AWS Classic v6.32.0, Apr 19 24

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.32.0 published on Friday, Apr 19, 2024 by Pulumi

pulumi/pulumi-aws

aws.networkmanager.getCoreNetworkPolicyDocument

Explore with Pulumi AI

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.32.0 published on Friday, Apr 19, 2024 by Pulumi

pulumi/pulumi-aws

Example Usage

Basic Example

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const test = aws.networkmanager.getCoreNetworkPolicyDocument({
    coreNetworkConfigurations: [{
        vpnEcmpSupport: false,
        asnRanges: ["64512-64555"],
        edgeLocations: [
            {
                location: "us-east-1",
                asn: "64512",
            },
            {
                location: "eu-central-1",
                asn: "64513",
            },
        ],
    }],
    segments: [
        {
            name: "shared",
            description: "Segment for shared services",
            requireAttachmentAcceptance: true,
        },
        {
            name: "prod",
            description: "Segment for prod services",
            requireAttachmentAcceptance: true,
        },
    ],
    segmentActions: [{
        action: "share",
        mode: "attachment-route",
        segment: "shared",
        shareWiths: ["*"],
    }],
    attachmentPolicies: [
        {
            ruleNumber: 100,
            conditionLogic: "or",
            conditions: [{
                type: "tag-value",
                operator: "equals",
                key: "segment",
                value: "shared",
            }],
            action: {
                associationMethod: "constant",
                segment: "shared",
            },
        },
        {
            ruleNumber: 200,
            conditionLogic: "or",
            conditions: [{
                type: "tag-value",
                operator: "equals",
                key: "segment",
                value: "prod",
            }],
            action: {
                associationMethod: "constant",
                segment: "prod",
            },
        },
    ],
});

import pulumi
import pulumi_aws as aws

test = aws.networkmanager.get_core_network_policy_document(core_network_configurations=[aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs(
        vpn_ecmp_support=False,
        asn_ranges=["64512-64555"],
        edge_locations=[
            aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(
                location="us-east-1",
                asn="64512",
            ),
            aws.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs(
                location="eu-central-1",
                asn="64513",
            ),
        ],
    )],
    segments=[
        aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(
            name="shared",
            description="Segment for shared services",
            require_attachment_acceptance=True,
        ),
        aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs(
            name="prod",
            description="Segment for prod services",
            require_attachment_acceptance=True,
        ),
    ],
    segment_actions=[aws.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs(
        action="share",
        mode="attachment-route",
        segment="shared",
        share_withs=["*"],
    )],
    attachment_policies=[
        aws.networkmanager.GetCoreNetworkPolicyDocumentAttachmentPolicyArgs(
            rule_number=100,
            condition_logic="or",
            conditions=[aws.networkmanager.GetCoreNetworkPolicyDocumentAttachmentPolicyConditionArgs(
                type="tag-value",
                operator="equals",
                key="segment",
                value="shared",
            )],
            action=aws.networkmanager.GetCoreNetworkPolicyDocumentAttachmentPolicyActionArgs(
                association_method="constant",
                segment="shared",
            ),
        ),
        aws.networkmanager.GetCoreNetworkPolicyDocumentAttachmentPolicyArgs(
            rule_number=200,
            condition_logic="or",
            conditions=[aws.networkmanager.GetCoreNetworkPolicyDocumentAttachmentPolicyConditionArgs(
                type="tag-value",
                operator="equals",
                key="segment",
                value="prod",
            )],
            action=aws.networkmanager.GetCoreNetworkPolicyDocumentAttachmentPolicyActionArgs(
                association_method="constant",
                segment="prod",
            ),
        ),
    ])

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkmanager"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := networkmanager.GetCoreNetworkPolicyDocument(ctx, &networkmanager.GetCoreNetworkPolicyDocumentArgs{
			CoreNetworkConfigurations: []networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfiguration{
				{
					VpnEcmpSupport: pulumi.BoolRef(false),
					AsnRanges: []string{
						"64512-64555",
					},
					EdgeLocations: []networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocation{
						{
							Location: "us-east-1",
							Asn:      pulumi.StringRef("64512"),
						},
						{
							Location: "eu-central-1",
							Asn:      pulumi.StringRef("64513"),
						},
					},
				},
			},
			Segments: []networkmanager.GetCoreNetworkPolicyDocumentSegment{
				{
					Name:                        "shared",
					Description:                 pulumi.StringRef("Segment for shared services"),
					RequireAttachmentAcceptance: pulumi.BoolRef(true),
				},
				{
					Name:                        "prod",
					Description:                 pulumi.StringRef("Segment for prod services"),
					RequireAttachmentAcceptance: pulumi.BoolRef(true),
				},
			},
			SegmentActions: []networkmanager.GetCoreNetworkPolicyDocumentSegmentAction{
				{
					Action:  "share",
					Mode:    pulumi.StringRef("attachment-route"),
					Segment: "shared",
					ShareWiths: []string{
						"*",
					},
				},
			},
			AttachmentPolicies: []networkmanager.GetCoreNetworkPolicyDocumentAttachmentPolicy{
				{
					RuleNumber:     100,
					ConditionLogic: pulumi.StringRef("or"),
					Conditions: []networkmanager.GetCoreNetworkPolicyDocumentAttachmentPolicyCondition{
						{
							Type:     "tag-value",
							Operator: pulumi.StringRef("equals"),
							Key:      pulumi.StringRef("segment"),
							Value:    pulumi.StringRef("shared"),
						},
					},
					Action: {
						AssociationMethod: "constant",
						Segment:           pulumi.StringRef("shared"),
					},
				},
				{
					RuleNumber:     200,
					ConditionLogic: pulumi.StringRef("or"),
					Conditions: []networkmanager.GetCoreNetworkPolicyDocumentAttachmentPolicyCondition{
						{
							Type:     "tag-value",
							Operator: pulumi.StringRef("equals"),
							Key:      pulumi.StringRef("segment"),
							Value:    pulumi.StringRef("prod"),
						},
					},
					Action: {
						AssociationMethod: "constant",
						Segment:           pulumi.StringRef("prod"),
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var test = Aws.NetworkManager.GetCoreNetworkPolicyDocument.Invoke(new()
    {
        CoreNetworkConfigurations = new[]
        {
            new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationInputArgs
            {
                VpnEcmpSupport = false,
                AsnRanges = new[]
                {
                    "64512-64555",
                },
                EdgeLocations = new[]
                {
                    new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs
                    {
                        Location = "us-east-1",
                        Asn = "64512",
                    },
                    new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationInputArgs
                    {
                        Location = "eu-central-1",
                        Asn = "64513",
                    },
                },
            },
        },
        Segments = new[]
        {
            new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs
            {
                Name = "shared",
                Description = "Segment for shared services",
                RequireAttachmentAcceptance = true,
            },
            new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentInputArgs
            {
                Name = "prod",
                Description = "Segment for prod services",
                RequireAttachmentAcceptance = true,
            },
        },
        SegmentActions = new[]
        {
            new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentSegmentActionInputArgs
            {
                Action = "share",
                Mode = "attachment-route",
                Segment = "shared",
                ShareWiths = new[]
                {
                    "*",
                },
            },
        },
        AttachmentPolicies = new[]
        {
            new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentAttachmentPolicyInputArgs
            {
                RuleNumber = 100,
                ConditionLogic = "or",
                Conditions = new[]
                {
                    new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentAttachmentPolicyConditionInputArgs
                    {
                        Type = "tag-value",
                        Operator = "equals",
                        Key = "segment",
                        Value = "shared",
                    },
                },
                Action = new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentAttachmentPolicyActionInputArgs
                {
                    AssociationMethod = "constant",
                    Segment = "shared",
                },
            },
            new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentAttachmentPolicyInputArgs
            {
                RuleNumber = 200,
                ConditionLogic = "or",
                Conditions = new[]
                {
                    new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentAttachmentPolicyConditionInputArgs
                    {
                        Type = "tag-value",
                        Operator = "equals",
                        Key = "segment",
                        Value = "prod",
                    },
                },
                Action = new Aws.NetworkManager.Inputs.GetCoreNetworkPolicyDocumentAttachmentPolicyActionInputArgs
                {
                    AssociationMethod = "constant",
                    Segment = "prod",
                },
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.networkmanager.NetworkmanagerFunctions;
import com.pulumi.aws.networkmanager.inputs.GetCoreNetworkPolicyDocumentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var test = NetworkmanagerFunctions.getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs.builder()
            .coreNetworkConfigurations(GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs.builder()
                .vpnEcmpSupport(false)
                .asnRanges("64512-64555")
                .edgeLocations(                
                    GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()
                        .location("us-east-1")
                        .asn(64512)
                        .build(),
                    GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocationArgs.builder()
                        .location("eu-central-1")
                        .asn(64513)
                        .build())
                .build())
            .segments(            
                GetCoreNetworkPolicyDocumentSegmentArgs.builder()
                    .name("shared")
                    .description("Segment for shared services")
                    .requireAttachmentAcceptance(true)
                    .build(),
                GetCoreNetworkPolicyDocumentSegmentArgs.builder()
                    .name("prod")
                    .description("Segment for prod services")
                    .requireAttachmentAcceptance(true)
                    .build())
            .segmentActions(GetCoreNetworkPolicyDocumentSegmentActionArgs.builder()
                .action("share")
                .mode("attachment-route")
                .segment("shared")
                .shareWiths("*")
                .build())
            .attachmentPolicies(            
                GetCoreNetworkPolicyDocumentAttachmentPolicyArgs.builder()
                    .ruleNumber(100)
                    .conditionLogic("or")
                    .conditions(GetCoreNetworkPolicyDocumentAttachmentPolicyConditionArgs.builder()
                        .type("tag-value")
                        .operator("equals")
                        .key("segment")
                        .value("shared")
                        .build())
                    .action(GetCoreNetworkPolicyDocumentAttachmentPolicyActionArgs.builder()
                        .associationMethod("constant")
                        .segment("shared")
                        .build())
                    .build(),
                GetCoreNetworkPolicyDocumentAttachmentPolicyArgs.builder()
                    .ruleNumber(200)
                    .conditionLogic("or")
                    .conditions(GetCoreNetworkPolicyDocumentAttachmentPolicyConditionArgs.builder()
                        .type("tag-value")
                        .operator("equals")
                        .key("segment")
                        .value("prod")
                        .build())
                    .action(GetCoreNetworkPolicyDocumentAttachmentPolicyActionArgs.builder()
                        .associationMethod("constant")
                        .segment("prod")
                        .build())
                    .build())
            .build());

    }
}

variables:
  test:
    fn::invoke:
      Function: aws:networkmanager:getCoreNetworkPolicyDocument
      Arguments:
        coreNetworkConfigurations:
          - vpnEcmpSupport: false
            asnRanges:
              - 64512-64555
            edgeLocations:
              - location: us-east-1
                asn: 64512
              - location: eu-central-1
                asn: 64513
        segments:
          - name: shared
            description: Segment for shared services
            requireAttachmentAcceptance: true
          - name: prod
            description: Segment for prod services
            requireAttachmentAcceptance: true
        segmentActions:
          - action: share
            mode: attachment-route
            segment: shared
            shareWiths:
              - '*'
        attachmentPolicies:
          - ruleNumber: 100
            conditionLogic: or
            conditions:
              - type: tag-value
                operator: equals
                key: segment
                value: shared
            action:
              associationMethod: constant
              segment: shared
          - ruleNumber: 200
            conditionLogic: or
            conditions:
              - type: tag-value
                operator: equals
                key: segment
                value: prod
            action:
              associationMethod: constant
              segment: prod

data.aws_networkmanager_core_network_policy_document.test.json will evaluate to:

{
  "version": "2021.12",
  "core-network-configuration": {
    "asn-ranges": [
      "64512-64555"
    ],
    "vpn-ecmp-support": false,
    "edge-locations": [
      {
        "location": "us-east-1",
        "asn": 64512
      },
      {
        "location": "eu-central-1",
        "asn": 64513
      }
    ]
  },
  "segments": [
    {
      "name": "shared",
      "description": "Segment for shared services",
      "require-attachment-acceptance": true
    },
    {
      "name": "prod",
      "description": "Segment for prod services",
      "require-attachment-acceptance": true
    }
  ],
  "attachment-policies": [
    {
      "rule-number": 100,
      "action": {
        "association-method": "constant",
        "segment": "shared"
      },
      "conditions": [
        {
          "type": "tag-value",
          "operator": "equals",
          "key": "segment",
          "value": "shared"
        }
      ],
      "condition-logic": "or"
    },
    {
      "rule-number": 200,
      "action": {
        "association-method": "constant",
        "segment": "prod"
      },
      "conditions": [
        {
          "type": "tag-value",
          "operator": "equals",
          "key": "segment",
          "value": "prod"
        }
      ],
      "condition-logic": "or"
    }
  ],
  "segment-actions": [
    {
      "action": "share",
      "mode": "attachment-route",
      "segment": "shared",
      "share-with": "*"
    }
  ]
}

Using getCoreNetworkPolicyDocument

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getCoreNetworkPolicyDocument(args: GetCoreNetworkPolicyDocumentArgs, opts?: InvokeOptions): Promise<GetCoreNetworkPolicyDocumentResult>
function getCoreNetworkPolicyDocumentOutput(args: GetCoreNetworkPolicyDocumentOutputArgs, opts?: InvokeOptions): Output<GetCoreNetworkPolicyDocumentResult>

def get_core_network_policy_document(attachment_policies: Optional[Sequence[GetCoreNetworkPolicyDocumentAttachmentPolicy]] = None,
                                     core_network_configurations: Optional[Sequence[GetCoreNetworkPolicyDocumentCoreNetworkConfiguration]] = None,
                                     segment_actions: Optional[Sequence[GetCoreNetworkPolicyDocumentSegmentAction]] = None,
                                     segments: Optional[Sequence[GetCoreNetworkPolicyDocumentSegment]] = None,
                                     version: Optional[str] = None,
                                     opts: Optional[InvokeOptions] = None) -> GetCoreNetworkPolicyDocumentResult
def get_core_network_policy_document_output(attachment_policies: Optional[pulumi.Input[Sequence[pulumi.Input[GetCoreNetworkPolicyDocumentAttachmentPolicyArgs]]]] = None,
                                     core_network_configurations: Optional[pulumi.Input[Sequence[pulumi.Input[GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs]]]] = None,
                                     segment_actions: Optional[pulumi.Input[Sequence[pulumi.Input[GetCoreNetworkPolicyDocumentSegmentActionArgs]]]] = None,
                                     segments: Optional[pulumi.Input[Sequence[pulumi.Input[GetCoreNetworkPolicyDocumentSegmentArgs]]]] = None,
                                     version: Optional[pulumi.Input[str]] = None,
                                     opts: Optional[InvokeOptions] = None) -> Output[GetCoreNetworkPolicyDocumentResult]

func GetCoreNetworkPolicyDocument(ctx *Context, args *GetCoreNetworkPolicyDocumentArgs, opts ...InvokeOption) (*GetCoreNetworkPolicyDocumentResult, error)
func GetCoreNetworkPolicyDocumentOutput(ctx *Context, args *GetCoreNetworkPolicyDocumentOutputArgs, opts ...InvokeOption) GetCoreNetworkPolicyDocumentResultOutput

> Note: This function is named GetCoreNetworkPolicyDocument in the Go SDK.

public static class GetCoreNetworkPolicyDocument 
{
    public static Task<GetCoreNetworkPolicyDocumentResult> InvokeAsync(GetCoreNetworkPolicyDocumentArgs args, InvokeOptions? opts = null)
    public static Output<GetCoreNetworkPolicyDocumentResult> Invoke(GetCoreNetworkPolicyDocumentInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetCoreNetworkPolicyDocumentResult> getCoreNetworkPolicyDocument(GetCoreNetworkPolicyDocumentArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

fn::invoke:
  function: aws:networkmanager/getCoreNetworkPolicyDocument:getCoreNetworkPolicyDocument
  arguments:
    # arguments dictionary

The following arguments are supported:

CoreNetworkConfigurations List<GetCoreNetworkPolicyDocumentCoreNetworkConfiguration>: The core network configuration section defines the Regions where a core network should operate. For AWS Regions that are defined in the policy, the core network creates a Core Network Edge where you can connect attachments. After it's created, each Core Network Edge is peered with every other defined Region and is configured with consistent segment and routing across all Regions. Regions cannot be removed until the associated attachments are deleted. Detailed below.
Segments List<GetCoreNetworkPolicyDocumentSegment>: Block argument that defines the different segments in the network. Here you can provide descriptions, change defaults, and provide explicit Regional operational and route filters. The names defined for each segment are used in the segment_actions and attachment_policies section. Each segment is created, and operates, as a completely separated routing domain. By default, attachments can only communicate with other attachments in the same segment. Detailed below.
AttachmentPolicies List<GetCoreNetworkPolicyDocumentAttachmentPolicy>: In a core network, all attachments use the block argument attachment_policies section to map an attachment to a segment. Instead of manually associating a segment to each attachment, attachments use tags, and then the tags are used to associate the attachment to the specified segment. Detailed below.
SegmentActions List<GetCoreNetworkPolicyDocumentSegmentAction>: A block argument, segment_actions define how routing works between segments. By default, attachments can only communicate with other attachments in the same segment. Detailed below.
Version string

CoreNetworkConfigurations []GetCoreNetworkPolicyDocumentCoreNetworkConfiguration: The core network configuration section defines the Regions where a core network should operate. For AWS Regions that are defined in the policy, the core network creates a Core Network Edge where you can connect attachments. After it's created, each Core Network Edge is peered with every other defined Region and is configured with consistent segment and routing across all Regions. Regions cannot be removed until the associated attachments are deleted. Detailed below.
Segments []GetCoreNetworkPolicyDocumentSegment: Block argument that defines the different segments in the network. Here you can provide descriptions, change defaults, and provide explicit Regional operational and route filters. The names defined for each segment are used in the segment_actions and attachment_policies section. Each segment is created, and operates, as a completely separated routing domain. By default, attachments can only communicate with other attachments in the same segment. Detailed below.
AttachmentPolicies []GetCoreNetworkPolicyDocumentAttachmentPolicy: In a core network, all attachments use the block argument attachment_policies section to map an attachment to a segment. Instead of manually associating a segment to each attachment, attachments use tags, and then the tags are used to associate the attachment to the specified segment. Detailed below.
SegmentActions []GetCoreNetworkPolicyDocumentSegmentAction: A block argument, segment_actions define how routing works between segments. By default, attachments can only communicate with other attachments in the same segment. Detailed below.
Version string

coreNetworkConfigurations List<GetCoreNetworkPolicyDocumentCoreNetworkConfiguration>: The core network configuration section defines the Regions where a core network should operate. For AWS Regions that are defined in the policy, the core network creates a Core Network Edge where you can connect attachments. After it's created, each Core Network Edge is peered with every other defined Region and is configured with consistent segment and routing across all Regions. Regions cannot be removed until the associated attachments are deleted. Detailed below.
segments List<GetCoreNetworkPolicyDocumentSegment>: Block argument that defines the different segments in the network. Here you can provide descriptions, change defaults, and provide explicit Regional operational and route filters. The names defined for each segment are used in the segment_actions and attachment_policies section. Each segment is created, and operates, as a completely separated routing domain. By default, attachments can only communicate with other attachments in the same segment. Detailed below.
attachmentPolicies List<GetCoreNetworkPolicyDocumentAttachmentPolicy>: In a core network, all attachments use the block argument attachment_policies section to map an attachment to a segment. Instead of manually associating a segment to each attachment, attachments use tags, and then the tags are used to associate the attachment to the specified segment. Detailed below.
segmentActions List<GetCoreNetworkPolicyDocumentSegmentAction>: A block argument, segment_actions define how routing works between segments. By default, attachments can only communicate with other attachments in the same segment. Detailed below.
version String

coreNetworkConfigurations GetCoreNetworkPolicyDocumentCoreNetworkConfiguration[]: The core network configuration section defines the Regions where a core network should operate. For AWS Regions that are defined in the policy, the core network creates a Core Network Edge where you can connect attachments. After it's created, each Core Network Edge is peered with every other defined Region and is configured with consistent segment and routing across all Regions. Regions cannot be removed until the associated attachments are deleted. Detailed below.
segments GetCoreNetworkPolicyDocumentSegment[]: Block argument that defines the different segments in the network. Here you can provide descriptions, change defaults, and provide explicit Regional operational and route filters. The names defined for each segment are used in the segment_actions and attachment_policies section. Each segment is created, and operates, as a completely separated routing domain. By default, attachments can only communicate with other attachments in the same segment. Detailed below.
attachmentPolicies GetCoreNetworkPolicyDocumentAttachmentPolicy[]: In a core network, all attachments use the block argument attachment_policies section to map an attachment to a segment. Instead of manually associating a segment to each attachment, attachments use tags, and then the tags are used to associate the attachment to the specified segment. Detailed below.
segmentActions GetCoreNetworkPolicyDocumentSegmentAction[]: A block argument, segment_actions define how routing works between segments. By default, attachments can only communicate with other attachments in the same segment. Detailed below.
version string

core_network_configurations Sequence[GetCoreNetworkPolicyDocumentCoreNetworkConfiguration]: The core network configuration section defines the Regions where a core network should operate. For AWS Regions that are defined in the policy, the core network creates a Core Network Edge where you can connect attachments. After it's created, each Core Network Edge is peered with every other defined Region and is configured with consistent segment and routing across all Regions. Regions cannot be removed until the associated attachments are deleted. Detailed below.
segments Sequence[GetCoreNetworkPolicyDocumentSegment]: Block argument that defines the different segments in the network. Here you can provide descriptions, change defaults, and provide explicit Regional operational and route filters. The names defined for each segment are used in the segment_actions and attachment_policies section. Each segment is created, and operates, as a completely separated routing domain. By default, attachments can only communicate with other attachments in the same segment. Detailed below.
attachment_policies Sequence[GetCoreNetworkPolicyDocumentAttachmentPolicy]: In a core network, all attachments use the block argument attachment_policies section to map an attachment to a segment. Instead of manually associating a segment to each attachment, attachments use tags, and then the tags are used to associate the attachment to the specified segment. Detailed below.
segment_actions Sequence[GetCoreNetworkPolicyDocumentSegmentAction]: A block argument, segment_actions define how routing works between segments. By default, attachments can only communicate with other attachments in the same segment. Detailed below.
version str

coreNetworkConfigurations List<Property Map>: The core network configuration section defines the Regions where a core network should operate. For AWS Regions that are defined in the policy, the core network creates a Core Network Edge where you can connect attachments. After it's created, each Core Network Edge is peered with every other defined Region and is configured with consistent segment and routing across all Regions. Regions cannot be removed until the associated attachments are deleted. Detailed below.
segments List<Property Map>: Block argument that defines the different segments in the network. Here you can provide descriptions, change defaults, and provide explicit Regional operational and route filters. The names defined for each segment are used in the segment_actions and attachment_policies section. Each segment is created, and operates, as a completely separated routing domain. By default, attachments can only communicate with other attachments in the same segment. Detailed below.
attachmentPolicies List<Property Map>: In a core network, all attachments use the block argument attachment_policies section to map an attachment to a segment. Instead of manually associating a segment to each attachment, attachments use tags, and then the tags are used to associate the attachment to the specified segment. Detailed below.
segmentActions List<Property Map>: A block argument, segment_actions define how routing works between segments. By default, attachments can only communicate with other attachments in the same segment. Detailed below.
version String

getCoreNetworkPolicyDocument Result

The following output properties are available:

CoreNetworkConfigurations List<GetCoreNetworkPolicyDocumentCoreNetworkConfiguration>
Id string: The provider-assigned unique ID for this managed resource.
Json string: Standard JSON policy document rendered based on the arguments above.
Segments List<GetCoreNetworkPolicyDocumentSegment>
AttachmentPolicies List<GetCoreNetworkPolicyDocumentAttachmentPolicy>
SegmentActions List<GetCoreNetworkPolicyDocumentSegmentAction>
Version string

CoreNetworkConfigurations []GetCoreNetworkPolicyDocumentCoreNetworkConfiguration
Id string: The provider-assigned unique ID for this managed resource.
Json string: Standard JSON policy document rendered based on the arguments above.
Segments []GetCoreNetworkPolicyDocumentSegment
AttachmentPolicies []GetCoreNetworkPolicyDocumentAttachmentPolicy
SegmentActions []GetCoreNetworkPolicyDocumentSegmentAction
Version string

coreNetworkConfigurations List<GetCoreNetworkPolicyDocumentCoreNetworkConfiguration>
id String: The provider-assigned unique ID for this managed resource.
json String: Standard JSON policy document rendered based on the arguments above.
segments List<GetCoreNetworkPolicyDocumentSegment>
attachmentPolicies List<GetCoreNetworkPolicyDocumentAttachmentPolicy>
segmentActions List<GetCoreNetworkPolicyDocumentSegmentAction>
version String

coreNetworkConfigurations GetCoreNetworkPolicyDocumentCoreNetworkConfiguration[]
id string: The provider-assigned unique ID for this managed resource.
json string: Standard JSON policy document rendered based on the arguments above.
segments GetCoreNetworkPolicyDocumentSegment[]
attachmentPolicies GetCoreNetworkPolicyDocumentAttachmentPolicy[]
segmentActions GetCoreNetworkPolicyDocumentSegmentAction[]
version string

core_network_configurations Sequence[GetCoreNetworkPolicyDocumentCoreNetworkConfiguration]
id str: The provider-assigned unique ID for this managed resource.
json str: Standard JSON policy document rendered based on the arguments above.
segments Sequence[GetCoreNetworkPolicyDocumentSegment]
attachment_policies Sequence[GetCoreNetworkPolicyDocumentAttachmentPolicy]
segment_actions Sequence[GetCoreNetworkPolicyDocumentSegmentAction]
version str

coreNetworkConfigurations List<Property Map>
id String: The provider-assigned unique ID for this managed resource.
json String: Standard JSON policy document rendered based on the arguments above.
segments List<Property Map>
attachmentPolicies List<Property Map>
segmentActions List<Property Map>
version String

Supporting Types

GetCoreNetworkPolicyDocumentAttachmentPolicy

Action GetCoreNetworkPolicyDocumentAttachmentPolicyAction: Action to take when a condition is true. Detailed Below.
Conditions List<GetCoreNetworkPolicyDocumentAttachmentPolicyCondition>: A block argument. Detailed Below.
RuleNumber int: An integer from 1 to 65535 indicating the rule's order number. Rules are processed in order from the lowest numbered rule to the highest. Rules stop processing when a rule is matched. It's important to make sure that you number your rules in the exact order that you want them processed.
ConditionLogic string: Valid values include and or or. This is a mandatory parameter only if you have more than one condition. The condition_logic apply to all of the conditions for a rule, which also means nested conditions of and or or are not supported. Use or if you want to associate the attachment with the segment by either the segment name or attachment tag value, or by the chosen conditions. Use and if you want to associate the attachment with the segment by either the segment name or attachment tag value and by the chosen conditions. Detailed Below.
Description string: A user-defined description that further helps identify the rule.

Action GetCoreNetworkPolicyDocumentAttachmentPolicyAction: Action to take when a condition is true. Detailed Below.
Conditions []GetCoreNetworkPolicyDocumentAttachmentPolicyCondition: A block argument. Detailed Below.
RuleNumber int: An integer from 1 to 65535 indicating the rule's order number. Rules are processed in order from the lowest numbered rule to the highest. Rules stop processing when a rule is matched. It's important to make sure that you number your rules in the exact order that you want them processed.
ConditionLogic string: Valid values include and or or. This is a mandatory parameter only if you have more than one condition. The condition_logic apply to all of the conditions for a rule, which also means nested conditions of and or or are not supported. Use or if you want to associate the attachment with the segment by either the segment name or attachment tag value, or by the chosen conditions. Use and if you want to associate the attachment with the segment by either the segment name or attachment tag value and by the chosen conditions. Detailed Below.
Description string: A user-defined description that further helps identify the rule.

action GetCoreNetworkPolicyDocumentAttachmentPolicyAction: Action to take when a condition is true. Detailed Below.
conditions List<GetCoreNetworkPolicyDocumentAttachmentPolicyCondition>: A block argument. Detailed Below.
ruleNumber Integer: An integer from 1 to 65535 indicating the rule's order number. Rules are processed in order from the lowest numbered rule to the highest. Rules stop processing when a rule is matched. It's important to make sure that you number your rules in the exact order that you want them processed.
conditionLogic String: Valid values include and or or. This is a mandatory parameter only if you have more than one condition. The condition_logic apply to all of the conditions for a rule, which also means nested conditions of and or or are not supported. Use or if you want to associate the attachment with the segment by either the segment name or attachment tag value, or by the chosen conditions. Use and if you want to associate the attachment with the segment by either the segment name or attachment tag value and by the chosen conditions. Detailed Below.
description String: A user-defined description that further helps identify the rule.

action GetCoreNetworkPolicyDocumentAttachmentPolicyAction: Action to take when a condition is true. Detailed Below.
conditions GetCoreNetworkPolicyDocumentAttachmentPolicyCondition[]: A block argument. Detailed Below.
ruleNumber number: An integer from 1 to 65535 indicating the rule's order number. Rules are processed in order from the lowest numbered rule to the highest. Rules stop processing when a rule is matched. It's important to make sure that you number your rules in the exact order that you want them processed.
conditionLogic string: Valid values include and or or. This is a mandatory parameter only if you have more than one condition. The condition_logic apply to all of the conditions for a rule, which also means nested conditions of and or or are not supported. Use or if you want to associate the attachment with the segment by either the segment name or attachment tag value, or by the chosen conditions. Use and if you want to associate the attachment with the segment by either the segment name or attachment tag value and by the chosen conditions. Detailed Below.
description string: A user-defined description that further helps identify the rule.

action GetCoreNetworkPolicyDocumentAttachmentPolicyAction: Action to take when a condition is true. Detailed Below.
conditions Sequence[GetCoreNetworkPolicyDocumentAttachmentPolicyCondition]: A block argument. Detailed Below.
rule_number int: An integer from 1 to 65535 indicating the rule's order number. Rules are processed in order from the lowest numbered rule to the highest. Rules stop processing when a rule is matched. It's important to make sure that you number your rules in the exact order that you want them processed.
condition_logic str: Valid values include and or or. This is a mandatory parameter only if you have more than one condition. The condition_logic apply to all of the conditions for a rule, which also means nested conditions of and or or are not supported. Use or if you want to associate the attachment with the segment by either the segment name or attachment tag value, or by the chosen conditions. Use and if you want to associate the attachment with the segment by either the segment name or attachment tag value and by the chosen conditions. Detailed Below.
description str: A user-defined description that further helps identify the rule.

action Property Map: Action to take when a condition is true. Detailed Below.
conditions List<Property Map>: A block argument. Detailed Below.
ruleNumber Number: An integer from 1 to 65535 indicating the rule's order number. Rules are processed in order from the lowest numbered rule to the highest. Rules stop processing when a rule is matched. It's important to make sure that you number your rules in the exact order that you want them processed.
conditionLogic String: Valid values include and or or. This is a mandatory parameter only if you have more than one condition. The condition_logic apply to all of the conditions for a rule, which also means nested conditions of and or or are not supported. Use or if you want to associate the attachment with the segment by either the segment name or attachment tag value, or by the chosen conditions. Use and if you want to associate the attachment with the segment by either the segment name or attachment tag value and by the chosen conditions. Detailed Below.
description String: A user-defined description that further helps identify the rule.

GetCoreNetworkPolicyDocumentAttachmentPolicyAction

AssociationMethod string: Defines how a segment is mapped. Values can be constant or tag. constant statically defines the segment to associate the attachment to. tag uses the value of a tag to dynamically try to map to a segment.reference_policies_elements_condition_operators.html) to evaluate.
RequireAcceptance bool: Determines if this mapping should override the segment value for require_attachment_acceptance. You can only set this to true, indicating that this setting applies only to segments that have require_attachment_acceptance set to false. If the segment already has the default require_attachment_acceptance, you can set this to inherit segment’s acceptance value.
Segment string: Name of the segment to share as defined in the segments section. This is used only when the association_method is constant.
TagValueOfKey string: Maps the attachment to the value of a known key. This is used with the association_method is tag. For example a tag of stage = “test”, will map to a segment named test. The value must exactly match the name of a segment. This allows you to have many segments, but use only a single rule without having to define multiple nearly identical conditions. This prevents creating many similar conditions that all use the same keys to map to segments.

AssociationMethod string: Defines how a segment is mapped. Values can be constant or tag. constant statically defines the segment to associate the attachment to. tag uses the value of a tag to dynamically try to map to a segment.reference_policies_elements_condition_operators.html) to evaluate.
RequireAcceptance bool: Determines if this mapping should override the segment value for require_attachment_acceptance. You can only set this to true, indicating that this setting applies only to segments that have require_attachment_acceptance set to false. If the segment already has the default require_attachment_acceptance, you can set this to inherit segment’s acceptance value.
Segment string: Name of the segment to share as defined in the segments section. This is used only when the association_method is constant.
TagValueOfKey string: Maps the attachment to the value of a known key. This is used with the association_method is tag. For example a tag of stage = “test”, will map to a segment named test. The value must exactly match the name of a segment. This allows you to have many segments, but use only a single rule without having to define multiple nearly identical conditions. This prevents creating many similar conditions that all use the same keys to map to segments.

associationMethod String: Defines how a segment is mapped. Values can be constant or tag. constant statically defines the segment to associate the attachment to. tag uses the value of a tag to dynamically try to map to a segment.reference_policies_elements_condition_operators.html) to evaluate.
requireAcceptance Boolean: Determines if this mapping should override the segment value for require_attachment_acceptance. You can only set this to true, indicating that this setting applies only to segments that have require_attachment_acceptance set to false. If the segment already has the default require_attachment_acceptance, you can set this to inherit segment’s acceptance value.
segment String: Name of the segment to share as defined in the segments section. This is used only when the association_method is constant.
tagValueOfKey String: Maps the attachment to the value of a known key. This is used with the association_method is tag. For example a tag of stage = “test”, will map to a segment named test. The value must exactly match the name of a segment. This allows you to have many segments, but use only a single rule without having to define multiple nearly identical conditions. This prevents creating many similar conditions that all use the same keys to map to segments.

associationMethod string: Defines how a segment is mapped. Values can be constant or tag. constant statically defines the segment to associate the attachment to. tag uses the value of a tag to dynamically try to map to a segment.reference_policies_elements_condition_operators.html) to evaluate.
requireAcceptance boolean: Determines if this mapping should override the segment value for require_attachment_acceptance. You can only set this to true, indicating that this setting applies only to segments that have require_attachment_acceptance set to false. If the segment already has the default require_attachment_acceptance, you can set this to inherit segment’s acceptance value.
segment string: Name of the segment to share as defined in the segments section. This is used only when the association_method is constant.
tagValueOfKey string: Maps the attachment to the value of a known key. This is used with the association_method is tag. For example a tag of stage = “test”, will map to a segment named test. The value must exactly match the name of a segment. This allows you to have many segments, but use only a single rule without having to define multiple nearly identical conditions. This prevents creating many similar conditions that all use the same keys to map to segments.

association_method str: Defines how a segment is mapped. Values can be constant or tag. constant statically defines the segment to associate the attachment to. tag uses the value of a tag to dynamically try to map to a segment.reference_policies_elements_condition_operators.html) to evaluate.
require_acceptance bool: Determines if this mapping should override the segment value for require_attachment_acceptance. You can only set this to true, indicating that this setting applies only to segments that have require_attachment_acceptance set to false. If the segment already has the default require_attachment_acceptance, you can set this to inherit segment’s acceptance value.
segment str: Name of the segment to share as defined in the segments section. This is used only when the association_method is constant.
tag_value_of_key str: Maps the attachment to the value of a known key. This is used with the association_method is tag. For example a tag of stage = “test”, will map to a segment named test. The value must exactly match the name of a segment. This allows you to have many segments, but use only a single rule without having to define multiple nearly identical conditions. This prevents creating many similar conditions that all use the same keys to map to segments.

associationMethod String: Defines how a segment is mapped. Values can be constant or tag. constant statically defines the segment to associate the attachment to. tag uses the value of a tag to dynamically try to map to a segment.reference_policies_elements_condition_operators.html) to evaluate.
requireAcceptance Boolean: Determines if this mapping should override the segment value for require_attachment_acceptance. You can only set this to true, indicating that this setting applies only to segments that have require_attachment_acceptance set to false. If the segment already has the default require_attachment_acceptance, you can set this to inherit segment’s acceptance value.
segment String: Name of the segment to share as defined in the segments section. This is used only when the association_method is constant.
tagValueOfKey String: Maps the attachment to the value of a known key. This is used with the association_method is tag. For example a tag of stage = “test”, will map to a segment named test. The value must exactly match the name of a segment. This allows you to have many segments, but use only a single rule without having to define multiple nearly identical conditions. This prevents creating many similar conditions that all use the same keys to map to segments.

GetCoreNetworkPolicyDocumentAttachmentPolicyCondition

Type string: Valid values include: account-id, any, tag-value, tag-exists, resource-id, region, attachment-type.
Key string: string value
Operator string: Valid values include: equals, not-equals, contains, begins-with.
Value string: string value

Type string: Valid values include: account-id, any, tag-value, tag-exists, resource-id, region, attachment-type.
Key string: string value
Operator string: Valid values include: equals, not-equals, contains, begins-with.
Value string: string value

type String: Valid values include: account-id, any, tag-value, tag-exists, resource-id, region, attachment-type.
key String: string value
operator String: Valid values include: equals, not-equals, contains, begins-with.
value String: string value

type string: Valid values include: account-id, any, tag-value, tag-exists, resource-id, region, attachment-type.
key string: string value
operator string: Valid values include: equals, not-equals, contains, begins-with.
value string: string value

type str: Valid values include: account-id, any, tag-value, tag-exists, resource-id, region, attachment-type.
key str: string value
operator str: Valid values include: equals, not-equals, contains, begins-with.
value str: string value

type String: Valid values include: account-id, any, tag-value, tag-exists, resource-id, region, attachment-type.
key String: string value
operator String: Valid values include: equals, not-equals, contains, begins-with.
value String: string value

GetCoreNetworkPolicyDocumentCoreNetworkConfiguration

AsnRanges List<string>: List of strings containing Autonomous System Numbers (ASNs) to assign to Core Network Edges. By default, the core network automatically assigns an ASN for each Core Network Edge but you can optionally define the ASN in the edge-locations for each Region. The ASN uses an array of integer ranges only from 64512 to 65534 and 4200000000 to 4294967294 expressed as a string like "64512-65534". No other ASN ranges can be used.
EdgeLocations List<GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocation>: A block value of AWS Region locations where you're creating Core Network Edges. Detailed below.
InsideCidrBlocks List<string>: The Classless Inter-Domain Routing (CIDR) block range used to create tunnels for AWS Transit Gateway Connect. The format is standard AWS CIDR range (for example, 10.0.1.0/24). You can optionally define the inside CIDR in the Core Network Edges section per Region. The minimum is a /24 for IPv4 or /64 for IPv6. You can provide multiple /24 subnets or a larger CIDR range. If you define a larger CIDR range, new Core Network Edges will be automatically assigned /24 and /64 subnets from the larger CIDR. an Inside CIDR block is required for attaching Connect attachments to a Core Network Edge.
VpnEcmpSupport bool: Indicates whether the core network forwards traffic over multiple equal-cost routes using VPN. The value can be either true or false. The default is true.

AsnRanges []string: List of strings containing Autonomous System Numbers (ASNs) to assign to Core Network Edges. By default, the core network automatically assigns an ASN for each Core Network Edge but you can optionally define the ASN in the edge-locations for each Region. The ASN uses an array of integer ranges only from 64512 to 65534 and 4200000000 to 4294967294 expressed as a string like "64512-65534". No other ASN ranges can be used.
EdgeLocations []GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocation: A block value of AWS Region locations where you're creating Core Network Edges. Detailed below.
InsideCidrBlocks []string: The Classless Inter-Domain Routing (CIDR) block range used to create tunnels for AWS Transit Gateway Connect. The format is standard AWS CIDR range (for example, 10.0.1.0/24). You can optionally define the inside CIDR in the Core Network Edges section per Region. The minimum is a /24 for IPv4 or /64 for IPv6. You can provide multiple /24 subnets or a larger CIDR range. If you define a larger CIDR range, new Core Network Edges will be automatically assigned /24 and /64 subnets from the larger CIDR. an Inside CIDR block is required for attaching Connect attachments to a Core Network Edge.
VpnEcmpSupport bool: Indicates whether the core network forwards traffic over multiple equal-cost routes using VPN. The value can be either true or false. The default is true.

asnRanges List<String>: List of strings containing Autonomous System Numbers (ASNs) to assign to Core Network Edges. By default, the core network automatically assigns an ASN for each Core Network Edge but you can optionally define the ASN in the edge-locations for each Region. The ASN uses an array of integer ranges only from 64512 to 65534 and 4200000000 to 4294967294 expressed as a string like "64512-65534". No other ASN ranges can be used.
edgeLocations List<GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocation>: A block value of AWS Region locations where you're creating Core Network Edges. Detailed below.
insideCidrBlocks List<String>: The Classless Inter-Domain Routing (CIDR) block range used to create tunnels for AWS Transit Gateway Connect. The format is standard AWS CIDR range (for example, 10.0.1.0/24). You can optionally define the inside CIDR in the Core Network Edges section per Region. The minimum is a /24 for IPv4 or /64 for IPv6. You can provide multiple /24 subnets or a larger CIDR range. If you define a larger CIDR range, new Core Network Edges will be automatically assigned /24 and /64 subnets from the larger CIDR. an Inside CIDR block is required for attaching Connect attachments to a Core Network Edge.
vpnEcmpSupport Boolean: Indicates whether the core network forwards traffic over multiple equal-cost routes using VPN. The value can be either true or false. The default is true.

asnRanges string[]: List of strings containing Autonomous System Numbers (ASNs) to assign to Core Network Edges. By default, the core network automatically assigns an ASN for each Core Network Edge but you can optionally define the ASN in the edge-locations for each Region. The ASN uses an array of integer ranges only from 64512 to 65534 and 4200000000 to 4294967294 expressed as a string like "64512-65534". No other ASN ranges can be used.
edgeLocations GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocation[]: A block value of AWS Region locations where you're creating Core Network Edges. Detailed below.
insideCidrBlocks string[]: The Classless Inter-Domain Routing (CIDR) block range used to create tunnels for AWS Transit Gateway Connect. The format is standard AWS CIDR range (for example, 10.0.1.0/24). You can optionally define the inside CIDR in the Core Network Edges section per Region. The minimum is a /24 for IPv4 or /64 for IPv6. You can provide multiple /24 subnets or a larger CIDR range. If you define a larger CIDR range, new Core Network Edges will be automatically assigned /24 and /64 subnets from the larger CIDR. an Inside CIDR block is required for attaching Connect attachments to a Core Network Edge.
vpnEcmpSupport boolean: Indicates whether the core network forwards traffic over multiple equal-cost routes using VPN. The value can be either true or false. The default is true.

asn_ranges Sequence[str]: List of strings containing Autonomous System Numbers (ASNs) to assign to Core Network Edges. By default, the core network automatically assigns an ASN for each Core Network Edge but you can optionally define the ASN in the edge-locations for each Region. The ASN uses an array of integer ranges only from 64512 to 65534 and 4200000000 to 4294967294 expressed as a string like "64512-65534". No other ASN ranges can be used.
edge_locations Sequence[GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocation]: A block value of AWS Region locations where you're creating Core Network Edges. Detailed below.
inside_cidr_blocks Sequence[str]: The Classless Inter-Domain Routing (CIDR) block range used to create tunnels for AWS Transit Gateway Connect. The format is standard AWS CIDR range (for example, 10.0.1.0/24). You can optionally define the inside CIDR in the Core Network Edges section per Region. The minimum is a /24 for IPv4 or /64 for IPv6. You can provide multiple /24 subnets or a larger CIDR range. If you define a larger CIDR range, new Core Network Edges will be automatically assigned /24 and /64 subnets from the larger CIDR. an Inside CIDR block is required for attaching Connect attachments to a Core Network Edge.
vpn_ecmp_support bool: Indicates whether the core network forwards traffic over multiple equal-cost routes using VPN. The value can be either true or false. The default is true.

asnRanges List<String>: List of strings containing Autonomous System Numbers (ASNs) to assign to Core Network Edges. By default, the core network automatically assigns an ASN for each Core Network Edge but you can optionally define the ASN in the edge-locations for each Region. The ASN uses an array of integer ranges only from 64512 to 65534 and 4200000000 to 4294967294 expressed as a string like "64512-65534". No other ASN ranges can be used.
edgeLocations List<Property Map>: A block value of AWS Region locations where you're creating Core Network Edges. Detailed below.
insideCidrBlocks List<String>: The Classless Inter-Domain Routing (CIDR) block range used to create tunnels for AWS Transit Gateway Connect. The format is standard AWS CIDR range (for example, 10.0.1.0/24). You can optionally define the inside CIDR in the Core Network Edges section per Region. The minimum is a /24 for IPv4 or /64 for IPv6. You can provide multiple /24 subnets or a larger CIDR range. If you define a larger CIDR range, new Core Network Edges will be automatically assigned /24 and /64 subnets from the larger CIDR. an Inside CIDR block is required for attaching Connect attachments to a Core Network Edge.
vpnEcmpSupport Boolean: Indicates whether the core network forwards traffic over multiple equal-cost routes using VPN. The value can be either true or false. The default is true.

GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocation

Location string
Asn string: ASN of the Core Network Edge in an AWS Region. By default, the ASN will be a single integer automatically assigned from asn_ranges
InsideCidrBlocks List<string>: The local CIDR blocks for this Core Network Edge for AWS Transit Gateway Connect attachments. By default, this CIDR block will be one or more optional IPv4 and IPv6 CIDR prefixes auto-assigned from inside_cidr_blocks.

Location string
Asn string: ASN of the Core Network Edge in an AWS Region. By default, the ASN will be a single integer automatically assigned from asn_ranges
InsideCidrBlocks []string: The local CIDR blocks for this Core Network Edge for AWS Transit Gateway Connect attachments. By default, this CIDR block will be one or more optional IPv4 and IPv6 CIDR prefixes auto-assigned from inside_cidr_blocks.

location String
asn String: ASN of the Core Network Edge in an AWS Region. By default, the ASN will be a single integer automatically assigned from asn_ranges
insideCidrBlocks List<String>: The local CIDR blocks for this Core Network Edge for AWS Transit Gateway Connect attachments. By default, this CIDR block will be one or more optional IPv4 and IPv6 CIDR prefixes auto-assigned from inside_cidr_blocks.

location string
asn string: ASN of the Core Network Edge in an AWS Region. By default, the ASN will be a single integer automatically assigned from asn_ranges
insideCidrBlocks string[]: The local CIDR blocks for this Core Network Edge for AWS Transit Gateway Connect attachments. By default, this CIDR block will be one or more optional IPv4 and IPv6 CIDR prefixes auto-assigned from inside_cidr_blocks.

location str
asn str: ASN of the Core Network Edge in an AWS Region. By default, the ASN will be a single integer automatically assigned from asn_ranges
inside_cidr_blocks Sequence[str]: The local CIDR blocks for this Core Network Edge for AWS Transit Gateway Connect attachments. By default, this CIDR block will be one or more optional IPv4 and IPv6 CIDR prefixes auto-assigned from inside_cidr_blocks.

location String
asn String: ASN of the Core Network Edge in an AWS Region. By default, the ASN will be a single integer automatically assigned from asn_ranges
insideCidrBlocks List<String>: The local CIDR blocks for this Core Network Edge for AWS Transit Gateway Connect attachments. By default, this CIDR block will be one or more optional IPv4 and IPv6 CIDR prefixes auto-assigned from inside_cidr_blocks.

GetCoreNetworkPolicyDocumentSegment

Name string: Unique name for a segment. The name is a string used in other parts of the policy document, as well as in the console for metrics and other reference points. Valid characters are a–z, and 0–9.
AllowFilters List<string>: List of strings of segment names that explicitly allows only routes from the segments that are listed in the array. Use the allow_filter setting if a segment has a well-defined group of other segments that connectivity should be restricted to. It is applied after routes have been shared in segment_actions. If a segment is listed in allow_filter, attachments between the two segments will have routes if they are also shared in the segment-actions area. For example, you might have a segment named "video-producer" that should only ever share routes with a "video-distributor" segment, no matter how many other share statements are created.
DenyFilters List<string>: An array of segments that disallows routes from the segments listed in the array. It is applied only after routes have been shared in segment_actions. If a segment is listed in the deny_filter, attachments between the two segments will never have routes shared across them. For example, you might have a "financial" payment segment that should never share routes with a "development" segment, regardless of how many other share statements are created. Adding the payments segment to the deny-filter parameter prevents any shared routes from being created with other segments.
Description string: A user-defined string describing the segment.
EdgeLocations List<string>: A list of strings of AWS Region names. Allows you to define a more restrictive set of Regions for a segment. The edge location must be a subset of the locations that are defined for edge_locations in the core_network_configuration.
IsolateAttachments bool: This Boolean setting determines whether attachments on the same segment can communicate with each other. If set to true, the only routes available will be either shared routes through the share actions, which are attachments in other segments, or static routes. The default value is false. For example, you might have a segment dedicated to "development" that should never allow VPCs to talk to each other, even if they’re on the same segment. In this example, you would keep the default parameter of false.
RequireAttachmentAcceptance bool: This Boolean setting determines whether attachment requests are automatically approved or require acceptance. The default is true, indicating that attachment requests require acceptance. For example, you might use this setting to allow a "sandbox" segment to allow any attachment request so that a core network or attachment administrator does not need to review and approve attachment requests. In this example, require_attachment_acceptance is set to false.

Name string: Unique name for a segment. The name is a string used in other parts of the policy document, as well as in the console for metrics and other reference points. Valid characters are a–z, and 0–9.
AllowFilters []string: List of strings of segment names that explicitly allows only routes from the segments that are listed in the array. Use the allow_filter setting if a segment has a well-defined group of other segments that connectivity should be restricted to. It is applied after routes have been shared in segment_actions. If a segment is listed in allow_filter, attachments between the two segments will have routes if they are also shared in the segment-actions area. For example, you might have a segment named "video-producer" that should only ever share routes with a "video-distributor" segment, no matter how many other share statements are created.
DenyFilters []string: An array of segments that disallows routes from the segments listed in the array. It is applied only after routes have been shared in segment_actions. If a segment is listed in the deny_filter, attachments between the two segments will never have routes shared across them. For example, you might have a "financial" payment segment that should never share routes with a "development" segment, regardless of how many other share statements are created. Adding the payments segment to the deny-filter parameter prevents any shared routes from being created with other segments.
Description string: A user-defined string describing the segment.
EdgeLocations []string: A list of strings of AWS Region names. Allows you to define a more restrictive set of Regions for a segment. The edge location must be a subset of the locations that are defined for edge_locations in the core_network_configuration.
IsolateAttachments bool: This Boolean setting determines whether attachments on the same segment can communicate with each other. If set to true, the only routes available will be either shared routes through the share actions, which are attachments in other segments, or static routes. The default value is false. For example, you might have a segment dedicated to "development" that should never allow VPCs to talk to each other, even if they’re on the same segment. In this example, you would keep the default parameter of false.
RequireAttachmentAcceptance bool: This Boolean setting determines whether attachment requests are automatically approved or require acceptance. The default is true, indicating that attachment requests require acceptance. For example, you might use this setting to allow a "sandbox" segment to allow any attachment request so that a core network or attachment administrator does not need to review and approve attachment requests. In this example, require_attachment_acceptance is set to false.

name String: Unique name for a segment. The name is a string used in other parts of the policy document, as well as in the console for metrics and other reference points. Valid characters are a–z, and 0–9.
allowFilters List<String>: List of strings of segment names that explicitly allows only routes from the segments that are listed in the array. Use the allow_filter setting if a segment has a well-defined group of other segments that connectivity should be restricted to. It is applied after routes have been shared in segment_actions. If a segment is listed in allow_filter, attachments between the two segments will have routes if they are also shared in the segment-actions area. For example, you might have a segment named "video-producer" that should only ever share routes with a "video-distributor" segment, no matter how many other share statements are created.
denyFilters List<String>: An array of segments that disallows routes from the segments listed in the array. It is applied only after routes have been shared in segment_actions. If a segment is listed in the deny_filter, attachments between the two segments will never have routes shared across them. For example, you might have a "financial" payment segment that should never share routes with a "development" segment, regardless of how many other share statements are created. Adding the payments segment to the deny-filter parameter prevents any shared routes from being created with other segments.
description String: A user-defined string describing the segment.
edgeLocations List<String>: A list of strings of AWS Region names. Allows you to define a more restrictive set of Regions for a segment. The edge location must be a subset of the locations that are defined for edge_locations in the core_network_configuration.
isolateAttachments Boolean: This Boolean setting determines whether attachments on the same segment can communicate with each other. If set to true, the only routes available will be either shared routes through the share actions, which are attachments in other segments, or static routes. The default value is false. For example, you might have a segment dedicated to "development" that should never allow VPCs to talk to each other, even if they’re on the same segment. In this example, you would keep the default parameter of false.
requireAttachmentAcceptance Boolean: This Boolean setting determines whether attachment requests are automatically approved or require acceptance. The default is true, indicating that attachment requests require acceptance. For example, you might use this setting to allow a "sandbox" segment to allow any attachment request so that a core network or attachment administrator does not need to review and approve attachment requests. In this example, require_attachment_acceptance is set to false.

name string: Unique name for a segment. The name is a string used in other parts of the policy document, as well as in the console for metrics and other reference points. Valid characters are a–z, and 0–9.
allowFilters string[]: List of strings of segment names that explicitly allows only routes from the segments that are listed in the array. Use the allow_filter setting if a segment has a well-defined group of other segments that connectivity should be restricted to. It is applied after routes have been shared in segment_actions. If a segment is listed in allow_filter, attachments between the two segments will have routes if they are also shared in the segment-actions area. For example, you might have a segment named "video-producer" that should only ever share routes with a "video-distributor" segment, no matter how many other share statements are created.
denyFilters string[]: An array of segments that disallows routes from the segments listed in the array. It is applied only after routes have been shared in segment_actions. If a segment is listed in the deny_filter, attachments between the two segments will never have routes shared across them. For example, you might have a "financial" payment segment that should never share routes with a "development" segment, regardless of how many other share statements are created. Adding the payments segment to the deny-filter parameter prevents any shared routes from being created with other segments.
description string: A user-defined string describing the segment.
edgeLocations string[]: A list of strings of AWS Region names. Allows you to define a more restrictive set of Regions for a segment. The edge location must be a subset of the locations that are defined for edge_locations in the core_network_configuration.
isolateAttachments boolean: This Boolean setting determines whether attachments on the same segment can communicate with each other. If set to true, the only routes available will be either shared routes through the share actions, which are attachments in other segments, or static routes. The default value is false. For example, you might have a segment dedicated to "development" that should never allow VPCs to talk to each other, even if they’re on the same segment. In this example, you would keep the default parameter of false.
requireAttachmentAcceptance boolean: This Boolean setting determines whether attachment requests are automatically approved or require acceptance. The default is true, indicating that attachment requests require acceptance. For example, you might use this setting to allow a "sandbox" segment to allow any attachment request so that a core network or attachment administrator does not need to review and approve attachment requests. In this example, require_attachment_acceptance is set to false.

name str: Unique name for a segment. The name is a string used in other parts of the policy document, as well as in the console for metrics and other reference points. Valid characters are a–z, and 0–9.
allow_filters Sequence[str]: List of strings of segment names that explicitly allows only routes from the segments that are listed in the array. Use the allow_filter setting if a segment has a well-defined group of other segments that connectivity should be restricted to. It is applied after routes have been shared in segment_actions. If a segment is listed in allow_filter, attachments between the two segments will have routes if they are also shared in the segment-actions area. For example, you might have a segment named "video-producer" that should only ever share routes with a "video-distributor" segment, no matter how many other share statements are created.
deny_filters Sequence[str]: An array of segments that disallows routes from the segments listed in the array. It is applied only after routes have been shared in segment_actions. If a segment is listed in the deny_filter, attachments between the two segments will never have routes shared across them. For example, you might have a "financial" payment segment that should never share routes with a "development" segment, regardless of how many other share statements are created. Adding the payments segment to the deny-filter parameter prevents any shared routes from being created with other segments.
description str: A user-defined string describing the segment.
edge_locations Sequence[str]: A list of strings of AWS Region names. Allows you to define a more restrictive set of Regions for a segment. The edge location must be a subset of the locations that are defined for edge_locations in the core_network_configuration.
isolate_attachments bool: This Boolean setting determines whether attachments on the same segment can communicate with each other. If set to true, the only routes available will be either shared routes through the share actions, which are attachments in other segments, or static routes. The default value is false. For example, you might have a segment dedicated to "development" that should never allow VPCs to talk to each other, even if they’re on the same segment. In this example, you would keep the default parameter of false.
require_attachment_acceptance bool: This Boolean setting determines whether attachment requests are automatically approved or require acceptance. The default is true, indicating that attachment requests require acceptance. For example, you might use this setting to allow a "sandbox" segment to allow any attachment request so that a core network or attachment administrator does not need to review and approve attachment requests. In this example, require_attachment_acceptance is set to false.

name String: Unique name for a segment. The name is a string used in other parts of the policy document, as well as in the console for metrics and other reference points. Valid characters are a–z, and 0–9.
allowFilters List<String>: List of strings of segment names that explicitly allows only routes from the segments that are listed in the array. Use the allow_filter setting if a segment has a well-defined group of other segments that connectivity should be restricted to. It is applied after routes have been shared in segment_actions. If a segment is listed in allow_filter, attachments between the two segments will have routes if they are also shared in the segment-actions area. For example, you might have a segment named "video-producer" that should only ever share routes with a "video-distributor" segment, no matter how many other share statements are created.
denyFilters List<String>: An array of segments that disallows routes from the segments listed in the array. It is applied only after routes have been shared in segment_actions. If a segment is listed in the deny_filter, attachments between the two segments will never have routes shared across them. For example, you might have a "financial" payment segment that should never share routes with a "development" segment, regardless of how many other share statements are created. Adding the payments segment to the deny-filter parameter prevents any shared routes from being created with other segments.
description String: A user-defined string describing the segment.
edgeLocations List<String>: A list of strings of AWS Region names. Allows you to define a more restrictive set of Regions for a segment. The edge location must be a subset of the locations that are defined for edge_locations in the core_network_configuration.
isolateAttachments Boolean: This Boolean setting determines whether attachments on the same segment can communicate with each other. If set to true, the only routes available will be either shared routes through the share actions, which are attachments in other segments, or static routes. The default value is false. For example, you might have a segment dedicated to "development" that should never allow VPCs to talk to each other, even if they’re on the same segment. In this example, you would keep the default parameter of false.
requireAttachmentAcceptance Boolean: This Boolean setting determines whether attachment requests are automatically approved or require acceptance. The default is true, indicating that attachment requests require acceptance. For example, you might use this setting to allow a "sandbox" segment to allow any attachment request so that a core network or attachment administrator does not need to review and approve attachment requests. In this example, require_attachment_acceptance is set to false.

GetCoreNetworkPolicyDocumentSegmentAction

Action string: Action to take for the chosen segment. Valid values create-route or share.
Segment string: Name of the segment.
Description string: A user-defined string describing the segment action.
DestinationCidrBlocks List<string>: List of strings containing CIDRs. You can define the IPv4 and IPv6 CIDR notation for each AWS Region. For example, 10.1.0.0/16 or 2001:db8::/56. This is an array of CIDR notation strings.
Destinations List<string>: A list of strings. Valid values include ["blackhole"] or a list of attachment ids.
Mode string: String. This mode places the attachment and return routes in each of the share_with segments. Valid values include: attachment-route.
ShareWithExcepts List<string>: A set subtraction of segments to not share with.
ShareWiths List<string>: A list of strings to share with. Must be a substring is all segments. Valid values include: ["*"] or ["<segment-names>"].

Action string: Action to take for the chosen segment. Valid values create-route or share.
Segment string: Name of the segment.
Description string: A user-defined string describing the segment action.
DestinationCidrBlocks []string: List of strings containing CIDRs. You can define the IPv4 and IPv6 CIDR notation for each AWS Region. For example, 10.1.0.0/16 or 2001:db8::/56. This is an array of CIDR notation strings.
Destinations []string: A list of strings. Valid values include ["blackhole"] or a list of attachment ids.
Mode string: String. This mode places the attachment and return routes in each of the share_with segments. Valid values include: attachment-route.
ShareWithExcepts []string: A set subtraction of segments to not share with.
ShareWiths []string: A list of strings to share with. Must be a substring is all segments. Valid values include: ["*"] or ["<segment-names>"].

action String: Action to take for the chosen segment. Valid values create-route or share.
segment String: Name of the segment.
description String: A user-defined string describing the segment action.
destinationCidrBlocks List<String>: List of strings containing CIDRs. You can define the IPv4 and IPv6 CIDR notation for each AWS Region. For example, 10.1.0.0/16 or 2001:db8::/56. This is an array of CIDR notation strings.
destinations List<String>: A list of strings. Valid values include ["blackhole"] or a list of attachment ids.
mode String: String. This mode places the attachment and return routes in each of the share_with segments. Valid values include: attachment-route.
shareWithExcepts List<String>: A set subtraction of segments to not share with.
shareWiths List<String>: A list of strings to share with. Must be a substring is all segments. Valid values include: ["*"] or ["<segment-names>"].

action string: Action to take for the chosen segment. Valid values create-route or share.
segment string: Name of the segment.
description string: A user-defined string describing the segment action.
destinationCidrBlocks string[]: List of strings containing CIDRs. You can define the IPv4 and IPv6 CIDR notation for each AWS Region. For example, 10.1.0.0/16 or 2001:db8::/56. This is an array of CIDR notation strings.
destinations string[]: A list of strings. Valid values include ["blackhole"] or a list of attachment ids.
mode string: String. This mode places the attachment and return routes in each of the share_with segments. Valid values include: attachment-route.
shareWithExcepts string[]: A set subtraction of segments to not share with.
shareWiths string[]: A list of strings to share with. Must be a substring is all segments. Valid values include: ["*"] or ["<segment-names>"].

action str: Action to take for the chosen segment. Valid values create-route or share.
segment str: Name of the segment.
description str: A user-defined string describing the segment action.
destination_cidr_blocks Sequence[str]: List of strings containing CIDRs. You can define the IPv4 and IPv6 CIDR notation for each AWS Region. For example, 10.1.0.0/16 or 2001:db8::/56. This is an array of CIDR notation strings.
destinations Sequence[str]: A list of strings. Valid values include ["blackhole"] or a list of attachment ids.
mode str: String. This mode places the attachment and return routes in each of the share_with segments. Valid values include: attachment-route.
share_with_excepts Sequence[str]: A set subtraction of segments to not share with.
share_withs Sequence[str]: A list of strings to share with. Must be a substring is all segments. Valid values include: ["*"] or ["<segment-names>"].

action String: Action to take for the chosen segment. Valid values create-route or share.
segment String: Name of the segment.
description String: A user-defined string describing the segment action.
destinationCidrBlocks List<String>: List of strings containing CIDRs. You can define the IPv4 and IPv6 CIDR notation for each AWS Region. For example, 10.1.0.0/16 or 2001:db8::/56. This is an array of CIDR notation strings.
destinations List<String>: A list of strings. Valid values include ["blackhole"] or a list of attachment ids.
mode String: String. This mode places the attachment and return routes in each of the share_with segments. Valid values include: attachment-route.
shareWithExcepts List<String>: A set subtraction of segments to not share with.
shareWiths List<String>: A list of strings to share with. Must be a substring is all segments. Valid values include: ["*"] or ["<segment-names>"].

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.32.0 published on Friday, Apr 19, 2024 by Pulumi

pulumi/pulumi-aws

aws.networkmanager.getCoreNetworkPolicyDocument

On this page

On this page

Example Usage

Basic Example

Using getCoreNetworkPolicyDocument

getCoreNetworkPolicyDocument Result

Supporting Types

GetCoreNetworkPolicyDocumentAttachmentPolicy

GetCoreNetworkPolicyDocumentAttachmentPolicyAction

GetCoreNetworkPolicyDocumentAttachmentPolicyCondition

GetCoreNetworkPolicyDocumentCoreNetworkConfiguration

GetCoreNetworkPolicyDocumentCoreNetworkConfigurationEdgeLocation

GetCoreNetworkPolicyDocumentSegment

GetCoreNetworkPolicyDocumentSegmentAction

Package Details

On this page

On this page