The aws:vpclattice/resourceConfiguration:ResourceConfiguration resource, part of the Pulumi AWS provider, defines how VPC Lattice routes traffic to backend resources: by DNS name, IP address, or AWS resource ARN. This guide focuses on four capabilities: DNS-based routing with dynamic resolution, static IP routing, custom domain configuration, and ARN-based routing to AWS resources.
Resource configurations require a VPC Lattice Resource Gateway and reference backend resources that must exist separately. The examples are intentionally small. Combine them with your own Resource Gateways, service networks, and backend infrastructure.
Route traffic to a DNS-based resource
VPC Lattice can resolve domain names at request time, enabling dynamic routing to resources that may change location.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.vpclattice.ResourceConfiguration("example", {
name: "Example",
resourceGatewayIdentifier: exampleAwsVpclatticeResourceGateway.id,
portRanges: ["80"],
protocol: "TCP",
resourceConfigurationDefinition: {
dnsResource: {
domainName: "example.com",
ipAddressType: "IPV4",
},
},
tags: {
Environment: "Example",
},
});
import pulumi
import pulumi_aws as aws
example = aws.vpclattice.ResourceConfiguration("example",
name="Example",
resource_gateway_identifier=example_aws_vpclattice_resource_gateway["id"],
port_ranges=["80"],
protocol="TCP",
resource_configuration_definition={
"dns_resource": {
"domain_name": "example.com",
"ip_address_type": "IPV4",
},
},
tags={
"Environment": "Example",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/vpclattice"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := vpclattice.NewResourceConfiguration(ctx, "example", &vpclattice.ResourceConfigurationArgs{
Name: pulumi.String("Example"),
ResourceGatewayIdentifier: pulumi.Any(exampleAwsVpclatticeResourceGateway.Id),
PortRanges: pulumi.StringArray{
pulumi.String("80"),
},
Protocol: pulumi.String("TCP"),
ResourceConfigurationDefinition: &vpclattice.ResourceConfigurationResourceConfigurationDefinitionArgs{
DnsResource: &vpclattice.ResourceConfigurationResourceConfigurationDefinitionDnsResourceArgs{
DomainName: pulumi.String("example.com"),
IpAddressType: pulumi.String("IPV4"),
},
},
Tags: pulumi.StringMap{
"Environment": pulumi.String("Example"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.VpcLattice.ResourceConfiguration("example", new()
{
Name = "Example",
ResourceGatewayIdentifier = exampleAwsVpclatticeResourceGateway.Id,
PortRanges = new[]
{
"80",
},
Protocol = "TCP",
ResourceConfigurationDefinition = new Aws.VpcLattice.Inputs.ResourceConfigurationResourceConfigurationDefinitionArgs
{
DnsResource = new Aws.VpcLattice.Inputs.ResourceConfigurationResourceConfigurationDefinitionDnsResourceArgs
{
DomainName = "example.com",
IpAddressType = "IPV4",
},
},
Tags =
{
{ "Environment", "Example" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.vpclattice.ResourceConfiguration;
import com.pulumi.aws.vpclattice.ResourceConfigurationArgs;
import com.pulumi.aws.vpclattice.inputs.ResourceConfigurationResourceConfigurationDefinitionArgs;
import com.pulumi.aws.vpclattice.inputs.ResourceConfigurationResourceConfigurationDefinitionDnsResourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceConfiguration("example", ResourceConfigurationArgs.builder()
.name("Example")
.resourceGatewayIdentifier(exampleAwsVpclatticeResourceGateway.id())
.portRanges("80")
.protocol("TCP")
.resourceConfigurationDefinition(ResourceConfigurationResourceConfigurationDefinitionArgs.builder()
.dnsResource(ResourceConfigurationResourceConfigurationDefinitionDnsResourceArgs.builder()
.domainName("example.com")
.ipAddressType("IPV4")
.build())
.build())
.tags(Map.of("Environment", "Example"))
.build());
}
}
resources:
example:
type: aws:vpclattice:ResourceConfiguration
properties:
name: Example
resourceGatewayIdentifier: ${exampleAwsVpclatticeResourceGateway.id}
portRanges:
- '80'
protocol: TCP
resourceConfigurationDefinition:
dnsResource:
domainName: example.com
ipAddressType: IPV4
tags:
Environment: Example
The resourceConfigurationDefinition contains a dnsResource block that specifies the domain name and IP address type. At runtime, VPC Lattice resolves the domain name and routes traffic through the specified Resource Gateway. The portRanges and protocol properties define which ports accept connections (TCP is currently the only supported protocol).
Route traffic to a static IP address
When backend resources have fixed IP addresses, you can route directly without DNS resolution.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.vpclattice.ResourceConfiguration("example", {
name: "Example",
resourceGatewayIdentifier: exampleAwsVpclatticeResourceGateway.id,
portRanges: ["80"],
protocol: "TCP",
resourceConfigurationDefinition: {
ipResource: {
ipAddress: "10.0.0.1",
},
},
tags: {
Environment: "Example",
},
});
import pulumi
import pulumi_aws as aws
example = aws.vpclattice.ResourceConfiguration("example",
name="Example",
resource_gateway_identifier=example_aws_vpclattice_resource_gateway["id"],
port_ranges=["80"],
protocol="TCP",
resource_configuration_definition={
"ip_resource": {
"ip_address": "10.0.0.1",
},
},
tags={
"Environment": "Example",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/vpclattice"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := vpclattice.NewResourceConfiguration(ctx, "example", &vpclattice.ResourceConfigurationArgs{
Name: pulumi.String("Example"),
ResourceGatewayIdentifier: pulumi.Any(exampleAwsVpclatticeResourceGateway.Id),
PortRanges: pulumi.StringArray{
pulumi.String("80"),
},
Protocol: pulumi.String("TCP"),
ResourceConfigurationDefinition: &vpclattice.ResourceConfigurationResourceConfigurationDefinitionArgs{
IpResource: &vpclattice.ResourceConfigurationResourceConfigurationDefinitionIpResourceArgs{
IpAddress: pulumi.String("10.0.0.1"),
},
},
Tags: pulumi.StringMap{
"Environment": pulumi.String("Example"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.VpcLattice.ResourceConfiguration("example", new()
{
Name = "Example",
ResourceGatewayIdentifier = exampleAwsVpclatticeResourceGateway.Id,
PortRanges = new[]
{
"80",
},
Protocol = "TCP",
ResourceConfigurationDefinition = new Aws.VpcLattice.Inputs.ResourceConfigurationResourceConfigurationDefinitionArgs
{
IpResource = new Aws.VpcLattice.Inputs.ResourceConfigurationResourceConfigurationDefinitionIpResourceArgs
{
IpAddress = "10.0.0.1",
},
},
Tags =
{
{ "Environment", "Example" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.vpclattice.ResourceConfiguration;
import com.pulumi.aws.vpclattice.ResourceConfigurationArgs;
import com.pulumi.aws.vpclattice.inputs.ResourceConfigurationResourceConfigurationDefinitionArgs;
import com.pulumi.aws.vpclattice.inputs.ResourceConfigurationResourceConfigurationDefinitionIpResourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceConfiguration("example", ResourceConfigurationArgs.builder()
.name("Example")
.resourceGatewayIdentifier(exampleAwsVpclatticeResourceGateway.id())
.portRanges("80")
.protocol("TCP")
.resourceConfigurationDefinition(ResourceConfigurationResourceConfigurationDefinitionArgs.builder()
.ipResource(ResourceConfigurationResourceConfigurationDefinitionIpResourceArgs.builder()
.ipAddress("10.0.0.1")
.build())
.build())
.tags(Map.of("Environment", "Example"))
.build());
}
}
resources:
example:
type: aws:vpclattice:ResourceConfiguration
properties:
name: Example
resourceGatewayIdentifier: ${exampleAwsVpclatticeResourceGateway.id}
portRanges:
- '80'
protocol: TCP
resourceConfigurationDefinition:
ipResource:
ipAddress: 10.0.0.1
tags:
Environment: Example
The ipResource block replaces dnsResource and specifies a static IP address. VPC Lattice routes traffic directly to this address through the Resource Gateway, bypassing DNS lookups.
Expose resources through a custom domain
Applications often present a branded domain to clients while routing to backend resources with different names.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.vpclattice.DomainVerification("example", {domainName: "example.com"});
const exampleResourceConfiguration = new aws.vpclattice.ResourceConfiguration("example", {
name: "Example",
resourceGatewayIdentifier: exampleAwsVpclatticeResourceGateway.id,
customDomainName: "custom.example.com",
domainVerificationId: example.id,
portRanges: ["443"],
protocol: "TCP",
resourceConfigurationDefinition: {
dnsResource: {
domainName: "test.example.com",
ipAddressType: "IPV4",
},
},
tags: {
Environment: "Example",
},
});
import pulumi
import pulumi_aws as aws
example = aws.vpclattice.DomainVerification("example", domain_name="example.com")
example_resource_configuration = aws.vpclattice.ResourceConfiguration("example",
name="Example",
resource_gateway_identifier=example_aws_vpclattice_resource_gateway["id"],
custom_domain_name="custom.example.com",
domain_verification_id=example.id,
port_ranges=["443"],
protocol="TCP",
resource_configuration_definition={
"dns_resource": {
"domain_name": "test.example.com",
"ip_address_type": "IPV4",
},
},
tags={
"Environment": "Example",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/vpclattice"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := vpclattice.NewDomainVerification(ctx, "example", &vpclattice.DomainVerificationArgs{
DomainName: pulumi.String("example.com"),
})
if err != nil {
return err
}
_, err = vpclattice.NewResourceConfiguration(ctx, "example", &vpclattice.ResourceConfigurationArgs{
Name: pulumi.String("Example"),
ResourceGatewayIdentifier: pulumi.Any(exampleAwsVpclatticeResourceGateway.Id),
CustomDomainName: pulumi.String("custom.example.com"),
DomainVerificationId: example.ID(),
PortRanges: pulumi.StringArray{
pulumi.String("443"),
},
Protocol: pulumi.String("TCP"),
ResourceConfigurationDefinition: &vpclattice.ResourceConfigurationResourceConfigurationDefinitionArgs{
DnsResource: &vpclattice.ResourceConfigurationResourceConfigurationDefinitionDnsResourceArgs{
DomainName: pulumi.String("test.example.com"),
IpAddressType: pulumi.String("IPV4"),
},
},
Tags: pulumi.StringMap{
"Environment": pulumi.String("Example"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.VpcLattice.DomainVerification("example", new()
{
DomainName = "example.com",
});
var exampleResourceConfiguration = new Aws.VpcLattice.ResourceConfiguration("example", new()
{
Name = "Example",
ResourceGatewayIdentifier = exampleAwsVpclatticeResourceGateway.Id,
CustomDomainName = "custom.example.com",
DomainVerificationId = example.Id,
PortRanges = new[]
{
"443",
},
Protocol = "TCP",
ResourceConfigurationDefinition = new Aws.VpcLattice.Inputs.ResourceConfigurationResourceConfigurationDefinitionArgs
{
DnsResource = new Aws.VpcLattice.Inputs.ResourceConfigurationResourceConfigurationDefinitionDnsResourceArgs
{
DomainName = "test.example.com",
IpAddressType = "IPV4",
},
},
Tags =
{
{ "Environment", "Example" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.vpclattice.DomainVerification;
import com.pulumi.aws.vpclattice.DomainVerificationArgs;
import com.pulumi.aws.vpclattice.ResourceConfiguration;
import com.pulumi.aws.vpclattice.ResourceConfigurationArgs;
import com.pulumi.aws.vpclattice.inputs.ResourceConfigurationResourceConfigurationDefinitionArgs;
import com.pulumi.aws.vpclattice.inputs.ResourceConfigurationResourceConfigurationDefinitionDnsResourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new DomainVerification("example", DomainVerificationArgs.builder()
.domainName("example.com")
.build());
var exampleResourceConfiguration = new ResourceConfiguration("exampleResourceConfiguration", ResourceConfigurationArgs.builder()
.name("Example")
.resourceGatewayIdentifier(exampleAwsVpclatticeResourceGateway.id())
.customDomainName("custom.example.com")
.domainVerificationId(example.id())
.portRanges("443")
.protocol("TCP")
.resourceConfigurationDefinition(ResourceConfigurationResourceConfigurationDefinitionArgs.builder()
.dnsResource(ResourceConfigurationResourceConfigurationDefinitionDnsResourceArgs.builder()
.domainName("test.example.com")
.ipAddressType("IPV4")
.build())
.build())
.tags(Map.of("Environment", "Example"))
.build());
}
}
resources:
example:
type: aws:vpclattice:DomainVerification
properties:
domainName: example.com
exampleResourceConfiguration:
type: aws:vpclattice:ResourceConfiguration
name: example
properties:
name: Example
resourceGatewayIdentifier: ${exampleAwsVpclatticeResourceGateway.id}
customDomainName: custom.example.com
domainVerificationId: ${example.id}
portRanges:
- '443'
protocol: TCP
resourceConfigurationDefinition:
dnsResource:
domainName: test.example.com
ipAddressType: IPV4
tags:
Environment: Example
The customDomainName property defines the domain clients use to access your resource. The domainVerificationId references a DomainVerification resource that proves you own the domain. VPC Lattice presents the custom domain to clients while routing to the backend domain specified in dnsResource.
Route to AWS resources by ARN
VPC Lattice can route directly to AWS resources like Lambda functions or ECS services using their ARNs.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const test = new aws.vpclattice.ResourceConfiguration("test", {
name: "Example",
resourceGatewayIdentifier: testAwsVpclatticeResourceGateway.id,
type: "ARN",
resourceConfigurationDefinition: {
arnResource: {
arn: example.arn,
},
},
});
import pulumi
import pulumi_aws as aws
test = aws.vpclattice.ResourceConfiguration("test",
name="Example",
resource_gateway_identifier=test_aws_vpclattice_resource_gateway["id"],
type="ARN",
resource_configuration_definition={
"arn_resource": {
"arn": example["arn"],
},
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/vpclattice"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := vpclattice.NewResourceConfiguration(ctx, "test", &vpclattice.ResourceConfigurationArgs{
Name: pulumi.String("Example"),
ResourceGatewayIdentifier: pulumi.Any(testAwsVpclatticeResourceGateway.Id),
Type: pulumi.String("ARN"),
ResourceConfigurationDefinition: &vpclattice.ResourceConfigurationResourceConfigurationDefinitionArgs{
ArnResource: &vpclattice.ResourceConfigurationResourceConfigurationDefinitionArnResourceArgs{
Arn: pulumi.Any(example.Arn),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var test = new Aws.VpcLattice.ResourceConfiguration("test", new()
{
Name = "Example",
ResourceGatewayIdentifier = testAwsVpclatticeResourceGateway.Id,
Type = "ARN",
ResourceConfigurationDefinition = new Aws.VpcLattice.Inputs.ResourceConfigurationResourceConfigurationDefinitionArgs
{
ArnResource = new Aws.VpcLattice.Inputs.ResourceConfigurationResourceConfigurationDefinitionArnResourceArgs
{
Arn = example.Arn,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.vpclattice.ResourceConfiguration;
import com.pulumi.aws.vpclattice.ResourceConfigurationArgs;
import com.pulumi.aws.vpclattice.inputs.ResourceConfigurationResourceConfigurationDefinitionArgs;
import com.pulumi.aws.vpclattice.inputs.ResourceConfigurationResourceConfigurationDefinitionArnResourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new ResourceConfiguration("test", ResourceConfigurationArgs.builder()
.name("Example")
.resourceGatewayIdentifier(testAwsVpclatticeResourceGateway.id())
.type("ARN")
.resourceConfigurationDefinition(ResourceConfigurationResourceConfigurationDefinitionArgs.builder()
.arnResource(ResourceConfigurationResourceConfigurationDefinitionArnResourceArgs.builder()
.arn(example.arn())
.build())
.build())
.build());
}
}
resources:
test:
type: aws:vpclattice:ResourceConfiguration
properties:
name: Example
resourceGatewayIdentifier: ${testAwsVpclatticeResourceGateway.id}
type: ARN
resourceConfigurationDefinition:
arnResource:
arn: ${example.arn}
The type property set to “ARN” enables ARN-based routing. The arnResource block contains the target resource’s ARN. This configuration bypasses DNS and IP routing, connecting directly to AWS resources. Note that portRanges and protocol are omitted because AWS resources handle their own port configuration.
Beyond these examples
These snippets focus on specific resource configuration features: DNS, IP, and ARN-based routing, and custom domain configuration. They’re intentionally minimal rather than full service network deployments.
The examples reference pre-existing infrastructure such as VPC Lattice Resource Gateways and target resources for ARN-based routing. They focus on configuring routing behavior rather than provisioning the surrounding infrastructure.
To keep things focused, common resource configuration patterns are omitted, including:
- Shareable service network associations (allowAssociationToShareableServiceNetwork)
- Resource configuration groups (resourceConfigurationGroupId, type GROUP/CHILD)
- Multi-port and port range configurations
- Cross-region resource access (region property)
These omissions are intentional: the goal is to illustrate how each routing method is wired, not provide drop-in service network modules. See the VPC Lattice ResourceConfiguration resource reference for all available configuration options.
Let's configure AWS VPC Lattice Resource Configurations
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Resource Types & Definitions
What resource configuration types are available?
Four types are supported:
GROUP (parent configuration), CHILD (member of a group), SINGLE (standalone resource), and ARN (AWS resource reference).What resource definition types can I configure?
You can define three resource types in resourceConfigurationDefinition:
- DNS resource - Use
dnsResourcewith domain name and IP address type - IP resource - Use
ipResourcewith a specific IP address - ARN resource - Use
arnResourcewith an AWS resource ARN
When should I use type CHILD vs SINGLE?
Use
CHILD when the resource belongs to a parent GROUP configuration (requires resourceConfigurationGroupId). Use SINGLE for standalone resources that need their own resourceGatewayIdentifier.Required Configuration
Do I need to specify both protocol and resourceGatewayIdentifier?
It depends on your configuration type. You MUST specify both
protocol and resourceGatewayIdentifier if you’re not providing resourceConfigurationGroupId. For CHILD type resources, use resourceConfigurationGroupId instead.What protocol values are supported?
Currently, only
TCP is supported as the protocol value.What region does my resource configuration use?
The resource defaults to the region set in your provider configuration unless you explicitly specify the
region property.Custom Domains & Verification
How do I set up a custom domain for my resource configuration?
Set
customDomainName to your custom domain and provide domainVerificationId from an aws.vpclattice.DomainVerification resource to prove ownership. Without the verification ID, you’ll need to configure DNS settings manually.What's the difference between customDomainName and the domain in dnsResource?
customDomainName is the external domain clients use to access your resource, while dnsResource.domainName is the actual backend domain being configured. The custom domain example shows custom.example.com as the custom domain pointing to test.example.com as the DNS resource.Network Configuration
What port range formats are supported?
You can specify either a single port (e.g.,
80) or a port range (e.g., 80-81) in the portRanges array.Using a different cloud?
Explore networking guides for other cloud providers: