@pulumi/aws
Version:
A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.
484 lines (483 loc) • 19.7 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* Provides a WorkSpaces directory in AWS WorkSpaces Service.
*
* > **NOTE:** AWS WorkSpaces service requires [`workspaces_DefaultRole`](https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-access-control.html#create-default-role) IAM role to operate normally.
*
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const exampleVpc = new aws.ec2.Vpc("example", {cidrBlock: "10.0.0.0/16"});
* const exampleA = new aws.ec2.Subnet("example_a", {
* vpcId: exampleVpc.id,
* availabilityZone: "us-east-1a",
* cidrBlock: "10.0.0.0/24",
* });
* const exampleB = new aws.ec2.Subnet("example_b", {
* vpcId: exampleVpc.id,
* availabilityZone: "us-east-1b",
* cidrBlock: "10.0.1.0/24",
* });
* const exampleDirectory = new aws.directoryservice.Directory("example", {
* name: "corp.example.com",
* password: "#S1ncerely",
* size: "Small",
* vpcSettings: {
* vpcId: exampleVpc.id,
* subnetIds: [
* exampleA.id,
* exampleB.id,
* ],
* },
* });
* const workspaces = aws.iam.getPolicyDocument({
* statements: [{
* actions: ["sts:AssumeRole"],
* principals: [{
* type: "Service",
* identifiers: ["workspaces.amazonaws.com"],
* }],
* }],
* });
* const workspacesDefault = new aws.iam.Role("workspaces_default", {
* name: "workspaces_DefaultRole",
* assumeRolePolicy: workspaces.then(workspaces => workspaces.json),
* });
* const workspacesDefaultServiceAccess = new aws.iam.RolePolicyAttachment("workspaces_default_service_access", {
* role: workspacesDefault.name,
* policyArn: "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess",
* });
* const workspacesDefaultSelfServiceAccess = new aws.iam.RolePolicyAttachment("workspaces_default_self_service_access", {
* role: workspacesDefault.name,
* policyArn: "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess",
* });
* const exampleC = new aws.ec2.Subnet("example_c", {
* vpcId: exampleVpc.id,
* availabilityZone: "us-east-1c",
* cidrBlock: "10.0.2.0/24",
* });
* const exampleD = new aws.ec2.Subnet("example_d", {
* vpcId: exampleVpc.id,
* availabilityZone: "us-east-1d",
* cidrBlock: "10.0.3.0/24",
* });
* const example = new aws.workspaces.Directory("example", {
* directoryId: exampleDirectory.id,
* subnetIds: [
* exampleC.id,
* exampleD.id,
* ],
* tags: {
* Example: "true",
* },
* certificateBasedAuthProperties: {
* certificateAuthorityArn: "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012",
* status: "ENABLED",
* },
* samlProperties: {
* userAccessUrl: "https://sso.example.com/",
* status: "ENABLED",
* },
* selfServicePermissions: {
* changeComputeType: true,
* increaseVolumeSize: true,
* rebuildWorkspace: true,
* restartWorkspace: true,
* switchRunningMode: true,
* },
* workspaceAccessProperties: {
* deviceTypeAndroid: "ALLOW",
* deviceTypeChromeos: "ALLOW",
* deviceTypeIos: "ALLOW",
* deviceTypeLinux: "DENY",
* deviceTypeOsx: "ALLOW",
* deviceTypeWeb: "DENY",
* deviceTypeWindows: "DENY",
* deviceTypeZeroclient: "DENY",
* },
* workspaceCreationProperties: {
* customSecurityGroupId: exampleAwsSecurityGroup.id,
* defaultOu: "OU=AWS,DC=Workgroup,DC=Example,DC=com",
* enableInternetAccess: true,
* enableMaintenanceMode: true,
* userEnabledAsLocalAdministrator: true,
* },
* }, {
* dependsOn: [
* workspacesDefaultServiceAccess,
* workspacesDefaultSelfServiceAccess,
* ],
* });
* ```
*
* ### WorkSpaces Pools
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const example = new aws.workspaces.Directory("example", {
* subnetIds: [
* exampleC.id,
* exampleD.id,
* ],
* workspaceType: "POOLS",
* workspaceDirectoryName: "Pool directory",
* workspaceDirectoryDescription: "WorkSpaces Pools directory",
* userIdentityType: "CUSTOMER_MANAGED",
* activeDirectoryConfig: {
* domainName: "example.internal",
* serviceAccountSecretArn: exampleAwsSecretsmanagerSecret.arn,
* },
* workspaceAccessProperties: {
* deviceTypeAndroid: "ALLOW",
* deviceTypeChromeos: "ALLOW",
* deviceTypeIos: "ALLOW",
* deviceTypeLinux: "DENY",
* deviceTypeOsx: "ALLOW",
* deviceTypeWeb: "DENY",
* deviceTypeWindows: "DENY",
* deviceTypeZeroclient: "DENY",
* },
* workspaceCreationProperties: {
* customSecurityGroupId: exampleAwsSecurityGroup.id,
* defaultOu: "OU=AWS,DC=Workgroup,DC=Example,DC=com",
* enableInternetAccess: true,
* },
* samlProperties: {
* relayStateParameterName: "RelayState",
* userAccessUrl: "https://sso.example.com/",
* status: "ENABLED",
* },
* });
* ```
*
* ### IP Groups
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const exampleIpGroup = new aws.workspaces.IpGroup("example", {name: "example"});
* const example = new aws.workspaces.Directory("example", {
* directoryId: exampleAwsDirectoryServiceDirectory.id,
* ipGroupIds: [exampleIpGroup.id],
* });
* ```
*
* ## Import
*
* Using `pulumi import`, import Workspaces directory using the directory ID. For example:
*
* ```sh
* $ pulumi import aws:workspaces/directory:Directory main d-4444444444
* ```
*/
export declare class Directory extends pulumi.CustomResource {
/**
* Get an existing Directory resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DirectoryState, opts?: pulumi.CustomResourceOptions): Directory;
/**
* Returns true if the given object is an instance of Directory. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is Directory;
/**
* Configuration for Active Directory integration when `workspaceType` is set to `POOLS`. Defined below.
*/
readonly activeDirectoryConfig: pulumi.Output<outputs.workspaces.DirectoryActiveDirectoryConfig | undefined>;
/**
* The directory alias.
*/
readonly alias: pulumi.Output<string>;
/**
* Configuration of certificate-based authentication (CBA) integration. Requires SAML authentication to be enabled. Defined below.
*/
readonly certificateBasedAuthProperties: pulumi.Output<outputs.workspaces.DirectoryCertificateBasedAuthProperties>;
/**
* The user name for the service account.
*/
readonly customerUserName: pulumi.Output<string>;
/**
* The directory identifier for registration in WorkSpaces service.
*/
readonly directoryId: pulumi.Output<string>;
/**
* The name of the directory.
*/
readonly directoryName: pulumi.Output<string>;
/**
* The directory type.
*/
readonly directoryType: pulumi.Output<string>;
/**
* The IP addresses of the DNS servers for the directory.
*/
readonly dnsIpAddresses: pulumi.Output<string[]>;
/**
* The identifier of the IAM role. This is the role that allows Amazon WorkSpaces to make calls to other services, such as Amazon EC2, on your behalf.
*/
readonly iamRoleId: pulumi.Output<string>;
/**
* The identifiers of the IP access control groups associated with the directory.
*/
readonly ipGroupIds: pulumi.Output<string[]>;
/**
* Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
*/
readonly region: pulumi.Output<string>;
/**
* The registration code for the directory. This is the code that users enter in their Amazon WorkSpaces client application to connect to the directory.
*/
readonly registrationCode: pulumi.Output<string>;
/**
* Configuration of SAML authentication integration. Defined below.
*/
readonly samlProperties: pulumi.Output<outputs.workspaces.DirectorySamlProperties>;
/**
* Permissions to enable or disable self-service capabilities when `workspaceType` is set to `PERSONAL`.. Defined below.
*/
readonly selfServicePermissions: pulumi.Output<outputs.workspaces.DirectorySelfServicePermissions>;
/**
* The identifiers of the subnets where the directory resides.
*/
readonly subnetIds: pulumi.Output<string[]>;
/**
* A map of tags assigned to the WorkSpaces directory. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*/
readonly tags: pulumi.Output<{
[key: string]: string;
} | undefined>;
/**
* A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
*/
readonly tagsAll: pulumi.Output<{
[key: string]: string;
}>;
/**
* Specifies the user identity type for the WorkSpaces directory. Valid values are `CUSTOMER_MANAGED`, `AWS_DIRECTORY_SERVICE`, `AWS_IAM_IDENTITY_CENTER`.
*
* > **Note:** When `workspaceType` is set to `POOLS`, the `directoryId` is automatically generated and cannot be manually set.
*/
readonly userIdentityType: pulumi.Output<string>;
/**
* Specifies which devices and operating systems users can use to access their WorkSpaces. Defined below.
*/
readonly workspaceAccessProperties: pulumi.Output<outputs.workspaces.DirectoryWorkspaceAccessProperties>;
/**
* Default properties that are used for creating WorkSpaces. Defined below.
*/
readonly workspaceCreationProperties: pulumi.Output<outputs.workspaces.DirectoryWorkspaceCreationProperties>;
/**
* The description of the WorkSpaces directory when `workspaceType` is set to `POOLS`.
*/
readonly workspaceDirectoryDescription: pulumi.Output<string | undefined>;
/**
* The name of the WorkSpaces directory when `workspaceType` is set to `POOLS`.
*/
readonly workspaceDirectoryName: pulumi.Output<string | undefined>;
/**
* The identifier of the security group that is assigned to new WorkSpaces.
*/
readonly workspaceSecurityGroupId: pulumi.Output<string>;
/**
* Specifies the type of WorkSpaces directory. Valid values are `PERSONAL` and `POOLS`. Default is `PERSONAL`.
*/
readonly workspaceType: pulumi.Output<string | undefined>;
/**
* Create a Directory resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args?: DirectoryArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering Directory resources.
*/
export interface DirectoryState {
/**
* Configuration for Active Directory integration when `workspaceType` is set to `POOLS`. Defined below.
*/
activeDirectoryConfig?: pulumi.Input<inputs.workspaces.DirectoryActiveDirectoryConfig>;
/**
* The directory alias.
*/
alias?: pulumi.Input<string>;
/**
* Configuration of certificate-based authentication (CBA) integration. Requires SAML authentication to be enabled. Defined below.
*/
certificateBasedAuthProperties?: pulumi.Input<inputs.workspaces.DirectoryCertificateBasedAuthProperties>;
/**
* The user name for the service account.
*/
customerUserName?: pulumi.Input<string>;
/**
* The directory identifier for registration in WorkSpaces service.
*/
directoryId?: pulumi.Input<string>;
/**
* The name of the directory.
*/
directoryName?: pulumi.Input<string>;
/**
* The directory type.
*/
directoryType?: pulumi.Input<string>;
/**
* The IP addresses of the DNS servers for the directory.
*/
dnsIpAddresses?: pulumi.Input<pulumi.Input<string>[]>;
/**
* The identifier of the IAM role. This is the role that allows Amazon WorkSpaces to make calls to other services, such as Amazon EC2, on your behalf.
*/
iamRoleId?: pulumi.Input<string>;
/**
* The identifiers of the IP access control groups associated with the directory.
*/
ipGroupIds?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
*/
region?: pulumi.Input<string>;
/**
* The registration code for the directory. This is the code that users enter in their Amazon WorkSpaces client application to connect to the directory.
*/
registrationCode?: pulumi.Input<string>;
/**
* Configuration of SAML authentication integration. Defined below.
*/
samlProperties?: pulumi.Input<inputs.workspaces.DirectorySamlProperties>;
/**
* Permissions to enable or disable self-service capabilities when `workspaceType` is set to `PERSONAL`.. Defined below.
*/
selfServicePermissions?: pulumi.Input<inputs.workspaces.DirectorySelfServicePermissions>;
/**
* The identifiers of the subnets where the directory resides.
*/
subnetIds?: pulumi.Input<pulumi.Input<string>[]>;
/**
* A map of tags assigned to the WorkSpaces directory. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
*/
tagsAll?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Specifies the user identity type for the WorkSpaces directory. Valid values are `CUSTOMER_MANAGED`, `AWS_DIRECTORY_SERVICE`, `AWS_IAM_IDENTITY_CENTER`.
*
* > **Note:** When `workspaceType` is set to `POOLS`, the `directoryId` is automatically generated and cannot be manually set.
*/
userIdentityType?: pulumi.Input<string>;
/**
* Specifies which devices and operating systems users can use to access their WorkSpaces. Defined below.
*/
workspaceAccessProperties?: pulumi.Input<inputs.workspaces.DirectoryWorkspaceAccessProperties>;
/**
* Default properties that are used for creating WorkSpaces. Defined below.
*/
workspaceCreationProperties?: pulumi.Input<inputs.workspaces.DirectoryWorkspaceCreationProperties>;
/**
* The description of the WorkSpaces directory when `workspaceType` is set to `POOLS`.
*/
workspaceDirectoryDescription?: pulumi.Input<string>;
/**
* The name of the WorkSpaces directory when `workspaceType` is set to `POOLS`.
*/
workspaceDirectoryName?: pulumi.Input<string>;
/**
* The identifier of the security group that is assigned to new WorkSpaces.
*/
workspaceSecurityGroupId?: pulumi.Input<string>;
/**
* Specifies the type of WorkSpaces directory. Valid values are `PERSONAL` and `POOLS`. Default is `PERSONAL`.
*/
workspaceType?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a Directory resource.
*/
export interface DirectoryArgs {
/**
* Configuration for Active Directory integration when `workspaceType` is set to `POOLS`. Defined below.
*/
activeDirectoryConfig?: pulumi.Input<inputs.workspaces.DirectoryActiveDirectoryConfig>;
/**
* Configuration of certificate-based authentication (CBA) integration. Requires SAML authentication to be enabled. Defined below.
*/
certificateBasedAuthProperties?: pulumi.Input<inputs.workspaces.DirectoryCertificateBasedAuthProperties>;
/**
* The directory identifier for registration in WorkSpaces service.
*/
directoryId?: pulumi.Input<string>;
/**
* The identifiers of the IP access control groups associated with the directory.
*/
ipGroupIds?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
*/
region?: pulumi.Input<string>;
/**
* Configuration of SAML authentication integration. Defined below.
*/
samlProperties?: pulumi.Input<inputs.workspaces.DirectorySamlProperties>;
/**
* Permissions to enable or disable self-service capabilities when `workspaceType` is set to `PERSONAL`.. Defined below.
*/
selfServicePermissions?: pulumi.Input<inputs.workspaces.DirectorySelfServicePermissions>;
/**
* The identifiers of the subnets where the directory resides.
*/
subnetIds?: pulumi.Input<pulumi.Input<string>[]>;
/**
* A map of tags assigned to the WorkSpaces directory. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Specifies the user identity type for the WorkSpaces directory. Valid values are `CUSTOMER_MANAGED`, `AWS_DIRECTORY_SERVICE`, `AWS_IAM_IDENTITY_CENTER`.
*
* > **Note:** When `workspaceType` is set to `POOLS`, the `directoryId` is automatically generated and cannot be manually set.
*/
userIdentityType?: pulumi.Input<string>;
/**
* Specifies which devices and operating systems users can use to access their WorkSpaces. Defined below.
*/
workspaceAccessProperties?: pulumi.Input<inputs.workspaces.DirectoryWorkspaceAccessProperties>;
/**
* Default properties that are used for creating WorkSpaces. Defined below.
*/
workspaceCreationProperties?: pulumi.Input<inputs.workspaces.DirectoryWorkspaceCreationProperties>;
/**
* The description of the WorkSpaces directory when `workspaceType` is set to `POOLS`.
*/
workspaceDirectoryDescription?: pulumi.Input<string>;
/**
* The name of the WorkSpaces directory when `workspaceType` is set to `POOLS`.
*/
workspaceDirectoryName?: pulumi.Input<string>;
/**
* Specifies the type of WorkSpaces directory. Valid values are `PERSONAL` and `POOLS`. Default is `PERSONAL`.
*/
workspaceType?: pulumi.Input<string>;
}