0
# Networking Services
1
2
Comprehensive networking solutions including virtual private clouds (VPC), DNS management (Route53), content delivery (CloudFront), and network connectivity services.
3
4
## Capabilities
5
6
### VPC - Virtual Private Cloud
7
8
Virtual Private Cloud provides isolated cloud resources within the AWS cloud with complete control over networking environment.
9
10
```typescript { .api }
11
/**
12
* VPC - Virtual Private Cloud
13
*/
14
class vpc.Vpc extends pulumi.CustomResource {
15
constructor(name: string, args?: vpc.VpcArgs, opts?: pulumi.CustomResourceOptions);
16
17
/** VPC ARN */
18
readonly arn: pulumi.Output<string>;
19
/** VPC ID */
20
readonly id: pulumi.Output<string>;
21
/** CIDR block */
22
readonly cidrBlock: pulumi.Output<string>;
23
/** Default security group ID */
24
readonly defaultSecurityGroupId: pulumi.Output<string>;
25
/** Default network ACL ID */
26
readonly defaultNetworkAclId: pulumi.Output<string>;
27
/** Default route table ID */
28
readonly defaultRouteTableId: pulumi.Output<string>;
29
/** DHCP options ID */
30
readonly dhcpOptionsId: pulumi.Output<string>;
31
/** Instance tenancy */
32
readonly instanceTenancy: pulumi.Output<string>;
33
/** IPv6 CIDR block */
34
readonly ipv6CidrBlock: pulumi.Output<string>;
35
/** Main route table ID */
36
readonly mainRouteTableId: pulumi.Output<string>;
37
/** Owner ID */
38
readonly ownerId: pulumi.Output<string>;
39
/** Resource tags */
40
readonly tags: pulumi.Output<{[key: string]: string}>;
41
}
42
43
interface vpc.VpcArgs {
44
/** CIDR block for the VPC */
45
cidrBlock: pulumi.Input<string>;
46
/** Instance tenancy (default, dedicated, host) */
47
instanceTenancy?: pulumi.Input<string>;
48
/** Enable DNS resolution */
49
enableDnsSupport?: pulumi.Input<boolean>;
50
/** Enable DNS hostnames */
51
enableDnsHostnames?: pulumi.Input<boolean>;
52
/** Enable network address usage metrics */
53
enableNetworkAddressUsageMetrics?: pulumi.Input<boolean>;
54
/** Assign generated IPv6 CIDR block */
55
assignGeneratedIpv6CidrBlock?: pulumi.Input<boolean>;
56
/** Resource tags */
57
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
58
}
59
60
/**
61
* VPC Subnet
62
*/
63
class ec2.Subnet extends pulumi.CustomResource {
64
constructor(name: string, args: ec2.SubnetArgs, opts?: pulumi.CustomResourceOptions);
65
66
/** Subnet ARN */
67
readonly arn: pulumi.Output<string>;
68
/** Subnet ID */
69
readonly id: pulumi.Output<string>;
70
/** VPC ID */
71
readonly vpcId: pulumi.Output<string>;
72
/** CIDR block */
73
readonly cidrBlock: pulumi.Output<string>;
74
/** Availability zone */
75
readonly availabilityZone: pulumi.Output<string>;
76
/** Availability zone ID */
77
readonly availabilityZoneId: pulumi.Output<string>;
78
/** Map public IP on launch */
79
readonly mapPublicIpOnLaunch: pulumi.Output<boolean>;
80
/** Assign IPv6 address on creation */
81
readonly assignIpv6AddressOnCreation: pulumi.Output<boolean>;
82
/** IPv6 CIDR block */
83
readonly ipv6CidrBlock: pulumi.Output<string>;
84
/** Outpost ARN */
85
readonly outpostArn: pulumi.Output<string>;
86
/** Resource tags */
87
readonly tags: pulumi.Output<{[key: string]: string}>;
88
}
89
90
interface ec2.SubnetArgs {
91
/** VPC ID */
92
vpcId: pulumi.Input<string>;
93
/** CIDR block for the subnet */
94
cidrBlock: pulumi.Input<string>;
95
/** Availability zone */
96
availabilityZone?: pulumi.Input<string>;
97
/** Map public IP on launch */
98
mapPublicIpOnLaunch?: pulumi.Input<boolean>;
99
/** Assign IPv6 address on creation */
100
assignIpv6AddressOnCreation?: pulumi.Input<boolean>;
101
/** IPv6 CIDR block */
102
ipv6CidrBlock?: pulumi.Input<string>;
103
/** Outpost ARN */
104
outpostArn?: pulumi.Input<string>;
105
/** Resource tags */
106
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
107
}
108
109
/**
110
* Internet Gateway
111
*/
112
class ec2.InternetGateway extends pulumi.CustomResource {
113
constructor(name: string, args?: ec2.InternetGatewayArgs, opts?: pulumi.CustomResourceOptions);
114
115
/** Internet Gateway ARN */
116
readonly arn: pulumi.Output<string>;
117
/** Internet Gateway ID */
118
readonly id: pulumi.Output<string>;
119
/** VPC ID */
120
readonly vpcId: pulumi.Output<string>;
121
/** Resource tags */
122
readonly tags: pulumi.Output<{[key: string]: string}>;
123
}
124
125
/**
126
* Route Table
127
*/
128
class ec2.RouteTable extends pulumi.CustomResource {
129
constructor(name: string, args: ec2.RouteTableArgs, opts?: pulumi.CustomResourceOptions);
130
131
/** Route table ARN */
132
readonly arn: pulumi.Output<string>;
133
/** Route table ID */
134
readonly id: pulumi.Output<string>;
135
/** VPC ID */
136
readonly vpcId: pulumi.Output<string>;
137
/** Routes */
138
readonly routes: pulumi.Output<ec2.RouteTableRoute[]>;
139
/** Resource tags */
140
readonly tags: pulumi.Output<{[key: string]: string}>;
141
}
142
143
/**
144
* Security Group
145
*/
146
class ec2.SecurityGroup extends pulumi.CustomResource {
147
constructor(name: string, args?: ec2.SecurityGroupArgs, opts?: pulumi.CustomResourceOptions);
148
149
/** Security group ARN */
150
readonly arn: pulumi.Output<string>;
151
/** Security group ID */
152
readonly id: pulumi.Output<string>;
153
/** Security group name */
154
readonly name: pulumi.Output<string>;
155
/** Description */
156
readonly description: pulumi.Output<string>;
157
/** VPC ID */
158
readonly vpcId: pulumi.Output<string>;
159
/** Ingress rules */
160
readonly ingress: pulumi.Output<ec2.SecurityGroupIngress[]>;
161
/** Egress rules */
162
readonly egress: pulumi.Output<ec2.SecurityGroupEgress[]>;
163
/** Resource tags */
164
readonly tags: pulumi.Output<{[key: string]: string}>;
165
}
166
```
167
168
**Usage Examples:**
169
170
```typescript
171
// Create VPC with DNS support
172
const vpc = new aws.ec2.Vpc("main-vpc", {
173
cidrBlock: "10.0.0.0/16",
174
enableDnsHostnames: true,
175
enableDnsSupport: true,
176
tags: {
177
Name: "MainVPC",
178
Environment: "production"
179
}
180
});
181
182
// Create Internet Gateway
183
const igw = new aws.ec2.InternetGateway("main-igw", {
184
vpcId: vpc.id,
185
tags: {
186
Name: "MainIGW"
187
}
188
});
189
190
// Create public subnets
191
const publicSubnets = ["us-west-2a", "us-west-2b"].map((az, index) =>
192
new aws.ec2.Subnet(`public-subnet-${index}`, {
193
vpcId: vpc.id,
194
cidrBlock: `10.0.${index + 1}.0/24`,
195
availabilityZone: az,
196
mapPublicIpOnLaunch: true,
197
tags: {
198
Name: `PublicSubnet-${az}`,
199
Type: "public"
200
}
201
})
202
);
203
204
// Create private subnets
205
const privateSubnets = ["us-west-2a", "us-west-2b"].map((az, index) =>
206
new aws.ec2.Subnet(`private-subnet-${index}`, {
207
vpcId: vpc.id,
208
cidrBlock: `10.0.${index + 10}.0/24`,
209
availabilityZone: az,
210
tags: {
211
Name: `PrivateSubnet-${az}`,
212
Type: "private"
213
}
214
})
215
);
216
217
// Create public route table
218
const publicRouteTable = new aws.ec2.RouteTable("public-rt", {
219
vpcId: vpc.id,
220
routes: [{
221
cidrBlock: "0.0.0.0/0",
222
gatewayId: igw.id
223
}],
224
tags: {
225
Name: "PublicRouteTable"
226
}
227
});
228
229
// Create security group for web servers
230
const webSecurityGroup = new aws.ec2.SecurityGroup("web-sg", {
231
name: "web-security-group",
232
description: "Security group for web servers",
233
vpcId: vpc.id,
234
ingress: [
235
{
236
fromPort: 80,
237
toPort: 80,
238
protocol: "tcp",
239
cidrBlocks: ["0.0.0.0/0"]
240
},
241
{
242
fromPort: 443,
243
toPort: 443,
244
protocol: "tcp",
245
cidrBlocks: ["0.0.0.0/0"]
246
},
247
{
248
fromPort: 22,
249
toPort: 22,
250
protocol: "tcp",
251
cidrBlocks: ["10.0.0.0/16"]
252
}
253
],
254
egress: [{
255
fromPort: 0,
256
toPort: 0,
257
protocol: "-1",
258
cidrBlocks: ["0.0.0.0/0"]
259
}],
260
tags: {
261
Name: "WebSecurityGroup"
262
}
263
});
264
```
265
266
### Route53 - DNS Management
267
268
Scalable Domain Name System (DNS) web service for domain registration and DNS routing.
269
270
```typescript { .api }
271
/**
272
* Route53 hosted zone
273
*/
274
class route53.Zone extends pulumi.CustomResource {
275
constructor(name: string, args: route53.ZoneArgs, opts?: pulumi.CustomResourceOptions);
276
277
/** Zone ARN */
278
readonly arn: pulumi.Output<string>;
279
/** Zone ID */
280
readonly zoneId: pulumi.Output<string>;
281
/** Domain name */
282
readonly name: pulumi.Output<string>;
283
/** Name servers */
284
readonly nameServers: pulumi.Output<string[]>;
285
/** Comment */
286
readonly comment: pulumi.Output<string>;
287
/** Private zone */
288
readonly privateZone: pulumi.Output<boolean>;
289
/** VPC associations */
290
readonly vpcs: pulumi.Output<route53.ZoneVpc[]>;
291
/** Resource tags */
292
readonly tags: pulumi.Output<{[key: string]: string}>;
293
}
294
295
interface route53.ZoneArgs {
296
/** Domain name */
297
name: pulumi.Input<string>;
298
/** Comment */
299
comment?: pulumi.Input<string>;
300
/** Force destroy */
301
forceDestroy?: pulumi.Input<boolean>;
302
/** Private zone */
303
privateZone?: pulumi.Input<boolean>;
304
/** VPC associations for private zones */
305
vpcs?: pulumi.Input<pulumi.Input<route53.ZoneVpc>[]>;
306
/** Resource tags */
307
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
308
}
309
310
/**
311
* Route53 DNS record
312
*/
313
class route53.Record extends pulumi.CustomResource {
314
constructor(name: string, args: route53.RecordArgs, opts?: pulumi.CustomResourceOptions);
315
316
/** Zone ID */
317
readonly zoneId: pulumi.Output<string>;
318
/** Record name */
319
readonly name: pulumi.Output<string>;
320
/** Record type */
321
readonly type: pulumi.Output<string>;
322
/** TTL */
323
readonly ttl: pulumi.Output<number>;
324
/** Records */
325
readonly records: pulumi.Output<string[]>;
326
/** Alias configuration */
327
readonly aliases: pulumi.Output<route53.RecordAlias[]>;
328
/** FQDN */
329
readonly fqdn: pulumi.Output<string>;
330
}
331
332
interface route53.RecordArgs {
333
/** Zone ID */
334
zoneId: pulumi.Input<string>;
335
/** Record name */
336
name: pulumi.Input<string>;
337
/** Record type (A, AAAA, CNAME, MX, etc.) */
338
type: pulumi.Input<string>;
339
/** TTL in seconds */
340
ttl?: pulumi.Input<number>;
341
/** Record values */
342
records?: pulumi.Input<pulumi.Input<string>[]>;
343
/** Alias target */
344
aliases?: pulumi.Input<pulumi.Input<route53.RecordAlias>[]>;
345
/** Weighted routing */
346
weightedRoutingPolicies?: pulumi.Input<pulumi.Input<route53.RecordWeightedRoutingPolicy>[]>;
347
/** Geolocation routing */
348
geolocationRoutingPolicies?: pulumi.Input<pulumi.Input<route53.RecordGeolocationRoutingPolicy>[]>;
349
/** Health check ID */
350
healthCheckId?: pulumi.Input<string>;
351
/** Set identifier for routing policies */
352
setIdentifier?: pulumi.Input<string>;
353
}
354
```
355
356
**Usage Examples:**
357
358
```typescript
359
// Create hosted zone
360
const zone = new aws.route53.Zone("example-com", {
361
name: "example.com",
362
comment: "Main domain zone",
363
tags: {
364
Name: "ExampleZone",
365
Environment: "production"
366
}
367
});
368
369
// Create A record pointing to load balancer
370
const aRecord = new aws.route53.Record("www", {
371
zoneId: zone.zoneId,
372
name: "www.example.com",
373
type: "A",
374
aliases: [{
375
name: alb.dnsName,
376
zoneId: alb.zoneId,
377
evaluateTargetHealth: true
378
}]
379
});
380
381
// Create CNAME record
382
const cnameRecord = new aws.route53.Record("api", {
383
zoneId: zone.zoneId,
384
name: "api.example.com",
385
type: "CNAME",
386
ttl: 300,
387
records: ["api-internal.example.com"]
388
});
389
390
// Create MX record for email
391
const mxRecord = new aws.route53.Record("mail", {
392
zoneId: zone.zoneId,
393
name: "example.com",
394
type: "MX",
395
ttl: 300,
396
records: [
397
"10 mail.example.com",
398
"20 mail2.example.com"
399
]
400
});
401
```
402
403
### CloudFront - Content Delivery Network
404
405
Global content delivery network (CDN) service that securely delivers data with low latency and high transfer speeds.
406
407
```typescript { .api }
408
/**
409
* CloudFront distribution
410
*/
411
class cloudfront.Distribution extends pulumi.CustomResource {
412
constructor(name: string, args: cloudfront.DistributionArgs, opts?: pulumi.CustomResourceOptions);
413
414
/** Distribution ARN */
415
readonly arn: pulumi.Output<string>;
416
/** Distribution ID */
417
readonly id: pulumi.Output<string>;
418
/** Domain name */
419
readonly domainName: pulumi.Output<string>;
420
/** Hosted zone ID */
421
readonly hostedZoneId: pulumi.Output<string>;
422
/** Status */
423
readonly status: pulumi.Output<string>;
424
/** Origins */
425
readonly origins: pulumi.Output<cloudfront.DistributionOrigin[]>;
426
/** Default cache behavior */
427
readonly defaultCacheBehavior: pulumi.Output<cloudfront.DistributionDefaultCacheBehavior>;
428
/** Cache behaviors */
429
readonly orderedCacheBehaviors: pulumi.Output<cloudfront.DistributionOrderedCacheBehavior[]>;
430
/** Price class */
431
readonly priceClass: pulumi.Output<string>;
432
/** Enabled */
433
readonly enabled: pulumi.Output<boolean>;
434
/** Web ACL ID */
435
readonly webAclId: pulumi.Output<string>;
436
/** Resource tags */
437
readonly tags: pulumi.Output<{[key: string]: string}>;
438
}
439
440
interface cloudfront.DistributionArgs {
441
/** Origins */
442
origins: pulumi.Input<pulumi.Input<cloudfront.DistributionOrigin>[]>;
443
/** Default cache behavior */
444
defaultCacheBehavior: pulumi.Input<cloudfront.DistributionDefaultCacheBehavior>;
445
/** Ordered cache behaviors */
446
orderedCacheBehaviors?: pulumi.Input<pulumi.Input<cloudfront.DistributionOrderedCacheBehavior>[]>;
447
/** Comment */
448
comment?: pulumi.Input<string>;
449
/** Default root object */
450
defaultRootObject?: pulumi.Input<string>;
451
/** Enabled */
452
enabled: pulumi.Input<boolean>;
453
/** HTTP version */
454
httpVersion?: pulumi.Input<string>;
455
/** Price class */
456
priceClass?: pulumi.Input<string>;
457
/** Aliases (CNAMEs) */
458
aliases?: pulumi.Input<pulumi.Input<string>[]>;
459
/** SSL/TLS certificate */
460
viewerCertificate?: pulumi.Input<cloudfront.DistributionViewerCertificate>;
461
/** Custom error responses */
462
customErrorResponses?: pulumi.Input<pulumi.Input<cloudfront.DistributionCustomErrorResponse>[]>;
463
/** Geo restrictions */
464
restrictions?: pulumi.Input<cloudfront.DistributionRestrictions>;
465
/** Web ACL ID */
466
webAclId?: pulumi.Input<string>;
467
/** Resource tags */
468
tags?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;
469
}
470
471
/**
472
* CloudFront Origin Access Identity
473
*/
474
class cloudfront.OriginAccessIdentity extends pulumi.CustomResource {
475
constructor(name: string, args?: cloudfront.OriginAccessIdentityArgs, opts?: pulumi.CustomResourceOptions);
476
477
/** CloudFront access identity path */
478
readonly cloudfrontAccessIdentityPath: pulumi.Output<string>;
479
/** ETag */
480
readonly etag: pulumi.Output<string>;
481
/** IAM ARN */
482
readonly iamArn: pulumi.Output<string>;
483
/** S3 canonical user ID */
484
readonly s3CanonicalUserId: pulumi.Output<string>;
485
/** Comment */
486
readonly comment: pulumi.Output<string>;
487
}
488
```
489
490
**Usage Examples:**
491
492
```typescript
493
// Create CloudFront Origin Access Identity
494
const oai = new aws.cloudfront.OriginAccessIdentity("s3-oai", {
495
comment: "OAI for S3 bucket access"
496
});
497
498
// Create CloudFront distribution
499
const distribution = new aws.cloudfront.Distribution("website-cdn", {
500
origins: [{
501
domainName: bucket.bucketDomainName,
502
originId: "S3-bucket",
503
s3OriginConfig: {
504
originAccessIdentity: oai.cloudfrontAccessIdentityPath
505
}
506
}],
507
enabled: true,
508
defaultRootObject: "index.html",
509
comment: "Website CDN distribution",
510
aliases: ["www.example.com", "example.com"],
511
defaultCacheBehavior: {
512
targetOriginId: "S3-bucket",
513
viewerProtocolPolicy: "redirect-to-https",
514
allowedMethods: ["GET", "HEAD", "OPTIONS"],
515
cachedMethods: ["GET", "HEAD"],
516
compress: true,
517
forwardedValues: {
518
queryString: false,
519
cookies: {
520
forward: "none"
521
}
522
},
523
minTtl: 0,
524
defaultTtl: 3600,
525
maxTtl: 86400
526
},
527
viewerCertificate: {
528
acmCertificateArn: certificate.arn,
529
sslSupportMethod: "sni-only",
530
minimumProtocolVersion: "TLSv1.2_2021"
531
},
532
priceClass: "PriceClass_100",
533
restrictions: {
534
geoRestriction: {
535
restrictionType: "none"
536
}
537
},
538
tags: {
539
Name: "WebsiteCDN",
540
Environment: "production"
541
}
542
});
543
```
544
545
### Load Balancing
546
547
Application Load Balancer (ALB) and Network Load Balancer (NLB) for distributing incoming traffic.
548
549
```typescript { .api }
550
/**
551
* Application Load Balancer
552
*/
553
class lb.LoadBalancer extends pulumi.CustomResource {
554
constructor(name: string, args?: lb.LoadBalancerArgs, opts?: pulumi.CustomResourceOptions);
555
556
/** Load balancer ARN */
557
readonly arn: pulumi.Output<string>;
558
/** DNS name */
559
readonly dnsName: pulumi.Output<string>;
560
/** Zone ID */
561
readonly zoneId: pulumi.Output<string>;
562
/** Load balancer type */
563
readonly loadBalancerType: pulumi.Output<string>;
564
/** Subnets */
565
readonly subnets: pulumi.Output<string[]>;
566
/** Security groups */
567
readonly securityGroups: pulumi.Output<string[]>;
568
/** Scheme */
569
readonly scheme: pulumi.Output<string>;
570
/** IP address type */
571
readonly ipAddressType: pulumi.Output<string>;
572
/** Internal */
573
readonly internal: pulumi.Output<boolean>;
574
/** Resource tags */
575
readonly tags: pulumi.Output<{[key: string]: string}>;
576
}
577
578
/**
579
* Load balancer target group
580
*/
581
class lb.TargetGroup extends pulumi.CustomResource {
582
constructor(name: string, args?: lb.TargetGroupArgs, opts?: pulumi.CustomResourceOptions);
583
584
/** Target group ARN */
585
readonly arn: pulumi.Output<string>;
586
/** Target group name */
587
readonly name: pulumi.Output<string>;
588
/** Port */
589
readonly port: pulumi.Output<number>;
590
/** Protocol */
591
readonly protocol: pulumi.Output<string>;
592
/** VPC ID */
593
readonly vpcId: pulumi.Output<string>;
594
/** Target type */
595
readonly targetType: pulumi.Output<string>;
596
/** Health check configuration */
597
readonly healthCheck: pulumi.Output<lb.TargetGroupHealthCheck>;
598
}
599
600
/**
601
* Load balancer listener
602
*/
603
class lb.Listener extends pulumi.CustomResource {
604
constructor(name: string, args: lb.ListenerArgs, opts?: pulumi.CustomResourceOptions);
605
606
/** Listener ARN */
607
readonly arn: pulumi.Output<string>;
608
/** Load balancer ARN */
609
readonly loadBalancerArn: pulumi.Output<string>;
610
/** Port */
611
readonly port: pulumi.Output<string>;
612
/** Protocol */
613
readonly protocol: pulumi.Output<string>;
614
/** SSL policy */
615
readonly sslPolicy: pulumi.Output<string>;
616
/** Certificate ARN */
617
readonly certificateArn: pulumi.Output<string>;
618
/** Default actions */
619
readonly defaultActions: pulumi.Output<lb.ListenerDefaultAction[]>;
620
}
621
```
622
623
**Usage Examples:**
624
625
```typescript
626
// Create Application Load Balancer
627
const alb = new aws.lb.LoadBalancer("app-alb", {
628
name: "app-load-balancer",
629
loadBalancerType: "application",
630
subnets: publicSubnets.map(s => s.id),
631
securityGroups: [albSecurityGroup.id],
632
enableDeletionProtection: false,
633
tags: {
634
Name: "AppLoadBalancer",
635
Environment: "production"
636
}
637
});
638
639
// Create target group
640
const targetGroup = new aws.lb.TargetGroup("app-tg", {
641
name: "app-target-group",
642
port: 80,
643
protocol: "HTTP",
644
vpcId: vpc.id,
645
targetType: "instance",
646
healthCheck: {
647
enabled: true,
648
healthyThreshold: 2,
649
unhealthyThreshold: 2,
650
timeout: 5,
651
interval: 30,
652
path: "/health",
653
matcher: "200"
654
},
655
tags: {
656
Name: "AppTargetGroup"
657
}
658
});
659
660
// Create HTTPS listener
661
const httpsListener = new aws.lb.Listener("https-listener", {
662
loadBalancerArn: alb.arn,
663
port: "443",
664
protocol: "HTTPS",
665
sslPolicy: "ELBSecurityPolicy-TLS-1-2-2017-01",
666
certificateArn: certificate.arn,
667
defaultActions: [{
668
type: "forward",
669
targetGroupArn: targetGroup.arn
670
}]
671
});
672
```