awsx.ec2.Vpc (v1) | Pulumi Registry

AWSx (Pulumi Crosswalk for AWS) v1.0.6 (1.x), Mar 9 26

Viewing docs for AWSx (Pulumi Crosswalk for AWS) v1.0.6 (Older version)
published on Monday, Mar 9, 2026 by Pulumi

Go to latest version

Schema (JSON)

pulumi/pulumi-awsx

Viewing docs for AWSx (Pulumi Crosswalk for AWS) v1.0.6 (Older version)
published on Monday, Mar 9, 2026 by Pulumi

Go to latest version

Schema (JSON)

pulumi/pulumi-awsx

Create Vpc Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Vpc(name: string, args?: VpcArgs, opts?: ComponentResourceOptions);

@overload
def Vpc(resource_name: str,
        args: Optional[VpcArgs] = None,
        opts: Optional[ResourceOptions] = None)

@overload
def Vpc(resource_name: str,
        opts: Optional[ResourceOptions] = None,
        assign_generated_ipv6_cidr_block: Optional[bool] = None,
        availability_zone_names: Optional[Sequence[str]] = None,
        cidr_block: Optional[str] = None,
        enable_classiclink: Optional[bool] = None,
        enable_classiclink_dns_support: Optional[bool] = None,
        enable_dns_hostnames: Optional[bool] = None,
        enable_dns_support: Optional[bool] = None,
        enable_network_address_usage_metrics: Optional[bool] = None,
        instance_tenancy: Optional[str] = None,
        ipv4_ipam_pool_id: Optional[str] = None,
        ipv4_netmask_length: Optional[int] = None,
        ipv6_cidr_block: Optional[str] = None,
        ipv6_cidr_block_network_border_group: Optional[str] = None,
        ipv6_ipam_pool_id: Optional[str] = None,
        ipv6_netmask_length: Optional[int] = None,
        nat_gateways: Optional[NatGatewayConfigurationArgs] = None,
        number_of_availability_zones: Optional[int] = None,
        subnet_specs: Optional[Sequence[SubnetSpecArgs]] = None,
        tags: Optional[Mapping[str, str]] = None,
        vpc_endpoint_specs: Optional[Sequence[VpcEndpointSpecArgs]] = None)

func NewVpc(ctx *Context, name string, args *VpcArgs, opts ...ResourceOption) (*Vpc, error)

public Vpc(string name, VpcArgs? args = null, ComponentResourceOptions? opts = null)

public Vpc(String name, VpcArgs args)
public Vpc(String name, VpcArgs args, ComponentResourceOptions options)

type: awsx:ec2:Vpc
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args VpcArgs: The arguments to resource properties.
opts ComponentResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args VpcArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args VpcArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args VpcArgs: The arguments to resource properties.
opts ComponentResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args VpcArgs: The arguments to resource properties.
options ComponentResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var vpcResource = new Awsx.Ec2.Vpc("vpcResource", new()
{
    AssignGeneratedIpv6CidrBlock = false,
    AvailabilityZoneNames = new()
    {
        "string",
    },
    CidrBlock = "string",
    EnableDnsHostnames = false,
    EnableDnsSupport = false,
    EnableNetworkAddressUsageMetrics = false,
    InstanceTenancy = "string",
    Ipv4IpamPoolId = "string",
    Ipv4NetmaskLength = 0,
    Ipv6CidrBlock = "string",
    Ipv6CidrBlockNetworkBorderGroup = "string",
    Ipv6IpamPoolId = "string",
    Ipv6NetmaskLength = 0,
    NatGateways = new Awsx.Ec2.Inputs.NatGatewayConfigurationArgs
    {
        Strategy = Awsx.Ec2.NatGatewayStrategy.None,
        ElasticIpAllocationIds = new()
        {
            "string",
        },
    },
    NumberOfAvailabilityZones = 0,
    SubnetSpecs = new()
    {
        new Awsx.Ec2.Inputs.SubnetSpecArgs
        {
            Type = Awsx.Ec2.SubnetType.Public,
            CidrMask = 0,
            Name = "string",
            Tags = 
            {
                { "string", "string" },
            },
        },
    },
    Tags = 
    {
        { "string", "string" },
    },
    VpcEndpointSpecs = new()
    {
        new Awsx.Ec2.Inputs.VpcEndpointSpecArgs
        {
            ServiceName = "string",
            AutoAccept = false,
            DnsOptions = new Aws.Ec2.Inputs.VpcEndpointDnsOptionsArgs
            {
                DnsRecordIpType = "string",
            },
            IpAddressType = "string",
            Policy = "string",
            PrivateDnsEnabled = false,
            RouteTableIds = new()
            {
                "string",
            },
            SecurityGroupIds = new()
            {
                "string",
            },
            SubnetIds = new()
            {
                "string",
            },
            Tags = 
            {
                { "string", "string" },
            },
            VpcEndpointType = "string",
        },
    },
});

example, err := ec2.NewVpc(ctx, "vpcResource", &ec2.VpcArgs{
	AssignGeneratedIpv6CidrBlock: pulumi.Bool(false),
	AvailabilityZoneNames: []string{
		"string",
	},
	CidrBlock:                        "string",
	EnableDnsHostnames:               pulumi.Bool(false),
	EnableDnsSupport:                 pulumi.Bool(false),
	EnableNetworkAddressUsageMetrics: pulumi.Bool(false),
	InstanceTenancy:                  pulumi.String("string"),
	Ipv4IpamPoolId:                   pulumi.String("string"),
	Ipv4NetmaskLength:                pulumi.Int(0),
	Ipv6CidrBlock:                    pulumi.String("string"),
	Ipv6CidrBlockNetworkBorderGroup:  pulumi.String("string"),
	Ipv6IpamPoolId:                   pulumi.String("string"),
	Ipv6NetmaskLength:                pulumi.Int(0),
	NatGateways: &ec2.NatGatewayConfigurationArgs{
		Strategy: ec2.NatGatewayStrategyNone,
		ElasticIpAllocationIds: []pulumi.String{
			pulumi.String("string"),
		},
	},
	NumberOfAvailabilityZones: 0,
	SubnetSpecs: []ec2.SubnetSpecArgs{
		{
			Type:     ec2.SubnetTypePublic,
			CidrMask: 0,
			Name:     "string",
			Tags: {
				"string": pulumi.String("string"),
			},
		},
	},
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	VpcEndpointSpecs: []ec2.VpcEndpointSpecArgs{
		{
			ServiceName: "string",
			AutoAccept:  false,
			DnsOptions: {
				DnsRecordIpType: pulumi.String("string"),
			},
			IpAddressType:     pulumi.String("string"),
			Policy:            pulumi.String("string"),
			PrivateDnsEnabled: false,
			RouteTableIds: pulumi.StringArray{
				pulumi.String("string"),
			},
			SecurityGroupIds: pulumi.StringArray{
				pulumi.String("string"),
			},
			SubnetIds: pulumi.StringArray{
				pulumi.String("string"),
			},
			Tags: {
				"string": pulumi.String("string"),
			},
			VpcEndpointType: pulumi.String("string"),
		},
	},
})

var vpcResource = new Vpc("vpcResource", VpcArgs.builder()
    .assignGeneratedIpv6CidrBlock(false)
    .availabilityZoneNames("string")
    .cidrBlock("string")
    .enableDnsHostnames(false)
    .enableDnsSupport(false)
    .enableNetworkAddressUsageMetrics(false)
    .instanceTenancy("string")
    .ipv4IpamPoolId("string")
    .ipv4NetmaskLength(0)
    .ipv6CidrBlock("string")
    .ipv6CidrBlockNetworkBorderGroup("string")
    .ipv6IpamPoolId("string")
    .ipv6NetmaskLength(0)
    .natGateways(NatGatewayConfigurationArgs.builder()
        .strategy("None")
        .elasticIpAllocationIds("string")
        .build())
    .numberOfAvailabilityZones(0)
    .subnetSpecs(SubnetSpecArgs.builder()
        .type("Public")
        .cidrMask(0)
        .name("string")
        .tags(Map.of("string", "string"))
        .build())
    .tags(Map.of("string", "string"))
    .vpcEndpointSpecs(VpcEndpointSpecArgs.builder()
        .serviceName("string")
        .autoAccept(false)
        .dnsOptions(VpcEndpointDnsOptionsArgs.builder()
            .dnsRecordIpType("string")
            .build())
        .ipAddressType("string")
        .policy("string")
        .privateDnsEnabled(false)
        .routeTableIds("string")
        .securityGroupIds("string")
        .subnetIds("string")
        .tags(Map.of("string", "string"))
        .vpcEndpointType("string")
        .build())
    .build());

vpc_resource = awsx.ec2.Vpc("vpcResource",
    assign_generated_ipv6_cidr_block=False,
    availability_zone_names=["string"],
    cidr_block="string",
    enable_dns_hostnames=False,
    enable_dns_support=False,
    enable_network_address_usage_metrics=False,
    instance_tenancy="string",
    ipv4_ipam_pool_id="string",
    ipv4_netmask_length=0,
    ipv6_cidr_block="string",
    ipv6_cidr_block_network_border_group="string",
    ipv6_ipam_pool_id="string",
    ipv6_netmask_length=0,
    nat_gateways={
        "strategy": awsx.ec2.NatGatewayStrategy.NONE,
        "elastic_ip_allocation_ids": ["string"],
    },
    number_of_availability_zones=0,
    subnet_specs=[{
        "type": awsx.ec2.SubnetType.PUBLIC,
        "cidr_mask": 0,
        "name": "string",
        "tags": {
            "string": "string",
        },
    }],
    tags={
        "string": "string",
    },
    vpc_endpoint_specs=[{
        "service_name": "string",
        "auto_accept": False,
        "dns_options": {
            "dns_record_ip_type": "string",
        },
        "ip_address_type": "string",
        "policy": "string",
        "private_dns_enabled": False,
        "route_table_ids": ["string"],
        "security_group_ids": ["string"],
        "subnet_ids": ["string"],
        "tags": {
            "string": "string",
        },
        "vpc_endpoint_type": "string",
    }])

const vpcResource = new awsx.ec2.Vpc("vpcResource", {
    assignGeneratedIpv6CidrBlock: false,
    availabilityZoneNames: ["string"],
    cidrBlock: "string",
    enableDnsHostnames: false,
    enableDnsSupport: false,
    enableNetworkAddressUsageMetrics: false,
    instanceTenancy: "string",
    ipv4IpamPoolId: "string",
    ipv4NetmaskLength: 0,
    ipv6CidrBlock: "string",
    ipv6CidrBlockNetworkBorderGroup: "string",
    ipv6IpamPoolId: "string",
    ipv6NetmaskLength: 0,
    natGateways: {
        strategy: awsx.ec2.NatGatewayStrategy.None,
        elasticIpAllocationIds: ["string"],
    },
    numberOfAvailabilityZones: 0,
    subnetSpecs: [{
        type: awsx.ec2.SubnetType.Public,
        cidrMask: 0,
        name: "string",
        tags: {
            string: "string",
        },
    }],
    tags: {
        string: "string",
    },
    vpcEndpointSpecs: [{
        serviceName: "string",
        autoAccept: false,
        dnsOptions: {
            dnsRecordIpType: "string",
        },
        ipAddressType: "string",
        policy: "string",
        privateDnsEnabled: false,
        routeTableIds: ["string"],
        securityGroupIds: ["string"],
        subnetIds: ["string"],
        tags: {
            string: "string",
        },
        vpcEndpointType: "string",
    }],
});

type: awsx:ec2:Vpc
properties:
    assignGeneratedIpv6CidrBlock: false
    availabilityZoneNames:
        - string
    cidrBlock: string
    enableDnsHostnames: false
    enableDnsSupport: false
    enableNetworkAddressUsageMetrics: false
    instanceTenancy: string
    ipv4IpamPoolId: string
    ipv4NetmaskLength: 0
    ipv6CidrBlock: string
    ipv6CidrBlockNetworkBorderGroup: string
    ipv6IpamPoolId: string
    ipv6NetmaskLength: 0
    natGateways:
        elasticIpAllocationIds:
            - string
        strategy: None
    numberOfAvailabilityZones: 0
    subnetSpecs:
        - cidrMask: 0
          name: string
          tags:
            string: string
          type: Public
    tags:
        string: string
    vpcEndpointSpecs:
        - autoAccept: false
          dnsOptions:
            dnsRecordIpType: string
          ipAddressType: string
          policy: string
          privateDnsEnabled: false
          routeTableIds:
            - string
          securityGroupIds:
            - string
          serviceName: string
          subnetIds:
            - string
          tags:
            string: string
          vpcEndpointType: string

Vpc Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Vpc resource accepts the following input properties:

AssignGeneratedIpv6CidrBlock bool: Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block. Default is false. Conflicts with ipv6_ipam_pool_id
AvailabilityZoneNames List<string>: A list of availability zone names to which the subnets defined in subnetSpecs will be deployed. Optional, defaults to the first 3 AZs in the current region.
CidrBlock string: The CIDR block for the VPC. Optional. Defaults to 10.0.0.0/16.
EnableClassiclink bool: A boolean flag to enable/disable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. See the ClassicLink documentation for more information. Defaults false.
Deprecated: With the retirement of EC2-Classic the enable_classiclink attribute has been deprecated and will be removed in a future version.
EnableClassiclinkDnsSupport bool: A boolean flag to enable/disable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic.
Deprecated: With the retirement of EC2-Classic the enable_classiclink_dns_support attribute has been deprecated and will be removed in a future version.
EnableDnsHostnames bool: A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false.
EnableDnsSupport bool: A boolean flag to enable/disable DNS support in the VPC. Defaults to true.
EnableNetworkAddressUsageMetrics bool: Indicates whether Network Address Usage metrics are enabled for your VPC. Defaults to false.
InstanceTenancy string: A tenancy option for instances launched into the VPC. Default is default, which ensures that EC2 instances launched in this VPC use the EC2 instance tenancy attribute specified when the EC2 instance is launched. The only other option is dedicated, which ensures that EC2 instances launched in this VPC are run on dedicated tenancy instances regardless of the tenancy attribute specified at launch. This has a dedicated per region fee of $2 per hour, plus an hourly per instance usage fee.
Ipv4IpamPoolId string: The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR. IPAM is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across AWS Regions and accounts. Using IPAM you can monitor IP address usage throughout your AWS Organization.
Ipv4NetmaskLength int: The netmask length of the IPv4 CIDR you want to allocate to this VPC. Requires specifying a ipv4_ipam_pool_id.
Ipv6CidrBlock string: IPv6 CIDR block to request from an IPAM Pool. Can be set explicitly or derived from IPAM using ipv6_netmask_length.
Ipv6CidrBlockNetworkBorderGroup string: By default when an IPv6 CIDR is assigned to a VPC a default ipv6_cidr_block_network_border_group will be set to the region of the VPC. This can be changed to restrict advertisement of public addresses to specific Network Border Groups such as LocalZones.
Ipv6IpamPoolId string: IPAM Pool ID for a IPv6 pool. Conflicts with assign_generated_ipv6_cidr_block.
Ipv6NetmaskLength int: Netmask length to request from IPAM Pool. Conflicts with ipv6_cidr_block. This can be omitted if IPAM pool as a allocation_default_netmask_length set. Valid values: 56.
NatGateways NatGatewayConfiguration: Configuration for NAT Gateways. Optional. If private and public subnets are both specified, defaults to one gateway per availability zone. Otherwise, no gateways will be created.
NumberOfAvailabilityZones int: A number of availability zones to which the subnets defined in subnetSpecs will be deployed. Optional, defaults to the first 3 AZs in the current region.
SubnetSpecs List<SubnetSpec>: A list of subnet specs that should be deployed to each AZ specified in availabilityZoneNames. Optional. Defaults to a (smaller) public subnet and a (larger) private subnet based on the size of the CIDR block for the VPC.
Tags Dictionary<string, string>: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
VpcEndpointSpecs List<VpcEndpointSpec>: A list of VPC Endpoints specs to be deployed as part of the VPC

AssignGeneratedIpv6CidrBlock bool: Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block. Default is false. Conflicts with ipv6_ipam_pool_id
AvailabilityZoneNames []string: A list of availability zone names to which the subnets defined in subnetSpecs will be deployed. Optional, defaults to the first 3 AZs in the current region.
CidrBlock string: The CIDR block for the VPC. Optional. Defaults to 10.0.0.0/16.
EnableClassiclink bool: A boolean flag to enable/disable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. See the ClassicLink documentation for more information. Defaults false.
Deprecated: With the retirement of EC2-Classic the enable_classiclink attribute has been deprecated and will be removed in a future version.
EnableClassiclinkDnsSupport bool: A boolean flag to enable/disable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic.
Deprecated: With the retirement of EC2-Classic the enable_classiclink_dns_support attribute has been deprecated and will be removed in a future version.
EnableDnsHostnames bool: A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false.
EnableDnsSupport bool: A boolean flag to enable/disable DNS support in the VPC. Defaults to true.
EnableNetworkAddressUsageMetrics bool: Indicates whether Network Address Usage metrics are enabled for your VPC. Defaults to false.
InstanceTenancy string: A tenancy option for instances launched into the VPC. Default is default, which ensures that EC2 instances launched in this VPC use the EC2 instance tenancy attribute specified when the EC2 instance is launched. The only other option is dedicated, which ensures that EC2 instances launched in this VPC are run on dedicated tenancy instances regardless of the tenancy attribute specified at launch. This has a dedicated per region fee of $2 per hour, plus an hourly per instance usage fee.
Ipv4IpamPoolId string: The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR. IPAM is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across AWS Regions and accounts. Using IPAM you can monitor IP address usage throughout your AWS Organization.
Ipv4NetmaskLength int: The netmask length of the IPv4 CIDR you want to allocate to this VPC. Requires specifying a ipv4_ipam_pool_id.
Ipv6CidrBlock string: IPv6 CIDR block to request from an IPAM Pool. Can be set explicitly or derived from IPAM using ipv6_netmask_length.
Ipv6CidrBlockNetworkBorderGroup string: By default when an IPv6 CIDR is assigned to a VPC a default ipv6_cidr_block_network_border_group will be set to the region of the VPC. This can be changed to restrict advertisement of public addresses to specific Network Border Groups such as LocalZones.
Ipv6IpamPoolId string: IPAM Pool ID for a IPv6 pool. Conflicts with assign_generated_ipv6_cidr_block.
Ipv6NetmaskLength int: Netmask length to request from IPAM Pool. Conflicts with ipv6_cidr_block. This can be omitted if IPAM pool as a allocation_default_netmask_length set. Valid values: 56.
NatGateways NatGatewayConfigurationArgs: Configuration for NAT Gateways. Optional. If private and public subnets are both specified, defaults to one gateway per availability zone. Otherwise, no gateways will be created.
NumberOfAvailabilityZones int: A number of availability zones to which the subnets defined in subnetSpecs will be deployed. Optional, defaults to the first 3 AZs in the current region.
SubnetSpecs []SubnetSpecArgs: A list of subnet specs that should be deployed to each AZ specified in availabilityZoneNames. Optional. Defaults to a (smaller) public subnet and a (larger) private subnet based on the size of the CIDR block for the VPC.
Tags map[string]string: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
VpcEndpointSpecs []VpcEndpointSpecArgs: A list of VPC Endpoints specs to be deployed as part of the VPC

assignGeneratedIpv6CidrBlock Boolean: Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block. Default is false. Conflicts with ipv6_ipam_pool_id
availabilityZoneNames List<String>: A list of availability zone names to which the subnets defined in subnetSpecs will be deployed. Optional, defaults to the first 3 AZs in the current region.
cidrBlock String: The CIDR block for the VPC. Optional. Defaults to 10.0.0.0/16.
enableClassiclink Boolean: A boolean flag to enable/disable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. See the ClassicLink documentation for more information. Defaults false.
Deprecated: With the retirement of EC2-Classic the enable_classiclink attribute has been deprecated and will be removed in a future version.
enableClassiclinkDnsSupport Boolean: A boolean flag to enable/disable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic.
Deprecated: With the retirement of EC2-Classic the enable_classiclink_dns_support attribute has been deprecated and will be removed in a future version.
enableDnsHostnames Boolean: A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false.
enableDnsSupport Boolean: A boolean flag to enable/disable DNS support in the VPC. Defaults to true.
enableNetworkAddressUsageMetrics Boolean: Indicates whether Network Address Usage metrics are enabled for your VPC. Defaults to false.
instanceTenancy String: A tenancy option for instances launched into the VPC. Default is default, which ensures that EC2 instances launched in this VPC use the EC2 instance tenancy attribute specified when the EC2 instance is launched. The only other option is dedicated, which ensures that EC2 instances launched in this VPC are run on dedicated tenancy instances regardless of the tenancy attribute specified at launch. This has a dedicated per region fee of $2 per hour, plus an hourly per instance usage fee.
ipv4IpamPoolId String: The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR. IPAM is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across AWS Regions and accounts. Using IPAM you can monitor IP address usage throughout your AWS Organization.
ipv4NetmaskLength Integer: The netmask length of the IPv4 CIDR you want to allocate to this VPC. Requires specifying a ipv4_ipam_pool_id.
ipv6CidrBlock String: IPv6 CIDR block to request from an IPAM Pool. Can be set explicitly or derived from IPAM using ipv6_netmask_length.
ipv6CidrBlockNetworkBorderGroup String: By default when an IPv6 CIDR is assigned to a VPC a default ipv6_cidr_block_network_border_group will be set to the region of the VPC. This can be changed to restrict advertisement of public addresses to specific Network Border Groups such as LocalZones.
ipv6IpamPoolId String: IPAM Pool ID for a IPv6 pool. Conflicts with assign_generated_ipv6_cidr_block.
ipv6NetmaskLength Integer: Netmask length to request from IPAM Pool. Conflicts with ipv6_cidr_block. This can be omitted if IPAM pool as a allocation_default_netmask_length set. Valid values: 56.
natGateways NatGatewayConfiguration: Configuration for NAT Gateways. Optional. If private and public subnets are both specified, defaults to one gateway per availability zone. Otherwise, no gateways will be created.
numberOfAvailabilityZones Integer: A number of availability zones to which the subnets defined in subnetSpecs will be deployed. Optional, defaults to the first 3 AZs in the current region.
subnetSpecs List<SubnetSpec>: A list of subnet specs that should be deployed to each AZ specified in availabilityZoneNames. Optional. Defaults to a (smaller) public subnet and a (larger) private subnet based on the size of the CIDR block for the VPC.
tags Map<String,String>: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
vpcEndpointSpecs List<VpcEndpointSpec>: A list of VPC Endpoints specs to be deployed as part of the VPC

assignGeneratedIpv6CidrBlock boolean: Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block. Default is false. Conflicts with ipv6_ipam_pool_id
availabilityZoneNames string[]: A list of availability zone names to which the subnets defined in subnetSpecs will be deployed. Optional, defaults to the first 3 AZs in the current region.
cidrBlock string: The CIDR block for the VPC. Optional. Defaults to 10.0.0.0/16.
enableClassiclink boolean: A boolean flag to enable/disable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. See the ClassicLink documentation for more information. Defaults false.
Deprecated: With the retirement of EC2-Classic the enable_classiclink attribute has been deprecated and will be removed in a future version.
enableClassiclinkDnsSupport boolean: A boolean flag to enable/disable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic.
Deprecated: With the retirement of EC2-Classic the enable_classiclink_dns_support attribute has been deprecated and will be removed in a future version.
enableDnsHostnames boolean: A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false.
enableDnsSupport boolean: A boolean flag to enable/disable DNS support in the VPC. Defaults to true.
enableNetworkAddressUsageMetrics boolean: Indicates whether Network Address Usage metrics are enabled for your VPC. Defaults to false.
instanceTenancy string: A tenancy option for instances launched into the VPC. Default is default, which ensures that EC2 instances launched in this VPC use the EC2 instance tenancy attribute specified when the EC2 instance is launched. The only other option is dedicated, which ensures that EC2 instances launched in this VPC are run on dedicated tenancy instances regardless of the tenancy attribute specified at launch. This has a dedicated per region fee of $2 per hour, plus an hourly per instance usage fee.
ipv4IpamPoolId string: The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR. IPAM is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across AWS Regions and accounts. Using IPAM you can monitor IP address usage throughout your AWS Organization.
ipv4NetmaskLength number: The netmask length of the IPv4 CIDR you want to allocate to this VPC. Requires specifying a ipv4_ipam_pool_id.
ipv6CidrBlock string: IPv6 CIDR block to request from an IPAM Pool. Can be set explicitly or derived from IPAM using ipv6_netmask_length.
ipv6CidrBlockNetworkBorderGroup string: By default when an IPv6 CIDR is assigned to a VPC a default ipv6_cidr_block_network_border_group will be set to the region of the VPC. This can be changed to restrict advertisement of public addresses to specific Network Border Groups such as LocalZones.
ipv6IpamPoolId string: IPAM Pool ID for a IPv6 pool. Conflicts with assign_generated_ipv6_cidr_block.
ipv6NetmaskLength number: Netmask length to request from IPAM Pool. Conflicts with ipv6_cidr_block. This can be omitted if IPAM pool as a allocation_default_netmask_length set. Valid values: 56.
natGateways NatGatewayConfiguration: Configuration for NAT Gateways. Optional. If private and public subnets are both specified, defaults to one gateway per availability zone. Otherwise, no gateways will be created.
numberOfAvailabilityZones number: A number of availability zones to which the subnets defined in subnetSpecs will be deployed. Optional, defaults to the first 3 AZs in the current region.
subnetSpecs SubnetSpec[]: A list of subnet specs that should be deployed to each AZ specified in availabilityZoneNames. Optional. Defaults to a (smaller) public subnet and a (larger) private subnet based on the size of the CIDR block for the VPC.
tags {[key: string]: string}: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
vpcEndpointSpecs VpcEndpointSpec[]: A list of VPC Endpoints specs to be deployed as part of the VPC

assign_generated_ipv6_cidr_block bool: Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block. Default is false. Conflicts with ipv6_ipam_pool_id
availability_zone_names Sequence[str]: A list of availability zone names to which the subnets defined in subnetSpecs will be deployed. Optional, defaults to the first 3 AZs in the current region.
cidr_block str: The CIDR block for the VPC. Optional. Defaults to 10.0.0.0/16.
enable_classiclink bool: A boolean flag to enable/disable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. See the ClassicLink documentation for more information. Defaults false.
Deprecated: With the retirement of EC2-Classic the enable_classiclink attribute has been deprecated and will be removed in a future version.
enable_classiclink_dns_support bool: A boolean flag to enable/disable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic.
Deprecated: With the retirement of EC2-Classic the enable_classiclink_dns_support attribute has been deprecated and will be removed in a future version.
enable_dns_hostnames bool: A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false.
enable_dns_support bool: A boolean flag to enable/disable DNS support in the VPC. Defaults to true.
enable_network_address_usage_metrics bool: Indicates whether Network Address Usage metrics are enabled for your VPC. Defaults to false.
instance_tenancy str: A tenancy option for instances launched into the VPC. Default is default, which ensures that EC2 instances launched in this VPC use the EC2 instance tenancy attribute specified when the EC2 instance is launched. The only other option is dedicated, which ensures that EC2 instances launched in this VPC are run on dedicated tenancy instances regardless of the tenancy attribute specified at launch. This has a dedicated per region fee of $2 per hour, plus an hourly per instance usage fee.
ipv4_ipam_pool_id str: The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR. IPAM is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across AWS Regions and accounts. Using IPAM you can monitor IP address usage throughout your AWS Organization.
ipv4_netmask_length int: The netmask length of the IPv4 CIDR you want to allocate to this VPC. Requires specifying a ipv4_ipam_pool_id.
ipv6_cidr_block str: IPv6 CIDR block to request from an IPAM Pool. Can be set explicitly or derived from IPAM using ipv6_netmask_length.
ipv6_cidr_block_network_border_group str: By default when an IPv6 CIDR is assigned to a VPC a default ipv6_cidr_block_network_border_group will be set to the region of the VPC. This can be changed to restrict advertisement of public addresses to specific Network Border Groups such as LocalZones.
ipv6_ipam_pool_id str: IPAM Pool ID for a IPv6 pool. Conflicts with assign_generated_ipv6_cidr_block.
ipv6_netmask_length int: Netmask length to request from IPAM Pool. Conflicts with ipv6_cidr_block. This can be omitted if IPAM pool as a allocation_default_netmask_length set. Valid values: 56.
nat_gateways NatGatewayConfigurationArgs: Configuration for NAT Gateways. Optional. If private and public subnets are both specified, defaults to one gateway per availability zone. Otherwise, no gateways will be created.
number_of_availability_zones int: A number of availability zones to which the subnets defined in subnetSpecs will be deployed. Optional, defaults to the first 3 AZs in the current region.
subnet_specs Sequence[SubnetSpecArgs]: A list of subnet specs that should be deployed to each AZ specified in availabilityZoneNames. Optional. Defaults to a (smaller) public subnet and a (larger) private subnet based on the size of the CIDR block for the VPC.
tags Mapping[str, str]: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
vpc_endpoint_specs Sequence[VpcEndpointSpecArgs]: A list of VPC Endpoints specs to be deployed as part of the VPC

assignGeneratedIpv6CidrBlock Boolean: Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block. Default is false. Conflicts with ipv6_ipam_pool_id
availabilityZoneNames List<String>: A list of availability zone names to which the subnets defined in subnetSpecs will be deployed. Optional, defaults to the first 3 AZs in the current region.
cidrBlock String: The CIDR block for the VPC. Optional. Defaults to 10.0.0.0/16.
enableClassiclink Boolean: A boolean flag to enable/disable ClassicLink for the VPC. Only valid in regions and accounts that support EC2 Classic. See the ClassicLink documentation for more information. Defaults false.
Deprecated: With the retirement of EC2-Classic the enable_classiclink attribute has been deprecated and will be removed in a future version.
enableClassiclinkDnsSupport Boolean: A boolean flag to enable/disable ClassicLink DNS Support for the VPC. Only valid in regions and accounts that support EC2 Classic.
Deprecated: With the retirement of EC2-Classic the enable_classiclink_dns_support attribute has been deprecated and will be removed in a future version.
enableDnsHostnames Boolean: A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false.
enableDnsSupport Boolean: A boolean flag to enable/disable DNS support in the VPC. Defaults to true.
enableNetworkAddressUsageMetrics Boolean: Indicates whether Network Address Usage metrics are enabled for your VPC. Defaults to false.
instanceTenancy String: A tenancy option for instances launched into the VPC. Default is default, which ensures that EC2 instances launched in this VPC use the EC2 instance tenancy attribute specified when the EC2 instance is launched. The only other option is dedicated, which ensures that EC2 instances launched in this VPC are run on dedicated tenancy instances regardless of the tenancy attribute specified at launch. This has a dedicated per region fee of $2 per hour, plus an hourly per instance usage fee.
ipv4IpamPoolId String: The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR. IPAM is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across AWS Regions and accounts. Using IPAM you can monitor IP address usage throughout your AWS Organization.
ipv4NetmaskLength Number: The netmask length of the IPv4 CIDR you want to allocate to this VPC. Requires specifying a ipv4_ipam_pool_id.
ipv6CidrBlock String: IPv6 CIDR block to request from an IPAM Pool. Can be set explicitly or derived from IPAM using ipv6_netmask_length.
ipv6CidrBlockNetworkBorderGroup String: By default when an IPv6 CIDR is assigned to a VPC a default ipv6_cidr_block_network_border_group will be set to the region of the VPC. This can be changed to restrict advertisement of public addresses to specific Network Border Groups such as LocalZones.
ipv6IpamPoolId String: IPAM Pool ID for a IPv6 pool. Conflicts with assign_generated_ipv6_cidr_block.
ipv6NetmaskLength Number: Netmask length to request from IPAM Pool. Conflicts with ipv6_cidr_block. This can be omitted if IPAM pool as a allocation_default_netmask_length set. Valid values: 56.
natGateways Property Map: Configuration for NAT Gateways. Optional. If private and public subnets are both specified, defaults to one gateway per availability zone. Otherwise, no gateways will be created.
numberOfAvailabilityZones Number: A number of availability zones to which the subnets defined in subnetSpecs will be deployed. Optional, defaults to the first 3 AZs in the current region.
subnetSpecs List<Property Map>: A list of subnet specs that should be deployed to each AZ specified in availabilityZoneNames. Optional. Defaults to a (smaller) public subnet and a (larger) private subnet based on the size of the CIDR block for the VPC.
tags Map<String>: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
vpcEndpointSpecs List<Property Map>: A list of VPC Endpoints specs to be deployed as part of the VPC

Outputs

All input properties are implicitly available as output properties. Additionally, the Vpc resource produces the following output properties:

AwsVpc Pulumi.Aws.Ec2.Vpc: The VPC. This type is defined in the AWS Classic package.
Eips List<Pulumi.Aws.Ec2.Eip>: The EIPs for any NAT Gateways for the VPC. If no NAT Gateways are specified, this will be an empty list.
InternetGateway Pulumi.Aws.Ec2.InternetGateway: The Internet Gateway for the VPC. This type is defined in the AWS Classic package.
IsolatedSubnetIds List<string>
PrivateSubnetIds List<string>
PublicSubnetIds List<string>
RouteTableAssociations List<Pulumi.Aws.Ec2.RouteTableAssociation>: The Route Table Associations for the VPC.
RouteTables List<Pulumi.Aws.Ec2.RouteTable>: The Route Tables for the VPC.
Routes List<Pulumi.Aws.Ec2.Route>: The Routes for the VPC.
Subnets List<Pulumi.Aws.Ec2.Subnet>: The VPC's subnets.
VpcEndpoints List<Pulumi.Aws.Ec2.VpcEndpoint>: The VPC Endpoints that are enabled
VpcId string

Eips Eip: The EIPs for any NAT Gateways for the VPC. If no NAT Gateways are specified, this will be an empty list.
InternetGateway InternetGateway: The Internet Gateway for the VPC. This type is defined in the AWS Classic package.
IsolatedSubnetIds []string
PrivateSubnetIds []string
PublicSubnetIds []string
RouteTableAssociations RouteTableAssociation: The Route Table Associations for the VPC.
RouteTables RouteTable: The Route Tables for the VPC.
Routes Route: The Routes for the VPC.
Subnets Subnet: The VPC's subnets.
Vpc Vpc: The VPC. This type is defined in the AWS Classic package.
VpcEndpoints VpcEndpoint: The VPC Endpoints that are enabled
VpcId string

eips List<Eip>: The EIPs for any NAT Gateways for the VPC. If no NAT Gateways are specified, this will be an empty list.
internetGateway InternetGateway: The Internet Gateway for the VPC. This type is defined in the AWS Classic package.
isolatedSubnetIds List<String>
privateSubnetIds List<String>
publicSubnetIds List<String>
routeTableAssociations List<RouteTableAssociation>: The Route Table Associations for the VPC.
routeTables List<RouteTable>: The Route Tables for the VPC.
routes List<Route>: The Routes for the VPC.
subnets List<Subnet>: The VPC's subnets.
vpc Vpc: The VPC. This type is defined in the AWS Classic package.
vpcEndpoints List<VpcEndpoint>: The VPC Endpoints that are enabled
vpcId String

eips pulumiAws.Eip[]: The EIPs for any NAT Gateways for the VPC. If no NAT Gateways are specified, this will be an empty list.
internetGateway pulumiAws.InternetGateway: The Internet Gateway for the VPC. This type is defined in the AWS Classic package.
isolatedSubnetIds string[]
privateSubnetIds string[]
publicSubnetIds string[]
routeTableAssociations pulumiAws.RouteTableAssociation[]: The Route Table Associations for the VPC.
routeTables pulumiAws.RouteTable[]: The Route Tables for the VPC.
routes pulumiAws.Route[]: The Routes for the VPC.
subnets pulumiAws.Subnet[]: The VPC's subnets.
vpc pulumiAws.Vpc: The VPC. This type is defined in the AWS Classic package.
vpcEndpoints pulumiAws.VpcEndpoint[]: The VPC Endpoints that are enabled
vpcId string

eips Sequence[pulumi_aws.ec2.Eip]: The EIPs for any NAT Gateways for the VPC. If no NAT Gateways are specified, this will be an empty list.
internet_gateway pulumi_aws.ec2.InternetGateway: The Internet Gateway for the VPC. This type is defined in the AWS Classic package.
isolated_subnet_ids Sequence[str]
private_subnet_ids Sequence[str]
public_subnet_ids Sequence[str]
route_table_associations Sequence[pulumi_aws.ec2.RouteTableAssociation]: The Route Table Associations for the VPC.
route_tables Sequence[pulumi_aws.ec2.RouteTable]: The Route Tables for the VPC.
routes Sequence[pulumi_aws.ec2.Route]: The Routes for the VPC.
subnets Sequence[pulumi_aws.ec2.Subnet]: The VPC's subnets.
vpc pulumi_aws.ec2.Vpc: The VPC. This type is defined in the AWS Classic package.
vpc_endpoints Sequence[pulumi_aws.ec2.VpcEndpoint]: The VPC Endpoints that are enabled
vpc_id str

eips List<aws::Eip>: The EIPs for any NAT Gateways for the VPC. If no NAT Gateways are specified, this will be an empty list.
internetGateway aws::InternetGateway: The Internet Gateway for the VPC. This type is defined in the AWS Classic package.
isolatedSubnetIds List<String>
privateSubnetIds List<String>
publicSubnetIds List<String>
routeTableAssociations List<aws::RouteTableAssociation>: The Route Table Associations for the VPC.
routeTables List<aws::RouteTable>: The Route Tables for the VPC.
routes List<aws::Route>: The Routes for the VPC.
subnets List<aws::Subnet>: The VPC's subnets.
vpc aws::Vpc: The VPC. This type is defined in the AWS Classic package.
vpcEndpoints List<aws::VpcEndpoint>: The VPC Endpoints that are enabled
vpcId String

Supporting Types

NatGatewayConfiguration, NatGatewayConfigurationArgs

Configuration for NAT Gateways.

Strategy Pulumi.Awsx.Ec2.NatGatewayStrategy: The strategy for deploying NAT Gateways.
ElasticIpAllocationIds List<string>: A list of EIP allocation IDs to assign to the NAT Gateways. Optional. If specified, the number of supplied values must match the chosen strategy (either one, or the number of availability zones).

Strategy NatGatewayStrategy: The strategy for deploying NAT Gateways.
ElasticIpAllocationIds []string: A list of EIP allocation IDs to assign to the NAT Gateways. Optional. If specified, the number of supplied values must match the chosen strategy (either one, or the number of availability zones).

strategy NatGatewayStrategy: The strategy for deploying NAT Gateways.
elasticIpAllocationIds List<String>: A list of EIP allocation IDs to assign to the NAT Gateways. Optional. If specified, the number of supplied values must match the chosen strategy (either one, or the number of availability zones).

strategy NatGatewayStrategy: The strategy for deploying NAT Gateways.
elasticIpAllocationIds string[]: A list of EIP allocation IDs to assign to the NAT Gateways. Optional. If specified, the number of supplied values must match the chosen strategy (either one, or the number of availability zones).

strategy NatGatewayStrategy: The strategy for deploying NAT Gateways.
elastic_ip_allocation_ids Sequence[str]: A list of EIP allocation IDs to assign to the NAT Gateways. Optional. If specified, the number of supplied values must match the chosen strategy (either one, or the number of availability zones).

strategy "None" | "Single" | "OnePerAz": The strategy for deploying NAT Gateways.
elasticIpAllocationIds List<String>: A list of EIP allocation IDs to assign to the NAT Gateways. Optional. If specified, the number of supplied values must match the chosen strategy (either one, or the number of availability zones).

NatGatewayStrategy, NatGatewayStrategyArgs

None: None Do not create any NAT Gateways. Resources in private subnets will not be able to access the internet.
Single: Single Create a single NAT Gateway for the entire VPC. This configuration is not recommended for production infrastructure as it creates a single point of failure.
OnePerAz: OnePerAz Create a NAT Gateway in each availability zone. This is the recommended configuration for production infrastructure.

NatGatewayStrategyNone: None Do not create any NAT Gateways. Resources in private subnets will not be able to access the internet.
NatGatewayStrategySingle: Single Create a single NAT Gateway for the entire VPC. This configuration is not recommended for production infrastructure as it creates a single point of failure.
NatGatewayStrategyOnePerAz: OnePerAz Create a NAT Gateway in each availability zone. This is the recommended configuration for production infrastructure.

None: None Do not create any NAT Gateways. Resources in private subnets will not be able to access the internet.
Single: Single Create a single NAT Gateway for the entire VPC. This configuration is not recommended for production infrastructure as it creates a single point of failure.
OnePerAz: OnePerAz Create a NAT Gateway in each availability zone. This is the recommended configuration for production infrastructure.

None: None Do not create any NAT Gateways. Resources in private subnets will not be able to access the internet.
Single: Single Create a single NAT Gateway for the entire VPC. This configuration is not recommended for production infrastructure as it creates a single point of failure.
OnePerAz: OnePerAz Create a NAT Gateway in each availability zone. This is the recommended configuration for production infrastructure.

NONE: None Do not create any NAT Gateways. Resources in private subnets will not be able to access the internet.
SINGLE: Single Create a single NAT Gateway for the entire VPC. This configuration is not recommended for production infrastructure as it creates a single point of failure.
ONE_PER_AZ: OnePerAz Create a NAT Gateway in each availability zone. This is the recommended configuration for production infrastructure.

"None": None Do not create any NAT Gateways. Resources in private subnets will not be able to access the internet.
"Single": Single Create a single NAT Gateway for the entire VPC. This configuration is not recommended for production infrastructure as it creates a single point of failure.
"OnePerAz": OnePerAz Create a NAT Gateway in each availability zone. This is the recommended configuration for production infrastructure.

SubnetSpec, SubnetSpecArgs

Configuration for a VPC subnet.

Type Pulumi.Awsx.Ec2.SubnetType: The type of subnet.
CidrMask int: The bitmask for the subnet's CIDR block.
Name string: The subnet's name. Will be templated upon creation.
Tags Dictionary<string, string>: A map of tags to assign to the resource.

Type SubnetType: The type of subnet.
CidrMask int: The bitmask for the subnet's CIDR block.
Name string: The subnet's name. Will be templated upon creation.
Tags map[string]string: A map of tags to assign to the resource.

type SubnetType: The type of subnet.
cidrMask Integer: The bitmask for the subnet's CIDR block.
name String: The subnet's name. Will be templated upon creation.
tags Map<String,String>: A map of tags to assign to the resource.

type SubnetType: The type of subnet.
cidrMask number: The bitmask for the subnet's CIDR block.
name string: The subnet's name. Will be templated upon creation.
tags {[key: string]: string}: A map of tags to assign to the resource.

type SubnetType: The type of subnet.
cidr_mask int: The bitmask for the subnet's CIDR block.
name str: The subnet's name. Will be templated upon creation.
tags Mapping[str, str]: A map of tags to assign to the resource.

type "Public" | "Private" | "Isolated": The type of subnet.
cidrMask Number: The bitmask for the subnet's CIDR block.
name String: The subnet's name. Will be templated upon creation.
tags Map<String>: A map of tags to assign to the resource.

SubnetType, SubnetTypeArgs

Public: Public A subnet whose hosts can directly communicate with the internet.
Private: Private A subnet whose hosts can not directly communicate with the internet, but can initiate outbound network traffic via a NAT Gateway.
Isolated: Isolated A subnet whose hosts have no connectivity with the internet.

SubnetTypePublic: Public A subnet whose hosts can directly communicate with the internet.
SubnetTypePrivate: Private A subnet whose hosts can not directly communicate with the internet, but can initiate outbound network traffic via a NAT Gateway.
SubnetTypeIsolated: Isolated A subnet whose hosts have no connectivity with the internet.

Public: Public A subnet whose hosts can directly communicate with the internet.
Private: Private A subnet whose hosts can not directly communicate with the internet, but can initiate outbound network traffic via a NAT Gateway.
Isolated: Isolated A subnet whose hosts have no connectivity with the internet.

Public: Public A subnet whose hosts can directly communicate with the internet.
Private: Private A subnet whose hosts can not directly communicate with the internet, but can initiate outbound network traffic via a NAT Gateway.
Isolated: Isolated A subnet whose hosts have no connectivity with the internet.

PUBLIC: Public A subnet whose hosts can directly communicate with the internet.
PRIVATE: Private A subnet whose hosts can not directly communicate with the internet, but can initiate outbound network traffic via a NAT Gateway.
ISOLATED: Isolated A subnet whose hosts have no connectivity with the internet.

"Public": Public A subnet whose hosts can directly communicate with the internet.
"Private": Private A subnet whose hosts can not directly communicate with the internet, but can initiate outbound network traffic via a NAT Gateway.
"Isolated": Isolated A subnet whose hosts have no connectivity with the internet.

VpcEndpointSpec, VpcEndpointSpecArgs

Provides a VPC Endpoint resource.

NOTE on VPC Endpoints and VPC Endpoint Associations: The provider provides both standalone VPC Endpoint Associations for Route Tables - (an association between a VPC endpoint and a single route_table_id), Security Groups - (an association between a VPC endpoint and a single security_group_id), and Subnets - (an association between a VPC endpoint and a single subnet_id) and a VPC Endpoint resource with route_table_ids and subnet_ids attributes. Do not use the same resource ID in both a VPC Endpoint resource and a VPC Endpoint Association resource. Doing so will cause a conflict of associations and will overwrite the association.

Example Usage

Basic

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const s3 = new aws.ec2.VpcEndpoint("s3", {
vpcId: aws_vpc.main.id,
serviceName: "com.amazonaws.us-west-2.s3",
});

import pulumi
import pulumi_aws as aws
s3 = aws.ec2.VpcEndpoint("s3",
vpc_id=aws_vpc["main"]["id"],
service_name="com.amazonaws.us-west-2.s3")

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var s3 = new Aws.Ec2.VpcEndpoint("s3", new()
    {
        VpcId = aws_vpc.Main.Id,
        ServiceName = "com.amazonaws.us-west-2.s3",
    });

});

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ec2.NewVpcEndpoint(ctx, "s3", &ec2.VpcEndpointArgs{
			VpcId:       pulumi.Any(aws_vpc.Main.Id),
			ServiceName: pulumi.String("com.amazonaws.us-west-2.s3"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.VpcEndpoint;
import com.pulumi.aws.ec2.VpcEndpointArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var s3 = new VpcEndpoint("s3", VpcEndpointArgs.builder()        
            .vpcId(aws_vpc.main().id())
            .serviceName("com.amazonaws.us-west-2.s3")
            .build());

    }
}

resources:
  s3:
    type: aws:ec2:VpcEndpoint
    properties:
      vpcId: ${aws_vpc.main.id}
      serviceName: com.amazonaws.us-west-2.s3

Basic w/ Tags

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const s3 = new aws.ec2.VpcEndpoint("s3", {
vpcId: aws_vpc.main.id,
serviceName: "com.amazonaws.us-west-2.s3",
tags: {
Environment: "test",
},
});

import pulumi
import pulumi_aws as aws
s3 = aws.ec2.VpcEndpoint("s3",
vpc_id=aws_vpc["main"]["id"],
service_name="com.amazonaws.us-west-2.s3",
tags={
"Environment": "test",
})

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var s3 = new Aws.Ec2.VpcEndpoint("s3", new()
    {
        VpcId = aws_vpc.Main.Id,
        ServiceName = "com.amazonaws.us-west-2.s3",
        Tags = 
        {
            { "Environment", "test" },
        },
    });

});

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ec2.NewVpcEndpoint(ctx, "s3", &ec2.VpcEndpointArgs{
			VpcId:       pulumi.Any(aws_vpc.Main.Id),
			ServiceName: pulumi.String("com.amazonaws.us-west-2.s3"),
			Tags: pulumi.StringMap{
				"Environment": pulumi.String("test"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.VpcEndpoint;
import com.pulumi.aws.ec2.VpcEndpointArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var s3 = new VpcEndpoint("s3", VpcEndpointArgs.builder()        
            .vpcId(aws_vpc.main().id())
            .serviceName("com.amazonaws.us-west-2.s3")
            .tags(Map.of("Environment", "test"))
            .build());

    }
}

resources:
  s3:
    type: aws:ec2:VpcEndpoint
    properties:
      vpcId: ${aws_vpc.main.id}
      serviceName: com.amazonaws.us-west-2.s3
      tags:
        Environment: test

Interface Endpoint Type

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const ec2 = new aws.ec2.VpcEndpoint("ec2", {
vpcId: aws_vpc.main.id,
serviceName: "com.amazonaws.us-west-2.ec2",
vpcEndpointType: "Interface",
securityGroupIds: [aws_security_group.sg1.id],
privateDnsEnabled: true,
});

import pulumi
import pulumi_aws as aws
ec2 = aws.ec2.VpcEndpoint("ec2",
vpc_id=aws_vpc["main"]["id"],
service_name="com.amazonaws.us-west-2.ec2",
vpc_endpoint_type="Interface",
security_group_ids=[aws_security_group["sg1"]["id"]],
private_dns_enabled=True)

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var ec2 = new Aws.Ec2.VpcEndpoint("ec2", new()
    {
        VpcId = aws_vpc.Main.Id,
        ServiceName = "com.amazonaws.us-west-2.ec2",
        VpcEndpointType = "Interface",
        SecurityGroupIds = new[]
        {
            aws_security_group.Sg1.Id,
        },
        PrivateDnsEnabled = true,
    });

});

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ec2.NewVpcEndpoint(ctx, "ec2", &ec2.VpcEndpointArgs{
			VpcId:           pulumi.Any(aws_vpc.Main.Id),
			ServiceName:     pulumi.String("com.amazonaws.us-west-2.ec2"),
			VpcEndpointType: pulumi.String("Interface"),
			SecurityGroupIds: pulumi.StringArray{
				aws_security_group.Sg1.Id,
			},
			PrivateDnsEnabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.VpcEndpoint;
import com.pulumi.aws.ec2.VpcEndpointArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var ec2 = new VpcEndpoint("ec2", VpcEndpointArgs.builder()        
            .vpcId(aws_vpc.main().id())
            .serviceName("com.amazonaws.us-west-2.ec2")
            .vpcEndpointType("Interface")
            .securityGroupIds(aws_security_group.sg1().id())
            .privateDnsEnabled(true)
            .build());

    }
}

resources:
  ec2:
    type: aws:ec2:VpcEndpoint
    properties:
      vpcId: ${aws_vpc.main.id}
      serviceName: com.amazonaws.us-west-2.ec2
      vpcEndpointType: Interface
      securityGroupIds:
        - ${aws_security_group.sg1.id}
      privateDnsEnabled: true

Gateway Load Balancer Endpoint Type

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const current = aws.getCallerIdentity({});
const exampleVpcEndpointService = new aws.ec2.VpcEndpointService("exampleVpcEndpointService", {
acceptanceRequired: false,
allowedPrincipals: [current.then(current => current.arn)],
gatewayLoadBalancerArns: [aws_lb.example.arn],
});
const exampleVpcEndpoint = new aws.ec2.VpcEndpoint("exampleVpcEndpoint", {
serviceName: exampleVpcEndpointService.serviceName,
subnetIds: [aws_subnet.example.id],
vpcEndpointType: exampleVpcEndpointService.serviceType,
vpcId: aws_vpc.example.id,
});

import pulumi
import pulumi_aws as aws
current = aws.get_caller_identity()
example_vpc_endpoint_service = aws.ec2.VpcEndpointService("exampleVpcEndpointService",
acceptance_required=False,
allowed_principals=[current.arn],
gateway_load_balancer_arns=[aws_lb["example"]["arn"]])
example_vpc_endpoint = aws.ec2.VpcEndpoint("exampleVpcEndpoint",
service_name=example_vpc_endpoint_service.service_name,
subnet_ids=[aws_subnet["example"]["id"]],
vpc_endpoint_type=example_vpc_endpoint_service.service_type,
vpc_id=aws_vpc["example"]["id"])

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var current = Aws.GetCallerIdentity.Invoke();

    var exampleVpcEndpointService = new Aws.Ec2.VpcEndpointService("exampleVpcEndpointService", new()
    {
        AcceptanceRequired = false,
        AllowedPrincipals = new[]
        {
            current.Apply(getCallerIdentityResult => getCallerIdentityResult.Arn),
        },
        GatewayLoadBalancerArns = new[]
        {
            aws_lb.Example.Arn,
        },
    });

    var exampleVpcEndpoint = new Aws.Ec2.VpcEndpoint("exampleVpcEndpoint", new()
    {
        ServiceName = exampleVpcEndpointService.ServiceName,
        SubnetIds = new[]
        {
            aws_subnet.Example.Id,
        },
        VpcEndpointType = exampleVpcEndpointService.ServiceType,
        VpcId = aws_vpc.Example.Id,
    });

});

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		current, err := aws.GetCallerIdentity(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleVpcEndpointService, err := ec2.NewVpcEndpointService(ctx, "exampleVpcEndpointService", &ec2.VpcEndpointServiceArgs{
			AcceptanceRequired: pulumi.Bool(false),
			AllowedPrincipals: pulumi.StringArray{
				*pulumi.String(current.Arn),
			},
			GatewayLoadBalancerArns: pulumi.StringArray{
				aws_lb.Example.Arn,
			},
		})
		if err != nil {
			return err
		}
		_, err = ec2.NewVpcEndpoint(ctx, "exampleVpcEndpoint", &ec2.VpcEndpointArgs{
			ServiceName: exampleVpcEndpointService.ServiceName,
			SubnetIds: pulumi.StringArray{
				aws_subnet.Example.Id,
			},
			VpcEndpointType: exampleVpcEndpointService.ServiceType,
			VpcId:           pulumi.Any(aws_vpc.Example.Id),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.ec2.VpcEndpointService;
import com.pulumi.aws.ec2.VpcEndpointServiceArgs;
import com.pulumi.aws.ec2.VpcEndpoint;
import com.pulumi.aws.ec2.VpcEndpointArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var current = AwsFunctions.getCallerIdentity();

        var exampleVpcEndpointService = new VpcEndpointService("exampleVpcEndpointService", VpcEndpointServiceArgs.builder()        
            .acceptanceRequired(false)
            .allowedPrincipals(current.applyValue(getCallerIdentityResult -> getCallerIdentityResult.arn()))
            .gatewayLoadBalancerArns(aws_lb.example().arn())
            .build());

        var exampleVpcEndpoint = new VpcEndpoint("exampleVpcEndpoint", VpcEndpointArgs.builder()        
            .serviceName(exampleVpcEndpointService.serviceName())
            .subnetIds(aws_subnet.example().id())
            .vpcEndpointType(exampleVpcEndpointService.serviceType())
            .vpcId(aws_vpc.example().id())
            .build());

    }
}

resources:
  exampleVpcEndpointService:
    type: aws:ec2:VpcEndpointService
    properties:
      acceptanceRequired: false
      allowedPrincipals:
        - ${current.arn}
      gatewayLoadBalancerArns:
        - ${aws_lb.example.arn}
  exampleVpcEndpoint:
    type: aws:ec2:VpcEndpoint
    properties:
      serviceName: ${exampleVpcEndpointService.serviceName}
      subnetIds:
        - ${aws_subnet.example.id}
      vpcEndpointType: ${exampleVpcEndpointService.serviceType}
      vpcId: ${aws_vpc.example.id}
variables:
  current:
    fn::invoke:
      Function: aws:getCallerIdentity
      Arguments: {}

Import

VPC Endpoints can be imported using the vpc endpoint id, e.g.,

 $ pulumi import aws:ec2/vpcEndpoint:VpcEndpoint endpoint1 vpce-3ecf2a57

ServiceName string

The service name. For AWS services the service name is usually in the form com.amazonaws.<region>.<service> (the SageMaker Notebook service is an exception to this rule, the service name is in the form aws.sagemaker.<region>.notebook).

AutoAccept bool

Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).

DnsOptions Pulumi.Aws.Ec2.Inputs.VpcEndpointDnsOptions

The DNS options for the endpoint. See dns_options below.

This type is defined in the AWS Classic package.

IpAddressType string

The IP address type for the endpoint. Valid values are ipv4, dualstack, and ipv6.

Policy string

A policy to attach to the endpoint that controls access to the service. This is a JSON formatted string. Defaults to full access. All Gateway and some Interface endpoints support policies - see the relevant AWS documentation for more details.

PrivateDnsEnabled bool

Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Defaults to false.

RouteTableIds List<string>

One or more route table IDs. Applicable for endpoints of type Gateway.

SecurityGroupIds List<string>

The ID of one or more security groups to associate with the network interface. Applicable for endpoints of type Interface. If no security groups are specified, the VPC's default security group is associated with the endpoint.

SubnetIds List<string>

The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface.

Tags Dictionary<string, string>

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

VpcEndpointType string

The VPC endpoint type, Gateway, GatewayLoadBalancer, or Interface. Defaults to Gateway.

ServiceName string

AutoAccept bool

Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).

DnsOptions VpcEndpointDnsOptions

The DNS options for the endpoint. See dns_options below.

This type is defined in the AWS Classic package.

IpAddressType string

The IP address type for the endpoint. Valid values are ipv4, dualstack, and ipv6.

Policy string

PrivateDnsEnabled bool

Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Defaults to false.

RouteTableIds []string

One or more route table IDs. Applicable for endpoints of type Gateway.

SecurityGroupIds []string

SubnetIds []string

The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface.

Tags map[string]string

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

VpcEndpointType string

The VPC endpoint type, Gateway, GatewayLoadBalancer, or Interface. Defaults to Gateway.

serviceName String

autoAccept Boolean

Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).

dnsOptions VpcEndpointDnsOptions

The DNS options for the endpoint. See dns_options below.

This type is defined in the AWS Classic package.

ipAddressType String

The IP address type for the endpoint. Valid values are ipv4, dualstack, and ipv6.

policy String

privateDnsEnabled Boolean

Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Defaults to false.

routeTableIds List<String>

One or more route table IDs. Applicable for endpoints of type Gateway.

securityGroupIds List<String>

subnetIds List<String>

The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface.

tags Map<String,String>

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

vpcEndpointType String

The VPC endpoint type, Gateway, GatewayLoadBalancer, or Interface. Defaults to Gateway.

serviceName string

autoAccept boolean

Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).

dnsOptions pulumiAws.types.input.VpcEndpointDnsOptions

The DNS options for the endpoint. See dns_options below.

This type is defined in the AWS Classic package.

ipAddressType string

The IP address type for the endpoint. Valid values are ipv4, dualstack, and ipv6.

policy string

privateDnsEnabled boolean

Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Defaults to false.

routeTableIds string[]

One or more route table IDs. Applicable for endpoints of type Gateway.

securityGroupIds string[]

subnetIds string[]

The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface.

tags {[key: string]: string}

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

vpcEndpointType string

The VPC endpoint type, Gateway, GatewayLoadBalancer, or Interface. Defaults to Gateway.

service_name str

auto_accept bool

Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).

dns_options pulumi_aws.ec2.VpcEndpointDnsOptionsArgs

The DNS options for the endpoint. See dns_options below.

This type is defined in the AWS Classic package.

ip_address_type str

The IP address type for the endpoint. Valid values are ipv4, dualstack, and ipv6.

policy str

private_dns_enabled bool

Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Defaults to false.

route_table_ids Sequence[str]

One or more route table IDs. Applicable for endpoints of type Gateway.

security_group_ids Sequence[str]

subnet_ids Sequence[str]

The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface.

tags Mapping[str, str]

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

vpc_endpoint_type str

The VPC endpoint type, Gateway, GatewayLoadBalancer, or Interface. Defaults to Gateway.

serviceName String

autoAccept Boolean

Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).

dnsOptions Property Map

The DNS options for the endpoint. See dns_options below.

This type is defined in the AWS Classic package.

ipAddressType String

The IP address type for the endpoint. Valid values are ipv4, dualstack, and ipv6.

policy String

privateDnsEnabled Boolean

Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type Interface. Defaults to false.

routeTableIds List<String>

One or more route table IDs. Applicable for endpoints of type Gateway.

securityGroupIds List<String>

subnetIds List<String>

The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type GatewayLoadBalancer and Interface.

tags Map<String>

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

vpcEndpointType String