UNPKG

@pulumi/aws

Version:

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.

pulumi.io

pulumi/pulumi-aws

163 lines (162 loc) 9.11 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
import * as pulumi from "@pulumi/pulumi"; /** * Provides a MAC Security (MACSec) secret key resource for use with Direct Connect. See [MACsec prerequisites](https://docs.aws.amazon.com/directconnect/latest/UserGuide/direct-connect-mac-sec-getting-started.html#mac-sec-prerequisites) for information about MAC Security (MACsec) prerequisites. * * Creating this resource will also create a resource of type `aws.secretsmanager.Secret` which is managed by Direct Connect. While you can import this resource into your state, because this secret is managed by Direct Connect, you will not be able to make any modifications to it. See [How AWS Direct Connect uses AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_how-services-use-secrets_directconnect.html) for details. * * > **Note:** All arguments including `ckn` and `cak` will be stored in the raw state as plain-text. * **Note:** The `secretArn` argument can only be used to reference a previously created MACSec key. You cannot associate a Secrets Manager secret created outside of the `aws.directconnect.MacsecKeyAssociation` resource. * * ## Example Usage * * ### Create MACSec key with CKN and CAK * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const example = aws.directconnect.getConnection({ * name: "tf-dx-connection", * }); * const test = new aws.directconnect.MacsecKeyAssociation("test", { * connectionId: example.then(example => example.id), * ckn: "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", * cak: "abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789", * }); * ``` * * ### Create MACSec key with existing Secrets Manager secret * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const example = aws.directconnect.getConnection({ * name: "tf-dx-connection", * }); * const exampleGetSecret = aws.secretsmanager.getSecret({ * name: "directconnect!prod/us-east-1/directconnect/0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", * }); * const test = new aws.directconnect.MacsecKeyAssociation("test", { * connectionId: example.then(example => example.id), * secretArn: exampleGetSecret.then(exampleGetSecret => exampleGetSecret.arn), * }); * ``` */ export declare class MacsecKeyAssociation extends pulumi.CustomResource { /** * Get an existing MacsecKeyAssociation resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: MacsecKeyAssociationState, opts?: pulumi.CustomResourceOptions): MacsecKeyAssociation; /** * Returns true if the given object is an instance of MacsecKeyAssociation. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is MacsecKeyAssociation; /** * The MAC Security (MACsec) CAK to associate with the dedicated connection. The valid values are 64 hexadecimal characters (0-9, A-E). Required if using `ckn`. */ readonly cak: pulumi.Output<string | undefined>; /** * The MAC Security (MACsec) CKN to associate with the dedicated connection. The valid values are 64 hexadecimal characters (0-9, A-E). Required if using `cak`. */ readonly ckn: pulumi.Output<string>; /** * The ID of the dedicated Direct Connect connection. The connection must be a dedicated connection in the `AVAILABLE` state. */ readonly connectionId: pulumi.Output<string>; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ readonly region: pulumi.Output<string>; /** * The Amazon Resource Name (ARN) of the MAC Security (MACsec) secret key to associate with the dedicated connection. * * > **Note:** `ckn` and `cak` are mutually exclusive with `secretArn` - these arguments cannot be used together. If you use `ckn` and `cak`, you should not use `secretArn`. If you use the `secretArn` argument to reference an existing MAC Security (MACSec) secret key, you should not use `ckn` or `cak`. */ readonly secretArn: pulumi.Output<string>; /** * The date in UTC format that the MAC Security (MACsec) secret key takes effect. */ readonly startOn: pulumi.Output<string>; /** * The state of the MAC Security (MACsec) secret key. The possible values are: associating, associated, disassociating, disassociated. See [MacSecKey](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_MacSecKey.html#DX-Type-MacSecKey-state) for descriptions of each state. */ readonly state: pulumi.Output<string>; /** * Create a MacsecKeyAssociation resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: MacsecKeyAssociationArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering MacsecKeyAssociation resources. */ export interface MacsecKeyAssociationState { /** * The MAC Security (MACsec) CAK to associate with the dedicated connection. The valid values are 64 hexadecimal characters (0-9, A-E). Required if using `ckn`. */ cak?: pulumi.Input<string>; /** * The MAC Security (MACsec) CKN to associate with the dedicated connection. The valid values are 64 hexadecimal characters (0-9, A-E). Required if using `cak`. */ ckn?: pulumi.Input<string>; /** * The ID of the dedicated Direct Connect connection. The connection must be a dedicated connection in the `AVAILABLE` state. */ connectionId?: pulumi.Input<string>; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ region?: pulumi.Input<string>; /** * The Amazon Resource Name (ARN) of the MAC Security (MACsec) secret key to associate with the dedicated connection. * * > **Note:** `ckn` and `cak` are mutually exclusive with `secretArn` - these arguments cannot be used together. If you use `ckn` and `cak`, you should not use `secretArn`. If you use the `secretArn` argument to reference an existing MAC Security (MACSec) secret key, you should not use `ckn` or `cak`. */ secretArn?: pulumi.Input<string>; /** * The date in UTC format that the MAC Security (MACsec) secret key takes effect. */ startOn?: pulumi.Input<string>; /** * The state of the MAC Security (MACsec) secret key. The possible values are: associating, associated, disassociating, disassociated. See [MacSecKey](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_MacSecKey.html#DX-Type-MacSecKey-state) for descriptions of each state. */ state?: pulumi.Input<string>; } /** * The set of arguments for constructing a MacsecKeyAssociation resource. */ export interface MacsecKeyAssociationArgs { /** * The MAC Security (MACsec) CAK to associate with the dedicated connection. The valid values are 64 hexadecimal characters (0-9, A-E). Required if using `ckn`. */ cak?: pulumi.Input<string>; /** * The MAC Security (MACsec) CKN to associate with the dedicated connection. The valid values are 64 hexadecimal characters (0-9, A-E). Required if using `cak`. */ ckn?: pulumi.Input<string>; /** * The ID of the dedicated Direct Connect connection. The connection must be a dedicated connection in the `AVAILABLE` state. */ connectionId: pulumi.Input<string>; /** * Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration. */ region?: pulumi.Input<string>; /** * The Amazon Resource Name (ARN) of the MAC Security (MACsec) secret key to associate with the dedicated connection. * * > **Note:** `ckn` and `cak` are mutually exclusive with `secretArn` - these arguments cannot be used together. If you use `ckn` and `cak`, you should not use `secretArn`. If you use the `secretArn` argument to reference an existing MAC Security (MACSec) secret key, you should not use `ckn` or `cak`. */ secretArn?: pulumi.Input<string>; }