Version
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
'%3e%3cpath%20d='m7.15%205.779.281.877c-.001.502.003.991.124%201.48l.116-.082.229-1.265c.723%201.422%202.78%203.325%202.53%205.008-.022.154-.082.3-.158.435.349-.014.375-.38.578-.56.187%201.005.17%201.975-.22%202.932l1.428%203.159c-.007.07-.626.285-.744.226-.087-.044-.629-1.506-.742-1.754-.103-.224-.457-1.044-.592-1.165-.592-.534-2.033-.183-2.773-.256l.488-.115.148-.109c-.68-.08-1.363-.34-1.85-.815.531.046%201.052.121%201.592.087.1-.006.378-.02.432-.114-1.338-.016-2.398-.569-3.16-1.62-1.03-1.422-1.646-3.215-2.658-4.662-.203-.289-.474-.68-.776-.847-.015-.092.076-.054.137-.049.375.034.778.157%201.148.234l1.26.462c-.404-.737-1.332-.637-1.984-.994-.759-.416-1.2-1.386-1.487-2.149-.258-.68-.536-1.495-.492-2.217.282.262.529.573.896.73.087-.102-.838-1.102-.867-1.323C-.051.673.656-.051%201.328.003c1.128.09%202.44%201.953%202.87%202.886.074.069.145-.23.149-.25.029-.154.01-.306.054-.452.67.932%201.64%201.722%202.122%202.768l.626%201.778V5.78Z'/%3e%3cpath%20d='m10.851%206.733.626-1.778c.483-1.047%201.451-1.836%202.122-2.769.045.147.025.299.054.452.005.021.075.32.149.25.43-.932%201.742-2.796%202.87-2.885.672-.054%201.38.67%201.294%201.31-.03.22-.954%201.221-.867%201.322.367-.156.614-.467.896-.729.044.722-.234%201.536-.49%202.218-.288.763-.73%201.733-1.488%202.149-.652.356-1.58.256-1.984.993l1.26-.461c.37-.077.772-.2%201.148-.234.06-.006.152-.044.136.049-.301.166-.573.557-.775.847-.794%201.135-1.347%202.488-2.049%203.68-.635%201.081-1.285%202.087-2.613%202.432.148-.768.005-1.562-.173-2.316l-.32-.092c-.219-1.088-.84-2.001-1.466-2.908l.919-1.475.229%201.265.116.082c.12-.489.125-.979.123-1.48l.283-.877v.955ZM8.017%2014.984c-.238.57-.531%201.119-.78%201.686-.089.204-.446%201.24-.518%201.295-.145.114-.622-.087-.777-.2l1.207-2.78h.868ZM12.008%2013.75c-.059.174-.949.7-1.04.617l.12-.5.92-.117Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h18v18H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
docs
reference
services
tessl/maven-com-pulumi--aws
tessl install tessl/maven-com-pulumi--aws@7.16.0Pulumi Java SDK for AWS providing strongly-typed Infrastructure-as-Code for 227 AWS service packages including compute, storage, databases, networking, security, analytics, machine learning, and more.
common-patterns.mddocs/
Common Patterns
Quick reference for the most frequently used AWS infrastructure patterns with Pulumi Java SDK.
Pattern Index
- Create S3 Bucket with Versioning
- Launch EC2 Instance with Security Group
- Deploy Lambda Function
- Create RDS Database
- Set Up VPC with Public and Private Subnets
- Configure IAM Role with Policies
- Create DynamoDB Table
- Set Up CloudWatch Alarms
- Deploy Container with ECS Fargate
- Configure Application Load Balancer
- Set Up SNS Topic with SQS Subscription
- Create API Gateway with Lambda Integration
- Configure CloudFront Distribution
- Set Up Secrets Manager
- Create Aurora Serverless Cluster
1. Create S3 Bucket with Versioning
import com.pulumi.aws.s3.*;
import com.pulumi.aws.s3.inputs.*;
import java.util.Map;
// Create bucket
var bucket = new Bucket("my-bucket", BucketArgs.builder()
.bucket("my-unique-bucket-name")
.build());
// Enable versioning
new BucketVersioningV2("bucket-versioning", BucketVersioningV2Args.builder()
.bucket(bucket.id())
.versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()
.status("Enabled")
.build())
.build());
// Enable encryption
new BucketServerSideEncryptionConfigurationV2("bucket-encryption",
BucketServerSideEncryptionConfigurationV2Args.builder()
.bucket(bucket.id())
.rules(BucketServerSideEncryptionConfigurationV2RuleArgs.builder()
.applyServerSideEncryptionByDefault(
BucketServerSideEncryptionConfigurationV2RuleApplyServerSideEncryptionByDefaultArgs.builder()
.sseAlgorithm("AES256")
.build())
.build())
.build());
// Block public access
new BucketPublicAccessBlock("bucket-public-access", BucketPublicAccessBlockArgs.builder()
.bucket(bucket.id())
.blockPublicAcls(true)
.blockPublicPolicy(true)
.ignorePublicAcls(true)
.restrictPublicBuckets(true)
.build());
// Add lifecycle policy
new BucketLifecycleConfigurationV2("bucket-lifecycle",
BucketLifecycleConfigurationV2Args.builder()
.bucket(bucket.id())
.rules(BucketLifecycleConfigurationV2RuleArgs.builder()
.id("archive-old-versions")
.status("Enabled")
.noncurrentVersionTransitions(
BucketLifecycleConfigurationV2RuleNoncurrentVersionTransitionArgs.builder()
.noncurrentDays(30)
.storageClass("GLACIER")
.build())
.build())
.build());2. Launch EC2 Instance with Security Group
import com.pulumi.aws.ec2.*;
import com.pulumi.aws.ec2.inputs.*;
import java.util.List;
import java.util.Map;
// Create security group
var securityGroup = new SecurityGroup("web-sg", SecurityGroupArgs.builder()
.description("Allow HTTP and SSH")
.ingress(
SecurityGroupIngressArgs.builder()
.protocol("tcp")
.fromPort(80)
.toPort(80)
.cidrBlocks(List.of("0.0.0.0/0"))
.build(),
SecurityGroupIngressArgs.builder()
.protocol("tcp")
.fromPort(22)
.toPort(22)
.cidrBlocks(List.of("YOUR_IP/32"))
.build()
)
.egress(SecurityGroupEgressArgs.builder()
.protocol("-1")
.fromPort(0)
.toPort(0)
.cidrBlocks(List.of("0.0.0.0/0"))
.build())
.build());
// Get latest AMI
var ami = Ec2Functions.getAmi(GetAmiArgs.builder()
.mostRecent(true)
.owners(List.of("amazon"))
.filters(List.of(GetAmiFilterArgs.builder()
.name("name")
.values(List.of("amzn2-ami-hvm-*-x86_64-gp2"))
.build()))
.build());
// Create instance
var instance = new Instance("web-server", InstanceArgs.builder()
.instanceType("t2.micro")
.ami(ami.applyValue(result -> result.id()))
.vpcSecurityGroupIds(List.of(securityGroup.id()))
.userData("""
#!/bin/bash
yum update -y
yum install -y httpd
systemctl start httpd
echo "Hello World" > /var/www/html/index.html
""")
.tags(Map.of("Name", "web-server"))
.build());3. Deploy Lambda Function
import com.pulumi.aws.iam.*;
import com.pulumi.aws.lambda.*;
import com.pulumi.asset.FileArchive;
// Create IAM role
var role = new Role("lambda-role", RoleArgs.builder()
.assumeRolePolicy("""
{
"Version": "2012-10-17",
"Statement": [{
"Action": "sts:AssumeRole",
"Principal": {"Service": "lambda.amazonaws.com"},
"Effect": "Allow"
}]
}
""")
.build());
// Attach execution policy
new RolePolicyAttachment("lambda-policy", RolePolicyAttachmentArgs.builder()
.role(role.name())
.policyArn("arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole")
.build());
// Create Lambda function
var lambda = new Function("my-function", FunctionArgs.builder()
.runtime("python3.9")
.role(role.arn())
.handler("index.handler")
.code(new FileArchive("./lambda-code"))
.environment(FunctionEnvironmentArgs.builder()
.variables(Map.of("ENV", "production"))
.build())
.timeout(30)
.memorySize(256)
.build());
// Create CloudWatch log group
import com.pulumi.aws.cloudwatch.*;
new LogGroup("lambda-logs", LogGroupArgs.builder()
.name(lambda.name().apply(name -> "/aws/lambda/" + name))
.retentionInDays(7)
.build());4. Create RDS Database
import com.pulumi.aws.rds.*;
import com.pulumi.aws.ec2.*;
import java.util.List;
// Create DB subnet group
var dbSubnetGroup = new SubnetGroup("db-subnet", SubnetGroupArgs.builder()
.subnetIds(List.of(subnet1.id(), subnet2.id()))
.tags(Map.of("Name", "db-subnet-group"))
.build());
// Create security group for RDS
var dbSecurityGroup = new SecurityGroup("db-sg", SecurityGroupArgs.builder()
.vpcId(vpc.id())
.ingress(SecurityGroupIngressArgs.builder()
.protocol("tcp")
.fromPort(3306)
.toPort(3306)
.securityGroups(List.of(appSecurityGroup.id()))
.build())
.build());
// Create RDS instance
var db = new Instance("mysql-db", InstanceArgs.builder()
.engine("mysql")
.engineVersion("8.0")
.instanceClass("db.t3.micro")
.allocatedStorage(20)
.dbName("myapp")
.username("admin")
.password(config.requireSecret("dbPassword"))
.dbSubnetGroupName(dbSubnetGroup.name())
.vpcSecurityGroupIds(List.of(dbSecurityGroup.id()))
.skipFinalSnapshot(true)
.backupRetentionPeriod(7)
.multiAz(true)
.storageEncrypted(true)
.build());5. Set Up VPC with Public and Private Subnets
import com.pulumi.aws.ec2.*;
import com.pulumi.aws.ec2.inputs.*;
import java.util.List;
// Create VPC
var vpc = new Vpc("main-vpc", VpcArgs.builder()
.cidrBlock("10.0.0.0/16")
.enableDnsHostnames(true)
.enableDnsSupport(true)
.tags(Map.of("Name", "main-vpc"))
.build());
// Create Internet Gateway
var igw = new InternetGateway("igw", InternetGatewayArgs.builder()
.vpcId(vpc.id())
.build());
// Create public subnet
var publicSubnet = new Subnet("public-subnet", SubnetArgs.builder()
.vpcId(vpc.id())
.cidrBlock("10.0.1.0/24")
.availabilityZone("us-west-2a")
.mapPublicIpOnLaunch(true)
.tags(Map.of("Name", "public-subnet"))
.build());
// Create private subnet
var privateSubnet = new Subnet("private-subnet", SubnetArgs.builder()
.vpcId(vpc.id())
.cidrBlock("10.0.2.0/24")
.availabilityZone("us-west-2a")
.tags(Map.of("Name", "private-subnet"))
.build());
// Create Elastic IP for NAT Gateway
var eip = new Eip("nat-eip", EipArgs.builder()
.vpc(true)
.build());
// Create NAT Gateway
var natGateway = new NatGateway("nat-gw", NatGatewayArgs.builder()
.subnetId(publicSubnet.id())
.allocationId(eip.id())
.build());
// Create public route table
var publicRouteTable = new RouteTable("public-rt", RouteTableArgs.builder()
.vpcId(vpc.id())
.routes(RouteTableRouteArgs.builder()
.cidrBlock("0.0.0.0/0")
.gatewayId(igw.id())
.build())
.build());
// Create private route table
var privateRouteTable = new RouteTable("private-rt", RouteTableArgs.builder()
.vpcId(vpc.id())
.routes(RouteTableRouteArgs.builder()
.cidrBlock("0.0.0.0/0")
.natGatewayId(natGateway.id())
.build())
.build());
// Associate route tables
new RouteTableAssociation("public-rta", RouteTableAssociationArgs.builder()
.subnetId(publicSubnet.id())
.routeTableId(publicRouteTable.id())
.build());
new RouteTableAssociation("private-rta", RouteTableAssociationArgs.builder()
.subnetId(privateSubnet.id())
.routeTableId(privateRouteTable.id())
.build());6. Configure IAM Role with Policies
import com.pulumi.aws.iam.*;
import com.pulumi.core.Output;
// Create IAM role
var role = new Role("app-role", RoleArgs.builder()
.assumeRolePolicy("""
{
"Version": "2012-10-17",
"Statement": [{
"Action": "sts:AssumeRole",
"Principal": {"Service": "ec2.amazonaws.com"},
"Effect": "Allow"
}]
}
""")
.build());
// Attach AWS managed policy
new RolePolicyAttachment("s3-readonly", RolePolicyAttachmentArgs.builder()
.role(role.name())
.policyArn("arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess")
.build());
// Create custom inline policy
new RolePolicy("custom-policy", RolePolicyArgs.builder()
.role(role.id())
.policy(Output.format("""
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:Query"
],
"Resource": "%s"
}]
}
""", dynamoTable.arn()))
.build());
// Create instance profile
var instanceProfile = new InstanceProfile("app-profile", InstanceProfileArgs.builder()
.role(role.name())
.build());7. Create DynamoDB Table
import com.pulumi.aws.dynamodb.*;
import com.pulumi.aws.dynamodb.inputs.*;
import java.util.List;
var table = new Table("users-table", TableArgs.builder()
.name("users")
.billingMode("PAY_PER_REQUEST") // or "PROVISIONED"
.hashKey("userId")
.rangeKey("timestamp")
.attributes(
TableAttributeArgs.builder()
.name("userId")
.type("S")
.build(),
TableAttributeArgs.builder()
.name("timestamp")
.type("N")
.build(),
TableAttributeArgs.builder()
.name("email")
.type("S")
.build()
)
.globalSecondaryIndexes(TableGlobalSecondaryIndexArgs.builder()
.name("EmailIndex")
.hashKey("email")
.projectionType("ALL")
.build())
.pointInTimeRecovery(TablePointInTimeRecoveryArgs.builder()
.enabled(true)
.build())
.serverSideEncryption(TableServerSideEncryptionArgs.builder()
.enabled(true)
.build())
.tags(Map.of("Environment", "production"))
.build());8. Set Up CloudWatch Alarms
import com.pulumi.aws.cloudwatch.*;
import com.pulumi.aws.sns.*;
// Create SNS topic for alerts
var alertTopic = new Topic("alerts", TopicArgs.builder()
.name("cloudwatch-alerts")
.build());
new TopicSubscription("alert-email", TopicSubscriptionArgs.builder()
.topic(alertTopic.arn())
.protocol("email")
.endpoint("alerts@example.com")
.build());
// Create CPU alarm
new MetricAlarm("high-cpu", MetricAlarmArgs.builder()
.comparisonOperator("GreaterThanThreshold")
.evaluationPeriods(2)
.metricName("CPUUtilization")
.namespace("AWS/EC2")
.period(300)
.statistic("Average")
.threshold(80.0)
.alarmDescription("Alert when CPU exceeds 80%")
.alarmActions(List.of(alertTopic.arn()))
.dimensions(Map.of("InstanceId", instance.id()))
.build());
// Create Lambda error alarm
new MetricAlarm("lambda-errors", MetricAlarmArgs.builder()
.comparisonOperator("GreaterThanThreshold")
.evaluationPeriods(1)
.metricName("Errors")
.namespace("AWS/Lambda")
.period(60)
.statistic("Sum")
.threshold(0.0)
.alarmDescription("Alert on Lambda errors")
.alarmActions(List.of(alertTopic.arn()))
.dimensions(Map.of("FunctionName", lambda.name()))
.build());9. Deploy Container with ECS Fargate
import com.pulumi.aws.ecs.*;
import com.pulumi.aws.ecs.inputs.*;
import com.pulumi.aws.iam.*;
import com.pulumi.aws.ec2.*;
// Create ECS cluster
var cluster = new Cluster("app-cluster", ClusterArgs.builder()
.name("my-app-cluster")
.build());
// Create task execution role
var executionRole = new Role("execution-role", RoleArgs.builder()
.assumeRolePolicy("""
{
"Version": "2012-10-17",
"Statement": [{
"Action": "sts:AssumeRole",
"Principal": {"Service": "ecs-tasks.amazonaws.com"},
"Effect": "Allow"
}]
}
""")
.build());
new RolePolicyAttachment("execution-policy", RolePolicyAttachmentArgs.builder()
.role(executionRole.name())
.policyArn("arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy")
.build());
// Create task definition
var taskDefinition = new TaskDefinition("app-task", TaskDefinitionArgs.builder()
.family("my-app")
.networkMode("awsvpc")
.requiresCompatibilities(List.of("FARGATE"))
.cpu("256")
.memory("512")
.executionRoleArn(executionRole.arn())
.containerDefinitions(Output.format("""
[{
"name": "app",
"image": "nginx:latest",
"portMappings": [{
"containerPort": 80,
"protocol": "tcp"
}],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/my-app",
"awslogs-region": "us-west-2",
"awslogs-stream-prefix": "ecs"
}
}
}]
"""))
.build());
// Create service
var service = new Service("app-service", ServiceArgs.builder()
.cluster(cluster.id())
.taskDefinition(taskDefinition.arn())
.desiredCount(2)
.launchType("FARGATE")
.networkConfiguration(ServiceNetworkConfigurationArgs.builder()
.subnets(List.of(subnet.id()))
.securityGroups(List.of(securityGroup.id()))
.assignPublicIp(true)
.build())
.build());10. Configure Application Load Balancer
import com.pulumi.aws.lb.*;
import com.pulumi.aws.lb.inputs.*;
import java.util.List;
// Create ALB
var alb = new LoadBalancer("app-alb", LoadBalancerArgs.builder()
.name("my-app-alb")
.loadBalancerType("application")
.subnets(List.of(publicSubnet1.id(), publicSubnet2.id()))
.securityGroups(List.of(albSecurityGroup.id()))
.build());
// Create target group
var targetGroup = new TargetGroup("app-tg", TargetGroupArgs.builder()
.name("my-app-tg")
.port(80)
.protocol("HTTP")
.vpcId(vpc.id())
.targetType("ip") // or "instance"
.healthCheck(TargetGroupHealthCheckArgs.builder()
.enabled(true)
.path("/health")
.interval(30)
.timeout(5)
.healthyThreshold(2)
.unhealthyThreshold(2)
.build())
.build());
// Create listener
var listener = new Listener("http-listener", ListenerArgs.builder()
.loadBalancerArn(alb.arn())
.port(80)
.protocol("HTTP")
.defaultActions(ListenerDefaultActionArgs.builder()
.type("forward")
.targetGroupArn(targetGroup.arn())
.build())
.build());
// Register targets (for instance target type)
new TargetGroupAttachment("tg-attachment", TargetGroupAttachmentArgs.builder()
.targetGroupArn(targetGroup.arn())
.targetId(instance.id())
.port(80)
.build());11. Set Up SNS Topic with SQS Subscription
import com.pulumi.aws.sns.*;
import com.pulumi.aws.sqs.*;
import com.pulumi.core.Output;
// Create SNS topic
var topic = new Topic("notifications", TopicArgs.builder()
.name("app-notifications")
.build());
// Create SQS queue
var queue = new Queue("event-queue", QueueArgs.builder()
.name("app-events")
.visibilityTimeoutSeconds(300)
.messageRetentionSeconds(86400)
.receiveWaitTimeSeconds(10)
.build());
// Create queue policy to allow SNS
new QueuePolicy("queue-policy", QueuePolicyArgs.builder()
.queueUrl(queue.id())
.policy(Output.tuple(queue.arn(), topic.arn()).apply(tuple -> {
var queueArn = tuple.t1;
var topicArn = tuple.t2;
return String.format("""
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Principal": {"Service": "sns.amazonaws.com"},
"Action": "sqs:SendMessage",
"Resource": "%s",
"Condition": {
"ArnEquals": {"aws:SourceArn": "%s"}
}
}]
}
""", queueArn, topicArn);
}))
.build());
// Subscribe queue to topic
new TopicSubscription("queue-subscription", TopicSubscriptionArgs.builder()
.topic(topic.arn())
.protocol("sqs")
.endpoint(queue.arn())
.build());12. Create API Gateway with Lambda Integration
import com.pulumi.aws.apigatewayv2.*;
import com.pulumi.aws.lambda.Permission;
import com.pulumi.aws.lambda.PermissionArgs;
// Create HTTP API
var api = new Api("http-api", ApiArgs.builder()
.name("my-api")
.protocolType("HTTP")
.corsConfiguration(ApiCorsConfigurationArgs.builder()
.allowOrigins(List.of("*"))
.allowMethods(List.of("GET", "POST", "OPTIONS"))
.allowHeaders(List.of("Content-Type", "Authorization"))
.build())
.build());
// Create Lambda integration
var integration = new Integration("lambda-integration", IntegrationArgs.builder()
.apiId(api.id())
.integrationType("AWS_PROXY")
.integrationUri(lambda.arn())
.integrationMethod("POST")
.payloadFormatVersion("2.0")
.build());
// Create routes
new Route("get-route", RouteArgs.builder()
.apiId(api.id())
.routeKey("GET /users")
.target(integration.id().apply(id -> "integrations/" + id))
.build());
// Create stage
new Stage("default-stage", StageArgs.builder()
.apiId(api.id())
.name("$default")
.autoDeploy(true)
.build());
// Grant API Gateway permission
new Permission("api-permission", PermissionArgs.builder()
.action("lambda:InvokeFunction")
.function(lambda.name())
.principal("apigateway.amazonaws.com")
.sourceArn(api.executionArn().apply(arn -> arn + "/*/*"))
.build());13. Configure CloudFront Distribution
import com.pulumi.aws.cloudfront.*;
import com.pulumi.aws.cloudfront.inputs.*;
var distribution = new Distribution("cdn", DistributionArgs.builder()
.enabled(true)
.origins(DistributionOriginArgs.builder()
.originId("s3-origin")
.domainName(bucket.bucketRegionalDomainName())
.s3OriginConfig(DistributionOriginS3OriginConfigArgs.builder()
.originAccessIdentity(oai.cloudfrontAccessIdentityPath())
.build())
.build())
.defaultCacheBehavior(DistributionDefaultCacheBehaviorArgs.builder()
.targetOriginId("s3-origin")
.viewerProtocolPolicy("redirect-to-https")
.allowedMethods(List.of("GET", "HEAD", "OPTIONS"))
.cachedMethods(List.of("GET", "HEAD"))
.forwardedValues(DistributionDefaultCacheBehaviorForwardedValuesArgs.builder()
.queryString(false)
.cookies(DistributionDefaultCacheBehaviorForwardedValuesCookiesArgs.builder()
.forward("none")
.build())
.build())
.minTtl(0)
.defaultTtl(3600)
.maxTtl(86400)
.compress(true)
.build())
.restrictions(DistributionRestrictionsArgs.builder()
.geoRestriction(DistributionRestrictionsGeoRestrictionArgs.builder()
.restrictionType("none")
.build())
.build())
.viewerCertificate(DistributionViewerCertificateArgs.builder()
.cloudfrontDefaultCertificate(true)
.build())
.build());14. Set Up Secrets Manager
import com.pulumi.aws.secretsmanager.*;
import com.pulumi.core.Output;
import com.pulumi.serialization.internal.Serializer;
// Create secret
var secret = new Secret("db-credentials", SecretArgs.builder()
.name("myapp/db/credentials")
.description("Database credentials")
.build());
// Store secret value
new SecretVersion("db-secret-version", SecretVersionArgs.builder()
.secretId(secret.id())
.secretString(Output.format("""
{
"username": "admin",
"password": "%s",
"host": "%s",
"port": 3306,
"database": "myapp"
}
""", config.requireSecret("dbPassword"), db.endpoint()))
.build());
// Enable rotation (optional)
import com.pulumi.aws.lambda.Function;
new SecretRotation("db-rotation", SecretRotationArgs.builder()
.secretId(secret.id())
.rotationLambdaArn(rotationLambda.arn())
.rotationRules(SecretRotationRotationRulesArgs.builder()
.automaticallyAfterDays(30)
.build())
.build());15. Create Aurora Serverless Cluster
import com.pulumi.aws.rds.*;
import com.pulumi.aws.rds.inputs.*;
var cluster = new Cluster("aurora-cluster", ClusterArgs.builder()
.clusterIdentifier("my-aurora-cluster")
.engine("aurora-mysql")
.engineMode("serverless")
.engineVersion("5.7.mysql_aurora.2.10.1")
.databaseName("myapp")
.masterUsername("admin")
.masterPassword(config.requireSecret("dbPassword"))
.dbSubnetGroupName(dbSubnetGroup.name())
.vpcSecurityGroupIds(List.of(dbSecurityGroup.id()))
.scalingConfiguration(ClusterScalingConfigurationArgs.builder()
.autoPause(true)
.minCapacity(1)
.maxCapacity(2)
.secondsUntilAutoPause(300)
.build())
.enableHttpEndpoint(true)
.backupRetentionPeriod(7)
.skipFinalSnapshot(true)
.storageEncrypted(true)
.build());