags?: pulumi.Input<Tags>;
property vpc
vpc?: Vpc;
The vpc this security group applies to. Or [Vpc.getDefault] if unspecified.
type SecurityGroupOrId
type SecurityGroupOrId = SecurityGroup | pulumi.Input<string>;
interface SecurityGroupRuleArgs
interface SecurityGroupRuleArgs
property cidrBlocks
cidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;
List of CIDR blocks. Cannot be specified with source_security_group_id
.
property description
description?: pulumi.Input<string>;
Description of the rule.
property fromPort
fromPort: pulumi.Input<number>;
The start port (or ICMP type number if protocol is “icmp”).
property ipv6CidrBlocks
ipv6CidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;
List of IPv6 CIDR blocks.
property prefixListIds
prefixListIds?: pulumi.Input<pulumi.Input<string>[]>;
List of prefix list IDs (for allowing access to VPC endpoints). Only valid with egress
.
property protocol
protocol: pulumi.Input<string>;
The protocol. If not icmp, tcp, udp, or all use the protocol number
property self
self?: pulumi.Input<boolean>;
If true, the security group itself will be added as a source to this ingress rule.
property sourceSecurityGroupId
sourceSecurityGroupId?: pulumi.Input<string>;
The security group id to allow access to/from, depending on the type
. Cannot be specified
with cidr_blocks
.
property toPort
toPort: pulumi.Input<number>;
The end port (or ICMP code if protocol is “icmp”).
property type
type: pulumi.Input<"ingress" | "egress">;
The type of rule being created. Valid options are ingress
(inbound)
or egress
(outbound).
interface SecurityGroupRuleLocation
interface SecurityGroupRuleLocation
property cidrBlocks
cidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;
List of CIDR blocks. Cannot be specified with sourceSecurityGroupId
.
property ipv6CidrBlocks
ipv6CidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;
List of IPv6 CIDR blocks.
property sourceSecurityGroupId
sourceSecurityGroupId?: pulumi.Input<string>;
The security group id to allow access to/from, depending on the type
. Cannot be specified
with cidrblocks
.
interface SecurityGroupRulePorts
interface SecurityGroupRulePorts
property fromPort
fromPort: pulumi.Input<number>;
The start port (or ICMP type number if protocol is “icmp”).
property protocol
protocol: pulumi.Input<SecurityGroupRuleProtocol>;
The protocol. If not icmp, tcp, udp, or all use the protocol number
property toPort
toPort?: pulumi.Input<number>;
The end port (or ICMP code if protocol is “icmp”). Defaults to ‘fromPort’ if not specified.
type SecurityGroupRuleProtocol
type SecurityGroupRuleProtocol = "-1" | "tcp" | "udp" | "icmp";
interface SimpleSecurityGroupRuleArgs
interface SimpleSecurityGroupRuleArgs
property description
description?: pulumi.Input<string>;
Optional description for the rule to make it easier to document in the AWS console.
property location
location: SecurityGroupRuleLocation;
The source or destination location of the rule. This allows controlling of the ipv4 or ipv6 cidr blocks for the rule, or the source security group.
There are easy ways to provide ingress or egress to the entirety of the ipv4 or ipv6 space by using the AnyIPv4Location and AnyIPv6Location types.
property ports
ports: SecurityGroupRulePorts;
The ports and protocol this rule allows access to/from. There are easy ways to open anything from a single port, to a wide set of ports, to all ports and all protocols using:
[TcpPorts], [AllTcpPorts], [UdpPorts], [AllUdpPorts], [IcmpPorts], [AllTraffic]
interface SubnetArgs
interface SubnetArgs
property assignIpv6AddressOnCreation
assignIpv6AddressOnCreation?: pulumi.Input<boolean>;
Specify true to indicate that network interfaces created in the specified subnet should be
assigned an IPv6 address. Default’s to true
if the Vpc this is associated with has
assignGeneratedIpv6CidrBlock: true
. false
otherwise.
property availabilityZone
availabilityZone?: pulumi.Input<string>;
The AZ for the subnet.
property availabilityZoneId
availabilityZoneId?: pulumi.Input<string>;
The AZ ID of the subnet.
property cidrBlock
cidrBlock: pulumi.Input<string>;
The CIDR block for the subnet.
property ignoreChanges
ignoreChanges?: string[];
Ignore changes to any of the specified properties of the Subnet.
property ipv6CidrBlock
ipv6CidrBlock?: pulumi.Input<string>;
The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length.
property mapPublicIpOnLaunch
mapPublicIpOnLaunch?: pulumi.Input<boolean>;
Specify true to indicate that instances launched into the subnet should be assigned a public
IP address. Default is false
.
property tags
tags?: pulumi.Input<Tags>;
A mapping of tags to assign to the resource.
interface SubnetDescription
interface SubnetDescription
property args
args: SubnetArgs;
property ignoreChanges
ignoreChanges?: string[];
property subnetName
subnetName: string;
property type
type: VpcSubnetType;
type SubnetOrId
type SubnetOrId = Subnet | pulumi.Input<string>;
interface SubnetRouteProvider
interface SubnetRouteProvider
method route
route(name: string, opts: ComponentResourceOptions): RouteArgs
class TcpPorts
implements SecurityGroupRulePorts
constructor
new TcpPorts(fromPort: pulumi.Input<number>, toPort?: pulumi.Input<number>)
property fromPort
public fromPort: pulumi.Input<number>;
property protocol
public protocol: "tcp" = "tcp";
property toPort
public toPort?: pulumi.Input<number>;
class UdpPorts
implements SecurityGroupRulePorts
constructor
new UdpPorts(fromPort: pulumi.Input<number>, toPort?: pulumi.Input<number>)
property fromPort
public fromPort: pulumi.Input<number>;
property protocol
public protocol: "udp" = "udp";
property toPort
public toPort?: pulumi.Input<number>;
interface VpcArgs
interface VpcArgs
property assignGeneratedIpv6CidrBlock
assignGeneratedIpv6CidrBlock?: pulumi.Input<boolean>;
Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot
specify the range of IP addresses, or the size of the CIDR block. Default is false
. If set
to true
, then subnets created will default to assignIpv6AddressOnCreation: true
as well.
property cidrBlock
cidrBlock?: CidrBlock;
The CIDR block for the VPC. Defaults to “10.0.0.0/16” if unspecified.
property enableClassiclink
enableClassiclink?: pulumi.Input<boolean>;
A boolean flag to enable/disable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. See the [ClassicLink documentation][1] for more information. Defaults false.
property enableClassiclinkDnsSupport
enableClassiclinkDnsSupport?: pulumi.Input<boolean>;
A boolean flag to enable/disable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic.
property enableDnsHostnames
enableDnsHostnames?: pulumi.Input<boolean>;
A boolean flag to enable/disable DNS hostnames in the VPC. Defaults to true if unspecified.
property enableDnsSupport
enableDnsSupport?: pulumi.Input<boolean>;
A boolean flag to enable/disable DNS support in the VPC. Defaults true if unspecified.
property instanceTenancy
instanceTenancy?: pulumi.Input<"default" | "dedicated">;
A tenancy option for instances launched into the VPC. Defaults to “default” if unspecified.
property numberOfAvailabilityZones
numberOfAvailabilityZones?;
property numberOfNatGateways
numberOfNatGateways?: undefined | number;
The max number of NAT gateways to create if there are any private subnets created. A NAT gateway enables instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances. A minimum of ‘1’ gateway is needed if an instance is to be allowed connection to the internet.
If this is not set, a nat gateway will be made for each availability zone in the current region. The first public subnet for that availability zone will be the one used to place the nat gateway in. If less gateways are requested than availability zones, then only that many nat gateways will be created.
Private subnets in an availability zone that contains a nat gateway will route through that gateway. Private subnets in an availability zone that does not contain a nat gateway will be routed to the other nat gateways in a round-robin fashion.
See https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html for more details.
Defaults to [numberOfAvailabilityZones].
property requestedAvailabilityZones
requestedAvailabilityZones?: number | "all" | [, string, string] | pulumi.Input<string[]>;
The names of the availability zones to use in the current region. Defaults to 2
if
unspecified. Use "all"
to use all the availability zones in the current region.
property subnets
subnets?: VpcSubnetArgs[];
The information about what subnets to create per availability zone. Defaults to one public and one private subnet if unspecified.
property tags
tags?: pulumi.Input<Tags>;
A mapping of tags to assign to the resource.
interface VpcSubnetArgs
interface VpcSubnetArgs
Information that controls how each vpc subnet should be created for each availability zone. By default, the Vpc will control actually creating the appropriate subnets in each zone depending on the values specified in this type. This help ensure that each subnet will reside entirely within one Availability Zone and cannot span zones.
For finer control of the locations of the subnets, specify the [location] property for all the subnets.
See https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html for more details.
property assignIpv6AddressOnCreation
assignIpv6AddressOnCreation?: pulumi.Input<boolean>;
Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. Defaults to the value of VpcArgs.assignGeneratedIpv6CidrBlock.
property cidrMask
cidrMask?: undefined | number;
The number of leading bits in the Vpc cidrBlock to use to define the cidrBlock for this subnet. By providing masking bits, this can be computed in a way that ensures that each subnet has a distinct block.
If this is not provided, the cidrBlock for the vpc will be appropriately split based on the number of subnets and availability zones there are.
The allowed mask size is between a 28 netmask and 16 netmask. See https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html for more details.
If this property is provided, [location] cannot be provided.
property ignoreChanges
ignoreChanges?: string[];
Ignore changes to any of the specified properties of the Subnet.
property location
location?: CidrBlock | VpcSubnetLocation;
More precise information about the location of this subnet. Can either be a simple CidrBlock (i.e. 10.0.0.0/24), or a richer object describing the CidrBlocks and Availability Zone for the subnet.
If this property is provided, [cidrMask] cannot be provided.
If only a CidrBlock is provided here, then the subnet will be placed in the first availability zone for the region.
If this property is provided for one subnet, it must be provided for all subnets.
property mapPublicIpOnLaunch
mapPublicIpOnLaunch?: pulumi.Input<boolean>;
Specify true to indicate that instances launched into the subnet should be assigned a public
IP address. Default’s to true
if type
is public
. false
otherwise.
property name
name?: undefined | string;
An optional name to use as part of the subnet name. If not provided, will be set to “public”/“private”/“isolated” depending on the [type] of this subnet. Required if making multiple subnets with the same type.
property tags
tags?: pulumi.Input<Tags>;
property type
type: VpcSubnetType;
The type of subnet to make in each availability zone.
interface VpcSubnetLocation
interface VpcSubnetLocation
property availabilityZone
availabilityZone?: undefined | string;
The AZ for the subnet.
property availabilityZoneId
availabilityZoneId?: undefined | string;
The AZ ID of the subnet.
property cidrBlock
cidrBlock: pulumi.Input<CidrBlock>;
The CIDR block for the subnet.
property ipv6CidrBlock
ipv6CidrBlock?: pulumi.Input<string>;
The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length.
type VpcSubnetType
type VpcSubnetType = "public" | "private" | "isolated";
The type of this subnet.
- A “public” subnet will route traffic to an [InternetGateway]. If you specify a public subnet this InternetGateway will be created on your behalf and traffic will be routed accordingly.
- A “private” subnet is similar to “public” except that the subnet will not have a route to the [InternetGateway]. Instead, there will be a route entry setup for the NatGateway in that availability zone to the subnet.
- Unlike “public” or “private” subnets, an “isolated” subnet has no routing specified at all.
interface VpcTopologyDescription
interface VpcTopologyDescription
property natGateways
natGateways: NatGatewayDescription[];
property natRoutes
natRoutes: NatRouteDescription[];
property subnets
subnets: SubnetDescription[];
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.