@pulumi/aws

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Generates a Core Network policy document in JSON format for use with resources that expect core network policy documents such as `awsccNetworkmanagerCoreNetwork`. It follows the API definition from the [core-network-policy documentation](https://docs.aws.amazon.com/vpc/latest/cloudwan/cloudwan-policies-json.html). * * Using this data source to generate policy documents is *optional*. It is also valid to use literal JSON strings in your configuration or to use the `file` interpolation function to read a raw JSON policy document from a file. * * ## Example Usage * * ### Basic Example * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const test = aws.networkmanager.getCoreNetworkPolicyDocument({ * coreNetworkConfigurations: [{ * vpnEcmpSupport: false, * asnRanges: ["64512-64555"], * edgeLocations: [ * { * location: "us-east-1", * asn: "64512", * }, * { * location: "eu-central-1", * asn: "64513", * }, * ], * }], * segments: [ * { * name: "shared", * description: "Segment for shared services", * requireAttachmentAcceptance: true, * }, * { * name: "prod", * description: "Segment for prod services", * requireAttachmentAcceptance: true, * }, * ], * segmentActions: [{ * action: "share", * mode: "attachment-route", * segment: "shared", * shareWiths: ["*"], * }], * attachmentPolicies: [ * { * ruleNumber: 100, * conditionLogic: "or", * conditions: [{ * type: "tag-value", * operator: "equals", * key: "segment", * value: "shared", * }], * action: { * associationMethod: "constant", * segment: "shared", * }, * }, * { * ruleNumber: 200, * conditionLogic: "or", * conditions: [{ * type: "tag-value", * operator: "equals", * key: "segment", * value: "prod", * }], * action: { * associationMethod: "constant", * segment: "prod", * }, * }, * ], * }); * ``` * * `data.aws_networkmanager_core_network_policy_document.test.json` will evaluate to: */ export declare function getCoreNetworkPolicyDocument(args: GetCoreNetworkPolicyDocumentArgs, opts?: pulumi.InvokeOptions): Promise<GetCoreNetworkPolicyDocumentResult>; /** * A collection of arguments for invoking getCoreNetworkPolicyDocument. */ export interface GetCoreNetworkPolicyDocumentArgs { /** * In a core network, all attachments use the block argument `attachmentPolicies` section to map an attachment to a segment. Instead of manually associating a segment to each attachment, attachments use tags, and then the tags are used to associate the attachment to the specified segment. Detailed below. */ attachmentPolicies?: inputs.networkmanager.GetCoreNetworkPolicyDocumentAttachmentPolicy[]; /** * Block argument that applies routing policies to attachments. Available in policy version `2025.11` and later. Detailed below. */ attachmentRoutingPolicyRules?: inputs.networkmanager.GetCoreNetworkPolicyDocumentAttachmentRoutingPolicyRule[]; /** * The core network configuration section defines the Regions where a core network should operate. For AWS Regions that are defined in the policy, the core network creates a Core Network Edge where you can connect attachments. After it's created, each Core Network Edge is peered with every other defined Region and is configured with consistent segment and routing across all Regions. Regions cannot be removed until the associated attachments are deleted. Detailed below. */ coreNetworkConfigurations: inputs.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfiguration[]; /** * Block argument that defines the service insertion actions you want to include. Detailed below. */ networkFunctionGroups?: inputs.networkmanager.GetCoreNetworkPolicyDocumentNetworkFunctionGroup[]; /** * Block argument that defines routing policies for controlling route propagation. Routing policies allow you to filter, modify, and control BGP routes advertised to and from your core network. Available in policy version `2025.11` and later. Detailed below. */ routingPolicies?: inputs.networkmanager.GetCoreNetworkPolicyDocumentRoutingPolicy[]; /** * A block argument, `segmentActions` define how routing works between segments. By default, attachments can only communicate with other attachments in the same segment. Detailed below. */ segmentActions?: inputs.networkmanager.GetCoreNetworkPolicyDocumentSegmentAction[]; /** * Block argument that defines the different segments in the network. Here you can provide descriptions, change defaults, and provide explicit Regional operational and route filters. The names defined for each segment are used in the `segmentActions` and `attachmentPolicies` section. Each segment is created, and operates, as a completely separated routing domain. By default, attachments can only communicate with other attachments in the same segment. Detailed below. */ segments: inputs.networkmanager.GetCoreNetworkPolicyDocumentSegment[]; /** * Version of the core network policy. Valid values: `2021.12`, `2025.11`. Default: `2021.12`. */ version?: string; } /** * A collection of values returned by getCoreNetworkPolicyDocument. */ export interface GetCoreNetworkPolicyDocumentResult { readonly attachmentPolicies?: outputs.networkmanager.GetCoreNetworkPolicyDocumentAttachmentPolicy[]; readonly attachmentRoutingPolicyRules?: outputs.networkmanager.GetCoreNetworkPolicyDocumentAttachmentRoutingPolicyRule[]; readonly coreNetworkConfigurations: outputs.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfiguration[]; /** * The provider-assigned unique ID for this managed resource. */ readonly id: string; /** * Standard JSON policy document rendered based on the arguments above. */ readonly json: string; readonly networkFunctionGroups?: outputs.networkmanager.GetCoreNetworkPolicyDocumentNetworkFunctionGroup[]; readonly routingPolicies?: outputs.networkmanager.GetCoreNetworkPolicyDocumentRoutingPolicy[]; readonly segmentActions?: outputs.networkmanager.GetCoreNetworkPolicyDocumentSegmentAction[]; readonly segments: outputs.networkmanager.GetCoreNetworkPolicyDocumentSegment[]; readonly version?: string; } /** * Generates a Core Network policy document in JSON format for use with resources that expect core network policy documents such as `awsccNetworkmanagerCoreNetwork`. It follows the API definition from the [core-network-policy documentation](https://docs.aws.amazon.com/vpc/latest/cloudwan/cloudwan-policies-json.html). * * Using this data source to generate policy documents is *optional*. It is also valid to use literal JSON strings in your configuration or to use the `file` interpolation function to read a raw JSON policy document from a file. * * ## Example Usage * * ### Basic Example * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const test = aws.networkmanager.getCoreNetworkPolicyDocument({ * coreNetworkConfigurations: [{ * vpnEcmpSupport: false, * asnRanges: ["64512-64555"], * edgeLocations: [ * { * location: "us-east-1", * asn: "64512", * }, * { * location: "eu-central-1", * asn: "64513", * }, * ], * }], * segments: [ * { * name: "shared", * description: "Segment for shared services", * requireAttachmentAcceptance: true, * }, * { * name: "prod", * description: "Segment for prod services", * requireAttachmentAcceptance: true, * }, * ], * segmentActions: [{ * action: "share", * mode: "attachment-route", * segment: "shared", * shareWiths: ["*"], * }], * attachmentPolicies: [ * { * ruleNumber: 100, * conditionLogic: "or", * conditions: [{ * type: "tag-value", * operator: "equals", * key: "segment", * value: "shared", * }], * action: { * associationMethod: "constant", * segment: "shared", * }, * }, * { * ruleNumber: 200, * conditionLogic: "or", * conditions: [{ * type: "tag-value", * operator: "equals", * key: "segment", * value: "prod", * }], * action: { * associationMethod: "constant", * segment: "prod", * }, * }, * ], * }); * ``` * * `data.aws_networkmanager_core_network_policy_document.test.json` will evaluate to: */ export declare function getCoreNetworkPolicyDocumentOutput(args: GetCoreNetworkPolicyDocumentOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<GetCoreNetworkPolicyDocumentResult>; /** * A collection of arguments for invoking getCoreNetworkPolicyDocument. */ export interface GetCoreNetworkPolicyDocumentOutputArgs { /** * In a core network, all attachments use the block argument `attachmentPolicies` section to map an attachment to a segment. Instead of manually associating a segment to each attachment, attachments use tags, and then the tags are used to associate the attachment to the specified segment. Detailed below. */ attachmentPolicies?: pulumi.Input<pulumi.Input<inputs.networkmanager.GetCoreNetworkPolicyDocumentAttachmentPolicyArgs>[]>; /** * Block argument that applies routing policies to attachments. Available in policy version `2025.11` and later. Detailed below. */ attachmentRoutingPolicyRules?: pulumi.Input<pulumi.Input<inputs.networkmanager.GetCoreNetworkPolicyDocumentAttachmentRoutingPolicyRuleArgs>[]>; /** * The core network configuration section defines the Regions where a core network should operate. For AWS Regions that are defined in the policy, the core network creates a Core Network Edge where you can connect attachments. After it's created, each Core Network Edge is peered with every other defined Region and is configured with consistent segment and routing across all Regions. Regions cannot be removed until the associated attachments are deleted. Detailed below. */ coreNetworkConfigurations: pulumi.Input<pulumi.Input<inputs.networkmanager.GetCoreNetworkPolicyDocumentCoreNetworkConfigurationArgs>[]>; /** * Block argument that defines the service insertion actions you want to include. Detailed below. */ networkFunctionGroups?: pulumi.Input<pulumi.Input<inputs.networkmanager.GetCoreNetworkPolicyDocumentNetworkFunctionGroupArgs>[]>; /** * Block argument that defines routing policies for controlling route propagation. Routing policies allow you to filter, modify, and control BGP routes advertised to and from your core network. Available in policy version `2025.11` and later. Detailed below. */ routingPolicies?: pulumi.Input<pulumi.Input<inputs.networkmanager.GetCoreNetworkPolicyDocumentRoutingPolicyArgs>[]>; /** * A block argument, `segmentActions` define how routing works between segments. By default, attachments can only communicate with other attachments in the same segment. Detailed below. */ segmentActions?: pulumi.Input<pulumi.Input<inputs.networkmanager.GetCoreNetworkPolicyDocumentSegmentActionArgs>[]>; /** * Block argument that defines the different segments in the network. Here you can provide descriptions, change defaults, and provide explicit Regional operational and route filters. The names defined for each segment are used in the `segmentActions` and `attachmentPolicies` section. Each segment is created, and operates, as a completely separated routing domain. By default, attachments can only communicate with other attachments in the same segment. Detailed below. */ segments: pulumi.Input<pulumi.Input<inputs.networkmanager.GetCoreNetworkPolicyDocumentSegmentArgs>[]>; /** * Version of the core network policy. Valid values: `2021.12`, `2025.11`. Default: `2021.12`. */ version?: pulumi.Input<string>; }