1. Packages
  2. AWS
  3. API Docs
  4. ec2
  5. NetworkInterfaceSecurityGroupAttachment
AWS v6.55.0 published on Monday, Oct 7, 2024 by Pulumi

aws.ec2.NetworkInterfaceSecurityGroupAttachment

Explore with Pulumi AI

aws logo
AWS v6.55.0 published on Monday, Oct 7, 2024 by Pulumi

    This resource attaches a security group to an Elastic Network Interface (ENI). It can be used to attach a security group to any existing ENI, be it a secondary ENI or one attached as the primary interface on an instance.

    NOTE on instances, interfaces, and security groups: This provider currently provides the capability to assign security groups via the [aws.ec2.Instance][1] and the [aws.ec2.NetworkInterface][2] resources. Using this resource in conjunction with security groups provided in-line in those resources will cause conflicts, and will lead to spurious diffs and undefined behavior - please use one or the other.

    Example Usage

    The following provides a very basic example of setting up an instance (provided by instance) in the default security group, creating a security group (provided by sg) and then attaching the security group to the instance’s primary network interface via the aws.ec2.NetworkInterfaceSecurityGroupAttachment resource, named sg_attachment:

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const ami = aws.ec2.getAmi({
        mostRecent: true,
        filters: [{
            name: "name",
            values: ["amzn-ami-hvm-*"],
        }],
        owners: ["amazon"],
    });
    const instance = new aws.ec2.Instance("instance", {
        instanceType: aws.ec2.InstanceType.T2_Micro,
        ami: ami.then(ami => ami.id),
        tags: {
            type: "test-instance",
        },
    });
    const sg = new aws.ec2.SecurityGroup("sg", {tags: {
        type: "test-security-group",
    }});
    const sgAttachment = new aws.ec2.NetworkInterfaceSecurityGroupAttachment("sg_attachment", {
        securityGroupId: sg.id,
        networkInterfaceId: instance.primaryNetworkInterfaceId,
    });
    
    import pulumi
    import pulumi_aws as aws
    
    ami = aws.ec2.get_ami(most_recent=True,
        filters=[{
            "name": "name",
            "values": ["amzn-ami-hvm-*"],
        }],
        owners=["amazon"])
    instance = aws.ec2.Instance("instance",
        instance_type=aws.ec2.InstanceType.T2_MICRO,
        ami=ami.id,
        tags={
            "type": "test-instance",
        })
    sg = aws.ec2.SecurityGroup("sg", tags={
        "type": "test-security-group",
    })
    sg_attachment = aws.ec2.NetworkInterfaceSecurityGroupAttachment("sg_attachment",
        security_group_id=sg.id,
        network_interface_id=instance.primary_network_interface_id)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		ami, err := ec2.LookupAmi(ctx, &ec2.LookupAmiArgs{
    			MostRecent: pulumi.BoolRef(true),
    			Filters: []ec2.GetAmiFilter{
    				{
    					Name: "name",
    					Values: []string{
    						"amzn-ami-hvm-*",
    					},
    				},
    			},
    			Owners: []string{
    				"amazon",
    			},
    		}, nil)
    		if err != nil {
    			return err
    		}
    		instance, err := ec2.NewInstance(ctx, "instance", &ec2.InstanceArgs{
    			InstanceType: pulumi.String(ec2.InstanceType_T2_Micro),
    			Ami:          pulumi.String(ami.Id),
    			Tags: pulumi.StringMap{
    				"type": pulumi.String("test-instance"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		sg, err := ec2.NewSecurityGroup(ctx, "sg", &ec2.SecurityGroupArgs{
    			Tags: pulumi.StringMap{
    				"type": pulumi.String("test-security-group"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = ec2.NewNetworkInterfaceSecurityGroupAttachment(ctx, "sg_attachment", &ec2.NetworkInterfaceSecurityGroupAttachmentArgs{
    			SecurityGroupId:    sg.ID(),
    			NetworkInterfaceId: instance.PrimaryNetworkInterfaceId,
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var ami = Aws.Ec2.GetAmi.Invoke(new()
        {
            MostRecent = true,
            Filters = new[]
            {
                new Aws.Ec2.Inputs.GetAmiFilterInputArgs
                {
                    Name = "name",
                    Values = new[]
                    {
                        "amzn-ami-hvm-*",
                    },
                },
            },
            Owners = new[]
            {
                "amazon",
            },
        });
    
        var instance = new Aws.Ec2.Instance("instance", new()
        {
            InstanceType = Aws.Ec2.InstanceType.T2_Micro,
            Ami = ami.Apply(getAmiResult => getAmiResult.Id),
            Tags = 
            {
                { "type", "test-instance" },
            },
        });
    
        var sg = new Aws.Ec2.SecurityGroup("sg", new()
        {
            Tags = 
            {
                { "type", "test-security-group" },
            },
        });
    
        var sgAttachment = new Aws.Ec2.NetworkInterfaceSecurityGroupAttachment("sg_attachment", new()
        {
            SecurityGroupId = sg.Id,
            NetworkInterfaceId = instance.PrimaryNetworkInterfaceId,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ec2.Ec2Functions;
    import com.pulumi.aws.ec2.inputs.GetAmiArgs;
    import com.pulumi.aws.ec2.Instance;
    import com.pulumi.aws.ec2.InstanceArgs;
    import com.pulumi.aws.ec2.SecurityGroup;
    import com.pulumi.aws.ec2.SecurityGroupArgs;
    import com.pulumi.aws.ec2.NetworkInterfaceSecurityGroupAttachment;
    import com.pulumi.aws.ec2.NetworkInterfaceSecurityGroupAttachmentArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var ami = Ec2Functions.getAmi(GetAmiArgs.builder()
                .mostRecent(true)
                .filters(GetAmiFilterArgs.builder()
                    .name("name")
                    .values("amzn-ami-hvm-*")
                    .build())
                .owners("amazon")
                .build());
    
            var instance = new Instance("instance", InstanceArgs.builder()
                .instanceType("t2.micro")
                .ami(ami.applyValue(getAmiResult -> getAmiResult.id()))
                .tags(Map.of("type", "test-instance"))
                .build());
    
            var sg = new SecurityGroup("sg", SecurityGroupArgs.builder()
                .tags(Map.of("type", "test-security-group"))
                .build());
    
            var sgAttachment = new NetworkInterfaceSecurityGroupAttachment("sgAttachment", NetworkInterfaceSecurityGroupAttachmentArgs.builder()
                .securityGroupId(sg.id())
                .networkInterfaceId(instance.primaryNetworkInterfaceId())
                .build());
    
        }
    }
    
    resources:
      instance:
        type: aws:ec2:Instance
        properties:
          instanceType: t2.micro
          ami: ${ami.id}
          tags:
            type: test-instance
      sg:
        type: aws:ec2:SecurityGroup
        properties:
          tags:
            type: test-security-group
      sgAttachment:
        type: aws:ec2:NetworkInterfaceSecurityGroupAttachment
        name: sg_attachment
        properties:
          securityGroupId: ${sg.id}
          networkInterfaceId: ${instance.primaryNetworkInterfaceId}
    variables:
      ami:
        fn::invoke:
          Function: aws:ec2:getAmi
          Arguments:
            mostRecent: true
            filters:
              - name: name
                values:
                  - amzn-ami-hvm-*
            owners:
              - amazon
    

    In this example, instance is provided by the aws.ec2.Instance data source, fetching an external instance, possibly not managed by this provider. sg_attachment then attaches to the output instance’s network_interface_id:

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const instance = aws.ec2.getInstance({
        instanceId: "i-1234567890abcdef0",
    });
    const sg = new aws.ec2.SecurityGroup("sg", {tags: {
        type: "test-security-group",
    }});
    const sgAttachment = new aws.ec2.NetworkInterfaceSecurityGroupAttachment("sg_attachment", {
        securityGroupId: sg.id,
        networkInterfaceId: instance.then(instance => instance.networkInterfaceId),
    });
    
    import pulumi
    import pulumi_aws as aws
    
    instance = aws.ec2.get_instance(instance_id="i-1234567890abcdef0")
    sg = aws.ec2.SecurityGroup("sg", tags={
        "type": "test-security-group",
    })
    sg_attachment = aws.ec2.NetworkInterfaceSecurityGroupAttachment("sg_attachment",
        security_group_id=sg.id,
        network_interface_id=instance.network_interface_id)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		instance, err := ec2.LookupInstance(ctx, &ec2.LookupInstanceArgs{
    			InstanceId: pulumi.StringRef("i-1234567890abcdef0"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		sg, err := ec2.NewSecurityGroup(ctx, "sg", &ec2.SecurityGroupArgs{
    			Tags: pulumi.StringMap{
    				"type": pulumi.String("test-security-group"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = ec2.NewNetworkInterfaceSecurityGroupAttachment(ctx, "sg_attachment", &ec2.NetworkInterfaceSecurityGroupAttachmentArgs{
    			SecurityGroupId:    sg.ID(),
    			NetworkInterfaceId: pulumi.String(instance.NetworkInterfaceId),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var instance = Aws.Ec2.GetInstance.Invoke(new()
        {
            InstanceId = "i-1234567890abcdef0",
        });
    
        var sg = new Aws.Ec2.SecurityGroup("sg", new()
        {
            Tags = 
            {
                { "type", "test-security-group" },
            },
        });
    
        var sgAttachment = new Aws.Ec2.NetworkInterfaceSecurityGroupAttachment("sg_attachment", new()
        {
            SecurityGroupId = sg.Id,
            NetworkInterfaceId = instance.Apply(getInstanceResult => getInstanceResult.NetworkInterfaceId),
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ec2.Ec2Functions;
    import com.pulumi.aws.ec2.inputs.GetInstanceArgs;
    import com.pulumi.aws.ec2.SecurityGroup;
    import com.pulumi.aws.ec2.SecurityGroupArgs;
    import com.pulumi.aws.ec2.NetworkInterfaceSecurityGroupAttachment;
    import com.pulumi.aws.ec2.NetworkInterfaceSecurityGroupAttachmentArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var instance = Ec2Functions.getInstance(GetInstanceArgs.builder()
                .instanceId("i-1234567890abcdef0")
                .build());
    
            var sg = new SecurityGroup("sg", SecurityGroupArgs.builder()
                .tags(Map.of("type", "test-security-group"))
                .build());
    
            var sgAttachment = new NetworkInterfaceSecurityGroupAttachment("sgAttachment", NetworkInterfaceSecurityGroupAttachmentArgs.builder()
                .securityGroupId(sg.id())
                .networkInterfaceId(instance.applyValue(getInstanceResult -> getInstanceResult.networkInterfaceId()))
                .build());
    
        }
    }
    
    resources:
      sg:
        type: aws:ec2:SecurityGroup
        properties:
          tags:
            type: test-security-group
      sgAttachment:
        type: aws:ec2:NetworkInterfaceSecurityGroupAttachment
        name: sg_attachment
        properties:
          securityGroupId: ${sg.id}
          networkInterfaceId: ${instance.networkInterfaceId}
    variables:
      instance:
        fn::invoke:
          Function: aws:ec2:getInstance
          Arguments:
            instanceId: i-1234567890abcdef0
    

    Create NetworkInterfaceSecurityGroupAttachment Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new NetworkInterfaceSecurityGroupAttachment(name: string, args: NetworkInterfaceSecurityGroupAttachmentArgs, opts?: CustomResourceOptions);
    @overload
    def NetworkInterfaceSecurityGroupAttachment(resource_name: str,
                                                args: NetworkInterfaceSecurityGroupAttachmentArgs,
                                                opts: Optional[ResourceOptions] = None)
    
    @overload
    def NetworkInterfaceSecurityGroupAttachment(resource_name: str,
                                                opts: Optional[ResourceOptions] = None,
                                                network_interface_id: Optional[str] = None,
                                                security_group_id: Optional[str] = None)
    func NewNetworkInterfaceSecurityGroupAttachment(ctx *Context, name string, args NetworkInterfaceSecurityGroupAttachmentArgs, opts ...ResourceOption) (*NetworkInterfaceSecurityGroupAttachment, error)
    public NetworkInterfaceSecurityGroupAttachment(string name, NetworkInterfaceSecurityGroupAttachmentArgs args, CustomResourceOptions? opts = null)
    public NetworkInterfaceSecurityGroupAttachment(String name, NetworkInterfaceSecurityGroupAttachmentArgs args)
    public NetworkInterfaceSecurityGroupAttachment(String name, NetworkInterfaceSecurityGroupAttachmentArgs args, CustomResourceOptions options)
    
    type: aws:ec2:NetworkInterfaceSecurityGroupAttachment
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args NetworkInterfaceSecurityGroupAttachmentArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args NetworkInterfaceSecurityGroupAttachmentArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args NetworkInterfaceSecurityGroupAttachmentArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args NetworkInterfaceSecurityGroupAttachmentArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args NetworkInterfaceSecurityGroupAttachmentArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var networkInterfaceSecurityGroupAttachmentResource = new Aws.Ec2.NetworkInterfaceSecurityGroupAttachment("networkInterfaceSecurityGroupAttachmentResource", new()
    {
        NetworkInterfaceId = "string",
        SecurityGroupId = "string",
    });
    
    example, err := ec2.NewNetworkInterfaceSecurityGroupAttachment(ctx, "networkInterfaceSecurityGroupAttachmentResource", &ec2.NetworkInterfaceSecurityGroupAttachmentArgs{
    	NetworkInterfaceId: pulumi.String("string"),
    	SecurityGroupId:    pulumi.String("string"),
    })
    
    var networkInterfaceSecurityGroupAttachmentResource = new NetworkInterfaceSecurityGroupAttachment("networkInterfaceSecurityGroupAttachmentResource", NetworkInterfaceSecurityGroupAttachmentArgs.builder()
        .networkInterfaceId("string")
        .securityGroupId("string")
        .build());
    
    network_interface_security_group_attachment_resource = aws.ec2.NetworkInterfaceSecurityGroupAttachment("networkInterfaceSecurityGroupAttachmentResource",
        network_interface_id="string",
        security_group_id="string")
    
    const networkInterfaceSecurityGroupAttachmentResource = new aws.ec2.NetworkInterfaceSecurityGroupAttachment("networkInterfaceSecurityGroupAttachmentResource", {
        networkInterfaceId: "string",
        securityGroupId: "string",
    });
    
    type: aws:ec2:NetworkInterfaceSecurityGroupAttachment
    properties:
        networkInterfaceId: string
        securityGroupId: string
    

    NetworkInterfaceSecurityGroupAttachment Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The NetworkInterfaceSecurityGroupAttachment resource accepts the following input properties:

    NetworkInterfaceId string
    The ID of the network interface to attach to.
    SecurityGroupId string
    The ID of the security group.
    NetworkInterfaceId string
    The ID of the network interface to attach to.
    SecurityGroupId string
    The ID of the security group.
    networkInterfaceId String
    The ID of the network interface to attach to.
    securityGroupId String
    The ID of the security group.
    networkInterfaceId string
    The ID of the network interface to attach to.
    securityGroupId string
    The ID of the security group.
    network_interface_id str
    The ID of the network interface to attach to.
    security_group_id str
    The ID of the security group.
    networkInterfaceId String
    The ID of the network interface to attach to.
    securityGroupId String
    The ID of the security group.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the NetworkInterfaceSecurityGroupAttachment resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing NetworkInterfaceSecurityGroupAttachment Resource

    Get an existing NetworkInterfaceSecurityGroupAttachment resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: NetworkInterfaceSecurityGroupAttachmentState, opts?: CustomResourceOptions): NetworkInterfaceSecurityGroupAttachment
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            network_interface_id: Optional[str] = None,
            security_group_id: Optional[str] = None) -> NetworkInterfaceSecurityGroupAttachment
    func GetNetworkInterfaceSecurityGroupAttachment(ctx *Context, name string, id IDInput, state *NetworkInterfaceSecurityGroupAttachmentState, opts ...ResourceOption) (*NetworkInterfaceSecurityGroupAttachment, error)
    public static NetworkInterfaceSecurityGroupAttachment Get(string name, Input<string> id, NetworkInterfaceSecurityGroupAttachmentState? state, CustomResourceOptions? opts = null)
    public static NetworkInterfaceSecurityGroupAttachment get(String name, Output<String> id, NetworkInterfaceSecurityGroupAttachmentState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    NetworkInterfaceId string
    The ID of the network interface to attach to.
    SecurityGroupId string
    The ID of the security group.
    NetworkInterfaceId string
    The ID of the network interface to attach to.
    SecurityGroupId string
    The ID of the security group.
    networkInterfaceId String
    The ID of the network interface to attach to.
    securityGroupId String
    The ID of the security group.
    networkInterfaceId string
    The ID of the network interface to attach to.
    securityGroupId string
    The ID of the security group.
    network_interface_id str
    The ID of the network interface to attach to.
    security_group_id str
    The ID of the security group.
    networkInterfaceId String
    The ID of the network interface to attach to.
    securityGroupId String
    The ID of the security group.

    Import

    Using pulumi import, import Network Interface Security Group attachments using the associated network interface ID and security group ID, separated by an underscore (_). For example:

    $ pulumi import aws:ec2/networkInterfaceSecurityGroupAttachment:NetworkInterfaceSecurityGroupAttachment sg_attachment eni-1234567890abcdef0_sg-1234567890abcdef0
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo
    AWS v6.55.0 published on Monday, Oct 7, 2024 by Pulumi