Module types/input
APIs
APIs
namespace awsx
interface BucketArgs
interface BucketArgsThe set of arguments for constructing a Bucket resource.
property accelerationStatus
accelerationStatus?: pulumi.Input<string>;Sets the accelerate configuration of an existing bucket. Can be Enabled or Suspended.
property acl
acl?: pulumi.Input<string>;The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, and log-delivery-write. Defaults to private. Conflicts with grant.
property arn
arn?: pulumi.Input<string>;The ARN of the bucket. Will be of format arn:aws:s3:::bucketname.
property bucket
bucket?: pulumi.Input<string>;The name of the bucket. If omitted, this provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules may be found here.
property bucketPrefix
bucketPrefix?: pulumi.Input<string>;Creates a unique bucket name beginning with the specified prefix. Conflicts with bucket. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules may be found here.
property corsRules
corsRules?: pulumi.Input<pulumi.Input<BucketCorsRule>[]>;A rule of Cross-Origin Resource Sharing (documented below).
property forceDestroy
forceDestroy?: pulumi.Input<boolean>;A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable.
property grants
grants?: pulumi.Input<pulumi.Input<BucketGrant>[]>;An ACL policy grant (documented below). Conflicts with acl.
property hostedZoneId
hostedZoneId?: pulumi.Input<string>;The Route 53 Hosted Zone ID for this bucket’s region.
property lifecycleRules
lifecycleRules?: pulumi.Input<pulumi.Input<BucketLifecycleRule>[]>;A configuration of object lifecycle management (documented below).
property loggings
loggings?: pulumi.Input<pulumi.Input<BucketLogging>[]>;A settings of bucket logging (documented below).
property objectLockConfiguration
objectLockConfiguration?: pulumi.Input<BucketObjectLockConfiguration>;A configuration of S3 object locking (documented below)
property policy
policy?: pulumi.Input<string>;A valid bucket policy JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a pulumi preview. In this case, please make sure you use the verbose/specific version of the policy.
property replicationConfiguration
replicationConfiguration?: pulumi.Input<BucketReplicationConfiguration>;A configuration of replication configuration (documented below).
property requestPayer
requestPayer?: pulumi.Input<string>;Specifies who should bear the cost of Amazon S3 data transfer.
Can be either BucketOwner or Requester. By default, the owner of the S3 bucket would incur
the costs of any data transfer. See Requester Pays Buckets
developer guide for more information.
property serverSideEncryptionConfiguration
serverSideEncryptionConfiguration?: pulumi.Input<BucketServerSideEncryptionConfiguration>;A configuration of server-side encryption configuration (documented below)
property tags
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;A map of tags to assign to the bucket. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
property versioning
versioning?: pulumi.Input<BucketVersioning>;A state of versioning (documented below)
property website
website?: pulumi.Input<BucketWebsite>;A website object (documented below).
property websiteDomain
websiteDomain?: pulumi.Input<string>;The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.
property websiteEndpoint
websiteEndpoint?: pulumi.Input<string>;The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.
interface DefaultLogGroupArgs
interface DefaultLogGroupArgsLog group with default setup unless explicitly skipped.
property args
args?: inputs.awsx.LogGroupArgs;Arguments to use instead of the default values during creation.
property existing
existing?: inputs.awsx.ExistingLogGroupArgs;Identity of an existing log group to use. Cannot be used in combination with args or opts.
property skip
skip?: undefined | false | true;Skip creation of the log group.
interface DefaultRoleWithPolicyArgs
interface DefaultRoleWithPolicyArgsRole and policy attachments with default setup unless explicitly skipped or an existing role ARN provided.
property args
args?: inputs.awsx.RoleWithPolicyArgs;Args to use when creating the role and policies. Can’t be specified if roleArn is used.
property roleArn
roleArn?: pulumi.Input<string>;ARN of existing role to use instead of creating a new role. Cannot be used in combination with args or opts.
property skip
skip?: undefined | false | true;Skips creation of the role if set to true.
interface DefaultSecurityGroupArgs
interface DefaultSecurityGroupArgsSecurity Group with default setup unless explicitly skipped or an existing security group id provided.
property args
args?: inputs.awsx.SecurityGroupArgs;Args to use when creating the security group. Can’t be specified if securityGroupId is used.
property securityGroupId
securityGroupId?: pulumi.Input<string>;Id of existing security group to use instead of creating a new security group. Cannot be used in combination with args or opts.
property skip
skip?: undefined | false | true;Skips creation of the security group if set to true.
function defaultSecurityGroupArgsProvideDefaults
defaultSecurityGroupArgsProvideDefaults(val: DefaultSecurityGroupArgs): DefaultSecurityGroupArgsdefaultSecurityGroupArgsProvideDefaults sets the appropriate defaults for DefaultSecurityGroupArgs
interface ExistingBucketArgs
interface ExistingBucketArgsReference to an existing bucket.
property arn
arn?: pulumi.Input<string>;Arn of the bucket. Only one of [arn] or [name] can be specified.
property name
name?: pulumi.Input<string>;Name of the bucket. Only one of [arn] or [name] can be specified.
interface ExistingLogGroupArgs
interface ExistingLogGroupArgsReference to an existing log group.
property arn
arn?: pulumi.Input<string>;Arn of the log group. Only one of [arn] or [name] can be specified.
property name
name?: pulumi.Input<string>;Name of the log group. Only one of [arn] or [name] can be specified.
property region
region?: pulumi.Input<string>;Region of the log group. If not specified, the provider region will be used.
interface LogGroupArgs
interface LogGroupArgsThe set of arguments for constructing a LogGroup resource.
property kmsKeyId
kmsKeyId?: pulumi.Input<string>;The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested.
property name
name?: pulumi.Input<string>;The name of the log group. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;Creates a unique name beginning with the specified prefix. Conflicts with name.
property retentionInDays
retentionInDays?: pulumi.Input<number>;Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. If you select 0, the events in the log group are always retained and never expire.
property tags
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
interface OptionalLogGroupArgs
interface OptionalLogGroupArgsLog group which is only created if enabled.
property args
args?: inputs.awsx.LogGroupArgs;Arguments to use instead of the default values during creation.
property enable
enable?: undefined | false | true;Enable creation of the log group.
property existing
existing?: inputs.awsx.ExistingLogGroupArgs;Identity of an existing log group to use. Cannot be used in combination with args or opts.
interface RequiredBucketArgs
interface RequiredBucketArgsBucket with default setup.
property args
args?: inputs.awsx.BucketArgs;Arguments to use instead of the default values during creation.
property existing
existing?: inputs.awsx.ExistingBucketArgs;Identity of an existing bucket to use. Cannot be used in combination with args.
interface RoleWithPolicyArgs
interface RoleWithPolicyArgsThe set of arguments for constructing a Role resource and Policy attachments.
property description
description?: pulumi.Input<string>;Description of the role.
property forceDetachPolicies
forceDetachPolicies?: pulumi.Input<boolean>;Whether to force detaching any policies the role has before destroying it. Defaults to false.
property inlinePolicies
inlinePolicies?: pulumi.Input<pulumi.Input<RoleInlinePolicy>[]>;Configuration block defining an exclusive set of IAM inline policies associated with the IAM role. See below. If no blocks are configured, this provider will not manage any inline policies in this resource. Configuring one empty block (i.e., inline_policy {}) will cause the provider to remove all inline policies added out of band on apply.
property managedPolicyArns
managedPolicyArns?: pulumi.Input<pulumi.Input<string>[]>;Set of exclusive IAM managed policy ARNs to attach to the IAM role. If this attribute is not configured, this provider will ignore policy attachments to this resource. When configured, the provider will align the role’s managed policy attachments with this set by attaching or detaching managed policies. Configuring an empty set (i.e., managed_policy_arns = []) will cause the provider to remove all managed policy attachments.
property maxSessionDuration
maxSessionDuration?: pulumi.Input<number>;Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
property name
name?: pulumi.Input<string>;Name of the role policy.
property namePrefix
namePrefix?: pulumi.Input<string>;Creates a unique friendly name beginning with the specified prefix. Conflicts with name.
property path
path?: pulumi.Input<string>;Path to the role. See IAM Identifiers for more information.
property permissionsBoundary
permissionsBoundary?: pulumi.Input<string>;ARN of the policy that is used to set the permissions boundary for the role.
property policyArns
policyArns?: string[];ARNs of the policies to attach to the created role.
property tags
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;Key-value mapping of tags for the IAM role. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
interface SecurityGroupArgs
interface SecurityGroupArgsThe set of arguments for constructing a Security Group resource.
property description
description?: pulumi.Input<string>;Description of this egress rule.
property egress
egress?: pulumi.Input<pulumi.Input<SecurityGroupEgress>[]>;Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below.
property ingress
ingress?: pulumi.Input<pulumi.Input<SecurityGroupIngress>[]>;Configuration block for egress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below.
property name
name?: pulumi.Input<string>;Name of the security group. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;Creates a unique name beginning with the specified prefix. Conflicts with name.
property revokeRulesOnDelete
revokeRulesOnDelete?: pulumi.Input<boolean>;Instruct this provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default false.
property tags
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;Map of tags to assign to the resource.
property vpcId
vpcId?: pulumi.Input<string>;VPC ID.
function securityGroupArgsProvideDefaults
securityGroupArgsProvideDefaults(val: SecurityGroupArgs): SecurityGroupArgssecurityGroupArgsProvideDefaults sets the appropriate defaults for SecurityGroupArgs
namespace cloudtrail
namespace ec2
interface NatGatewayConfigurationArgs
interface NatGatewayConfigurationArgsConfiguration for NAT Gateways.
property elasticIpAllocationIds
elasticIpAllocationIds?: pulumi.Input<string>[];A list of EIP allocation IDs to assign to the NAT Gateways. Optional. If specified, the number of supplied values must match the chosen strategy (either one, or the number of availability zones).
property strategy
strategy: enums.ec2.NatGatewayStrategy;The strategy for deploying NAT Gateways.
interface SubnetSpecArgs
interface SubnetSpecArgsConfiguration for a VPC subnet.
property cidrMask
cidrMask?: undefined | number;The bitmask for the subnet’s CIDR block.
property name
name?: undefined | string;The subnet’s name. Will be templated upon creation.
property tags
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;A map of tags to assign to the resource.
property type
type: enums.ec2.SubnetType;The type of subnet.
interface VpcEndpointSpecArgs
interface VpcEndpointSpecArgsBasic
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const s3 = new aws.ec2.VpcEndpoint("s3", {
vpcId: aws_vpc.main.id,
serviceName: "com.amazonaws.us-west-2.s3",
});
import pulumi
import pulumi_aws as aws
s3 = aws.ec2.VpcEndpoint("s3",
vpc_id=aws_vpc["main"]["id"],
service_name="com.amazonaws.us-west-2.s3")
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var s3 = new Aws.Ec2.VpcEndpoint("s3", new Aws.Ec2.VpcEndpointArgs
{
VpcId = aws_vpc.Main.Id,
ServiceName = "com.amazonaws.us-west-2.s3",
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ec2.NewVpcEndpoint(ctx, "s3", &ec2.VpcEndpointArgs{
VpcId: pulumi.Any(aws_vpc.Main.Id),
ServiceName: pulumi.String("com.amazonaws.us-west-2.s3"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var s3 = new VpcEndpoint("s3", VpcEndpointArgs.builder()
.vpcId(aws_vpc.getMain().getId())
.serviceName("com.amazonaws.us-west-2.s3")
.build());
}
}
resources:
s3:
type: aws:ec2:VpcEndpoint
properties:
vpcId: ${aws_vpc.main.id}
serviceName: com.amazonaws.us-west-2.s3
Basic w/ Tags
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const s3 = new aws.ec2.VpcEndpoint("s3", {
vpcId: aws_vpc.main.id,
serviceName: "com.amazonaws.us-west-2.s3",
tags: {
Environment: "test",
},
});
import pulumi
import pulumi_aws as aws
s3 = aws.ec2.VpcEndpoint("s3",
vpc_id=aws_vpc["main"]["id"],
service_name="com.amazonaws.us-west-2.s3",
tags={
"Environment": "test",
})
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var s3 = new Aws.Ec2.VpcEndpoint("s3", new Aws.Ec2.VpcEndpointArgs
{
VpcId = aws_vpc.Main.Id,
ServiceName = "com.amazonaws.us-west-2.s3",
Tags =
{
{ "Environment", "test" },
},
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ec2.NewVpcEndpoint(ctx, "s3", &ec2.VpcEndpointArgs{
VpcId: pulumi.Any(aws_vpc.Main.Id),
ServiceName: pulumi.String("com.amazonaws.us-west-2.s3"),
Tags: pulumi.StringMap{
"Environment": pulumi.String("test"),
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var s3 = new VpcEndpoint("s3", VpcEndpointArgs.builder()
.vpcId(aws_vpc.getMain().getId())
.serviceName("com.amazonaws.us-west-2.s3")
.tags(Map.of("Environment", "test"))
.build());
}
}
resources:
s3:
type: aws:ec2:VpcEndpoint
properties:
vpcId: ${aws_vpc.main.id}
serviceName: com.amazonaws.us-west-2.s3
tags:
Environment: test
Interface Endpoint Type
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const ec2 = new aws.ec2.VpcEndpoint("ec2", {
vpcId: aws_vpc.main.id,
serviceName: "com.amazonaws.us-west-2.ec2",
vpcEndpointType: "Interface",
securityGroupIds: [aws_security_group.sg1.id],
privateDnsEnabled: true,
});
import pulumi
import pulumi_aws as aws
ec2 = aws.ec2.VpcEndpoint("ec2",
vpc_id=aws_vpc["main"]["id"],
service_name="com.amazonaws.us-west-2.ec2",
vpc_endpoint_type="Interface",
security_group_ids=[aws_security_group["sg1"]["id"]],
private_dns_enabled=True)
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var ec2 = new Aws.Ec2.VpcEndpoint("ec2", new Aws.Ec2.VpcEndpointArgs
{
VpcId = aws_vpc.Main.Id,
ServiceName = "com.amazonaws.us-west-2.ec2",
VpcEndpointType = "Interface",
SecurityGroupIds =
{
aws_security_group.Sg1.Id,
},
PrivateDnsEnabled = true,
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ec2.NewVpcEndpoint(ctx, "ec2", &ec2.VpcEndpointArgs{
VpcId: pulumi.Any(aws_vpc.Main.Id),
ServiceName: pulumi.String("com.amazonaws.us-west-2.ec2"),
VpcEndpointType: pulumi.String("Interface"),
SecurityGroupIds: pulumi.StringArray{
pulumi.Any(aws_security_group.Sg1.Id),
},
PrivateDnsEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var ec2 = new VpcEndpoint("ec2", VpcEndpointArgs.builder()
.vpcId(aws_vpc.getMain().getId())
.serviceName("com.amazonaws.us-west-2.ec2")
.vpcEndpointType("Interface")
.securityGroupIds(aws_security_group.getSg1().getId())
.privateDnsEnabled(true)
.build());
}
}
resources:
ec2:
type: aws:ec2:VpcEndpoint
properties:
vpcId: ${aws_vpc.main.id}
serviceName: com.amazonaws.us-west-2.ec2
vpcEndpointType: Interface
securityGroupIds:
- ${aws_security_group.sg1.id}
privateDnsEnabled: true
Gateway Load Balancer Endpoint Type
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const current = aws.getCallerIdentity({});
const exampleVpcEndpointService = new aws.ec2.VpcEndpointService("exampleVpcEndpointService", {
acceptanceRequired: false,
allowedPrincipals: [current.then(current => current.arn)],
gatewayLoadBalancerArns: [aws_lb.example.arn],
});
const exampleVpcEndpoint = new aws.ec2.VpcEndpoint("exampleVpcEndpoint", {
serviceName: exampleVpcEndpointService.serviceName,
subnetIds: [aws_subnet.example.id],
vpcEndpointType: exampleVpcEndpointService.serviceType,
vpcId: aws_vpc.example.id,
});
import pulumi
import pulumi_aws as aws
current = aws.get_caller_identity()
example_vpc_endpoint_service = aws.ec2.VpcEndpointService("exampleVpcEndpointService",
acceptance_required=False,
allowed_principals=[current.arn],
gateway_load_balancer_arns=[aws_lb["example"]["arn"]])
example_vpc_endpoint = aws.ec2.VpcEndpoint("exampleVpcEndpoint",
service_name=example_vpc_endpoint_service.service_name,
subnet_ids=[aws_subnet["example"]["id"]],
vpc_endpoint_type=example_vpc_endpoint_service.service_type,
vpc_id=aws_vpc["example"]["id"])
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var current = Output.Create(Aws.GetCallerIdentity.InvokeAsync());
var exampleVpcEndpointService = new Aws.Ec2.VpcEndpointService("exampleVpcEndpointService", new Aws.Ec2.VpcEndpointServiceArgs
{
AcceptanceRequired = false,
AllowedPrincipals =
{
current.Apply(current => current.Arn),
},
GatewayLoadBalancerArns =
{
aws_lb.Example.Arn,
},
});
var exampleVpcEndpoint = new Aws.Ec2.VpcEndpoint("exampleVpcEndpoint", new Aws.Ec2.VpcEndpointArgs
{
ServiceName = exampleVpcEndpointService.ServiceName,
SubnetIds =
{
aws_subnet.Example.Id,
},
VpcEndpointType = exampleVpcEndpointService.ServiceType,
VpcId = aws_vpc.Example.Id,
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := aws.GetCallerIdentity(ctx, nil, nil)
if err != nil {
return err
}
exampleVpcEndpointService, err := ec2.NewVpcEndpointService(ctx, "exampleVpcEndpointService", &ec2.VpcEndpointServiceArgs{
AcceptanceRequired: pulumi.Bool(false),
AllowedPrincipals: pulumi.StringArray{
pulumi.String(current.Arn),
},
GatewayLoadBalancerArns: pulumi.StringArray{
pulumi.Any(aws_lb.Example.Arn),
},
})
if err != nil {
return err
}
_, err = ec2.NewVpcEndpoint(ctx, "exampleVpcEndpoint", &ec2.VpcEndpointArgs{
ServiceName: exampleVpcEndpointService.ServiceName,
SubnetIds: pulumi.StringArray{
pulumi.Any(aws_subnet.Example.Id),
},
VpcEndpointType: exampleVpcEndpointService.ServiceType,
VpcId: pulumi.Any(aws_vpc.Example.Id),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = Output.of(AwsFunctions.getCallerIdentity());
var exampleVpcEndpointService = new VpcEndpointService("exampleVpcEndpointService", VpcEndpointServiceArgs.builder()
.acceptanceRequired(false)
.allowedPrincipals(current.apply(getCallerIdentityResult -> getCallerIdentityResult.getArn()))
.gatewayLoadBalancerArns(aws_lb.getExample().getArn())
.build());
var exampleVpcEndpoint = new VpcEndpoint("exampleVpcEndpoint", VpcEndpointArgs.builder()
.serviceName(exampleVpcEndpointService.getServiceName())
.subnetIds(aws_subnet.getExample().getId())
.vpcEndpointType(exampleVpcEndpointService.getServiceType())
.vpcId(aws_vpc.getExample().getId())
.build());
}
}
resources:
exampleVpcEndpointService:
type: aws:ec2:VpcEndpointService
properties:
acceptanceRequired: false
allowedPrincipals:
- ${current.arn}
gatewayLoadBalancerArns:
- ${aws_lb.example.arn}
exampleVpcEndpoint:
type: aws:ec2:VpcEndpoint
properties:
serviceName: ${exampleVpcEndpointService.serviceName}
subnetIds:
- ${aws_subnet.example.id}
vpcEndpointType: ${exampleVpcEndpointService.serviceType}
vpcId: ${aws_vpc.example.id}
variables:
current:
Fn::Invoke:
Function: aws:getCallerIdentity
Arguments: {}
Import
VPC Endpoints can be imported using the vpc endpoint id, e.g.,
$ pulumi import aws:ec2/vpcEndpoint:VpcEndpoint endpoint1 vpce-3ecf2a57
property autoAccept
autoAccept?: undefined | false | true;Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).
property policy
policy?: pulumi.Input<string>;A policy to attach to the endpoint that controls access to the service. This is a JSON formatted string. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.
property privateDnsEnabled
privateDnsEnabled?: undefined | false | true;Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Defaults to false.
property routeTableIds
routeTableIds?: pulumi.Input<pulumi.Input<string>[]>;One or more route table IDs. Applicable for endpoints of type Gateway.
property securityGroupIds
securityGroupIds?: pulumi.Input<pulumi.Input<string>[]>;The ID of one or more security groups to associate with the network interface. Applicable for endpoints of type Interface.
If no security groups are specified, the VPC’s default security group is associated with the endpoint.
property serviceName
serviceName: string;The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook).
property subnetIds
subnetIds?: pulumi.Input<pulumi.Input<string>[]>;The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface.
property tags
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
property vpcEndpointType
vpcEndpointType?: pulumi.Input<string>;The VPC endpoint type, Gateway, GatewayLoadBalancer, or Interface. Defaults to Gateway.
namespace ecr
interface LifecyclePolicyArgs
interface LifecyclePolicyArgsSimplified lifecycle policy model consisting of one or more rules that determine which images in a repository should be expired. See https://docs.aws.amazon.com/AmazonECR/latest/userguide/lifecycle_policy_examples.html for more details.
property rules
rules?: pulumi.Input<pulumi.Input<LifecyclePolicyRuleArgs>[]>;Specifies the rules to determine how images should be retired from this repository. Rules are ordered from lowest priority to highest. If there is a rule with a selection value of any, then it will have the highest priority.
property skip
skip?: undefined | false | true;Skips creation of the policy if set to true.
interface LifecyclePolicyRuleArgs
interface LifecyclePolicyRuleArgsA lifecycle policy rule that determine which images in a repository should be expired.
property description
description?: pulumi.Input<string>;Describes the purpose of a rule within a lifecycle policy.
property maximumAgeLimit
maximumAgeLimit?: pulumi.Input<number>;The maximum age limit (in days) for your images. Either [maximumNumberOfImages] or [maximumAgeLimit] must be provided.
property maximumNumberOfImages
maximumNumberOfImages?: pulumi.Input<number>;The maximum number of images that you want to retain in your repository. Either [maximumNumberOfImages] or [maximumAgeLimit] must be provided.
property tagPrefixList
tagPrefixList?: pulumi.Input<pulumi.Input<string>[]>;A list of image tag prefixes on which to take action with your lifecycle policy. Only used if you specified “tagStatus”: “tagged”. For example, if your images are tagged as prod, prod1, prod2, and so on, you would use the tag prefix prod to specify all of them. If you specify multiple tags, only the images with all specified tags are selected.
property tagStatus
tagStatus: pulumi.Input<enums.ecr.LifecycleTagStatus>;Determines whether the lifecycle policy rule that you are adding specifies a tag for an image. Acceptable options are tagged, untagged, or any. If you specify any, then all images have the rule evaluated against them. If you specify tagged, then you must also specify a tagPrefixList value. If you specify untagged, then you must omit tagPrefixList.
namespace ecs
interface EC2ServiceTaskDefinitionArgs
interface EC2ServiceTaskDefinitionArgsCreate a TaskDefinition resource with the given unique name, arguments, and options. Creates required log-group and task & execution roles. Presents required Service load balancers if target group included in port mappings.
property container
container?: inputs.ecs.TaskDefinitionContainerDefinitionArgs;Single container to make a TaskDefinition from. Useful for simple cases where there aren’t multiple containers, especially when creating a TaskDefinition to call [run] on.
Either [container] or [containers] must be provided.
property containers
containers?: undefined | {[key: string]: TaskDefinitionContainerDefinitionArgs};All the containers to make a TaskDefinition from. Useful when creating a Service that will contain many containers within.
Either [container] or [containers] must be provided.
property cpu
cpu?: pulumi.Input<string>;The number of cpu units used by the task. If not provided, a default will be computed based on the cumulative needs specified by [containerDefinitions]
property ephemeralStorage
ephemeralStorage?: pulumi.Input<TaskDefinitionEphemeralStorage>;The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on AWS Fargate. See Ephemeral Storage.
property executionRole
executionRole?: inputs.awsx.DefaultRoleWithPolicyArgs;The execution role that the Amazon ECS container agent and the Docker daemon can assume. Will be created automatically if not defined.
property family
family?: pulumi.Input<string>;An optional unique name for your task definition. If not specified, then a default will be created.
property inferenceAccelerators
inferenceAccelerators?: pulumi.Input<pulumi.Input<TaskDefinitionInferenceAccelerator>[]>;Configuration block(s) with Inference Accelerators settings. Detailed below.
property ipcMode
ipcMode?: pulumi.Input<string>;IPC resource namespace to be used for the containers in the task The valid values are host, task, and none.
property logGroup
logGroup?: inputs.awsx.DefaultLogGroupArgs;A set of volume blocks that containers in your task may use.
property memory
memory?: pulumi.Input<string>;The amount (in MiB) of memory used by the task. If not provided, a default will be computed based on the cumulative needs specified by [containerDefinitions]
property networkMode
networkMode?: pulumi.Input<string>;Docker networking mode to use for the containers in the task. Valid values are none, bridge, awsvpc, and host.
property pidMode
pidMode?: pulumi.Input<string>;Process namespace to use for the containers in the task. The valid values are host and task.
property placementConstraints
placementConstraints?: pulumi.Input<pulumi.Input<TaskDefinitionPlacementConstraint>[]>;Configuration block for rules that are taken into consideration during task placement. Maximum number of placement_constraints is 10. Detailed below.
property proxyConfiguration
proxyConfiguration?: pulumi.Input<TaskDefinitionProxyConfiguration>;Configuration block for the App Mesh proxy. Detailed below.
property runtimePlatform
runtimePlatform?: pulumi.Input<TaskDefinitionRuntimePlatform>;Configuration block for runtime_platform that containers in your task may use.
property skipDestroy
skipDestroy?: pulumi.Input<boolean>;property tags
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;Key-value map of resource tags.
property taskRole
taskRole?: inputs.awsx.DefaultRoleWithPolicyArgs;IAM role that allows your Amazon ECS container task to make calls to other AWS services. Will be created automatically if not defined.
property volumes
volumes?: pulumi.Input<pulumi.Input<TaskDefinitionVolume>[]>;Configuration block for volumes that containers in your task may use. Detailed below.
interface FargateServiceTaskDefinitionArgs
interface FargateServiceTaskDefinitionArgsCreate a TaskDefinition resource with the given unique name, arguments, and options. Creates required log-group and task & execution roles. Presents required Service load balancers if target group included in port mappings.
property container
container?: inputs.ecs.TaskDefinitionContainerDefinitionArgs;Single container to make a TaskDefinition from. Useful for simple cases where there aren’t multiple containers, especially when creating a TaskDefinition to call [run] on.
Either [container] or [containers] must be provided.
property containers
containers?: undefined | {[key: string]: TaskDefinitionContainerDefinitionArgs};All the containers to make a TaskDefinition from. Useful when creating a Service that will contain many containers within.
Either [container] or [containers] must be provided.
property cpu
cpu?: pulumi.Input<string>;The number of cpu units used by the task. If not provided, a default will be computed based on the cumulative needs specified by [containerDefinitions]
property ephemeralStorage
ephemeralStorage?: pulumi.Input<TaskDefinitionEphemeralStorage>;The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on AWS Fargate. See Ephemeral Storage.
property executionRole
executionRole?: inputs.awsx.DefaultRoleWithPolicyArgs;The execution role that the Amazon ECS container agent and the Docker daemon can assume. Will be created automatically if not defined.
property family
family?: pulumi.Input<string>;An optional unique name for your task definition. If not specified, then a default will be created.
property inferenceAccelerators
inferenceAccelerators?: pulumi.Input<pulumi.Input<TaskDefinitionInferenceAccelerator>[]>;Configuration block(s) with Inference Accelerators settings. Detailed below.
property ipcMode
ipcMode?: pulumi.Input<string>;IPC resource namespace to be used for the containers in the task The valid values are host, task, and none.
property logGroup
logGroup?: inputs.awsx.DefaultLogGroupArgs;A set of volume blocks that containers in your task may use.
property memory
memory?: pulumi.Input<string>;The amount (in MiB) of memory used by the task. If not provided, a default will be computed based on the cumulative needs specified by [containerDefinitions]
property pidMode
pidMode?: pulumi.Input<string>;Process namespace to use for the containers in the task. The valid values are host and task.
property placementConstraints
placementConstraints?: pulumi.Input<pulumi.Input<TaskDefinitionPlacementConstraint>[]>;Configuration block for rules that are taken into consideration during task placement. Maximum number of placement_constraints is 10. Detailed below.
property proxyConfiguration
proxyConfiguration?: pulumi.Input<TaskDefinitionProxyConfiguration>;Configuration block for the App Mesh proxy. Detailed below.
property runtimePlatform
runtimePlatform?: pulumi.Input<TaskDefinitionRuntimePlatform>;Configuration block for runtime_platform that containers in your task may use.
property skipDestroy
skipDestroy?: pulumi.Input<boolean>;property tags
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;Key-value map of resource tags.
property taskRole
taskRole?: inputs.awsx.DefaultRoleWithPolicyArgs;IAM role that allows your Amazon ECS container task to make calls to other AWS services. Will be created automatically if not defined.
property volumes
volumes?: pulumi.Input<pulumi.Input<TaskDefinitionVolume>[]>;Configuration block for volumes that containers in your task may use. Detailed below.
interface TaskDefinitionContainerDefinitionArgs
interface TaskDefinitionContainerDefinitionArgsList of container definitions that are passed to the Docker daemon on a container instance
property command
command?: pulumi.Input<pulumi.Input<string>[]>;property cpu
cpu?: pulumi.Input<number>;property dependsOn
dependsOn?: pulumi.Input<pulumi.Input<TaskDefinitionContainerDependencyArgs>[]>;property disableNetworking
disableNetworking?: pulumi.Input<boolean>;property dnsSearchDomains
dnsSearchDomains?: pulumi.Input<pulumi.Input<string>[]>;property dnsServers
dnsServers?: pulumi.Input<pulumi.Input<string>[]>;property dockerLabels
dockerLabels?: any;property dockerSecurityOptions
dockerSecurityOptions?: pulumi.Input<pulumi.Input<string>[]>;property entryPoint
entryPoint?: pulumi.Input<pulumi.Input<string>[]>;property environment
environment?: pulumi.Input<pulumi.Input<TaskDefinitionKeyValuePairArgs>[]>;The environment variables to pass to a container
property environmentFiles
environmentFiles?: pulumi.Input<pulumi.Input<TaskDefinitionEnvironmentFileArgs>[]>;The list of one or more files that contain the environment variables to pass to a container
property essential
essential?: pulumi.Input<boolean>;property extraHosts
extraHosts?: pulumi.Input<pulumi.Input<TaskDefinitionHostEntryArgs>[]>;property firelensConfiguration
firelensConfiguration?: pulumi.Input<TaskDefinitionFirelensConfigurationArgs>;property healthCheck
healthCheck?: pulumi.Input<TaskDefinitionHealthCheckArgs>;property hostname
hostname?: pulumi.Input<string>;property image
image?: pulumi.Input<string>;The image used to start a container. This string is passed directly to the Docker daemon.
property interactive
interactive?: pulumi.Input<boolean>;property links
links?: pulumi.Input<pulumi.Input<string>[]>;property linuxParameters
linuxParameters?: pulumi.Input<TaskDefinitionLinuxParametersArgs>;property logConfiguration
logConfiguration?: pulumi.Input<TaskDefinitionLogConfigurationArgs>;property memory
memory?: pulumi.Input<number>;The amount (in MiB) of memory to present to the container. If your container attempts to exceed the memory specified here, the container is killed.
property memoryReservation
memoryReservation?: pulumi.Input<number>;property mountPoints
mountPoints?: pulumi.Input<pulumi.Input<TaskDefinitionMountPointArgs>[]>;property name
name?: pulumi.Input<string>;The name of a container. Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed
property portMappings
portMappings?: pulumi.Input<pulumi.Input<TaskDefinitionPortMappingArgs>[]>;Port mappings allow containers to access ports on the host container instance to send or receive traffic.
property privileged
privileged?: pulumi.Input<boolean>;property pseudoTerminal
pseudoTerminal?: pulumi.Input<boolean>;property readonlyRootFilesystem
readonlyRootFilesystem?: pulumi.Input<boolean>;property repositoryCredentials
repositoryCredentials?: pulumi.Input<TaskDefinitionRepositoryCredentialsArgs>;property resourceRequirements
resourceRequirements?: pulumi.Input<pulumi.Input<TaskDefinitionResourceRequirementArgs>[]>;property secrets
secrets?: pulumi.Input<pulumi.Input<TaskDefinitionSecretArgs>[]>;property startTimeout
startTimeout?: pulumi.Input<number>;property stopTimeout
stopTimeout?: pulumi.Input<number>;property systemControls
systemControls?: pulumi.Input<pulumi.Input<TaskDefinitionSystemControlArgs>[]>;property ulimits
ulimits?: pulumi.Input<pulumi.Input<TaskDefinitionUlimitArgs>[]>;property user
user?: pulumi.Input<string>;property volumesFrom
volumesFrom?: pulumi.Input<pulumi.Input<TaskDefinitionVolumeFromArgs>[]>;property workingDirectory
workingDirectory?: pulumi.Input<string>;interface TaskDefinitionContainerDependencyArgs
interface TaskDefinitionContainerDependencyArgsproperty condition
condition?: pulumi.Input<string>;property containerName
containerName?: pulumi.Input<string>;interface TaskDefinitionDeviceArgs
interface TaskDefinitionDeviceArgsproperty containerPath
containerPath?: pulumi.Input<string>;property hostPath
hostPath?: pulumi.Input<string>;property permissions
permissions?: pulumi.Input<pulumi.Input<string>[]>;interface TaskDefinitionEnvironmentFileArgs
interface TaskDefinitionEnvironmentFileArgsproperty type
type?: pulumi.Input<string>;property value
value?: pulumi.Input<string>;interface TaskDefinitionFirelensConfigurationArgs
interface TaskDefinitionFirelensConfigurationArgsproperty options
options?: any;property type
type?: pulumi.Input<string>;interface TaskDefinitionHealthCheckArgs
interface TaskDefinitionHealthCheckArgsThe health check command and associated configuration parameters for the container.
property command
command?: pulumi.Input<pulumi.Input<string>[]>;A string array representing the command that the container runs to determine if it is healthy.
property interval
interval?: pulumi.Input<number>;The time period in seconds between each health check execution. You may specify between 5 and 300 seconds. The default value is 30 seconds.
property retries
retries?: pulumi.Input<number>;The number of times to retry a failed health check before the container is considered unhealthy. You may specify between 1 and 10 retries. The default value is three retries.
property startPeriod
startPeriod?: pulumi.Input<number>;The optional grace period within which to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You may specify between 0 and 300 seconds. The startPeriod is disabled by default.
property timeout
timeout?: pulumi.Input<number>;The time period in seconds to wait for a health check to succeed before it is considered a failure. You may specify between 2 and 60 seconds. The default value is 5 seconds.
interface TaskDefinitionHostEntryArgs
interface TaskDefinitionHostEntryArgsproperty hostname
hostname?: pulumi.Input<string>;property ipAddress
ipAddress?: pulumi.Input<string>;interface TaskDefinitionKernelCapabilitiesArgs
interface TaskDefinitionKernelCapabilitiesArgsproperty add
add?: pulumi.Input<pulumi.Input<string>[]>;property drop
drop?: pulumi.Input<pulumi.Input<string>[]>;interface TaskDefinitionKeyValuePairArgs
interface TaskDefinitionKeyValuePairArgsproperty name
name?: pulumi.Input<string>;property value
value?: pulumi.Input<string>;interface TaskDefinitionLinuxParametersArgs
interface TaskDefinitionLinuxParametersArgsproperty capabilities
capabilities?: pulumi.Input<TaskDefinitionKernelCapabilitiesArgs>;property devices
devices?: pulumi.Input<pulumi.Input<TaskDefinitionDeviceArgs>[]>;property initProcessEnabled
initProcessEnabled?: pulumi.Input<boolean>;property maxSwap
maxSwap?: pulumi.Input<number>;property sharedMemorySize
sharedMemorySize?: pulumi.Input<number>;property swappiness
swappiness?: pulumi.Input<number>;property tmpfs
tmpfs?: pulumi.Input<pulumi.Input<TaskDefinitionTmpfsArgs>[]>;interface TaskDefinitionLogConfigurationArgs
interface TaskDefinitionLogConfigurationArgsproperty logDriver
logDriver: pulumi.Input<string>;property options
options?: any;property secretOptions
secretOptions?: pulumi.Input<pulumi.Input<TaskDefinitionSecretArgs>[]>;interface TaskDefinitionMountPointArgs
interface TaskDefinitionMountPointArgsproperty containerPath
containerPath?: pulumi.Input<string>;property readOnly
readOnly?: pulumi.Input<boolean>;property sourceVolume
sourceVolume?: pulumi.Input<string>;interface TaskDefinitionPortMappingArgs
interface TaskDefinitionPortMappingArgsproperty containerPort
containerPort?: pulumi.Input<number>;property hostPort
hostPort?: pulumi.Input<number>;property protocol
protocol?: pulumi.Input<string>;property targetGroup
targetGroup?: pulumi.Input<TargetGroup>;interface TaskDefinitionRepositoryCredentialsArgs
interface TaskDefinitionRepositoryCredentialsArgsproperty credentialsParameter
credentialsParameter?: pulumi.Input<string>;interface TaskDefinitionResourceRequirementArgs
interface TaskDefinitionResourceRequirementArgsproperty type
type: pulumi.Input<string>;property value
value: pulumi.Input<string>;interface TaskDefinitionSecretArgs
interface TaskDefinitionSecretArgsproperty name
name: pulumi.Input<string>;property valueFrom
valueFrom: pulumi.Input<string>;interface TaskDefinitionSystemControlArgs
interface TaskDefinitionSystemControlArgsproperty namespace
namespace?: pulumi.Input<string>;property value
value?: pulumi.Input<string>;interface TaskDefinitionTmpfsArgs
interface TaskDefinitionTmpfsArgsproperty containerPath
containerPath?: pulumi.Input<string>;property mountOptions
mountOptions?: pulumi.Input<pulumi.Input<string>[]>;property size
size: pulumi.Input<number>;interface TaskDefinitionUlimitArgs
interface TaskDefinitionUlimitArgsproperty hardLimit
hardLimit: pulumi.Input<number>;property name
name: pulumi.Input<string>;property softLimit
softLimit: pulumi.Input<number>;interface TaskDefinitionVolumeFromArgs
interface TaskDefinitionVolumeFromArgsproperty readOnly
readOnly?: pulumi.Input<boolean>;property sourceContainer
sourceContainer?: pulumi.Input<string>;namespace lb
interface ListenerArgs
interface ListenerArgsProvides a Load Balancer Listener resource.
Note:
aws.alb.Listeneris known asaws.lb.Listener. The functionality is identical.
Forward Action
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const frontEndLoadBalancer = new aws.lb.LoadBalancer("frontEndLoadBalancer", {});
// ...
const frontEndTargetGroup = new aws.lb.TargetGroup("frontEndTargetGroup", {});
// ...
const frontEndListener = new aws.lb.Listener("frontEndListener", {
loadBalancerArn: frontEndLoadBalancer.arn,
port: 443,
protocol: "HTTPS",
sslPolicy: "ELBSecurityPolicy-2016-08",
certificateArn: "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
defaultActions: [{
type: "forward",
targetGroupArn: frontEndTargetGroup.arn,
}],
});
import pulumi
import pulumi_aws as aws
front_end_load_balancer = aws.lb.LoadBalancer("frontEndLoadBalancer")
# ...
front_end_target_group = aws.lb.TargetGroup("frontEndTargetGroup")
# ...
front_end_listener = aws.lb.Listener("frontEndListener",
load_balancer_arn=front_end_load_balancer.arn,
port=443,
protocol="HTTPS",
ssl_policy="ELBSecurityPolicy-2016-08",
certificate_arn="arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
default_actions=[aws.lb.ListenerDefaultActionArgs(
type="forward",
target_group_arn=front_end_target_group.arn,
)])
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var frontEndLoadBalancer = new Aws.LB.LoadBalancer("frontEndLoadBalancer", new Aws.LB.LoadBalancerArgs
{
});
// ...
var frontEndTargetGroup = new Aws.LB.TargetGroup("frontEndTargetGroup", new Aws.LB.TargetGroupArgs
{
});
// ...
var frontEndListener = new Aws.LB.Listener("frontEndListener", new Aws.LB.ListenerArgs
{
LoadBalancerArn = frontEndLoadBalancer.Arn,
Port = 443,
Protocol = "HTTPS",
SslPolicy = "ELBSecurityPolicy-2016-08",
CertificateArn = "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
DefaultActions =
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "forward",
TargetGroupArn = frontEndTargetGroup.Arn,
},
},
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
frontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, "frontEndLoadBalancer", nil)
if err != nil {
return err
}
frontEndTargetGroup, err := lb.NewTargetGroup(ctx, "frontEndTargetGroup", nil)
if err != nil {
return err
}
_, err = lb.NewListener(ctx, "frontEndListener", &lb.ListenerArgs{
LoadBalancerArn: frontEndLoadBalancer.Arn,
Port: pulumi.Int(443),
Protocol: pulumi.String("HTTPS"),
SslPolicy: pulumi.String("ELBSecurityPolicy-2016-08"),
CertificateArn: pulumi.String("arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4"),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("forward"),
TargetGroupArn: frontEndTargetGroup.Arn,
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var frontEndLoadBalancer = new LoadBalancer("frontEndLoadBalancer");
var frontEndTargetGroup = new TargetGroup("frontEndTargetGroup");
var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
.loadBalancerArn(frontEndLoadBalancer.getArn())
.port("443")
.protocol("HTTPS")
.sslPolicy("ELBSecurityPolicy-2016-08")
.certificateArn("arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4")
.defaultActions(ListenerDefaultAction.builder()
.type("forward")
.targetGroupArn(frontEndTargetGroup.getArn())
.build())
.build());
}
}
resources:
frontEndLoadBalancer:
type: aws:lb:LoadBalancer
frontEndTargetGroup:
type: aws:lb:TargetGroup
frontEndListener:
type: aws:lb:Listener
properties:
loadBalancerArn: ${frontEndLoadBalancer.arn}
port: 443
protocol: HTTPS
sslPolicy: ELBSecurityPolicy-2016-08
certificateArn: arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4
defaultActions:
- type: forward
targetGroupArn: ${frontEndTargetGroup.arn}
To a NLB:
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const frontEnd = new aws.lb.Listener("frontEnd", {
loadBalancerArn: aws_lb.front_end.arn,
port: 443,
protocol: "TLS",
certificateArn: "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
alpnPolicy: "HTTP2Preferred",
defaultActions: [{
type: "forward",
targetGroupArn: aws_lb_target_group.front_end.arn,
}],
});
import pulumi
import pulumi_aws as aws
front_end = aws.lb.Listener("frontEnd",
load_balancer_arn=aws_lb["front_end"]["arn"],
port=443,
protocol="TLS",
certificate_arn="arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
alpn_policy="HTTP2Preferred",
default_actions=[aws.lb.ListenerDefaultActionArgs(
type="forward",
target_group_arn=aws_lb_target_group["front_end"]["arn"],
)])
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var frontEnd = new Aws.LB.Listener("frontEnd", new Aws.LB.ListenerArgs
{
LoadBalancerArn = aws_lb.Front_end.Arn,
Port = 443,
Protocol = "TLS",
CertificateArn = "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
AlpnPolicy = "HTTP2Preferred",
DefaultActions =
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "forward",
TargetGroupArn = aws_lb_target_group.Front_end.Arn,
},
},
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lb.NewListener(ctx, "frontEnd", &lb.ListenerArgs{
LoadBalancerArn: pulumi.Any(aws_lb.Front_end.Arn),
Port: pulumi.Int(443),
Protocol: pulumi.String("TLS"),
CertificateArn: pulumi.String("arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4"),
AlpnPolicy: pulumi.String("HTTP2Preferred"),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("forward"),
TargetGroupArn: pulumi.Any(aws_lb_target_group.Front_end.Arn),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var frontEnd = new Listener("frontEnd", ListenerArgs.builder()
.loadBalancerArn(aws_lb.getFront_end().getArn())
.port("443")
.protocol("TLS")
.certificateArn("arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4")
.alpnPolicy("HTTP2Preferred")
.defaultActions(ListenerDefaultAction.builder()
.type("forward")
.targetGroupArn(aws_lb_target_group.getFront_end().getArn())
.build())
.build());
}
}
resources:
frontEnd:
type: aws:lb:Listener
properties:
loadBalancerArn: ${aws_lb.front_end.arn}
port: 443
protocol: TLS
certificateArn: arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4
alpnPolicy: HTTP2Preferred
defaultActions:
- type: forward
targetGroupArn: ${aws_lb_target_group.front_end.arn}
Redirect Action
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const frontEndLoadBalancer = new aws.lb.LoadBalancer("frontEndLoadBalancer", {});
// ...
const frontEndListener = new aws.lb.Listener("frontEndListener", {
loadBalancerArn: frontEndLoadBalancer.arn,
port: 80,
protocol: "HTTP",
defaultActions: [{
type: "redirect",
redirect: {
port: "443",
protocol: "HTTPS",
statusCode: "HTTP_301",
},
}],
});
import pulumi
import pulumi_aws as aws
front_end_load_balancer = aws.lb.LoadBalancer("frontEndLoadBalancer")
# ...
front_end_listener = aws.lb.Listener("frontEndListener",
load_balancer_arn=front_end_load_balancer.arn,
port=80,
protocol="HTTP",
default_actions=[aws.lb.ListenerDefaultActionArgs(
type="redirect",
redirect=aws.lb.ListenerDefaultActionRedirectArgs(
port="443",
protocol="HTTPS",
status_code="HTTP_301",
),
)])
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var frontEndLoadBalancer = new Aws.LB.LoadBalancer("frontEndLoadBalancer", new Aws.LB.LoadBalancerArgs
{
});
// ...
var frontEndListener = new Aws.LB.Listener("frontEndListener", new Aws.LB.ListenerArgs
{
LoadBalancerArn = frontEndLoadBalancer.Arn,
Port = 80,
Protocol = "HTTP",
DefaultActions =
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "redirect",
Redirect = new Aws.LB.Inputs.ListenerDefaultActionRedirectArgs
{
Port = "443",
Protocol = "HTTPS",
StatusCode = "HTTP_301",
},
},
},
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
frontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, "frontEndLoadBalancer", nil)
if err != nil {
return err
}
_, err = lb.NewListener(ctx, "frontEndListener", &lb.ListenerArgs{
LoadBalancerArn: frontEndLoadBalancer.Arn,
Port: pulumi.Int(80),
Protocol: pulumi.String("HTTP"),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("redirect"),
Redirect: &lb.ListenerDefaultActionRedirectArgs{
Port: pulumi.String("443"),
Protocol: pulumi.String("HTTPS"),
StatusCode: pulumi.String("HTTP_301"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var frontEndLoadBalancer = new LoadBalancer("frontEndLoadBalancer");
var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
.loadBalancerArn(frontEndLoadBalancer.getArn())
.port("80")
.protocol("HTTP")
.defaultActions(ListenerDefaultAction.builder()
.type("redirect")
.redirect(ListenerDefaultActionRedirect.builder()
.port("443")
.protocol("HTTPS")
.statusCode("HTTP_301")
.build())
.build())
.build());
}
}
resources:
frontEndLoadBalancer:
type: aws:lb:LoadBalancer
frontEndListener:
type: aws:lb:Listener
properties:
loadBalancerArn: ${frontEndLoadBalancer.arn}
port: 80
protocol: HTTP
defaultActions:
- type: redirect
redirect:
port: 443
protocol: HTTPS
statusCode: HTTP_301
Fixed-response Action
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const frontEndLoadBalancer = new aws.lb.LoadBalancer("frontEndLoadBalancer", {});
// ...
const frontEndListener = new aws.lb.Listener("frontEndListener", {
loadBalancerArn: frontEndLoadBalancer.arn,
port: 80,
protocol: "HTTP",
defaultActions: [{
type: "fixed-response",
fixedResponse: {
contentType: "text/plain",
messageBody: "Fixed response content",
statusCode: "200",
},
}],
});
import pulumi
import pulumi_aws as aws
front_end_load_balancer = aws.lb.LoadBalancer("frontEndLoadBalancer")
# ...
front_end_listener = aws.lb.Listener("frontEndListener",
load_balancer_arn=front_end_load_balancer.arn,
port=80,
protocol="HTTP",
default_actions=[aws.lb.ListenerDefaultActionArgs(
type="fixed-response",
fixed_response=aws.lb.ListenerDefaultActionFixedResponseArgs(
content_type="text/plain",
message_body="Fixed response content",
status_code="200",
),
)])
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var frontEndLoadBalancer = new Aws.LB.LoadBalancer("frontEndLoadBalancer", new Aws.LB.LoadBalancerArgs
{
});
// ...
var frontEndListener = new Aws.LB.Listener("frontEndListener", new Aws.LB.ListenerArgs
{
LoadBalancerArn = frontEndLoadBalancer.Arn,
Port = 80,
Protocol = "HTTP",
DefaultActions =
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "fixed-response",
FixedResponse = new Aws.LB.Inputs.ListenerDefaultActionFixedResponseArgs
{
ContentType = "text/plain",
MessageBody = "Fixed response content",
StatusCode = "200",
},
},
},
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
frontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, "frontEndLoadBalancer", nil)
if err != nil {
return err
}
_, err = lb.NewListener(ctx, "frontEndListener", &lb.ListenerArgs{
LoadBalancerArn: frontEndLoadBalancer.Arn,
Port: pulumi.Int(80),
Protocol: pulumi.String("HTTP"),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("fixed-response"),
FixedResponse: &lb.ListenerDefaultActionFixedResponseArgs{
ContentType: pulumi.String("text/plain"),
MessageBody: pulumi.String("Fixed response content"),
StatusCode: pulumi.String("200"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var frontEndLoadBalancer = new LoadBalancer("frontEndLoadBalancer");
var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
.loadBalancerArn(frontEndLoadBalancer.getArn())
.port("80")
.protocol("HTTP")
.defaultActions(ListenerDefaultAction.builder()
.type("fixed-response")
.fixedResponse(ListenerDefaultActionFixedResponse.builder()
.contentType("text/plain")
.messageBody("Fixed response content")
.statusCode("200")
.build())
.build())
.build());
}
}
resources:
frontEndLoadBalancer:
type: aws:lb:LoadBalancer
frontEndListener:
type: aws:lb:Listener
properties:
loadBalancerArn: ${frontEndLoadBalancer.arn}
port: 80
protocol: HTTP
defaultActions:
- type: fixed-response
fixedResponse:
contentType: text/plain
messageBody: Fixed response content
statusCode: 200
Authenticate-cognito Action
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const frontEndLoadBalancer = new aws.lb.LoadBalancer("frontEndLoadBalancer", {});
// ...
const frontEndTargetGroup = new aws.lb.TargetGroup("frontEndTargetGroup", {});
// ...
const pool = new aws.cognito.UserPool("pool", {});
// ...
const client = new aws.cognito.UserPoolClient("client", {});
// ...
const domain = new aws.cognito.UserPoolDomain("domain", {});
// ...
const frontEndListener = new aws.lb.Listener("frontEndListener", {
loadBalancerArn: frontEndLoadBalancer.arn,
port: 80,
protocol: "HTTP",
defaultActions: [
{
type: "authenticate-cognito",
authenticateCognito: {
userPoolArn: pool.arn,
userPoolClientId: client.id,
userPoolDomain: domain.domain,
},
},
{
type: "forward",
targetGroupArn: frontEndTargetGroup.arn,
},
],
});
import pulumi
import pulumi_aws as aws
front_end_load_balancer = aws.lb.LoadBalancer("frontEndLoadBalancer")
# ...
front_end_target_group = aws.lb.TargetGroup("frontEndTargetGroup")
# ...
pool = aws.cognito.UserPool("pool")
# ...
client = aws.cognito.UserPoolClient("client")
# ...
domain = aws.cognito.UserPoolDomain("domain")
# ...
front_end_listener = aws.lb.Listener("frontEndListener",
load_balancer_arn=front_end_load_balancer.arn,
port=80,
protocol="HTTP",
default_actions=[
aws.lb.ListenerDefaultActionArgs(
type="authenticate-cognito",
authenticate_cognito=aws.lb.ListenerDefaultActionAuthenticateCognitoArgs(
user_pool_arn=pool.arn,
user_pool_client_id=client.id,
user_pool_domain=domain.domain,
),
),
aws.lb.ListenerDefaultActionArgs(
type="forward",
target_group_arn=front_end_target_group.arn,
),
])
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var frontEndLoadBalancer = new Aws.LB.LoadBalancer("frontEndLoadBalancer", new Aws.LB.LoadBalancerArgs
{
});
// ...
var frontEndTargetGroup = new Aws.LB.TargetGroup("frontEndTargetGroup", new Aws.LB.TargetGroupArgs
{
});
// ...
var pool = new Aws.Cognito.UserPool("pool", new Aws.Cognito.UserPoolArgs
{
});
// ...
var client = new Aws.Cognito.UserPoolClient("client", new Aws.Cognito.UserPoolClientArgs
{
});
// ...
var domain = new Aws.Cognito.UserPoolDomain("domain", new Aws.Cognito.UserPoolDomainArgs
{
});
// ...
var frontEndListener = new Aws.LB.Listener("frontEndListener", new Aws.LB.ListenerArgs
{
LoadBalancerArn = frontEndLoadBalancer.Arn,
Port = 80,
Protocol = "HTTP",
DefaultActions =
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "authenticate-cognito",
AuthenticateCognito = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateCognitoArgs
{
UserPoolArn = pool.Arn,
UserPoolClientId = client.Id,
UserPoolDomain = domain.Domain,
},
},
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "forward",
TargetGroupArn = frontEndTargetGroup.Arn,
},
},
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/cognito"
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
frontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, "frontEndLoadBalancer", nil)
if err != nil {
return err
}
frontEndTargetGroup, err := lb.NewTargetGroup(ctx, "frontEndTargetGroup", nil)
if err != nil {
return err
}
pool, err := cognito.NewUserPool(ctx, "pool", nil)
if err != nil {
return err
}
client, err := cognito.NewUserPoolClient(ctx, "client", nil)
if err != nil {
return err
}
domain, err := cognito.NewUserPoolDomain(ctx, "domain", nil)
if err != nil {
return err
}
_, err = lb.NewListener(ctx, "frontEndListener", &lb.ListenerArgs{
LoadBalancerArn: frontEndLoadBalancer.Arn,
Port: pulumi.Int(80),
Protocol: pulumi.String("HTTP"),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("authenticate-cognito"),
AuthenticateCognito: &lb.ListenerDefaultActionAuthenticateCognitoArgs{
UserPoolArn: pool.Arn,
UserPoolClientId: client.ID(),
UserPoolDomain: domain.Domain,
},
},
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("forward"),
TargetGroupArn: frontEndTargetGroup.Arn,
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var frontEndLoadBalancer = new LoadBalancer("frontEndLoadBalancer");
var frontEndTargetGroup = new TargetGroup("frontEndTargetGroup");
var pool = new UserPool("pool");
var client = new UserPoolClient("client");
var domain = new UserPoolDomain("domain");
var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
.loadBalancerArn(frontEndLoadBalancer.getArn())
.port("80")
.protocol("HTTP")
.defaultActions(
ListenerDefaultAction.builder()
.type("authenticate-cognito")
.authenticateCognito(ListenerDefaultActionAuthenticateCognito.builder()
.userPoolArn(pool.getArn())
.userPoolClientId(client.getId())
.userPoolDomain(domain.getDomain())
.build())
.build(),
ListenerDefaultAction.builder()
.type("forward")
.targetGroupArn(frontEndTargetGroup.getArn())
.build())
.build());
}
}
resources:
frontEndLoadBalancer:
type: aws:lb:LoadBalancer
frontEndTargetGroup:
type: aws:lb:TargetGroup
pool:
type: aws:cognito:UserPool
client:
type: aws:cognito:UserPoolClient
domain:
type: aws:cognito:UserPoolDomain
frontEndListener:
type: aws:lb:Listener
properties:
loadBalancerArn: ${frontEndLoadBalancer.arn}
port: 80
protocol: HTTP
defaultActions:
- type: authenticate-cognito
authenticateCognito:
userPoolArn: ${pool.arn}
userPoolClientId: ${client.id}
userPoolDomain: ${domain.domain}
- type: forward
targetGroupArn: ${frontEndTargetGroup.arn}
Authenticate-OIDC Action
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const frontEndLoadBalancer = new aws.lb.LoadBalancer("frontEndLoadBalancer", {});
// ...
const frontEndTargetGroup = new aws.lb.TargetGroup("frontEndTargetGroup", {});
// ...
const frontEndListener = new aws.lb.Listener("frontEndListener", {
loadBalancerArn: frontEndLoadBalancer.arn,
port: 80,
protocol: "HTTP",
defaultActions: [
{
type: "authenticate-oidc",
authenticateOidc: {
authorizationEndpoint: "https://example.com/authorization_endpoint",
clientId: "client_id",
clientSecret: "client_secret",
issuer: "https://example.com",
tokenEndpoint: "https://example.com/token_endpoint",
userInfoEndpoint: "https://example.com/user_info_endpoint",
},
},
{
type: "forward",
targetGroupArn: frontEndTargetGroup.arn,
},
],
});
import pulumi
import pulumi_aws as aws
front_end_load_balancer = aws.lb.LoadBalancer("frontEndLoadBalancer")
# ...
front_end_target_group = aws.lb.TargetGroup("frontEndTargetGroup")
# ...
front_end_listener = aws.lb.Listener("frontEndListener",
load_balancer_arn=front_end_load_balancer.arn,
port=80,
protocol="HTTP",
default_actions=[
aws.lb.ListenerDefaultActionArgs(
type="authenticate-oidc",
authenticate_oidc=aws.lb.ListenerDefaultActionAuthenticateOidcArgs(
authorization_endpoint="https://example.com/authorization_endpoint",
client_id="client_id",
client_secret="client_secret",
issuer="https://example.com",
token_endpoint="https://example.com/token_endpoint",
user_info_endpoint="https://example.com/user_info_endpoint",
),
),
aws.lb.ListenerDefaultActionArgs(
type="forward",
target_group_arn=front_end_target_group.arn,
),
])
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var frontEndLoadBalancer = new Aws.LB.LoadBalancer("frontEndLoadBalancer", new Aws.LB.LoadBalancerArgs
{
});
// ...
var frontEndTargetGroup = new Aws.LB.TargetGroup("frontEndTargetGroup", new Aws.LB.TargetGroupArgs
{
});
// ...
var frontEndListener = new Aws.LB.Listener("frontEndListener", new Aws.LB.ListenerArgs
{
LoadBalancerArn = frontEndLoadBalancer.Arn,
Port = 80,
Protocol = "HTTP",
DefaultActions =
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "authenticate-oidc",
AuthenticateOidc = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateOidcArgs
{
AuthorizationEndpoint = "https://example.com/authorization_endpoint",
ClientId = "client_id",
ClientSecret = "client_secret",
Issuer = "https://example.com",
TokenEndpoint = "https://example.com/token_endpoint",
UserInfoEndpoint = "https://example.com/user_info_endpoint",
},
},
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "forward",
TargetGroupArn = frontEndTargetGroup.Arn,
},
},
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
frontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, "frontEndLoadBalancer", nil)
if err != nil {
return err
}
frontEndTargetGroup, err := lb.NewTargetGroup(ctx, "frontEndTargetGroup", nil)
if err != nil {
return err
}
_, err = lb.NewListener(ctx, "frontEndListener", &lb.ListenerArgs{
LoadBalancerArn: frontEndLoadBalancer.Arn,
Port: pulumi.Int(80),
Protocol: pulumi.String("HTTP"),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("authenticate-oidc"),
AuthenticateOidc: &lb.ListenerDefaultActionAuthenticateOidcArgs{
AuthorizationEndpoint: pulumi.String("https://example.com/authorization_endpoint"),
ClientId: pulumi.String("client_id"),
ClientSecret: pulumi.String("client_secret"),
Issuer: pulumi.String("https://example.com"),
TokenEndpoint: pulumi.String("https://example.com/token_endpoint"),
UserInfoEndpoint: pulumi.String("https://example.com/user_info_endpoint"),
},
},
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("forward"),
TargetGroupArn: frontEndTargetGroup.Arn,
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var frontEndLoadBalancer = new LoadBalancer("frontEndLoadBalancer");
var frontEndTargetGroup = new TargetGroup("frontEndTargetGroup");
var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
.loadBalancerArn(frontEndLoadBalancer.getArn())
.port("80")
.protocol("HTTP")
.defaultActions(
ListenerDefaultAction.builder()
.type("authenticate-oidc")
.authenticateOidc(ListenerDefaultActionAuthenticateOidc.builder()
.authorizationEndpoint("https://example.com/authorization_endpoint")
.clientId("client_id")
.clientSecret("client_secret")
.issuer("https://example.com")
.tokenEndpoint("https://example.com/token_endpoint")
.userInfoEndpoint("https://example.com/user_info_endpoint")
.build())
.build(),
ListenerDefaultAction.builder()
.type("forward")
.targetGroupArn(frontEndTargetGroup.getArn())
.build())
.build());
}
}
resources:
frontEndLoadBalancer:
type: aws:lb:LoadBalancer
frontEndTargetGroup:
type: aws:lb:TargetGroup
frontEndListener:
type: aws:lb:Listener
properties:
loadBalancerArn: ${frontEndLoadBalancer.arn}
port: 80
protocol: HTTP
defaultActions:
- type: authenticate-oidc
authenticateOidc:
authorizationEndpoint: https://example.com/authorization_endpoint
clientId: client_id
clientSecret: client_secret
issuer: https://example.com
tokenEndpoint: https://example.com/token_endpoint
userInfoEndpoint: https://example.com/user_info_endpoint
- type: forward
targetGroupArn: ${frontEndTargetGroup.arn}
Gateway Load Balancer Listener
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleLoadBalancer = new aws.lb.LoadBalancer("exampleLoadBalancer", {
loadBalancerType: "gateway",
subnetMappings: [{
subnetId: aws_subnet.example.id,
}],
});
const exampleTargetGroup = new aws.lb.TargetGroup("exampleTargetGroup", {
port: 6081,
protocol: "GENEVE",
vpcId: aws_vpc.example.id,
healthCheck: {
port: "80",
protocol: "HTTP",
},
});
const exampleListener = new aws.lb.Listener("exampleListener", {
loadBalancerArn: exampleLoadBalancer.id,
defaultActions: [{
targetGroupArn: exampleTargetGroup.id,
type: "forward",
}],
});
import pulumi
import pulumi_aws as aws
example_load_balancer = aws.lb.LoadBalancer("exampleLoadBalancer",
load_balancer_type="gateway",
subnet_mappings=[aws.lb.LoadBalancerSubnetMappingArgs(
subnet_id=aws_subnet["example"]["id"],
)])
example_target_group = aws.lb.TargetGroup("exampleTargetGroup",
port=6081,
protocol="GENEVE",
vpc_id=aws_vpc["example"]["id"],
health_check=aws.lb.TargetGroupHealthCheckArgs(
port="80",
protocol="HTTP",
))
example_listener = aws.lb.Listener("exampleListener",
load_balancer_arn=example_load_balancer.id,
default_actions=[aws.lb.ListenerDefaultActionArgs(
target_group_arn=example_target_group.id,
type="forward",
)])
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var exampleLoadBalancer = new Aws.LB.LoadBalancer("exampleLoadBalancer", new Aws.LB.LoadBalancerArgs
{
LoadBalancerType = "gateway",
SubnetMappings =
{
new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs
{
SubnetId = aws_subnet.Example.Id,
},
},
});
var exampleTargetGroup = new Aws.LB.TargetGroup("exampleTargetGroup", new Aws.LB.TargetGroupArgs
{
Port = 6081,
Protocol = "GENEVE",
VpcId = aws_vpc.Example.Id,
HealthCheck = new Aws.LB.Inputs.TargetGroupHealthCheckArgs
{
Port = "80",
Protocol = "HTTP",
},
});
var exampleListener = new Aws.LB.Listener("exampleListener", new Aws.LB.ListenerArgs
{
LoadBalancerArn = exampleLoadBalancer.Id,
DefaultActions =
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
TargetGroupArn = exampleTargetGroup.Id,
Type = "forward",
},
},
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleLoadBalancer, err := lb.NewLoadBalancer(ctx, "exampleLoadBalancer", &lb.LoadBalancerArgs{
LoadBalancerType: pulumi.String("gateway"),
SubnetMappings: lb.LoadBalancerSubnetMappingArray{
&lb.LoadBalancerSubnetMappingArgs{
SubnetId: pulumi.Any(aws_subnet.Example.Id),
},
},
})
if err != nil {
return err
}
exampleTargetGroup, err := lb.NewTargetGroup(ctx, "exampleTargetGroup", &lb.TargetGroupArgs{
Port: pulumi.Int(6081),
Protocol: pulumi.String("GENEVE"),
VpcId: pulumi.Any(aws_vpc.Example.Id),
HealthCheck: &lb.TargetGroupHealthCheckArgs{
Port: pulumi.String("80"),
Protocol: pulumi.String("HTTP"),
},
})
if err != nil {
return err
}
_, err = lb.NewListener(ctx, "exampleListener", &lb.ListenerArgs{
LoadBalancerArn: exampleLoadBalancer.ID(),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
TargetGroupArn: exampleTargetGroup.ID(),
Type: pulumi.String("forward"),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleLoadBalancer = new LoadBalancer("exampleLoadBalancer", LoadBalancerArgs.builder()
.loadBalancerType("gateway")
.subnetMappings(LoadBalancerSubnetMapping.builder()
.subnetId(aws_subnet.getExample().getId())
.build())
.build());
var exampleTargetGroup = new TargetGroup("exampleTargetGroup", TargetGroupArgs.builder()
.port(6081)
.protocol("GENEVE")
.vpcId(aws_vpc.getExample().getId())
.healthCheck(TargetGroupHealthCheck.builder()
.port(80)
.protocol("HTTP")
.build())
.build());
var exampleListener = new Listener("exampleListener", ListenerArgs.builder()
.loadBalancerArn(exampleLoadBalancer.getId())
.defaultActions(ListenerDefaultAction.builder()
.targetGroupArn(exampleTargetGroup.getId())
.type("forward")
.build())
.build());
}
}
resources:
exampleLoadBalancer:
type: aws:lb:LoadBalancer
properties:
loadBalancerType: gateway
subnetMappings:
- subnetId: ${aws_subnet.example.id}
exampleTargetGroup:
type: aws:lb:TargetGroup
properties:
port: 6081
protocol: GENEVE
vpcId: ${aws_vpc.example.id}
healthCheck:
port: 80
protocol: HTTP
exampleListener:
type: aws:lb:Listener
properties:
loadBalancerArn: ${exampleLoadBalancer.id}
defaultActions:
- targetGroupArn: ${exampleTargetGroup.id}
type: forward
Import
Listeners can be imported using their ARN, e.g.,
$ pulumi import aws:lb/listener:Listener front_end arn:aws:elasticloadbalancing:us-west-2:187416307283:listener/app/front-end-alb/8e4497da625e2d8a/9ab28ade35828f96
property alpnPolicy
alpnPolicy?: pulumi.Input<string>;Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.
property certificateArn
certificateArn?: pulumi.Input<string>;ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.
property defaultActions
defaultActions?: pulumi.Input<pulumi.Input<ListenerDefaultAction>[]>;Configuration block for default actions. Detailed below.
property port
port?: pulumi.Input<number>;Port. Specify a value from 1 to 65535 or #{port}. Defaults to #{port}.
property protocol
protocol?: pulumi.Input<string>;Protocol. Valid values are HTTP, HTTPS, or #{protocol}. Defaults to #{protocol}.
property sslPolicy
sslPolicy?: pulumi.Input<string>;Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.
property tags
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
interface TargetGroupArgs
interface TargetGroupArgsProvides a Target Group resource for use with Load Balancer resources.
Note:
aws.alb.TargetGroupis known asaws.lb.TargetGroup. The functionality is identical.
Instance Target Group
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const main = new aws.ec2.Vpc("main", {cidrBlock: "10.0.0.0/16"});
const test = new aws.lb.TargetGroup("test", {
port: 80,
protocol: "HTTP",
vpcId: main.id,
});
import pulumi
import pulumi_aws as aws
main = aws.ec2.Vpc("main", cidr_block="10.0.0.0/16")
test = aws.lb.TargetGroup("test",
port=80,
protocol="HTTP",
vpc_id=main.id)
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
var test = new Aws.LB.TargetGroup("test", new Aws.LB.TargetGroupArgs
{
Port = 80,
Protocol = "HTTP",
VpcId = main.Id,
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2"
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
main, err := ec2.NewVpc(ctx, "main", &ec2.VpcArgs{
CidrBlock: pulumi.String("10.0.0.0/16"),
})
if err != nil {
return err
}
_, err = lb.NewTargetGroup(ctx, "test", &lb.TargetGroupArgs{
Port: pulumi.Int(80),
Protocol: pulumi.String("HTTP"),
VpcId: main.ID(),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var main = new Vpc("main", VpcArgs.builder()
.cidrBlock("10.0.0.0/16")
.build());
var test = new TargetGroup("test", TargetGroupArgs.builder()
.port(80)
.protocol("HTTP")
.vpcId(main.getId())
.build());
}
}
resources:
test:
type: aws:lb:TargetGroup
properties:
port: 80
protocol: HTTP
vpcId: ${main.id}
main:
type: aws:ec2:Vpc
properties:
cidrBlock: 10.0.0.0/16
IP Target Group
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const main = new aws.ec2.Vpc("main", {cidrBlock: "10.0.0.0/16"});
const ip_example = new aws.lb.TargetGroup("ip-example", {
port: 80,
protocol: "HTTP",
targetType: "ip",
vpcId: main.id,
});
import pulumi
import pulumi_aws as aws
main = aws.ec2.Vpc("main", cidr_block="10.0.0.0/16")
ip_example = aws.lb.TargetGroup("ip-example",
port=80,
protocol="HTTP",
target_type="ip",
vpc_id=main.id)
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
var ip_example = new Aws.LB.TargetGroup("ip-example", new Aws.LB.TargetGroupArgs
{
Port = 80,
Protocol = "HTTP",
TargetType = "ip",
VpcId = main.Id,
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2"
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
main, err := ec2.NewVpc(ctx, "main", &ec2.VpcArgs{
CidrBlock: pulumi.String("10.0.0.0/16"),
})
if err != nil {
return err
}
_, err = lb.NewTargetGroup(ctx, "ip-example", &lb.TargetGroupArgs{
Port: pulumi.Int(80),
Protocol: pulumi.String("HTTP"),
TargetType: pulumi.String("ip"),
VpcId: main.ID(),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var main = new Vpc("main", VpcArgs.builder()
.cidrBlock("10.0.0.0/16")
.build());
var ip_example = new TargetGroup("ip-example", TargetGroupArgs.builder()
.port(80)
.protocol("HTTP")
.targetType("ip")
.vpcId(main.getId())
.build());
}
}
resources:
ip-example:
type: aws:lb:TargetGroup
properties:
port: 80
protocol: HTTP
targetType: ip
vpcId: ${main.id}
main:
type: aws:ec2:Vpc
properties:
cidrBlock: 10.0.0.0/16
Lambda Target Group
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const lambda_example = new aws.lb.TargetGroup("lambda-example", {
targetType: "lambda",
});
import pulumi
import pulumi_aws as aws
lambda_example = aws.lb.TargetGroup("lambda-example", target_type="lambda")
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var lambda_example = new Aws.LB.TargetGroup("lambda-example", new Aws.LB.TargetGroupArgs
{
TargetType = "lambda",
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lb.NewTargetGroup(ctx, "lambda-example", &lb.TargetGroupArgs{
TargetType: pulumi.String("lambda"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var lambda_example = new TargetGroup("lambda-example", TargetGroupArgs.builder()
.targetType("lambda")
.build());
}
}
resources:
lambda-example:
type: aws:lb:TargetGroup
properties:
targetType: lambda
ALB Target Group
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const lambda_example = new aws.lb.TargetGroup("lambda-example", {
targetType: "alb",
port: 80,
protocol: "TCP",
vpcId: aws_vpc.main.id,
});
import pulumi
import pulumi_aws as aws
lambda_example = aws.lb.TargetGroup("lambda-example",
target_type="alb",
port=80,
protocol="TCP",
vpc_id=aws_vpc["main"]["id"])
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var lambda_example = new Aws.LB.TargetGroup("lambda-example", new Aws.LB.TargetGroupArgs
{
TargetType = "alb",
Port = 80,
Protocol = "TCP",
VpcId = aws_vpc.Main.Id,
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lb.NewTargetGroup(ctx, "lambda-example", &lb.TargetGroupArgs{
TargetType: pulumi.String("alb"),
Port: pulumi.Int(80),
Protocol: pulumi.String("TCP"),
VpcId: pulumi.Any(aws_vpc.Main.Id),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var lambda_example = new TargetGroup("lambda-example", TargetGroupArgs.builder()
.targetType("alb")
.port(80)
.protocol("TCP")
.vpcId(aws_vpc.getMain().getId())
.build());
}
}
resources:
lambda-example:
type: aws:lb:TargetGroup
properties:
targetType: alb
port: 80
protocol: TCP
vpcId: ${aws_vpc.main.id}
Import
Target Groups can be imported using their ARN, e.g.,
$ pulumi import aws:lb/targetGroup:TargetGroup app_front_end arn:aws:elasticloadbalancing:us-west-2:187416307283:targetgroup/app-front-end/20cfe21448b66314
property connectionTermination
connectionTermination?: pulumi.Input<boolean>;Whether to terminate connections at the end of the deregistration timeout on Network Load Balancers. See doc for more information. Default is false.
property deregistrationDelay
deregistrationDelay?: pulumi.Input<number>;Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds.
property healthCheck
healthCheck?: pulumi.Input<TargetGroupHealthCheck>;Health Check configuration block. Detailed below.
property lambdaMultiValueHeadersEnabled
lambdaMultiValueHeadersEnabled?: pulumi.Input<boolean>;Whether the request and response headers exchanged between the load balancer and the Lambda function include arrays of values or strings. Only applies when target_type is lambda. Default is false.
property loadBalancingAlgorithmType
loadBalancingAlgorithmType?: pulumi.Input<string>;Determines how the load balancer selects targets when routing requests. Only applicable for Application Load Balancer Target Groups. The value is round_robin or least_outstanding_requests. The default is round_robin.
property name
name?: pulumi.Input<string>;Name of the target group. If omitted, this provider will assign a random, unique name.
property namePrefix
namePrefix?: pulumi.Input<string>;Creates a unique name beginning with the specified prefix. Conflicts with name. Cannot be longer than 6 characters.
property port
port?: pulumi.Input<number>;Port to use to connect with the target. Valid values are either ports 1-65535, or traffic-port. Defaults to traffic-port.
property preserveClientIp
preserveClientIp?: pulumi.Input<string>;Whether client IP preservation is enabled. See doc for more information.
property protocol
protocol?: pulumi.Input<string>;Protocol to use to connect with the target. Defaults to HTTP. Not applicable when target_type is lambda.
property protocolVersion
protocolVersion?: pulumi.Input<string>;Only applicable when protocol is HTTP or HTTPS. The protocol version. Specify GRPC to send requests to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. The default is HTTP1, which sends requests to targets using HTTP/1.1
property proxyProtocolV2
proxyProtocolV2?: pulumi.Input<boolean>;Whether to enable support for proxy protocol v2 on Network Load Balancers. See doc for more information. Default is false.
property slowStart
slowStart?: pulumi.Input<number>;Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds.
property stickiness
stickiness?: pulumi.Input<TargetGroupStickiness>;Stickiness configuration block. Detailed below.
property tags
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
property targetType
targetType?: pulumi.Input<string>;Type of target that you must specify when registering targets with this target group. See doc for supported values. The default is instance.
property vpcId
vpcId?: pulumi.Input<string>;Identifier of the VPC in which to create the target group. Required when target_type is instance, ip or alb. Does not apply when target_type is lambda.
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.
