tessl/golang-github-com-pulumi-pulumi-aws-sdk-v7
A Pulumi provider SDK for creating and managing Amazon Web Services (AWS) cloud resources in Go, providing strongly-typed resource classes and data sources for all major AWS services.
ec2.mddocs/reference/compute/
EC2 Package
Package ec2 provides resources and data sources for Amazon EC2 (Elastic Compute Cloud).
Import
import "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ec2"Resource Constructors
// Instances
func NewInstance(ctx *pulumi.Context, name string, args *InstanceArgs, opts ...pulumi.ResourceOption) (*Instance, error)
func GetInstance(ctx *pulumi.Context, name string, id pulumi.IDInput, state *InstanceState, opts ...pulumi.ResourceOption) (*Instance, error)
func NewLaunchTemplate(ctx *pulumi.Context, name string, args *LaunchTemplateArgs, opts ...pulumi.ResourceOption) (*LaunchTemplate, error)
func GetLaunchTemplate(ctx *pulumi.Context, name string, id pulumi.IDInput, state *LaunchTemplateState, opts ...pulumi.ResourceOption) (*LaunchTemplate, error)
func NewLaunchConfiguration(ctx *pulumi.Context, name string, args *LaunchConfigurationArgs, opts ...pulumi.ResourceOption) (*LaunchConfiguration, error)
func GetLaunchConfiguration(ctx *pulumi.Context, name string, id pulumi.IDInput, state *LaunchConfigurationState, opts ...pulumi.ResourceOption) (*LaunchConfiguration, error)
func NewSpotInstanceRequest(ctx *pulumi.Context, name string, args *SpotInstanceRequestArgs, opts ...pulumi.ResourceOption) (*SpotInstanceRequest, error)
func GetSpotInstanceRequest(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SpotInstanceRequestState, opts ...pulumi.ResourceOption) (*SpotInstanceRequest, error)
func NewSpotFleetRequest(ctx *pulumi.Context, name string, args *SpotFleetRequestArgs, opts ...pulumi.ResourceOption) (*SpotFleetRequest, error)
func GetSpotFleetRequest(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SpotFleetRequestState, opts ...pulumi.ResourceOption) (*SpotFleetRequest, error)
func NewFleet(ctx *pulumi.Context, name string, args *FleetArgs, opts ...pulumi.ResourceOption) (*Fleet, error)
func GetFleet(ctx *pulumi.Context, name string, id pulumi.IDInput, state *FleetState, opts ...pulumi.ResourceOption) (*Fleet, error)
func NewDedicatedHost(ctx *pulumi.Context, name string, args *DedicatedHostArgs, opts ...pulumi.ResourceOption) (*DedicatedHost, error)
func GetDedicatedHost(ctx *pulumi.Context, name string, id pulumi.IDInput, state *DedicatedHostState, opts ...pulumi.ResourceOption) (*DedicatedHost, error)
func NewCapacityReservation(ctx *pulumi.Context, name string, args *CapacityReservationArgs, opts ...pulumi.ResourceOption) (*CapacityReservation, error)
func GetCapacityReservation(ctx *pulumi.Context, name string, id pulumi.IDInput, state *CapacityReservationState, opts ...pulumi.ResourceOption) (*CapacityReservation, error)
func NewCapacityBlockReservation(ctx *pulumi.Context, name string, args *CapacityBlockReservationArgs, opts ...pulumi.ResourceOption) (*CapacityBlockReservation, error)
func GetCapacityBlockReservation(ctx *pulumi.Context, name string, id pulumi.IDInput, state *CapacityBlockReservationState, opts ...pulumi.ResourceOption) (*CapacityBlockReservation, error)
// AMIs
func NewAmi(ctx *pulumi.Context, name string, args *AmiArgs, opts ...pulumi.ResourceOption) (*Ami, error)
func GetAmi(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AmiState, opts ...pulumi.ResourceOption) (*Ami, error)
func NewAmiCopy(ctx *pulumi.Context, name string, args *AmiCopyArgs, opts ...pulumi.ResourceOption) (*AmiCopy, error)
func GetAmiCopy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AmiCopyState, opts ...pulumi.ResourceOption) (*AmiCopy, error)
func NewAmiFromInstance(ctx *pulumi.Context, name string, args *AmiFromInstanceArgs, opts ...pulumi.ResourceOption) (*AmiFromInstance, error)
func GetAmiFromInstance(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AmiFromInstanceState, opts ...pulumi.ResourceOption) (*AmiFromInstance, error)
func NewAmiLaunchPermission(ctx *pulumi.Context, name string, args *AmiLaunchPermissionArgs, opts ...pulumi.ResourceOption) (*AmiLaunchPermission, error)
func GetAmiLaunchPermission(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AmiLaunchPermissionState, opts ...pulumi.ResourceOption) (*AmiLaunchPermission, error)
// Networking
func NewVpc(ctx *pulumi.Context, name string, args *VpcArgs, opts ...pulumi.ResourceOption) (*Vpc, error)
func GetVpc(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VpcState, opts ...pulumi.ResourceOption) (*Vpc, error)
func NewSubnet(ctx *pulumi.Context, name string, args *SubnetArgs, opts ...pulumi.ResourceOption) (*Subnet, error)
func GetSubnet(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SubnetState, opts ...pulumi.ResourceOption) (*Subnet, error)
func NewRouteTable(ctx *pulumi.Context, name string, args *RouteTableArgs, opts ...pulumi.ResourceOption) (*RouteTable, error)
func GetRouteTable(ctx *pulumi.Context, name string, id pulumi.IDInput, state *RouteTableState, opts ...pulumi.ResourceOption) (*RouteTable, error)
func NewRoute(ctx *pulumi.Context, name string, args *RouteArgs, opts ...pulumi.ResourceOption) (*Route, error)
func GetRoute(ctx *pulumi.Context, name string, id pulumi.IDInput, state *RouteState, opts ...pulumi.ResourceOption) (*Route, error)
func NewRouteTableAssociation(ctx *pulumi.Context, name string, args *RouteTableAssociationArgs, opts ...pulumi.ResourceOption) (*RouteTableAssociation, error)
func GetRouteTableAssociation(ctx *pulumi.Context, name string, id pulumi.IDInput, state *RouteTableAssociationState, opts ...pulumi.ResourceOption) (*RouteTableAssociation, error)
func NewMainRouteTableAssociation(ctx *pulumi.Context, name string, args *MainRouteTableAssociationArgs, opts ...pulumi.ResourceOption) (*MainRouteTableAssociation, error)
func GetMainRouteTableAssociation(ctx *pulumi.Context, name string, id pulumi.IDInput, state *MainRouteTableAssociationState, opts ...pulumi.ResourceOption) (*MainRouteTableAssociation, error)
func NewInternetGateway(ctx *pulumi.Context, name string, args *InternetGatewayArgs, opts ...pulumi.ResourceOption) (*InternetGateway, error)
func GetInternetGateway(ctx *pulumi.Context, name string, id pulumi.IDInput, state *InternetGatewayState, opts ...pulumi.ResourceOption) (*InternetGateway, error)
func NewInternetGatewayAttachment(ctx *pulumi.Context, name string, args *InternetGatewayAttachmentArgs, opts ...pulumi.ResourceOption) (*InternetGatewayAttachment, error)
func GetInternetGatewayAttachment(ctx *pulumi.Context, name string, id pulumi.IDInput, state *InternetGatewayAttachmentState, opts ...pulumi.ResourceOption) (*InternetGatewayAttachment, error)
func NewNatGateway(ctx *pulumi.Context, name string, args *NatGatewayArgs, opts ...pulumi.ResourceOption) (*NatGateway, error)
func GetNatGateway(ctx *pulumi.Context, name string, id pulumi.IDInput, state *NatGatewayState, opts ...pulumi.ResourceOption) (*NatGateway, error)
func NewNatGatewayEipAssociation(ctx *pulumi.Context, name string, args *NatGatewayEipAssociationArgs, opts ...pulumi.ResourceOption) (*NatGatewayEipAssociation, error)
func GetNatGatewayEipAssociation(ctx *pulumi.Context, name string, id pulumi.IDInput, state *NatGatewayEipAssociationState, opts ...pulumi.ResourceOption) (*NatGatewayEipAssociation, error)
func NewEgressOnlyInternetGateway(ctx *pulumi.Context, name string, args *EgressOnlyInternetGatewayArgs, opts ...pulumi.ResourceOption) (*EgressOnlyInternetGateway, error)
func GetEgressOnlyInternetGateway(ctx *pulumi.Context, name string, id pulumi.IDInput, state *EgressOnlyInternetGatewayState, opts ...pulumi.ResourceOption) (*EgressOnlyInternetGateway, error)
func NewNetworkInterface(ctx *pulumi.Context, name string, args *NetworkInterfaceArgs, opts ...pulumi.ResourceOption) (*NetworkInterface, error)
func GetNetworkInterface(ctx *pulumi.Context, name string, id pulumi.IDInput, state *NetworkInterfaceState, opts ...pulumi.ResourceOption) (*NetworkInterface, error)
func NewNetworkInterfaceAttachment(ctx *pulumi.Context, name string, args *NetworkInterfaceAttachmentArgs, opts ...pulumi.ResourceOption) (*NetworkInterfaceAttachment, error)
func GetNetworkInterfaceAttachment(ctx *pulumi.Context, name string, id pulumi.IDInput, state *NetworkInterfaceAttachmentState, opts ...pulumi.ResourceOption) (*NetworkInterfaceAttachment, error)
func NewNetworkInterfaceSecurityGroupAttachment(ctx *pulumi.Context, name string, args *NetworkInterfaceSecurityGroupAttachmentArgs, opts ...pulumi.ResourceOption) (*NetworkInterfaceSecurityGroupAttachment, error)
func GetNetworkInterfaceSecurityGroupAttachment(ctx *pulumi.Context, name string, id pulumi.IDInput, state *NetworkInterfaceSecurityGroupAttachmentState, opts ...pulumi.ResourceOption) (*NetworkInterfaceSecurityGroupAttachment, error)
func NewNetworkInterfacePermission(ctx *pulumi.Context, name string, args *NetworkInterfacePermissionArgs, opts ...pulumi.ResourceOption) (*NetworkInterfacePermission, error)
func GetNetworkInterfacePermission(ctx *pulumi.Context, name string, id pulumi.IDInput, state *NetworkInterfacePermissionState, opts ...pulumi.ResourceOption) (*NetworkInterfacePermission, error)
// Security Groups
func NewSecurityGroup(ctx *pulumi.Context, name string, args *SecurityGroupArgs, opts ...pulumi.ResourceOption) (*SecurityGroup, error)
func GetSecurityGroup(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SecurityGroupState, opts ...pulumi.ResourceOption) (*SecurityGroup, error)
func NewSecurityGroupRule(ctx *pulumi.Context, name string, args *SecurityGroupRuleArgs, opts ...pulumi.ResourceOption) (*SecurityGroupRule, error)
func GetSecurityGroupRule(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SecurityGroupRuleState, opts ...pulumi.ResourceOption) (*SecurityGroupRule, error)
func NewSecurityGroupAssociation(ctx *pulumi.Context, name string, args *SecurityGroupAssociationArgs, opts ...pulumi.ResourceOption) (*SecurityGroupAssociation, error)
func GetSecurityGroupAssociation(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SecurityGroupAssociationState, opts ...pulumi.ResourceOption) (*SecurityGroupAssociation, error)
func NewDefaultSecurityGroup(ctx *pulumi.Context, name string, args *DefaultSecurityGroupArgs, opts ...pulumi.ResourceOption) (*DefaultSecurityGroup, error)
func GetDefaultSecurityGroup(ctx *pulumi.Context, name string, id pulumi.IDInput, state *DefaultSecurityGroupState, opts ...pulumi.ResourceOption) (*DefaultSecurityGroup, error)
// Elastic IPs
func NewEip(ctx *pulumi.Context, name string, args *EipArgs, opts ...pulumi.ResourceOption) (*Eip, error)
func GetEip(ctx *pulumi.Context, name string, id pulumi.IDInput, state *EipState, opts ...pulumi.ResourceOption) (*Eip, error)
func NewEipAssociation(ctx *pulumi.Context, name string, args *EipAssociationArgs, opts ...pulumi.ResourceOption) (*EipAssociation, error)
func GetEipAssociation(ctx *pulumi.Context, name string, id pulumi.IDInput, state *EipAssociationState, opts ...pulumi.ResourceOption) (*EipAssociation, error)
func NewEipDomainName(ctx *pulumi.Context, name string, args *EipDomainNameArgs, opts ...pulumi.ResourceOption) (*EipDomainName, error)
func GetEipDomainName(ctx *pulumi.Context, name string, id pulumi.IDInput, state *EipDomainNameState, opts ...pulumi.ResourceOption) (*EipDomainName, error)
// Key Pairs
func NewKeyPair(ctx *pulumi.Context, name string, args *KeyPairArgs, opts ...pulumi.ResourceOption) (*KeyPair, error)
func GetKeyPair(ctx *pulumi.Context, name string, id pulumi.IDInput, state *KeyPairState, opts ...pulumi.ResourceOption) (*KeyPair, error)
// VPC Peering
func NewVpcPeeringConnection(ctx *pulumi.Context, name string, args *VpcPeeringConnectionArgs, opts ...pulumi.ResourceOption) (*VpcPeeringConnection, error)
func GetVpcPeeringConnection(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VpcPeeringConnectionState, opts ...pulumi.ResourceOption) (*VpcPeeringConnection, error)
func NewVpcPeeringConnectionAccepter(ctx *pulumi.Context, name string, args *VpcPeeringConnectionAccepterArgs, opts ...pulumi.ResourceOption) (*VpcPeeringConnectionAccepter, error)
func GetVpcPeeringConnectionAccepter(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VpcPeeringConnectionAccepterState, opts ...pulumi.ResourceOption) (*VpcPeeringConnectionAccepter, error)
func NewPeeringConnectionOptions(ctx *pulumi.Context, name string, args *PeeringConnectionOptionsArgs, opts ...pulumi.ResourceOption) (*PeeringConnectionOptions, error)
func GetPeeringConnectionOptions(ctx *pulumi.Context, name string, id pulumi.IDInput, state *PeeringConnectionOptionsState, opts ...pulumi.ResourceOption) (*PeeringConnectionOptions, error)
// VPC Endpoints
func NewVpcEndpoint(ctx *pulumi.Context, name string, args *VpcEndpointArgs, opts ...pulumi.ResourceOption) (*VpcEndpoint, error)
func GetVpcEndpoint(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VpcEndpointState, opts ...pulumi.ResourceOption) (*VpcEndpoint, error)
func NewVpcEndpointService(ctx *pulumi.Context, name string, args *VpcEndpointServiceArgs, opts ...pulumi.ResourceOption) (*VpcEndpointService, error)
func GetVpcEndpointService(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VpcEndpointServiceState, opts ...pulumi.ResourceOption) (*VpcEndpointService, error)
func NewVpcEndpointPolicy(ctx *pulumi.Context, name string, args *VpcEndpointPolicyArgs, opts ...pulumi.ResourceOption) (*VpcEndpointPolicy, error)
func GetVpcEndpointPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VpcEndpointPolicyState, opts ...pulumi.ResourceOption) (*VpcEndpointPolicy, error)
func NewVpcEndpointRouteTableAssociation(ctx *pulumi.Context, name string, args *VpcEndpointRouteTableAssociationArgs, opts ...pulumi.ResourceOption) (*VpcEndpointRouteTableAssociation, error)
func GetVpcEndpointRouteTableAssociation(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VpcEndpointRouteTableAssociationState, opts ...pulumi.ResourceOption) (*VpcEndpointRouteTableAssociation, error)
func NewVpcEndpointSubnetAssociation(ctx *pulumi.Context, name string, args *VpcEndpointSubnetAssociationArgs, opts ...pulumi.ResourceOption) (*VpcEndpointSubnetAssociation, error)
func GetVpcEndpointSubnetAssociation(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VpcEndpointSubnetAssociationState, opts ...pulumi.ResourceOption) (*VpcEndpointSubnetAssociation, error)
func NewVpcEndpointConnectionAccepter(ctx *pulumi.Context, name string, args *VpcEndpointConnectionAccepterArgs, opts ...pulumi.ResourceOption) (*VpcEndpointConnectionAccepter, error)
func GetVpcEndpointConnectionAccepter(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VpcEndpointConnectionAccepterState, opts ...pulumi.ResourceOption) (*VpcEndpointConnectionAccepter, error)
func NewVpcEndpointConnectionNotification(ctx *pulumi.Context, name string, args *VpcEndpointConnectionNotificationArgs, opts ...pulumi.ResourceOption) (*VpcEndpointConnectionNotification, error)
func GetVpcEndpointConnectionNotification(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VpcEndpointConnectionNotificationState, opts ...pulumi.ResourceOption) (*VpcEndpointConnectionNotification, error)
func NewVpcEndpointServiceAllowedPrinciple(ctx *pulumi.Context, name string, args *VpcEndpointServiceAllowedPrincipleArgs, opts ...pulumi.ResourceOption) (*VpcEndpointServiceAllowedPrinciple, error)
func GetVpcEndpointServiceAllowedPrinciple(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VpcEndpointServiceAllowedPrincipleState, opts ...pulumi.ResourceOption) (*VpcEndpointServiceAllowedPrinciple, error)
// Network ACLs
func NewNetworkAcl(ctx *pulumi.Context, name string, args *NetworkAclArgs, opts ...pulumi.ResourceOption) (*NetworkAcl, error)
func GetNetworkAcl(ctx *pulumi.Context, name string, id pulumi.IDInput, state *NetworkAclState, opts ...pulumi.ResourceOption) (*NetworkAcl, error)
func NewNetworkAclRule(ctx *pulumi.Context, name string, args *NetworkAclRuleArgs, opts ...pulumi.ResourceOption) (*NetworkAclRule, error)
func GetNetworkAclRule(ctx *pulumi.Context, name string, id pulumi.IDInput, state *NetworkAclRuleState, opts ...pulumi.ResourceOption) (*NetworkAclRule, error)
func NewNetworkAclAssociation(ctx *pulumi.Context, name string, args *NetworkAclAssociationArgs, opts ...pulumi.ResourceOption) (*NetworkAclAssociation, error)
func GetNetworkAclAssociation(ctx *pulumi.Context, name string, id pulumi.IDInput, state *NetworkAclAssociationState, opts ...pulumi.ResourceOption) (*NetworkAclAssociation, error)
func NewDefaultNetworkAcl(ctx *pulumi.Context, name string, args *DefaultNetworkAclArgs, opts ...pulumi.ResourceOption) (*DefaultNetworkAcl, error)
func GetDefaultNetworkAcl(ctx *pulumi.Context, name string, id pulumi.IDInput, state *DefaultNetworkAclState, opts ...pulumi.ResourceOption) (*DefaultNetworkAcl, error)
// VPN
func NewVpnGateway(ctx *pulumi.Context, name string, args *VpnGatewayArgs, opts ...pulumi.ResourceOption) (*VpnGateway, error)
func GetVpnGateway(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VpnGatewayState, opts ...pulumi.ResourceOption) (*VpnGateway, error)
func NewVpnGatewayAttachment(ctx *pulumi.Context, name string, args *VpnGatewayAttachmentArgs, opts ...pulumi.ResourceOption) (*VpnGatewayAttachment, error)
func GetVpnGatewayAttachment(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VpnGatewayAttachmentState, opts ...pulumi.ResourceOption) (*VpnGatewayAttachment, error)
func NewVpnGatewayRoutePropagation(ctx *pulumi.Context, name string, args *VpnGatewayRoutePropagationArgs, opts ...pulumi.ResourceOption) (*VpnGatewayRoutePropagation, error)
func GetVpnGatewayRoutePropagation(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VpnGatewayRoutePropagationState, opts ...pulumi.ResourceOption) (*VpnGatewayRoutePropagation, error)
func NewVpnConnection(ctx *pulumi.Context, name string, args *VpnConnectionArgs, opts ...pulumi.ResourceOption) (*VpnConnection, error)
func GetVpnConnection(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VpnConnectionState, opts ...pulumi.ResourceOption) (*VpnConnection, error)
func NewVpnConnectionRoute(ctx *pulumi.Context, name string, args *VpnConnectionRouteArgs, opts ...pulumi.ResourceOption) (*VpnConnectionRoute, error)
func GetVpnConnectionRoute(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VpnConnectionRouteState, opts ...pulumi.ResourceOption) (*VpnConnectionRoute, error)
func NewCustomerGateway(ctx *pulumi.Context, name string, args *CustomerGatewayArgs, opts ...pulumi.ResourceOption) (*CustomerGateway, error)
func GetCustomerGateway(ctx *pulumi.Context, name string, id pulumi.IDInput, state *CustomerGatewayState, opts ...pulumi.ResourceOption) (*CustomerGateway, error)
// Storage / Volumes
func NewVolumeAttachment(ctx *pulumi.Context, name string, args *VolumeAttachmentArgs, opts ...pulumi.ResourceOption) (*VolumeAttachment, error)
func GetVolumeAttachment(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VolumeAttachmentState, opts ...pulumi.ResourceOption) (*VolumeAttachment, error)
func NewSnapshotCreateVolumePermission(ctx *pulumi.Context, name string, args *SnapshotCreateVolumePermissionArgs, opts ...pulumi.ResourceOption) (*SnapshotCreateVolumePermission, error)
func GetSnapshotCreateVolumePermission(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SnapshotCreateVolumePermissionState, opts ...pulumi.ResourceOption) (*SnapshotCreateVolumePermission, error)
// Flow Logs / Network Insights
func NewFlowLog(ctx *pulumi.Context, name string, args *FlowLogArgs, opts ...pulumi.ResourceOption) (*FlowLog, error)
func GetFlowLog(ctx *pulumi.Context, name string, id pulumi.IDInput, state *FlowLogState, opts ...pulumi.ResourceOption) (*FlowLog, error)
func NewNetworkInsightsPath(ctx *pulumi.Context, name string, args *NetworkInsightsPathArgs, opts ...pulumi.ResourceOption) (*NetworkInsightsPath, error)
func GetNetworkInsightsPath(ctx *pulumi.Context, name string, id pulumi.IDInput, state *NetworkInsightsPathState, opts ...pulumi.ResourceOption) (*NetworkInsightsPath, error)
func NewNetworkInsightsAnalysis(ctx *pulumi.Context, name string, args *NetworkInsightsAnalysisArgs, opts ...pulumi.ResourceOption) (*NetworkInsightsAnalysis, error)
func GetNetworkInsightsAnalysis(ctx *pulumi.Context, name string, id pulumi.IDInput, state *NetworkInsightsAnalysisState, opts ...pulumi.ResourceOption) (*NetworkInsightsAnalysis, error)
// IPAM
func NewVpcIpam(ctx *pulumi.Context, name string, args *VpcIpamArgs, opts ...pulumi.ResourceOption) (*VpcIpam, error)
func GetVpcIpam(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VpcIpamState, opts ...pulumi.ResourceOption) (*VpcIpam, error)
func NewVpcIpamPool(ctx *pulumi.Context, name string, args *VpcIpamPoolArgs, opts ...pulumi.ResourceOption) (*VpcIpamPool, error)
func GetVpcIpamPool(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VpcIpamPoolState, opts ...pulumi.ResourceOption) (*VpcIpamPool, error)
func NewVpcIpamPoolCidr(ctx *pulumi.Context, name string, args *VpcIpamPoolCidrArgs, opts ...pulumi.ResourceOption) (*VpcIpamPoolCidr, error)
func GetVpcIpamPoolCidr(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VpcIpamPoolCidrState, opts ...pulumi.ResourceOption) (*VpcIpamPoolCidr, error)
func NewVpcIpamPoolCidrAllocation(ctx *pulumi.Context, name string, args *VpcIpamPoolCidrAllocationArgs, opts ...pulumi.ResourceOption) (*VpcIpamPoolCidrAllocation, error)
func GetVpcIpamPoolCidrAllocation(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VpcIpamPoolCidrAllocationState, opts ...pulumi.ResourceOption) (*VpcIpamPoolCidrAllocation, error)
func NewVpcIpamScope(ctx *pulumi.Context, name string, args *VpcIpamScopeArgs, opts ...pulumi.ResourceOption) (*VpcIpamScope, error)
func GetVpcIpamScope(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VpcIpamScopeState, opts ...pulumi.ResourceOption) (*VpcIpamScope, error)
func NewVpcIpamPreviewNextCidr(ctx *pulumi.Context, name string, args *VpcIpamPreviewNextCidrArgs, opts ...pulumi.ResourceOption) (*VpcIpamPreviewNextCidr, error)
func GetVpcIpamPreviewNextCidr(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VpcIpamPreviewNextCidrState, opts ...pulumi.ResourceOption) (*VpcIpamPreviewNextCidr, error)
func NewVpcIpamResourceDiscovery(ctx *pulumi.Context, name string, args *VpcIpamResourceDiscoveryArgs, opts ...pulumi.ResourceOption) (*VpcIpamResourceDiscovery, error)
func GetVpcIpamResourceDiscovery(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VpcIpamResourceDiscoveryState, opts ...pulumi.ResourceOption) (*VpcIpamResourceDiscovery, error)
func NewVpcIpamResourceDiscoveryAssociation(ctx *pulumi.Context, name string, args *VpcIpamResourceDiscoveryAssociationArgs, opts ...pulumi.ResourceOption) (*VpcIpamResourceDiscoveryAssociation, error)
func GetVpcIpamResourceDiscoveryAssociation(ctx *pulumi.Context, name string, id pulumi.IDInput, state *VpcIpamResourceDiscoveryAssociationState, opts ...pulumi.ResourceOption) (*VpcIpamResourceDiscoveryAssociation, error)Data Sources
func LookupAmi(ctx *pulumi.Context, args *LookupAmiArgs, opts ...pulumi.InvokeOption) (*LookupAmiResult, error)
func LookupAmiOutput(ctx *pulumi.Context, args LookupAmiOutputArgs, opts ...pulumi.InvokeOption) LookupAmiResultOutput
func LookupInstance(ctx *pulumi.Context, args *LookupInstanceArgs, opts ...pulumi.InvokeOption) (*LookupInstanceResult, error)
func LookupInstanceOutput(ctx *pulumi.Context, args LookupInstanceOutputArgs, opts ...pulumi.InvokeOption) LookupInstanceResultOutput
func LookupSubnet(ctx *pulumi.Context, args *LookupSubnetArgs, opts ...pulumi.InvokeOption) (*LookupSubnetResult, error)
func LookupSubnetOutput(ctx *pulumi.Context, args LookupSubnetOutputArgs, opts ...pulumi.InvokeOption) LookupSubnetResultOutput
func LookupVpc(ctx *pulumi.Context, args *LookupVpcArgs, opts ...pulumi.InvokeOption) (*LookupVpcResult, error)
func LookupVpcOutput(ctx *pulumi.Context, args LookupVpcOutputArgs, opts ...pulumi.InvokeOption) LookupVpcResultOutput
func LookupSecurityGroup(ctx *pulumi.Context, args *LookupSecurityGroupArgs, opts ...pulumi.InvokeOption) (*LookupSecurityGroupResult, error)
func LookupSecurityGroupOutput(ctx *pulumi.Context, args LookupSecurityGroupOutputArgs, opts ...pulumi.InvokeOption) LookupSecurityGroupResultOutput
func LookupRouteTable(ctx *pulumi.Context, args *LookupRouteTableArgs, opts ...pulumi.InvokeOption) (*LookupRouteTableResult, error)
func LookupRouteTableOutput(ctx *pulumi.Context, args LookupRouteTableOutputArgs, opts ...pulumi.InvokeOption) LookupRouteTableResultOutput
func LookupInternetGateway(ctx *pulumi.Context, args *LookupInternetGatewayArgs, opts ...pulumi.InvokeOption) (*LookupInternetGatewayResult, error)
func LookupInternetGatewayOutput(ctx *pulumi.Context, args LookupInternetGatewayOutputArgs, opts ...pulumi.InvokeOption) LookupInternetGatewayResultOutput
func LookupNatGateway(ctx *pulumi.Context, args *LookupNatGatewayArgs, opts ...pulumi.InvokeOption) (*LookupNatGatewayResult, error)
func LookupNatGatewayOutput(ctx *pulumi.Context, args LookupNatGatewayOutputArgs, opts ...pulumi.InvokeOption) LookupNatGatewayResultOutput
func LookupKeyPair(ctx *pulumi.Context, args *LookupKeyPairArgs, opts ...pulumi.InvokeOption) (*LookupKeyPairResult, error)
func LookupKeyPairOutput(ctx *pulumi.Context, args LookupKeyPairOutputArgs, opts ...pulumi.InvokeOption) LookupKeyPairResultOutput
func LookupLaunchTemplate(ctx *pulumi.Context, args *LookupLaunchTemplateArgs, opts ...pulumi.InvokeOption) (*LookupLaunchTemplateResult, error)
func LookupLaunchTemplateOutput(ctx *pulumi.Context, args LookupLaunchTemplateOutputArgs, opts ...pulumi.InvokeOption) LookupLaunchTemplateResultOutput
func LookupLaunchConfiguration(ctx *pulumi.Context, args *LookupLaunchConfigurationArgs, opts ...pulumi.InvokeOption) (*LookupLaunchConfigurationResult, error)
func LookupLaunchConfigurationOutput(ctx *pulumi.Context, args LookupLaunchConfigurationOutputArgs, opts ...pulumi.InvokeOption) LookupLaunchConfigurationResultOutput
func LookupVpcEndpoint(ctx *pulumi.Context, args *LookupVpcEndpointArgs, opts ...pulumi.InvokeOption) (*LookupVpcEndpointResult, error)
func LookupVpcEndpointOutput(ctx *pulumi.Context, args LookupVpcEndpointOutputArgs, opts ...pulumi.InvokeOption) LookupVpcEndpointResultOutput
func LookupVpcPeeringConnection(ctx *pulumi.Context, args *LookupVpcPeeringConnectionArgs, opts ...pulumi.InvokeOption) (*LookupVpcPeeringConnectionResult, error)
func LookupVpcPeeringConnectionOutput(ctx *pulumi.Context, args LookupVpcPeeringConnectionOutputArgs, opts ...pulumi.InvokeOption) LookupVpcPeeringConnectionResultOutput
func LookupVpnGateway(ctx *pulumi.Context, args *LookupVpnGatewayArgs, opts ...pulumi.InvokeOption) (*LookupVpnGatewayResult, error)
func LookupVpnGatewayOutput(ctx *pulumi.Context, args LookupVpnGatewayOutputArgs, opts ...pulumi.InvokeOption) LookupVpnGatewayResultOutput
func LookupVpnConnection(ctx *pulumi.Context, args *LookupVpnConnectionArgs, opts ...pulumi.InvokeOption) (*LookupVpnConnectionResult, error)
func LookupVpnConnectionOutput(ctx *pulumi.Context, args LookupVpnConnectionOutputArgs, opts ...pulumi.InvokeOption) LookupVpnConnectionResultOutput
func LookupCustomerGateway(ctx *pulumi.Context, args *LookupCustomerGatewayArgs, opts ...pulumi.InvokeOption) (*LookupCustomerGatewayResult, error)
func LookupCustomerGatewayOutput(ctx *pulumi.Context, args LookupCustomerGatewayOutputArgs, opts ...pulumi.InvokeOption) LookupCustomerGatewayResultOutput
func LookupManagedPrefixList(ctx *pulumi.Context, args *LookupManagedPrefixListArgs, opts ...pulumi.InvokeOption) (*LookupManagedPrefixListResult, error)
func LookupManagedPrefixListOutput(ctx *pulumi.Context, args LookupManagedPrefixListOutputArgs, opts ...pulumi.InvokeOption) LookupManagedPrefixListResultOutput
func LookupNetworkInterface(ctx *pulumi.Context, args *LookupNetworkInterfaceArgs, opts ...pulumi.InvokeOption) (*LookupNetworkInterfaceResult, error)
func LookupNetworkInterfaceOutput(ctx *pulumi.Context, args LookupNetworkInterfaceOutputArgs, opts ...pulumi.InvokeOption) LookupNetworkInterfaceResultOutput
func LookupRoute(ctx *pulumi.Context, args *LookupRouteArgs, opts ...pulumi.InvokeOption) (*LookupRouteResult, error)
func LookupRouteOutput(ctx *pulumi.Context, args LookupRouteOutputArgs, opts ...pulumi.InvokeOption) LookupRouteResultOutput
func LookupDedicatedHost(ctx *pulumi.Context, args *LookupDedicatedHostArgs, opts ...pulumi.InvokeOption) (*LookupDedicatedHostResult, error)
func LookupDedicatedHostOutput(ctx *pulumi.Context, args LookupDedicatedHostOutputArgs, opts ...pulumi.InvokeOption) LookupDedicatedHostResultOutput
// Multi-result data sources
func GetAmiIds(ctx *pulumi.Context, args *GetAmiIdsArgs, opts ...pulumi.InvokeOption) (*GetAmiIdsResult, error)
func GetAmiIdsOutput(ctx *pulumi.Context, args GetAmiIdsOutputArgs, opts ...pulumi.InvokeOption) GetAmiIdsResultOutput
func GetInstances(ctx *pulumi.Context, args *GetInstancesArgs, opts ...pulumi.InvokeOption) (*GetInstancesResult, error)
func GetInstancesOutput(ctx *pulumi.Context, args GetInstancesOutputArgs, opts ...pulumi.InvokeOption) GetInstancesResultOutput
func GetSubnets(ctx *pulumi.Context, args *GetSubnetsArgs, opts ...pulumi.InvokeOption) (*GetSubnetsResult, error)
func GetSubnetsOutput(ctx *pulumi.Context, args GetSubnetsOutputArgs, opts ...pulumi.InvokeOption) GetSubnetsResultOutput
func GetSecurityGroups(ctx *pulumi.Context, args *GetSecurityGroupsArgs, opts ...pulumi.InvokeOption) (*GetSecurityGroupsResult, error)
func GetSecurityGroupsOutput(ctx *pulumi.Context, args GetSecurityGroupsOutputArgs, opts ...pulumi.InvokeOption) GetSecurityGroupsResultOutput
func GetRouteTables(ctx *pulumi.Context, args *GetRouteTablesArgs, opts ...pulumi.InvokeOption) (*GetRouteTablesResult, error)
func GetRouteTablesOutput(ctx *pulumi.Context, args GetRouteTablesOutputArgs, opts ...pulumi.InvokeOption) GetRouteTablesResultOutput
func GetVpcs(ctx *pulumi.Context, args *GetVpcsArgs, opts ...pulumi.InvokeOption) (*GetVpcsResult, error)
func GetVpcsOutput(ctx *pulumi.Context, args GetVpcsOutputArgs, opts ...pulumi.InvokeOption) GetVpcsResultOutput
func GetEips(ctx *pulumi.Context, args *GetEipsArgs, opts ...pulumi.InvokeOption) (*GetEipsResult, error)
func GetEipsOutput(ctx *pulumi.Context, args GetEipsOutputArgs, opts ...pulumi.InvokeOption) GetEipsResultOutput
func GetElasticIp(ctx *pulumi.Context, args *GetElasticIpArgs, opts ...pulumi.InvokeOption) (*GetElasticIpResult, error)
func GetElasticIpOutput(ctx *pulumi.Context, args GetElasticIpOutputArgs, opts ...pulumi.InvokeOption) GetElasticIpResultOutput
func GetNatGateways(ctx *pulumi.Context, args *GetNatGatewaysArgs, opts ...pulumi.InvokeOption) (*GetNatGatewaysResult, error)
func GetNatGatewaysOutput(ctx *pulumi.Context, args GetNatGatewaysOutputArgs, opts ...pulumi.InvokeOption) GetNatGatewaysResultOutput
func GetNetworkAcls(ctx *pulumi.Context, args *GetNetworkAclsArgs, opts ...pulumi.InvokeOption) (*GetNetworkAclsResult, error)
func GetNetworkAclsOutput(ctx *pulumi.Context, args GetNetworkAclsOutputArgs, opts ...pulumi.InvokeOption) GetNetworkAclsResultOutput
func GetInstanceType(ctx *pulumi.Context, args *GetInstanceTypeArgs, opts ...pulumi.InvokeOption) (*GetInstanceTypeResult, error)
func GetInstanceTypeOutput(ctx *pulumi.Context, args GetInstanceTypeOutputArgs, opts ...pulumi.InvokeOption) GetInstanceTypeResultOutput
func GetInstanceTypes(ctx *pulumi.Context, args *GetInstanceTypesArgs, opts ...pulumi.InvokeOption) (*GetInstanceTypesResult, error)
func GetInstanceTypesOutput(ctx *pulumi.Context, args GetInstanceTypesOutputArgs, opts ...pulumi.InvokeOption) GetInstanceTypesResultOutput
func GetInstanceTypeOfferings(ctx *pulumi.Context, args *GetInstanceTypeOfferingsArgs, opts ...pulumi.InvokeOption) (*GetInstanceTypeOfferingsResult, error)
func GetInstanceTypeOfferingsOutput(ctx *pulumi.Context, args GetInstanceTypeOfferingsOutputArgs, opts ...pulumi.InvokeOption) GetInstanceTypeOfferingsResultOutput
func GetSpotPrice(ctx *pulumi.Context, args *GetSpotPriceArgs, opts ...pulumi.InvokeOption) (*GetSpotPriceResult, error)
func GetSpotPriceOutput(ctx *pulumi.Context, args GetSpotPriceOutputArgs, opts ...pulumi.InvokeOption) GetSpotPriceResultOutput
func GetPrefixList(ctx *pulumi.Context, args *GetPrefixListArgs, opts ...pulumi.InvokeOption) (*GetPrefixListResult, error)
func GetPrefixListOutput(ctx *pulumi.Context, args GetPrefixListOutputArgs, opts ...pulumi.InvokeOption) GetPrefixListResultOutput
func GetVpcPeeringConnections(ctx *pulumi.Context, args *GetVpcPeeringConnectionsArgs, opts ...pulumi.InvokeOption) (*GetVpcPeeringConnectionsResult, error)
func GetVpcPeeringConnectionsOutput(ctx *pulumi.Context, args GetVpcPeeringConnectionsOutputArgs, opts ...pulumi.InvokeOption) GetVpcPeeringConnectionsResultOutput
func GetVpcIpamPools(ctx *pulumi.Context, args *GetVpcIpamPoolsArgs, opts ...pulumi.InvokeOption) (*GetVpcIpamPoolsResult, error)
func GetVpcIpamPoolsOutput(ctx *pulumi.Context, args GetVpcIpamPoolsOutputArgs, opts ...pulumi.InvokeOption) GetVpcIpamPoolsResultOutput
func GetVpcIpams(ctx *pulumi.Context, args *GetVpcIpamsArgs, opts ...pulumi.InvokeOption) (*GetVpcIpamsResult, error)
func GetVpcIpamsOutput(ctx *pulumi.Context, args GetVpcIpamsOutputArgs, opts ...pulumi.InvokeOption) GetVpcIpamsResultOutputInstances
Instance
type Instance struct {
pulumi.CustomResourceState
Ami pulumi.StringOutput `pulumi:"ami"`
Arn pulumi.StringOutput `pulumi:"arn"`
AssociatePublicIpAddress pulumi.BoolOutput `pulumi:"associatePublicIpAddress"`
AvailabilityZone pulumi.StringOutput `pulumi:"availabilityZone"`
CapacityReservationSpecification InstanceCapacityReservationSpecificationOutput `pulumi:"capacityReservationSpecification"`
CpuOptions InstanceCpuOptionsOutput `pulumi:"cpuOptions"`
CreditSpecification InstanceCreditSpecificationPtrOutput `pulumi:"creditSpecification"`
DisableApiStop pulumi.BoolOutput `pulumi:"disableApiStop"`
DisableApiTermination pulumi.BoolOutput `pulumi:"disableApiTermination"`
EbsBlockDevices InstanceEbsBlockDeviceArrayOutput `pulumi:"ebsBlockDevices"`
EbsOptimized pulumi.BoolOutput `pulumi:"ebsOptimized"`
EnablePrimaryIpv6 pulumi.BoolOutput `pulumi:"enablePrimaryIpv6"`
EnclaveOptions InstanceEnclaveOptionsOutput `pulumi:"enclaveOptions"`
EphemeralBlockDevices InstanceEphemeralBlockDeviceArrayOutput `pulumi:"ephemeralBlockDevices"`
ForceDestroy pulumi.BoolPtrOutput `pulumi:"forceDestroy"`
GetPasswordData pulumi.BoolPtrOutput `pulumi:"getPasswordData"`
Hibernation pulumi.BoolPtrOutput `pulumi:"hibernation"`
HostId pulumi.StringOutput `pulumi:"hostId"`
HostResourceGroupArn pulumi.StringOutput `pulumi:"hostResourceGroupArn"`
IamInstanceProfile pulumi.StringOutput `pulumi:"iamInstanceProfile"`
InstanceInitiatedShutdownBehavior pulumi.StringOutput `pulumi:"instanceInitiatedShutdownBehavior"`
InstanceLifecycle pulumi.StringOutput `pulumi:"instanceLifecycle"`
InstanceMarketOptions InstanceInstanceMarketOptionsOutput `pulumi:"instanceMarketOptions"`
InstanceState pulumi.StringOutput `pulumi:"instanceState"`
InstanceType pulumi.StringOutput `pulumi:"instanceType"`
Ipv6AddressCount pulumi.IntOutput `pulumi:"ipv6AddressCount"`
Ipv6Addresses pulumi.StringArrayOutput `pulumi:"ipv6Addresses"`
KeyName pulumi.StringOutput `pulumi:"keyName"`
LaunchTemplate InstanceLaunchTemplatePtrOutput `pulumi:"launchTemplate"`
MaintenanceOptions InstanceMaintenanceOptionsOutput `pulumi:"maintenanceOptions"`
MetadataOptions InstanceMetadataOptionsOutput `pulumi:"metadataOptions"`
Monitoring pulumi.BoolOutput `pulumi:"monitoring"`
OutpostArn pulumi.StringOutput `pulumi:"outpostArn"`
PasswordData pulumi.StringOutput `pulumi:"passwordData"`
PlacementGroup pulumi.StringOutput `pulumi:"placementGroup"`
PlacementGroupId pulumi.StringOutput `pulumi:"placementGroupId"`
PlacementPartitionNumber pulumi.IntOutput `pulumi:"placementPartitionNumber"`
PrimaryNetworkInterfaceId pulumi.StringOutput `pulumi:"primaryNetworkInterfaceId"`
PrivateDns pulumi.StringOutput `pulumi:"privateDns"`
PrivateDnsNameOptions InstancePrivateDnsNameOptionsOutput `pulumi:"privateDnsNameOptions"`
PrivateIp pulumi.StringOutput `pulumi:"privateIp"`
PublicDns pulumi.StringOutput `pulumi:"publicDns"`
PublicIp pulumi.StringOutput `pulumi:"publicIp"`
Region pulumi.StringOutput `pulumi:"region"`
RootBlockDevice InstanceRootBlockDeviceOutput `pulumi:"rootBlockDevice"`
SecondaryPrivateIps pulumi.StringArrayOutput `pulumi:"secondaryPrivateIps"`
SourceDestCheck pulumi.BoolOutput `pulumi:"sourceDestCheck"`
SubnetId pulumi.StringOutput `pulumi:"subnetId"`
Tags pulumi.StringMapOutput `pulumi:"tags"`
TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
Tenancy pulumi.StringOutput `pulumi:"tenancy"`
UserData pulumi.StringOutput `pulumi:"userData"`
UserDataBase64 pulumi.StringOutput `pulumi:"userDataBase64"`
VpcSecurityGroupIds pulumi.StringArrayOutput `pulumi:"vpcSecurityGroupIds"`
}InstanceArgs
type InstanceArgs struct {
// AMI to use for the instance. Required unless launchTemplate specifies an AMI.
Ami pulumi.StringPtrInput
// Associate a public IP address with the instance in a VPC.
AssociatePublicIpAddress pulumi.BoolPtrInput
// AZ to launch the instance in.
AvailabilityZone pulumi.StringPtrInput
CapacityReservationSpecification InstanceCapacityReservationSpecificationPtrInput
CpuOptions InstanceCpuOptionsPtrInput
// Credit specification for T2/T3 instances.
CreditSpecification InstanceCreditSpecificationPtrInput
// Enable EC2 Instance Stop Protection.
DisableApiStop pulumi.BoolPtrInput
// Enable EC2 Instance Termination Protection.
DisableApiTermination pulumi.BoolPtrInput
// Additional EBS block devices.
EbsBlockDevices InstanceEbsBlockDeviceArrayInput
// Launch EBS-optimized instance.
EbsOptimized pulumi.BoolPtrInput
EnablePrimaryIpv6 pulumi.BoolPtrInput
// Enable Nitro Enclaves.
EnclaveOptions InstanceEnclaveOptionsPtrInput
// Instance store volumes.
EphemeralBlockDevices InstanceEphemeralBlockDeviceArrayInput
// Shutdown behavior is ignored and the instance is destroyed regardless.
ForceDestroy pulumi.BoolPtrInput
// Retrieve the encrypted administrator password (Windows only).
GetPasswordData pulumi.BoolPtrInput
// Enable hibernation for the instance.
Hibernation pulumi.BoolPtrInput
// ID of a dedicated host to launch the instance on.
HostId pulumi.StringPtrInput
// ARN of the host resource group to launch the instance on.
HostResourceGroupArn pulumi.StringPtrInput
// IAM Instance Profile name or ARN to attach.
IamInstanceProfile pulumi.Input
// Shutdown behavior. Valid: "stop" (default), "terminate".
InstanceInitiatedShutdownBehavior pulumi.StringPtrInput
// Market options for spot/capacity block instances.
InstanceMarketOptions InstanceInstanceMarketOptionsPtrInput
// Instance type (e.g., "t3.micro", "m5.large"). Required unless launchTemplate specifies one.
InstanceType pulumi.StringPtrInput
// Number of IPv6 addresses to assign.
Ipv6AddressCount pulumi.IntPtrInput
// Specific IPv6 addresses to assign.
Ipv6Addresses pulumi.StringArrayInput
// Key pair name for SSH access.
KeyName pulumi.StringPtrInput
// Launch template to use.
LaunchTemplate InstanceLaunchTemplatePtrInput
MaintenanceOptions InstanceMaintenanceOptionsPtrInput
// IMDSv2 configuration.
MetadataOptions InstanceMetadataOptionsPtrInput
// Enable detailed monitoring (1-minute intervals).
Monitoring pulumi.BoolPtrInput
PlacementGroup pulumi.StringPtrInput
PlacementGroupId pulumi.StringPtrInput
PlacementPartitionNumber pulumi.IntPtrInput
PrimaryNetworkInterface InstancePrimaryNetworkInterfacePtrInput
PrivateDnsNameOptions InstancePrivateDnsNameOptionsPtrInput
// Private IP address.
PrivateIp pulumi.StringPtrInput
Region pulumi.StringPtrInput
// Root block device configuration.
RootBlockDevice InstanceRootBlockDevicePtrInput
// Additional private IP addresses.
SecondaryPrivateIps pulumi.StringArrayInput
// Deprecated: use VpcSecurityGroupIds for VPC instances.
SecurityGroups pulumi.StringArrayInput
// Enable source/destination checking.
SourceDestCheck pulumi.BoolPtrInput
// VPC subnet ID to launch in.
SubnetId pulumi.StringPtrInput
Tags pulumi.StringMapInput
// Tenancy of the instance. Valid: "default", "dedicated", "host".
Tenancy pulumi.StringPtrInput
// User data script (plain text).
UserData pulumi.StringPtrInput
// User data script (base64 encoded).
UserDataBase64 pulumi.StringPtrInput
// Replace instance when UserData changes.
UserDataReplaceOnChange pulumi.BoolPtrInput
// Tags to apply to EBS volumes.
VolumeTags pulumi.StringMapInput
// VPC security group IDs.
VpcSecurityGroupIds pulumi.StringArrayInput
}Usage Example
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Lookup latest Amazon Linux 2 AMI
ami, err := ec2.LookupAmi(ctx, &ec2.LookupAmiArgs{
MostRecent: pulumi.BoolRef(true),
Owners: []string{"amazon"},
Filters: []ec2.GetAmiFilter{
{Name: "name", Values: []string{"amzn2-ami-hvm-*-x86_64-gp2"}},
},
}, nil)
if err != nil {
return err
}
server, err := ec2.NewInstance(ctx, "web-server", &ec2.InstanceArgs{
Ami: pulumi.String(ami.Id),
InstanceType: pulumi.String("t3.micro"),
SubnetId: pulumi.String("subnet-0bb1c79de3EXAMPLE"),
VpcSecurityGroupIds: pulumi.StringArray{
pulumi.String("sg-0a1b2c3d4e5f6EXAM"),
},
KeyName: pulumi.String("my-key-pair"),
RootBlockDevice: &ec2.InstanceRootBlockDeviceArgs{
VolumeType: pulumi.String("gp3"),
VolumeSize: pulumi.Int(20),
Encrypted: pulumi.Bool(true),
},
MetadataOptions: &ec2.InstanceMetadataOptionsArgs{
HttpTokens: pulumi.String("required"), // IMDSv2 only
HttpPutResponseHopLimit: pulumi.Int(1),
},
Tags: pulumi.StringMap{
"Name": pulumi.String("web-server"),
"Environment": pulumi.String("production"),
},
})
if err != nil {
return err
}
ctx.Export("instanceId", server.ID())
ctx.Export("publicIp", server.PublicIp)
ctx.Export("privateIp", server.PrivateIp)
return nil
})
}AMIs
LookupAmi
func LookupAmi(ctx *pulumi.Context, args *LookupAmiArgs, opts ...pulumi.InvokeOption) (*LookupAmiResult, error)func LookupAmiOutput(ctx *pulumi.Context, args LookupAmiOutputArgs, opts ...pulumi.InvokeOption) LookupAmiResultOutputtype LookupAmiArgs struct {
// Allow unsafe filter values.
AllowUnsafeFilter *bool `pulumi:"allowUnsafeFilter"`
// Limit to users with explicit launch permission.
ExecutableUsers []string `pulumi:"executableUsers"`
// Filter by AMI attributes.
Filters []GetAmiFilter `pulumi:"filters"`
// Include deprecated AMIs.
IncludeDeprecated *bool `pulumi:"includeDeprecated"`
// If true, return most recent AMI.
MostRecent *bool `pulumi:"mostRecent"`
// Regex filter on AMI name (applied locally).
NameRegex *string `pulumi:"nameRegex"`
// AMI owners. Valid: account ID, "self", "amazon", "aws-marketplace".
Owners []string `pulumi:"owners"`
Region *string `pulumi:"region"`
Tags map[string]string `pulumi:"tags"`
}type GetAmiFilter struct {
Name string `pulumi:"name"`
Values []string `pulumi:"values"`
}Usage Examples
Find latest Ubuntu AMI:
ubuntu, err := ec2.LookupAmi(ctx, &ec2.LookupAmiArgs{
MostRecent: pulumi.BoolRef(true),
Owners: []string{"099720109477"}, // Canonical
Filters: []ec2.GetAmiFilter{
{Name: "name", Values: []string{"ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"}},
{Name: "virtualization-type", Values: []string{"hvm"}},
},
}, nil)
if err != nil {
return err
}Find latest Amazon Linux 2023 ARM AMI:
al2023, err := ec2.LookupAmi(ctx, &ec2.LookupAmiArgs{
MostRecent: pulumi.BoolRef(true),
Owners: []string{"amazon"},
Filters: []ec2.GetAmiFilter{
{Name: "name", Values: []string{"al2023-ami-*-arm64"}},
{Name: "architecture", Values: []string{"arm64"}},
},
}, nil)Networking
Vpc
type Vpc struct {
pulumi.CustomResourceState
Arn pulumi.StringOutput `pulumi:"arn"`
AssignGeneratedIpv6CidrBlock pulumi.BoolPtrOutput `pulumi:"assignGeneratedIpv6CidrBlock"`
CidrBlock pulumi.StringOutput `pulumi:"cidrBlock"`
DefaultNetworkAclId pulumi.StringOutput `pulumi:"defaultNetworkAclId"`
DefaultRouteTableId pulumi.StringOutput `pulumi:"defaultRouteTableId"`
DefaultSecurityGroupId pulumi.StringOutput `pulumi:"defaultSecurityGroupId"`
DhcpOptionsId pulumi.StringOutput `pulumi:"dhcpOptionsId"`
EnableDnsHostnames pulumi.BoolOutput `pulumi:"enableDnsHostnames"`
EnableDnsSupport pulumi.BoolPtrOutput `pulumi:"enableDnsSupport"`
EnableNetworkAddressUsageMetrics pulumi.BoolOutput `pulumi:"enableNetworkAddressUsageMetrics"`
InstanceTenancy pulumi.StringPtrOutput `pulumi:"instanceTenancy"`
Ipv4IpamPoolId pulumi.StringPtrOutput `pulumi:"ipv4IpamPoolId"`
Ipv4NetmaskLength pulumi.IntPtrOutput `pulumi:"ipv4NetmaskLength"`
Ipv6AssociationId pulumi.StringOutput `pulumi:"ipv6AssociationId"`
Ipv6CidrBlock pulumi.StringOutput `pulumi:"ipv6CidrBlock"`
Ipv6CidrBlockNetworkBorderGroup pulumi.StringOutput `pulumi:"ipv6CidrBlockNetworkBorderGroup"`
Ipv6IpamPoolId pulumi.StringPtrOutput `pulumi:"ipv6IpamPoolId"`
Ipv6NetmaskLength pulumi.IntPtrOutput `pulumi:"ipv6NetmaskLength"`
MainRouteTableId pulumi.StringOutput `pulumi:"mainRouteTableId"`
OwnerId pulumi.StringOutput `pulumi:"ownerId"`
Region pulumi.StringOutput `pulumi:"region"`
Tags pulumi.StringMapOutput `pulumi:"tags"`
TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
}VpcArgs
type VpcArgs struct {
// Request an Amazon-provided IPv6 CIDR block with a /56 prefix length. Conflicts with Ipv6IpamPoolId.
AssignGeneratedIpv6CidrBlock pulumi.BoolPtrInput
// IPv4 CIDR block for the VPC. Can be explicit or derived from IPAM using Ipv4NetmaskLength.
// Common sizes: /16 (65,536 IPs), /20 (4,096 IPs), /24 (256 IPs).
CidrBlock pulumi.StringPtrInput
// Enable DNS hostnames in the VPC. Default false. Must be enabled for EKS and many other services.
EnableDnsHostnames pulumi.BoolPtrInput
// Enable DNS support in the VPC. Default true. Required for most AWS services.
EnableDnsSupport pulumi.BoolPtrInput
// Enable CloudWatch network address usage metrics.
EnableNetworkAddressUsageMetrics pulumi.BoolPtrInput
// Tenancy option for instances. Valid: "default", "dedicated". Default: "default".
InstanceTenancy pulumi.StringPtrInput
// IPAM pool ID for IPv4 allocation.
Ipv4IpamPoolId pulumi.StringPtrInput
// Netmask length for IPv4 CIDR from IPAM pool.
Ipv4NetmaskLength pulumi.IntPtrInput
// IPv6 CIDR block to associate.
Ipv6CidrBlock pulumi.StringPtrInput
Ipv6CidrBlockNetworkBorderGroup pulumi.StringPtrInput
// IPAM pool ID for IPv6 allocation.
Ipv6IpamPoolId pulumi.StringPtrInput
// Netmask length for IPv6 CIDR from IPAM pool.
Ipv6NetmaskLength pulumi.IntPtrInput
Region pulumi.StringPtrInput
Tags pulumi.StringMapInput
}Subnet
type Subnet struct {
pulumi.CustomResourceState
Arn pulumi.StringOutput `pulumi:"arn"`
// Auto-assign IPv6 address to instances launched in subnet.
AssignIpv6AddressOnCreation pulumi.BoolPtrOutput `pulumi:"assignIpv6AddressOnCreation"`
AvailabilityZone pulumi.StringOutput `pulumi:"availabilityZone"`
AvailabilityZoneId pulumi.StringOutput `pulumi:"availabilityZoneId"`
CidrBlock pulumi.StringPtrOutput `pulumi:"cidrBlock"`
CustomerOwnedIpv4Pool pulumi.StringPtrOutput `pulumi:"customerOwnedIpv4Pool"`
EnableDns64 pulumi.BoolPtrOutput `pulumi:"enableDns64"`
EnableLniAtDeviceIndex pulumi.IntPtrOutput `pulumi:"enableLniAtDeviceIndex"`
EnableResourceNameDnsARecordOnLaunch pulumi.BoolPtrOutput `pulumi:"enableResourceNameDnsARecordOnLaunch"`
EnableResourceNameDnsAaaaRecordOnLaunch pulumi.BoolPtrOutput `pulumi:"enableResourceNameDnsAaaaRecordOnLaunch"`
Ipv6CidrBlock pulumi.StringPtrOutput `pulumi:"ipv6CidrBlock"`
Ipv6CidrBlockAssociationId pulumi.StringOutput `pulumi:"ipv6CidrBlockAssociationId"`
Ipv6Native pulumi.BoolPtrOutput `pulumi:"ipv6Native"`
MapCustomerOwnedIpOnLaunch pulumi.BoolPtrOutput `pulumi:"mapCustomerOwnedIpOnLaunch"`
// Auto-assign public IP to instances launched in subnet.
MapPublicIpOnLaunch pulumi.BoolPtrOutput `pulumi:"mapPublicIpOnLaunch"`
OutpostArn pulumi.StringPtrOutput `pulumi:"outpostArn"`
OwnerId pulumi.StringOutput `pulumi:"ownerId"`
PrivateDnsHostnameTypeOnLaunch pulumi.StringOutput `pulumi:"privateDnsHostnameTypeOnLaunch"`
Region pulumi.StringOutput `pulumi:"region"`
Tags pulumi.StringMapOutput `pulumi:"tags"`
TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
VpcId pulumi.StringOutput `pulumi:"vpcId"`
}type SubnetArgs struct {
AssignIpv6AddressOnCreation pulumi.BoolPtrInput
// Required. AZ or Local Zone name.
AvailabilityZone pulumi.StringPtrInput
// AZ ID.
AvailabilityZoneId pulumi.StringPtrInput
// Required (unless using IPAM). IPv4 CIDR block for the subnet.
CidrBlock pulumi.StringPtrInput
CustomerOwnedIpv4Pool pulumi.StringPtrInput
EnableDns64 pulumi.BoolPtrInput
EnableLniAtDeviceIndex pulumi.IntPtrInput
EnableResourceNameDnsARecordOnLaunch pulumi.BoolPtrInput
EnableResourceNameDnsAaaaRecordOnLaunch pulumi.BoolPtrInput
Ipv4IpamPoolId pulumi.StringPtrInput
Ipv4NetmaskLength pulumi.IntPtrInput
// IPv6 CIDR block for the subnet.
Ipv6CidrBlock pulumi.StringPtrInput
Ipv6IpamPoolId pulumi.StringPtrInput
Ipv6Native pulumi.BoolPtrInput
Ipv6NetmaskLength pulumi.IntPtrInput
MapCustomerOwnedIpOnLaunch pulumi.BoolPtrInput
// Auto-assign public IP. Set true for public subnets.
MapPublicIpOnLaunch pulumi.BoolPtrInput
OutpostArn pulumi.StringPtrInput
PrivateDnsHostnameTypeOnLaunch pulumi.StringPtrInput
Region pulumi.StringPtrInput
Tags pulumi.StringMapInput
// Required. VPC ID.
VpcId pulumi.StringInput
}RouteTable
type RouteTable struct {
pulumi.CustomResourceState
Arn pulumi.StringOutput `pulumi:"arn"`
OwnerId pulumi.StringOutput `pulumi:"ownerId"`
// VPN gateway IDs for route propagation.
PropagatingVgws pulumi.StringArrayOutput `pulumi:"propagatingVgws"`
Region pulumi.StringOutput `pulumi:"region"`
// List of route objects. Omitting this is interpreted as ignoring existing routes.
Routes RouteTableRouteArrayOutput `pulumi:"routes"`
Tags pulumi.StringMapOutput `pulumi:"tags"`
TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
VpcId pulumi.StringOutput `pulumi:"vpcId"`
}type RouteTableArgs struct {
PropagatingVgws pulumi.StringArrayInput
Region pulumi.StringPtrInput
// Route specifications. Prefer using ec2.Route resources for better lifecycle management.
Routes RouteTableRouteArrayInput
Tags pulumi.StringMapInput
// Required. VPC ID.
VpcId pulumi.StringInput
}type RouteTableRouteArgs struct {
// Destination CIDR block.
CidrBlock pulumi.StringPtrInput
// IPv6 destination CIDR.
Ipv6CidrBlock pulumi.StringPtrInput
// Destination prefix list ID.
DestinationPrefixListId pulumi.StringPtrInput
// Core network attachment ID.
CoreNetworkArn pulumi.StringPtrInput
// Egress-only gateway ID (IPv6 only).
EgressOnlyGatewayId pulumi.StringPtrInput
// Internet gateway or virtual private gateway ID.
GatewayId pulumi.StringPtrInput
// Local gateway ID.
LocalGatewayId pulumi.StringPtrInput
// NAT gateway ID.
NatGatewayId pulumi.StringPtrInput
// Network interface ID.
NetworkInterfaceId pulumi.StringPtrInput
// Transit gateway ID.
TransitGatewayId pulumi.StringPtrInput
// VPC endpoint ID.
VpcEndpointId pulumi.StringPtrInput
// VPC peering connection ID.
VpcPeeringConnectionId pulumi.StringPtrInput
}InternetGateway
type InternetGateway struct {
pulumi.CustomResourceState
Arn pulumi.StringOutput `pulumi:"arn"`
OwnerId pulumi.StringOutput `pulumi:"ownerId"`
Region pulumi.StringOutput `pulumi:"region"`
Tags pulumi.StringMapOutput `pulumi:"tags"`
TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
// VPC ID to attach to.
VpcId pulumi.StringOutput `pulumi:"vpcId"`
}type InternetGatewayArgs struct {
Region pulumi.StringPtrInput
Tags pulumi.StringMapInput
// Required. VPC ID to attach to.
VpcId pulumi.StringInput
}NatGateway
type NatGateway struct {
pulumi.CustomResourceState
// Allocation ID of the Elastic IP address. Required when ConnectivityType is "public" and AvailabilityMode is "zonal".
AllocationId pulumi.StringPtrOutput `pulumi:"allocationId"`
AssociationId pulumi.StringOutput `pulumi:"associationId"`
// Whether AWS automatically manages AZ coverage (regional NAT gateways only).
AutoProvisionZones pulumi.StringOutput `pulumi:"autoProvisionZones"`
AutoScalingIps pulumi.StringOutput `pulumi:"autoScalingIps"`
// "zonal" (single-AZ) or "regional" (multi-AZ). Default: "zonal".
AvailabilityMode pulumi.StringOutput `pulumi:"availabilityMode"`
AvailabilityZoneAddresses NatGatewayAvailabilityZoneAddressArrayOutput `pulumi:"availabilityZoneAddresses"`
// "private" or "public". When AvailabilityMode is "regional", must be "public". Default: "public".
ConnectivityType pulumi.StringPtrOutput `pulumi:"connectivityType"`
NetworkInterfaceId pulumi.StringOutput `pulumi:"networkInterfaceId"`
PrivateIp pulumi.StringOutput `pulumi:"privateIp"`
PublicIp pulumi.StringOutput `pulumi:"publicIp"`
Region pulumi.StringOutput `pulumi:"region"`
SecondaryAllocationIds pulumi.StringArrayOutput `pulumi:"secondaryAllocationIds"`
SecondaryPrivateIpAddressCount pulumi.IntOutput `pulumi:"secondaryPrivateIpAddressCount"`
SecondaryPrivateIpAddresses pulumi.StringArrayOutput `pulumi:"secondaryPrivateIpAddresses"`
// Subnet ID. Required when AvailabilityMode is "zonal".
SubnetId pulumi.StringPtrOutput `pulumi:"subnetId"`
Tags pulumi.StringMapOutput `pulumi:"tags"`
TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
// VPC ID. Required when AvailabilityMode is "regional".
VpcId pulumi.StringOutput `pulumi:"vpcId"`
}type NatGatewayArgs struct {
// Allocation ID of Elastic IP. Required for public zonal NAT gateways.
AllocationId pulumi.StringPtrInput
AutoProvisionZones pulumi.StringPtrInput
AutoScalingIps pulumi.StringPtrInput
// "zonal" or "regional". Default: "zonal".
AvailabilityMode pulumi.StringPtrInput
AvailabilityZoneAddresses NatGatewayAvailabilityZoneAddressArrayInput
// "private" or "public". Default: "public".
ConnectivityType pulumi.StringPtrInput
// Private IP address for the NAT gateway.
PrivateIp pulumi.StringPtrInput
Region pulumi.StringPtrInput
SecondaryAllocationIds pulumi.StringArrayInput
SecondaryPrivateIpAddressCount pulumi.IntPtrInput
SecondaryPrivateIpAddresses pulumi.StringArrayInput
// Required for zonal NAT gateway. Public subnet recommended for public NAT.
SubnetId pulumi.StringPtrInput
Tags pulumi.StringMapInput
// Required for regional NAT gateway.
VpcId pulumi.StringPtrInput
}Networking Usage Example
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Get availability zones
azs, err := aws.GetAvailabilityZones(ctx, &aws.GetAvailabilityZonesArgs{
State: pulumi.StringRef("available"),
}, nil)
if err != nil {
return err
}
// VPC
vpc, err := ec2.NewVpc(ctx, "main", &ec2.VpcArgs{
CidrBlock: pulumi.String("10.0.0.0/16"),
EnableDnsHostnames: pulumi.Bool(true),
EnableDnsSupport: pulumi.Bool(true),
Tags: pulumi.StringMap{
"Name": pulumi.String("main-vpc"),
},
})
if err != nil {
return err
}
// Internet Gateway
igw, err := ec2.NewInternetGateway(ctx, "igw", &ec2.InternetGatewayArgs{
VpcId: vpc.ID(),
Tags: pulumi.StringMap{"Name": pulumi.String("main-igw")},
})
if err != nil {
return err
}
// Public Subnets (one per AZ)
publicSubnets := make([]*ec2.Subnet, 0)
for i := 0; i < 2 && i < len(azs.Names); i++ {
pubSubnet, err := ec2.NewSubnet(ctx, fmt.Sprintf("public-%d", i), &ec2.SubnetArgs{
VpcId: vpc.ID(),
CidrBlock: pulumi.Sprintf("10.0.%d.0/24", i+1),
AvailabilityZone: pulumi.String(azs.Names[i]),
MapPublicIpOnLaunch: pulumi.Bool(true),
Tags: pulumi.StringMap{
"Name": pulumi.Sprintf("public-subnet-%s", azs.Names[i]),
"Type": pulumi.String("public"),
},
})
if err != nil {
return err
}
publicSubnets = append(publicSubnets, pubSubnet)
}
// Private Subnets (one per AZ)
privateSubnets := make([]*ec2.Subnet, 0)
for i := 0; i < 2 && i < len(azs.Names); i++ {
privSubnet, err := ec2.NewSubnet(ctx, fmt.Sprintf("private-%d", i), &ec2.SubnetArgs{
VpcId: vpc.ID(),
CidrBlock: pulumi.Sprintf("10.0.%d.0/24", i+10),
AvailabilityZone: pulumi.String(azs.Names[i]),
Tags: pulumi.StringMap{
"Name": pulumi.Sprintf("private-subnet-%s", azs.Names[i]),
"Type": pulumi.String("private"),
},
})
if err != nil {
return err
}
privateSubnets = append(privateSubnets, privSubnet)
}
// Elastic IP for NAT Gateway
eip, err := ec2.NewEip(ctx, "nat-eip", &ec2.EipArgs{
Domain: pulumi.String("vpc"),
Tags: pulumi.StringMap{"Name": pulumi.String("nat-gateway-eip")},
}, pulumi.DependsOn([]pulumi.Resource{igw}))
if err != nil {
return err
}
// NAT Gateway in first public subnet
natgw, err := ec2.NewNatGateway(ctx, "nat", &ec2.NatGatewayArgs{
AllocationId: eip.AllocationId,
SubnetId: publicSubnets[0].ID(),
Tags: pulumi.StringMap{"Name": pulumi.String("main-nat")},
}, pulumi.DependsOn([]pulumi.Resource{igw}))
if err != nil {
return err
}
// Public Route Table
pubRt, err := ec2.NewRouteTable(ctx, "public-rt", &ec2.RouteTableArgs{
VpcId: vpc.ID(),
Tags: pulumi.StringMap{"Name": pulumi.String("public-rt")},
})
if err != nil {
return err
}
// Public route to IGW
_, err = ec2.NewRoute(ctx, "public-route", &ec2.RouteArgs{
RouteTableId: pubRt.ID(),
DestinationCidrBlock: pulumi.String("0.0.0.0/0"),
GatewayId: igw.ID(),
})
if err != nil {
return err
}
// Associate public subnets with public route table
for i, subnet := range publicSubnets {
_, err = ec2.NewRouteTableAssociation(ctx, fmt.Sprintf("pub-rta-%d", i), &ec2.RouteTableAssociationArgs{
SubnetId: subnet.ID(),
RouteTableId: pubRt.ID(),
})
if err != nil {
return err
}
}
// Private Route Table
privRt, err := ec2.NewRouteTable(ctx, "private-rt", &ec2.RouteTableArgs{
VpcId: vpc.ID(),
Tags: pulumi.StringMap{"Name": pulumi.String("private-rt")},
})
if err != nil {
return err
}
// Private route to NAT Gateway
_, err = ec2.NewRoute(ctx, "private-route", &ec2.RouteArgs{
RouteTableId: privRt.ID(),
DestinationCidrBlock: pulumi.String("0.0.0.0/0"),
NatGatewayId: natgw.ID(),
})
if err != nil {
return err
}
// Associate private subnets with private route table
for i, subnet := range privateSubnets {
_, err = ec2.NewRouteTableAssociation(ctx, fmt.Sprintf("priv-rta-%d", i), &ec2.RouteTableAssociationArgs{
SubnetId: subnet.ID(),
RouteTableId: privRt.ID(),
})
if err != nil {
return err
}
}
// Export outputs
ctx.Export("vpcId", vpc.ID())
publicSubnetIds := make(pulumi.StringArrayOutput, 0)
for _, subnet := range publicSubnets {
publicSubnetIds = append(publicSubnetIds, subnet.ID().ToStringOutput())
}
privateSubnetIds := make(pulumi.StringArrayOutput, 0)
for _, subnet := range privateSubnets {
privateSubnetIds = append(privateSubnetIds, subnet.ID().ToStringOutput())
}
ctx.Export("publicSubnetIds", pulumi.ToStringArray(publicSubnetIds))
ctx.Export("privateSubnetIds", pulumi.ToStringArray(privateSubnetIds))
return nil
})
}Security Groups
SecurityGroup
type SecurityGroup struct {
pulumi.CustomResourceState
Arn pulumi.StringOutput `pulumi:"arn"`
// Security group description. Defaults to "Managed by Pulumi". Cannot be empty string.
Description pulumi.StringOutput `pulumi:"description"`
// Egress rules (outbound traffic).
Egress SecurityGroupEgressArrayOutput `pulumi:"egress"`
// Ingress rules (inbound traffic).
Ingress SecurityGroupIngressArrayOutput `pulumi:"ingress"`
Name pulumi.StringOutput `pulumi:"name"`
NamePrefix pulumi.StringOutput `pulumi:"namePrefix"`
OwnerId pulumi.StringOutput `pulumi:"ownerId"`
Region pulumi.StringOutput `pulumi:"region"`
// Revoke all rules before deleting SG. Useful for preventing delete errors when rules reference each other.
RevokeRulesOnDelete pulumi.BoolPtrOutput `pulumi:"revokeRulesOnDelete"`
Tags pulumi.StringMapOutput `pulumi:"tags"`
TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
VpcId pulumi.StringOutput `pulumi:"vpcId"`
}type SecurityGroupArgs struct {
Description pulumi.StringPtrInput
// Egress rules. Prefer ec2.SecurityGroupRule for dynamic management.
Egress SecurityGroupEgressArrayInput
// Ingress rules. Prefer ec2.SecurityGroupRule for dynamic management.
Ingress SecurityGroupIngressArrayInput
Name pulumi.StringPtrInput
NamePrefix pulumi.StringPtrInput
Region pulumi.StringPtrInput
RevokeRulesOnDelete pulumi.BoolPtrInput
Tags pulumi.StringMapInput
// Required. VPC ID.
VpcId pulumi.StringInput
}type SecurityGroupIngressArgs struct {
// CIDR blocks for IPv4.
CidrBlocks pulumi.StringArrayInput
// Description for the rule.
Description pulumi.StringPtrInput
// Start port (or ICMP type number).
FromPort pulumi.IntInput
// IPv6 CIDR blocks.
Ipv6CidrBlocks pulumi.StringArrayInput
// Prefix list IDs.
PrefixListIds pulumi.StringArrayInput
// IP protocol. Use "-1" for all protocols.
Protocol pulumi.StringInput
// Source security group IDs.
SecurityGroups pulumi.StringArrayInput
// Whether rule applies to self (this security group).
Self pulumi.BoolPtrInput
// End port (or ICMP code).
ToPort pulumi.IntInput
}type SecurityGroupEgressArgs struct {
CidrBlocks pulumi.StringArrayInput
Description pulumi.StringPtrInput
FromPort pulumi.IntInput
Ipv6CidrBlocks pulumi.StringArrayInput
PrefixListIds pulumi.StringArrayInput
Protocol pulumi.StringInput
SecurityGroups pulumi.StringArrayInput
Self pulumi.BoolPtrInput
ToPort pulumi.IntInput
}Security Group Usage Example
webSg, err := ec2.NewSecurityGroup(ctx, "web-sg", &ec2.SecurityGroupArgs{
Name: pulumi.String("web-sg"),
Description: pulumi.String("Allow HTTP and HTTPS traffic"),
VpcId: vpc.ID(),
Ingress: ec2.SecurityGroupIngressArray{
&ec2.SecurityGroupIngressArgs{
Description: pulumi.String("HTTP from anywhere"),
Protocol: pulumi.String("tcp"),
FromPort: pulumi.Int(80),
ToPort: pulumi.Int(80),
CidrBlocks: pulumi.StringArray{pulumi.String("0.0.0.0/0")},
},
&ec2.SecurityGroupIngressArgs{
Description: pulumi.String("HTTPS from anywhere"),
Protocol: pulumi.String("tcp"),
FromPort: pulumi.Int(443),
ToPort: pulumi.Int(443),
CidrBlocks: pulumi.StringArray{pulumi.String("0.0.0.0/0")},
},
&ec2.SecurityGroupIngressArgs{
Description: pulumi.String("SSH from corporate network"),
Protocol: pulumi.String("tcp"),
FromPort: pulumi.Int(22),
ToPort: pulumi.Int(22),
CidrBlocks: pulumi.StringArray{pulumi.String("10.0.0.0/8")},
},
},
Egress: ec2.SecurityGroupEgressArray{
&ec2.SecurityGroupEgressArgs{
Description: pulumi.String("All outbound traffic"),
Protocol: pulumi.String("-1"),
FromPort: pulumi.Int(0),
ToPort: pulumi.Int(0),
CidrBlocks: pulumi.StringArray{pulumi.String("0.0.0.0/0")},
},
},
Tags: pulumi.StringMap{"Name": pulumi.String("web-sg")},
})
if err != nil {
return err
}SecurityGroupRule (Separate Rule Management)
Prefer SecurityGroupRule for complex scenarios with many rules or when rules need independent lifecycle management:
func NewSecurityGroupRule(ctx *pulumi.Context, name string, args *SecurityGroupRuleArgs, opts ...pulumi.ResourceOption) (*SecurityGroupRule, error)func GetSecurityGroupRule(ctx *pulumi.Context, name string, id pulumi.IDInput, state *SecurityGroupRuleState, opts ...pulumi.ResourceOption) (*SecurityGroupRule, error)type SecurityGroupRuleArgs struct {
CidrBlocks pulumi.StringArrayInput
Description pulumi.StringPtrInput
FromPort pulumi.IntInput
Ipv6CidrBlocks pulumi.StringArrayInput
PrefixListIds pulumi.StringArrayInput
Protocol pulumi.StringInput
// Required. Security group ID.
SecurityGroupId pulumi.StringInput
Self pulumi.BoolPtrInput
// Source security group ID (for ingress from another SG).
SourceSecurityGroupId pulumi.StringPtrInput
ToPort pulumi.IntInput
// Required. "ingress" or "egress".
Type pulumi.StringInput
}Example with separate rules:
webSg, err := ec2.NewSecurityGroup(ctx, "web-sg", &ec2.SecurityGroupArgs{
Name: pulumi.String("web-sg"),
Description: pulumi.String("Web server security group"),
VpcId: vpc.ID(),
// No inline rules
})
if err != nil {
return err
}
// Add rules separately for better lifecycle management
_, err = ec2.NewSecurityGroupRule(ctx, "http-ingress", &ec2.SecurityGroupRuleArgs{
Type: pulumi.String("ingress"),
SecurityGroupId: webSg.ID(),
Protocol: pulumi.String("tcp"),
FromPort: pulumi.Int(80),
ToPort: pulumi.Int(80),
CidrBlocks: pulumi.StringArray{pulumi.String("0.0.0.0/0")},
Description: pulumi.String("HTTP from anywhere"),
})
if err != nil {
return err
}
_, err = ec2.NewSecurityGroupRule(ctx, "https-ingress", &ec2.SecurityGroupRuleArgs{
Type: pulumi.String("ingress"),
SecurityGroupId: webSg.ID(),
Protocol: pulumi.String("tcp"),
FromPort: pulumi.Int(443),
ToPort: pulumi.Int(443),
CidrBlocks: pulumi.StringArray{pulumi.String("0.0.0.0/0")},
Description: pulumi.String("HTTPS from anywhere"),
})
if err != nil {
return err
}
_, err = ec2.NewSecurityGroupRule(ctx, "all-egress", &ec2.SecurityGroupRuleArgs{
Type: pulumi.String("egress"),
SecurityGroupId: webSg.ID(),
Protocol: pulumi.String("-1"),
FromPort: pulumi.Int(0),
ToPort: pulumi.Int(0),
CidrBlocks: pulumi.StringArray{pulumi.String("0.0.0.0/0")},
Description: pulumi.String("All outbound"),
})
if err != nil {
return err
}Elastic IPs
Eip
type Eip struct {
pulumi.CustomResourceState
// IP address from an EC2 BYOIP pool.
Address pulumi.StringPtrOutput `pulumi:"address"`
AllocationId pulumi.StringOutput `pulumi:"allocationId"`
Arn pulumi.StringOutput `pulumi:"arn"`
// Private IP to associate with EIP in a VPC.
AssociateWithPrivateIp pulumi.StringPtrOutput `pulumi:"associateWithPrivateIp"`
AssociationId pulumi.StringOutput `pulumi:"associationId"`
CarrierIp pulumi.StringOutput `pulumi:"carrierIp"`
CustomerOwnedIp pulumi.StringOutput `pulumi:"customerOwnedIp"`
CustomerOwnedIpv4Pool pulumi.StringPtrOutput `pulumi:"customerOwnedIpv4Pool"`
// "vpc" or "standard". Set to "vpc" for VPC EIPs.
Domain pulumi.StringOutput `pulumi:"domain"`
// EC2 instance ID to associate EIP with.
Instance pulumi.StringOutput `pulumi:"instance"`
IpamPoolId pulumi.StringOutput `pulumi:"ipamPoolId"`
NetworkBorderGroup pulumi.StringOutput `pulumi:"networkBorderGroup"`
// Network interface ID to associate EIP with.
NetworkInterface pulumi.StringOutput `pulumi:"networkInterface"`
PrivateDns pulumi.StringOutput `pulumi:"privateDns"`
PrivateIp pulumi.StringOutput `pulumi:"privateIp"`
PtrRecord pulumi.StringOutput `pulumi:"ptrRecord"`
PublicDns pulumi.StringOutput `pulumi:"publicDns"`
PublicIp pulumi.StringOutput `pulumi:"publicIp"`
PublicIpv4Pool pulumi.StringOutput `pulumi:"publicIpv4Pool"`
Region pulumi.StringOutput `pulumi:"region"`
Tags pulumi.StringMapOutput `pulumi:"tags"`
TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
}type EipArgs struct {
Address pulumi.StringPtrInput
AssociateWithPrivateIp pulumi.StringPtrInput
CustomerOwnedIpv4Pool pulumi.StringPtrInput
// "vpc" for VPC EIP, "standard" for EC2-Classic (deprecated).
Domain pulumi.StringPtrInput
// Instance ID to associate immediately.
Instance pulumi.StringPtrInput
IpamPoolId pulumi.StringPtrInput
NetworkBorderGroup pulumi.StringPtrInput
NetworkInterface pulumi.StringPtrInput
PublicIpv4Pool pulumi.StringPtrInput
Region pulumi.StringPtrInput
Tags pulumi.StringMapInput
}Important: EIP may require an Internet Gateway to exist prior to association. Use pulumi.DependsOn to set an explicit dependency on the IGW.
eip, err := ec2.NewEip(ctx, "nat-eip", &ec2.EipArgs{
Domain: pulumi.String("vpc"),
}, pulumi.DependsOn([]pulumi.Resource{igw}))Key Pairs and SSH
KeyPair
type KeyPair struct {
pulumi.CustomResourceState
Arn pulumi.StringOutput `pulumi:"arn"`
// MD5 public key fingerprint as specified in RFC 4716.
Fingerprint pulumi.StringOutput `pulumi:"fingerprint"`
KeyName pulumi.StringOutput `pulumi:"keyName"`
KeyNamePrefix pulumi.StringOutput `pulumi:"keyNamePrefix"`
KeyPairId pulumi.StringOutput `pulumi:"keyPairId"`
// "rsa" or "ed25519".
KeyType pulumi.StringOutput `pulumi:"keyType"`
// Public key material (OpenSSH format).
PublicKey pulumi.StringOutput `pulumi:"publicKey"`
Region pulumi.StringOutput `pulumi:"region"`
Tags pulumi.StringMapOutput `pulumi:"tags"`
TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
}type KeyPairArgs struct {
KeyName pulumi.StringPtrInput
KeyNamePrefix pulumi.StringPtrInput
// "rsa" or "ed25519". Defaults to "rsa".
KeyType pulumi.StringPtrInput
// Required. Public key material in OpenSSH format.
PublicKey pulumi.StringInput
Region pulumi.StringPtrInput
Tags pulumi.StringMapInput
}Usage Example
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"golang.org/x/crypto/ssh"
)
// Generate RSA key pair
privateKey, err := rsa.GenerateKey(rand.Reader, 4096)
if err != nil {
return err
}
// Export public key in OpenSSH format
publicKeySSH, err := ssh.NewPublicKey(&privateKey.PublicKey)
if err != nil {
return err
}
publicKeyString := string(ssh.MarshalAuthorizedKey(publicKeySSH))
// Create key pair in AWS
keyPair, err := ec2.NewKeyPair(ctx, "deployer", &ec2.KeyPairArgs{
KeyName: pulumi.String("deployer-key"),
PublicKey: pulumi.String(publicKeyString),
Tags: pulumi.StringMap{
"Purpose": pulumi.String("SSH access"),
},
})
if err != nil {
return err
}
// Store private key in Secrets Manager (recommended)
secret, err := secretsmanager.NewSecret(ctx, "ssh-private-key", &secretsmanager.SecretArgs{
Name: pulumi.String("ssh/deployer-private-key"),
})
if err != nil {
return err
}
privateKeyPEM := pem.EncodeToMemory(&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(privateKey),
})
_, err = secretsmanager.NewSecretVersion(ctx, "ssh-private-key-version", &secretsmanager.SecretVersionArgs{
SecretId: secret.ID(),
SecretString: pulumi.String(string(privateKeyPEM)),
})
if err != nil {
return err
}VPC Endpoints
type VpcEndpoint struct {
pulumi.CustomResourceState
Arn pulumi.StringOutput `pulumi:"arn"`
// CIDR blocks for the endpoint.
CidrBlocks pulumi.StringArrayOutput `pulumi:"cidrBlocks"`
// DNS entries for the endpoint.
DnsEntries VpcEndpointDnsEntryArrayOutput `pulumi:"dnsEntries"`
DnsOptions VpcEndpointDnsOptionsOutput `pulumi:"dnsOptions"`
// Network interface IDs for Interface endpoints.
NetworkInterfaceIds pulumi.StringArrayOutput `pulumi:"networkInterfaceIds"`
OwnerId pulumi.StringOutput `pulumi:"ownerId"`
// IAM policy to attach to the endpoint.
Policy pulumi.StringOutput `pulumi:"policy"`
PrefixListId pulumi.StringOutput `pulumi:"prefixListId"`
// Accept the VPC endpoint (Private Link) without requiring confirmation.
PrivateDnsEnabled pulumi.BoolPtrOutput `pulumi:"privateDnsEnabled"`
RequesterManaged pulumi.BoolOutput `pulumi:"requesterManaged"`
// Route table IDs (for Gateway endpoints).
RouteTableIds pulumi.StringArrayOutput `pulumi:"routeTableIds"`
// Security group IDs (for Interface endpoints).
SecurityGroupIds pulumi.StringArrayOutput `pulumi:"securityGroupIds"`
// Service name (e.g., "com.amazonaws.us-east-1.s3").
ServiceName pulumi.StringOutput `pulumi:"serviceName"`
State pulumi.StringOutput `pulumi:"state"`
// Subnet IDs (for Interface endpoints).
SubnetIds pulumi.StringArrayOutput `pulumi:"subnetIds"`
Tags pulumi.StringMapOutput `pulumi:"tags"`
TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
// "Interface", "Gateway", "GatewayLoadBalancer".
VpcEndpointType pulumi.StringOutput `pulumi:"vpcEndpointType"`
VpcId pulumi.StringOutput `pulumi:"vpcId"`
}type VpcEndpointArgs struct {
AutoAccept pulumi.BoolPtrInput
DnsOptions VpcEndpointDnsOptionsPtrInput
// Endpoint-specific IAM policy.
Policy pulumi.StringPtrInput
// Enable private DNS for Interface endpoints.
PrivateDnsEnabled pulumi.BoolPtrInput
Region pulumi.StringPtrInput
// Route table IDs for Gateway endpoints.
RouteTableIds pulumi.StringArrayInput
// Security groups for Interface endpoints.
SecurityGroupIds pulumi.StringArrayInput
// Required. Service name (e.g., "com.amazonaws.us-east-1.s3").
ServiceName pulumi.StringInput
// Subnet IDs for Interface endpoints.
SubnetIds pulumi.StringArrayInput
Tags pulumi.StringMapInput
// Endpoint type. Valid: "Interface", "Gateway", "GatewayLoadBalancer".
VpcEndpointType pulumi.StringPtrInput
// Required. VPC ID.
VpcId pulumi.StringInput
}VPC Endpoint Examples
S3 Gateway Endpoint:
// Gateway endpoint for S3 (no charge, uses route tables)
s3Endpoint, err := ec2.NewVpcEndpoint(ctx, "s3-endpoint", &ec2.VpcEndpointArgs{
VpcId: vpc.ID(),
ServiceName: pulumi.String("com.amazonaws.us-east-1.s3"),
VpcEndpointType: pulumi.String("Gateway"),
RouteTableIds: pulumi.StringArray{
privateRouteTable.ID(),
},
})
if err != nil {
return err
}DynamoDB Gateway Endpoint:
dynamoEndpoint, err := ec2.NewVpcEndpoint(ctx, "dynamodb-endpoint", &ec2.VpcEndpointArgs{
VpcId: vpc.ID(),
ServiceName: pulumi.String("com.amazonaws.us-east-1.dynamodb"),
VpcEndpointType: pulumi.String("Gateway"),
RouteTableIds: pulumi.StringArray{
privateRouteTable.ID(),
},
})Interface Endpoint for Secrets Manager:
// Interface endpoint for Secrets Manager (charges apply)
secretsEndpoint, err := ec2.NewVpcEndpoint(ctx, "secrets-endpoint", &ec2.VpcEndpointArgs{
VpcId: vpc.ID(),
ServiceName: pulumi.String("com.amazonaws.us-east-1.secretsmanager"),
VpcEndpointType: pulumi.String("Interface"),
PrivateDnsEnabled: pulumi.Bool(true), // Enable private DNS resolution
SubnetIds: pulumi.StringArray{
privateSubnet1.ID(),
privateSubnet2.ID(),
},
SecurityGroupIds: pulumi.StringArray{
endpointSg.ID(),
},
})
if err != nil {
return err
}Complete VPC Example with Best Practices {#complete-vpc-example}
This example creates a production-ready VPC with public and private subnets across multiple AZs, NAT gateway for private subnet internet access, VPC endpoints for cost savings, and proper security groups:
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Configuration
vpcCidr := "10.0.0.0/16"
azCount := 2
// Get available AZs
azs, err := aws.GetAvailabilityZones(ctx, &aws.GetAvailabilityZonesArgs{
State: pulumi.StringRef("available"),
Filters: []aws.GetAvailabilityZonesFilter{
{Name: "opt-in-status", Values: []string{"opt-in-not-required"}},
},
}, nil)
if err != nil {
return err
}
// Create VPC
vpc, err := ec2.NewVpc(ctx, "main-vpc", &ec2.VpcArgs{
CidrBlock: pulumi.String(vpcCidr),
EnableDnsHostnames: pulumi.Bool(true),
EnableDnsSupport: pulumi.Bool(true),
EnableNetworkAddressUsageMetrics: pulumi.Bool(true),
Tags: pulumi.StringMap{
"Name": pulumi.String("main-vpc"),
"Environment": pulumi.String("production"),
},
})
if err != nil {
return err
}
// Internet Gateway
igw, err := ec2.NewInternetGateway(ctx, "main-igw", &ec2.InternetGatewayArgs{
VpcId: vpc.ID(),
Tags: pulumi.StringMap{"Name": pulumi.String("main-igw")},
})
if err != nil {
return err
}
// Public Subnets
publicSubnets := make([]*ec2.Subnet, 0, azCount)
for i := 0; i < azCount; i++ {
subnet, err := ec2.NewSubnet(ctx, fmt.Sprintf("public-subnet-%d", i), &ec2.SubnetArgs{
VpcId: vpc.ID(),
CidrBlock: pulumi.Sprintf("10.0.%d.0/24", i+1),
AvailabilityZone: pulumi.String(azs.Names[i]),
MapPublicIpOnLaunch: pulumi.Bool(true),
Tags: pulumi.StringMap{
"Name": pulumi.Sprintf("public-%s", azs.Names[i]),
"Type": pulumi.String("public"),
},
})
if err != nil {
return err
}
publicSubnets = append(publicSubnets, subnet)
}
// Private Subnets
privateSubnets := make([]*ec2.Subnet, 0, azCount)
for i := 0; i < azCount; i++ {
subnet, err := ec2.NewSubnet(ctx, fmt.Sprintf("private-subnet-%d", i), &ec2.SubnetArgs{
VpcId: vpc.ID(),
CidrBlock: pulumi.Sprintf("10.0.%d.0/24", i+10),
AvailabilityZone: pulumi.String(azs.Names[i]),
Tags: pulumi.StringMap{
"Name": pulumi.Sprintf("private-%s", azs.Names[i]),
"Type": pulumi.String("private"),
},
})
if err != nil {
return err
}
privateSubnets = append(privateSubnets, subnet)
}
// Elastic IP for NAT Gateway
natEip, err := ec2.NewEip(ctx, "nat-eip", &ec2.EipArgs{
Domain: pulumi.String("vpc"),
Tags: pulumi.StringMap{"Name": pulumi.String("nat-gateway-eip")},
}, pulumi.DependsOn([]pulumi.Resource{igw}))
if err != nil {
return err
}
// NAT Gateway
natGw, err := ec2.NewNatGateway(ctx, "main-nat", &ec2.NatGatewayArgs{
AllocationId: natEip.AllocationId,
SubnetId: publicSubnets[0].ID(),
Tags: pulumi.StringMap{"Name": pulumi.String("main-nat")},
}, pulumi.DependsOn([]pulumi.Resource{igw}))
if err != nil {
return err
}
// Public Route Table
publicRt, err := ec2.NewRouteTable(ctx, "public-rt", &ec2.RouteTableArgs{
VpcId: vpc.ID(),
Tags: pulumi.StringMap{"Name": pulumi.String("public-rt")},
})
if err != nil {
return err
}
// Route to IGW
_, err = ec2.NewRoute(ctx, "public-internet-route", &ec2.RouteArgs{
RouteTableId: publicRt.ID(),
DestinationCidrBlock: pulumi.String("0.0.0.0/0"),
GatewayId: igw.ID(),
})
if err != nil {
return err
}
// Associate public subnets
for i, subnet := range publicSubnets {
_, err = ec2.NewRouteTableAssociation(ctx, fmt.Sprintf("public-rta-%d", i), &ec2.RouteTableAssociationArgs{
SubnetId: subnet.ID(),
RouteTableId: publicRt.ID(),
})
if err != nil {
return err
}
}
// Private Route Table
privateRt, err := ec2.NewRouteTable(ctx, "private-rt", &ec2.RouteTableArgs{
VpcId: vpc.ID(),
Tags: pulumi.StringMap{"Name": pulumi.String("private-rt")},
})
if err != nil {
return err
}
// Route to NAT Gateway
_, err = ec2.NewRoute(ctx, "private-nat-route", &ec2.RouteArgs{
RouteTableId: privateRt.ID(),
DestinationCidrBlock: pulumi.String("0.0.0.0/0"),
NatGatewayId: natGw.ID(),
})
if err != nil {
return err
}
// Associate private subnets
for i, subnet := range privateSubnets {
_, err = ec2.NewRouteTableAssociation(ctx, fmt.Sprintf("private-rta-%d", i), &ec2.RouteTableAssociationArgs{
SubnetId: subnet.ID(),
RouteTableId: privateRt.ID(),
})
if err != nil {
return err
}
}
// VPC Endpoint for S3 (saves NAT costs)
s3Endpoint, err := ec2.NewVpcEndpoint(ctx, "s3-endpoint", &ec2.VpcEndpointArgs{
VpcId: vpc.ID(),
ServiceName: pulumi.String("com.amazonaws.us-east-1.s3"),
VpcEndpointType: pulumi.String("Gateway"),
RouteTableIds: pulumi.StringArray{privateRt.ID(), publicRt.ID()},
})
if err != nil {
return err
}
// VPC Endpoint for DynamoDB (saves NAT costs)
dynamoEndpoint, err := ec2.NewVpcEndpoint(ctx, "dynamodb-endpoint", &ec2.VpcEndpointArgs{
VpcId: vpc.ID(),
ServiceName: pulumi.String("com.amazonaws.us-east-1.dynamodb"),
VpcEndpointType: pulumi.String("Gateway"),
RouteTableIds: pulumi.StringArray{privateRt.ID()},
})
if err != nil {
return err
}
// Export VPC info
ctx.Export("vpcId", vpc.ID())
ctx.Export("vpcCidr", vpc.CidrBlock)
ctx.Export("defaultSecurityGroupId", vpc.DefaultSecurityGroupId)
// Export subnet IDs
publicSubnetIds := make([]pulumi.StringOutput, 0, len(publicSubnets))
for _, subnet := range publicSubnets {
publicSubnetIds = append(publicSubnetIds, subnet.ID().ToStringOutput())
}
privateSubnetIds := make([]pulumi.StringOutput, 0, len(privateSubnets))
for _, subnet := range privateSubnets {
privateSubnetIds = append(privateSubnetIds, subnet.ID().ToStringOutput())
}
ctx.Export("publicSubnetIds", pulumi.ToStringArray(publicSubnetIds))
ctx.Export("privateSubnetIds", pulumi.ToStringArray(privateSubnetIds))
_ = s3Endpoint
_ = dynamoEndpoint
return nil
})
}Common EC2 Patterns and Edge Cases
Pattern 1: IMDSv2 Enforcement
Always enforce IMDSv2 for security:
instance, err := ec2.NewInstance(ctx, "secure-instance", &ec2.InstanceArgs{
Ami: pulumi.String(ami.Id),
InstanceType: pulumi.String("t3.micro"),
SubnetId: subnet.ID(),
MetadataOptions: &ec2.InstanceMetadataOptionsArgs{
HttpTokens: pulumi.String("required"), // Enforce IMDSv2
HttpPutResponseHopLimit: pulumi.Int(1), // Prevent IP forwarding
HttpEndpoint: pulumi.String("enabled"),
},
})Pattern 2: Multi-AZ High Availability
Distribute resources across multiple AZs for HA:
azs, err := aws.GetAvailabilityZones(ctx, &aws.GetAvailabilityZonesArgs{
State: pulumi.StringRef("available"),
}, nil)
// Create resources in multiple AZs
for i := 0; i < 3; i++ {
subnet, err := ec2.NewSubnet(ctx, fmt.Sprintf("subnet-%d", i), &ec2.SubnetArgs{
VpcId: vpc.ID(),
AvailabilityZone: pulumi.String(azs.Names[i]),
CidrBlock: pulumi.Sprintf("10.0.%d.0/24", i+1),
})
// Launch instance in each subnet
_, err = ec2.NewInstance(ctx, fmt.Sprintf("instance-%d", i), &ec2.InstanceArgs{
Ami: pulumi.String(ami.Id),
InstanceType: pulumi.String("t3.micro"),
SubnetId: subnet.ID(),
})
}Edge Case 1: Security Group Self-References
Security groups can reference themselves for cluster communication:
clusterSg, err := ec2.NewSecurityGroup(ctx, "cluster-sg", &ec2.SecurityGroupArgs{
Name: pulumi.String("cluster-sg"),
Description: pulumi.String("Cluster internal communication"),
VpcId: vpc.ID(),
})
if err != nil {
return err
}
// Allow all traffic from members of the same security group
_, err = ec2.NewSecurityGroupRule(ctx, "cluster-self-ingress", &ec2.SecurityGroupRuleArgs{
Type: pulumi.String("ingress"),
SecurityGroupId: clusterSg.ID(),
Protocol: pulumi.String("-1"),
FromPort: pulumi.Int(0),
ToPort: pulumi.Int(0),
Self: pulumi.Bool(true), // Reference to self
Description: pulumi.String("Allow all traffic within cluster"),
})Edge Case 2: Changing VPC CIDR After Creation
Cannot change VPC CIDR directly. Must add secondary CIDR blocks:
// Add secondary CIDR to existing VPC
secondaryCidr, err := ec2.NewVpcIpv4CidrBlockAssociation(ctx, "secondary-cidr", &ec2.VpcIpv4CidrBlockAssociationArgs{
VpcId: vpc.ID(),
CidrBlock: pulumi.String("10.1.0.0/16"),
})Edge Case 3: NAT Gateway Dependency Ordering
NAT Gateway requires IGW to exist first (even though not directly connected):
// ✅ CORRECT: Explicit dependency on IGW
eip, err := ec2.NewEip(ctx, "nat-eip", &ec2.EipArgs{
Domain: pulumi.String("vpc"),
}, pulumi.DependsOn([]pulumi.Resource{igw}))
natGw, err := ec2.NewNatGateway(ctx, "nat", &ec2.NatGatewayArgs{
AllocationId: eip.AllocationId,
SubnetId: publicSubnet.ID(),
}, pulumi.DependsOn([]pulumi.Resource{igw}))
// ❌ WRONG: Missing IGW dependency can cause intermittent failures
eip, err := ec2.NewEip(ctx, "nat-eip", &ec2.EipArgs{
Domain: pulumi.String("vpc"),
})Edge Case 4: Default Security Group Management
The default security group is automatically created. To manage it:
defaultSg, err := ec2.NewDefaultSecurityGroup(ctx, "default-sg", &ec2.DefaultSecurityGroupArgs{
VpcId: vpc.ID(),
// Remove all default rules by setting empty arrays
Ingress: ec2.DefaultSecurityGroupIngressArray{},
Egress: ec2.DefaultSecurityGroupEgressArray{},
Tags: pulumi.StringMap{
"Name": pulumi.String("default-sg-locked-down"),
},
})Edge Case 5: VPC Endpoint DNS Resolution
For Interface endpoints, private DNS resolution requires:
enableDnsHostnames= true on VPCenableDnsSupport= true on VPCPrivateDnsEnabled= true on endpoint
// ✅ CORRECT: Enable DNS on VPC
vpc, err := ec2.NewVpc(ctx, "vpc", &ec2.VpcArgs{
CidrBlock: pulumi.String("10.0.0.0/16"),
EnableDnsHostnames: pulumi.Bool(true), // Required
EnableDnsSupport: pulumi.Bool(true), // Required
})
// Then create interface endpoint with private DNS
endpoint, err := ec2.NewVpcEndpoint(ctx, "endpoint", &ec2.VpcEndpointArgs{
VpcId: vpc.ID(),
ServiceName: pulumi.String("com.amazonaws.us-east-1.s3"),
VpcEndpointType: pulumi.String("Interface"),
PrivateDnsEnabled: pulumi.Bool(true), // Enable private DNS
SubnetIds: pulumi.StringArray{subnet.ID()},
})Troubleshooting Common Issues
Issue 1: "InvalidSubnetID.NotFound"
Ensure subnet exists before creating resources in it:
// ✅ CORRECT: Subnet creation completes before instance
subnet, err := ec2.NewSubnet(ctx, "subnet", &ec2.SubnetArgs{/*...*/})
if err != nil {
return err
}
instance, err := ec2.NewInstance(ctx, "instance", &ec2.InstanceArgs{
SubnetId: subnet.ID(), // Implicit dependency
// ...
})Issue 2: "InvalidGroup.NotFound" with Security Groups
Security group must exist before attaching to instance:
sg, err := ec2.NewSecurityGroup(ctx, "sg", &ec2.SecurityGroupArgs{/*...*/})
if err != nil {
return err
}
instance, err := ec2.NewInstance(ctx, "instance", &ec2.InstanceArgs{
VpcSecurityGroupIds: pulumi.StringArray{sg.ID()}, // Implicit dependency
// ...
})Issue 3: NAT Gateway Creation Timeout
NAT Gateway can take 3-5 minutes to become available. Pulumi handles this automatically with retries, but be patient on first deployment.
Issue 4: Cannot Delete VPC - Dependencies Exist
VPC deletion fails if resources still exist. Delete in this order:
- Instances
- NAT Gateways
- Elastic IPs (if associated with NAT)
- Network Interfaces
- Security Groups
- Subnets
- Route Tables
- Internet Gateway
- VPC
Pulumi handles this automatically if dependencies are properly tracked.
Install with Tessl CLI
npx tessl i tessl/golang-github-com-pulumi-pulumi-aws-sdk-v7@7.16.1docs