@pulumi/aws
Version:
A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.
557 lines (556 loc) • 23.4 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* Manages a Network Manager Core Network.
*
* Use this resource to create and manage a core network within a global network.
*
* ## Example Usage
*
* ### Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const example = new aws.networkmanager.CoreNetwork("example", {globalNetworkId: exampleAwsNetworkmanagerGlobalNetwork.id});
* ```
*
* ### With description
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const example = new aws.networkmanager.CoreNetwork("example", {
* globalNetworkId: exampleAwsNetworkmanagerGlobalNetwork.id,
* description: "example",
* });
* ```
*
* ### With tags
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const example = new aws.networkmanager.CoreNetwork("example", {
* globalNetworkId: exampleAwsNetworkmanagerGlobalNetwork.id,
* tags: {
* hello: "world",
* },
* });
* ```
*
* ### With VPC Attachment (Single Region)
*
* The example below illustrates the scenario where your policy document has static routes pointing to VPC attachments and you want to attach your VPCs to the core network before applying the desired policy document. Set the `createBasePolicy` argument to `true` if your core network does not currently have any `LIVE` policies (e.g. this is the first `pulumi up` with the core network resource), since a `LIVE` policy is required before VPCs can be attached to the core network. Otherwise, if your core network already has a `LIVE` policy, you may exclude the `createBasePolicy` argument. There are 2 options to implement this:
*
* - Option 1: Use the `basePolicyDocument` argument that allows the most customizations to a base policy. Use this to customize the `edgeLocations` `asn`. In the example below, `us-west-2` and ASN `65500` are used in the base policy.
* - Option 2: Use the `createBasePolicy` argument only. This creates a base policy in the region specified in the `provider` block.
*
* ### Option 1 - using basePolicyDocument
*
* If you require a custom ASN for the edge location, please use the `basePolicyDocument` argument to pass a specific ASN. For example:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const exampleGlobalNetwork = new aws.networkmanager.GlobalNetwork("example", {});
* const base = aws.networkmanager.getCoreNetworkPolicyDocument({
* coreNetworkConfigurations: [{
* asnRanges: ["65022-65534"],
* edgeLocations: [{
* location: "us-west-2",
* asn: "65500",
* }],
* }],
* segments: [{
* name: "segment",
* }],
* });
* const exampleCoreNetwork = new aws.networkmanager.CoreNetwork("example", {
* globalNetworkId: exampleGlobalNetwork.id,
* basePolicyDocument: base.then(base => base.json),
* createBasePolicy: true,
* });
* const exampleVpcAttachment = new aws.networkmanager.VpcAttachment("example", {
* coreNetworkId: exampleCoreNetwork.id,
* subnetArns: exampleAwsSubnet.map(__item => __item.arn),
* vpcArn: exampleAwsVpc.arn,
* });
* const example = aws.networkmanager.getCoreNetworkPolicyDocumentOutput({
* coreNetworkConfigurations: [{
* asnRanges: ["65022-65534"],
* edgeLocations: [{
* location: "us-west-2",
* asn: "65500",
* }],
* }],
* segments: [{
* name: "segment",
* }],
* segmentActions: [{
* action: "create-route",
* segment: "segment",
* destinationCidrBlocks: ["0.0.0.0/0"],
* destinations: [exampleVpcAttachment.id],
* }],
* });
* const exampleCoreNetworkPolicyAttachment = new aws.networkmanager.CoreNetworkPolicyAttachment("example", {
* coreNetworkId: exampleCoreNetwork.id,
* policyDocument: example.apply(example => example.json),
* });
* ```
*
* ### Option 2 - createBasePolicy only
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const exampleGlobalNetwork = new aws.networkmanager.GlobalNetwork("example", {});
* const exampleCoreNetwork = new aws.networkmanager.CoreNetwork("example", {
* globalNetworkId: exampleGlobalNetwork.id,
* createBasePolicy: true,
* });
* const exampleVpcAttachment = new aws.networkmanager.VpcAttachment("example", {
* coreNetworkId: exampleCoreNetwork.id,
* subnetArns: exampleAwsSubnet.map(__item => __item.arn),
* vpcArn: exampleAwsVpc.arn,
* });
* const example = aws.networkmanager.getCoreNetworkPolicyDocumentOutput({
* coreNetworkConfigurations: [{
* asnRanges: ["65022-65534"],
* edgeLocations: [{
* location: "us-west-2",
* }],
* }],
* segments: [{
* name: "segment",
* }],
* segmentActions: [{
* action: "create-route",
* segment: "segment",
* destinationCidrBlocks: ["0.0.0.0/0"],
* destinations: [exampleVpcAttachment.id],
* }],
* });
* const exampleCoreNetworkPolicyAttachment = new aws.networkmanager.CoreNetworkPolicyAttachment("example", {
* coreNetworkId: exampleCoreNetwork.id,
* policyDocument: example.apply(example => example.json),
* });
* ```
*
* ### With VPC Attachment (Multi-Region)
*
* The example below illustrates the scenario where your policy document has static routes pointing to VPC attachments and you want to attach your VPCs to the core network before applying the desired policy document. Set the `createBasePolicy` argument of the `aws.networkmanager.CoreNetwork` resource to `true` if your core network does not currently have any `LIVE` policies (e.g. this is the first `pulumi up` with the core network resource), since a `LIVE` policy is required before VPCs can be attached to the core network. Otherwise, if your core network already has a `LIVE` policy, you may exclude the `createBasePolicy` argument. For multi-region in a core network that does not yet have a `LIVE` policy, there are 2 options:
*
* - Option 1: Use the `basePolicyDocument` argument that allows the most customizations to a base policy. Use this to customize the `edgeLocations` `asn`. In the example below, `us-west-2`, `us-east-1` and specific ASNs are used in the base policy.
* - Option 2: Pass a list of regions to the `aws.networkmanager.CoreNetwork` `basePolicyRegions` argument. In the example below, `us-west-2` and `us-east-1` are specified in the base policy.
*
* ### Option 1 - using basePolicyDocument
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const exampleGlobalNetwork = new aws.networkmanager.GlobalNetwork("example", {});
* const base = aws.networkmanager.getCoreNetworkPolicyDocument({
* coreNetworkConfigurations: [{
* asnRanges: ["65022-65534"],
* edgeLocations: [
* {
* location: "us-west-2",
* asn: "65500",
* },
* {
* location: "us-east-1",
* asn: "65501",
* },
* ],
* }],
* segments: [{
* name: "segment",
* }],
* });
* const exampleCoreNetwork = new aws.networkmanager.CoreNetwork("example", {
* globalNetworkId: exampleGlobalNetwork.id,
* basePolicyDocument: base.then(base => base.json),
* createBasePolicy: true,
* });
* const exampleUsWest2 = new aws.networkmanager.VpcAttachment("example_us_west_2", {
* coreNetworkId: exampleCoreNetwork.id,
* subnetArns: exampleUsWest2AwsSubnet.map(__item => __item.arn),
* vpcArn: exampleUsWest2AwsVpc.arn,
* });
* const exampleUsEast1 = new aws.networkmanager.VpcAttachment("example_us_east_1", {
* coreNetworkId: exampleCoreNetwork.id,
* subnetArns: exampleUsEast1AwsSubnet.map(__item => __item.arn),
* vpcArn: exampleUsEast1AwsVpc.arn,
* });
* const example = aws.networkmanager.getCoreNetworkPolicyDocumentOutput({
* coreNetworkConfigurations: [{
* asnRanges: ["65022-65534"],
* edgeLocations: [
* {
* location: "us-west-2",
* asn: "65500",
* },
* {
* location: "us-east-1",
* asn: "65501",
* },
* ],
* }],
* segments: [
* {
* name: "segment",
* },
* {
* name: "segment2",
* },
* ],
* segmentActions: [
* {
* action: "create-route",
* segment: "segment",
* destinationCidrBlocks: ["10.0.0.0/16"],
* destinations: [exampleUsWest2.id],
* },
* {
* action: "create-route",
* segment: "segment",
* destinationCidrBlocks: ["10.1.0.0/16"],
* destinations: [exampleUsEast1.id],
* },
* ],
* });
* const exampleCoreNetworkPolicyAttachment = new aws.networkmanager.CoreNetworkPolicyAttachment("example", {
* coreNetworkId: exampleCoreNetwork.id,
* policyDocument: example.apply(example => example.json),
* });
* ```
*
* ### Option 2 - using basePolicyRegions
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const exampleGlobalNetwork = new aws.networkmanager.GlobalNetwork("example", {});
* const exampleCoreNetwork = new aws.networkmanager.CoreNetwork("example", {
* globalNetworkId: exampleGlobalNetwork.id,
* basePolicyRegions: [
* "us-west-2",
* "us-east-1",
* ],
* createBasePolicy: true,
* });
* const exampleUsWest2 = new aws.networkmanager.VpcAttachment("example_us_west_2", {
* coreNetworkId: exampleCoreNetwork.id,
* subnetArns: exampleUsWest2AwsSubnet.map(__item => __item.arn),
* vpcArn: exampleUsWest2AwsVpc.arn,
* });
* const exampleUsEast1 = new aws.networkmanager.VpcAttachment("example_us_east_1", {
* coreNetworkId: exampleCoreNetwork.id,
* subnetArns: exampleUsEast1AwsSubnet.map(__item => __item.arn),
* vpcArn: exampleUsEast1AwsVpc.arn,
* });
* const example = aws.networkmanager.getCoreNetworkPolicyDocumentOutput({
* coreNetworkConfigurations: [{
* asnRanges: ["65022-65534"],
* edgeLocations: [
* {
* location: "us-west-2",
* },
* {
* location: "us-east-1",
* },
* ],
* }],
* segments: [
* {
* name: "segment",
* },
* {
* name: "segment2",
* },
* ],
* segmentActions: [
* {
* action: "create-route",
* segment: "segment",
* destinationCidrBlocks: ["10.0.0.0/16"],
* destinations: [exampleUsWest2.id],
* },
* {
* action: "create-route",
* segment: "segment",
* destinationCidrBlocks: ["10.1.0.0/16"],
* destinations: [exampleUsEast1.id],
* },
* ],
* });
* const exampleCoreNetworkPolicyAttachment = new aws.networkmanager.CoreNetworkPolicyAttachment("example", {
* coreNetworkId: exampleCoreNetwork.id,
* policyDocument: example.apply(example => example.json),
* });
* ```
*
* ## Import
*
* Using `pulumi import`, import `aws_networkmanager_core_network` using the core network ID. For example:
*
* ```sh
* $ pulumi import aws:networkmanager/coreNetwork:CoreNetwork example core-network-0d47f6t230mz46dy4
* ```
*/
export declare class CoreNetwork extends pulumi.CustomResource {
/**
* Get an existing CoreNetwork resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: CoreNetworkState, opts?: pulumi.CustomResourceOptions): CoreNetwork;
/**
* Returns true if the given object is an instance of CoreNetwork. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is CoreNetwork;
/**
* Core Network ARN.
*/
readonly arn: pulumi.Output<string>;
/**
* Sets the base policy document for the core network. Refer to the [Core network policies documentation](https://docs.aws.amazon.com/network-manager/latest/cloudwan/cloudwan-policy-change-sets.html) for more information.
*/
readonly basePolicyDocument: pulumi.Output<string | undefined>;
/**
* List of regions to add to the base policy. The base policy created by setting the `createBasePolicy` argument to `true` requires one or more regions to be set in the `edge-locations`, `location` key. If `basePolicyRegions` is not specified, the region used in the base policy defaults to the region specified in the `provider` block.
*/
readonly basePolicyRegions: pulumi.Output<string[] | undefined>;
/**
* Whether to create a base policy when a core network is created or updated. A base policy is created and set to `LIVE` to allow attachments to the core network (e.g. VPC Attachments) before applying a policy document provided using the `aws.networkmanager.CoreNetworkPolicyAttachment` resource. This base policy is needed if your core network does not have any `LIVE` policies and your policy document has static routes pointing to VPC attachments and you want to attach your VPCs to the core network before applying the desired policy document. Valid values are `true` or `false`. An example of this Pulumi snippet can be found above for VPC Attachment in a single region and for VPC Attachment multi-region. An example base policy is shown below. This base policy is overridden with the policy that you specify in the `aws.networkmanager.CoreNetworkPolicyAttachment` resource.
*
* ```json
* {
* "version": "2021.12",
* "core-network-configuration": {
* "asn-ranges": [
* "64512-65534"
* ],
* "vpn-ecmp-support": false,
* "edge-locations": [
* {
* "location": "us-east-1"
* }
* ]
* },
* "segments": [
* {
* "name": "segment",
* "description": "base-policy",
* "isolate-attachments": false,
* "require-attachment-acceptance": false
* }
* ]
* }
* ```
*/
readonly createBasePolicy: pulumi.Output<boolean | undefined>;
/**
* Timestamp when a core network was created.
*/
readonly createdAt: pulumi.Output<string>;
/**
* Description of the Core Network.
*/
readonly description: pulumi.Output<string | undefined>;
/**
* One or more blocks detailing the edges within a core network. Detailed below.
*/
readonly edges: pulumi.Output<outputs.networkmanager.CoreNetworkEdge[]>;
/**
* ID of the global network that a core network will be a part of.
*
* The following arguments are optional:
*/
readonly globalNetworkId: pulumi.Output<string>;
/**
* One or more blocks detailing the segments within a core network. Detailed below.
*/
readonly segments: pulumi.Output<outputs.networkmanager.CoreNetworkSegment[]>;
/**
* Current state of a core network.
*/
readonly state: pulumi.Output<string>;
/**
* Key-value tags for the Core Network. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*/
readonly tags: pulumi.Output<{
[key: string]: string;
} | undefined>;
/**
* Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
*/
readonly tagsAll: pulumi.Output<{
[key: string]: string;
}>;
/**
* Create a CoreNetwork resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: CoreNetworkArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering CoreNetwork resources.
*/
export interface CoreNetworkState {
/**
* Core Network ARN.
*/
arn?: pulumi.Input<string>;
/**
* Sets the base policy document for the core network. Refer to the [Core network policies documentation](https://docs.aws.amazon.com/network-manager/latest/cloudwan/cloudwan-policy-change-sets.html) for more information.
*/
basePolicyDocument?: pulumi.Input<string>;
/**
* List of regions to add to the base policy. The base policy created by setting the `createBasePolicy` argument to `true` requires one or more regions to be set in the `edge-locations`, `location` key. If `basePolicyRegions` is not specified, the region used in the base policy defaults to the region specified in the `provider` block.
*/
basePolicyRegions?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Whether to create a base policy when a core network is created or updated. A base policy is created and set to `LIVE` to allow attachments to the core network (e.g. VPC Attachments) before applying a policy document provided using the `aws.networkmanager.CoreNetworkPolicyAttachment` resource. This base policy is needed if your core network does not have any `LIVE` policies and your policy document has static routes pointing to VPC attachments and you want to attach your VPCs to the core network before applying the desired policy document. Valid values are `true` or `false`. An example of this Pulumi snippet can be found above for VPC Attachment in a single region and for VPC Attachment multi-region. An example base policy is shown below. This base policy is overridden with the policy that you specify in the `aws.networkmanager.CoreNetworkPolicyAttachment` resource.
*
* ```json
* {
* "version": "2021.12",
* "core-network-configuration": {
* "asn-ranges": [
* "64512-65534"
* ],
* "vpn-ecmp-support": false,
* "edge-locations": [
* {
* "location": "us-east-1"
* }
* ]
* },
* "segments": [
* {
* "name": "segment",
* "description": "base-policy",
* "isolate-attachments": false,
* "require-attachment-acceptance": false
* }
* ]
* }
* ```
*/
createBasePolicy?: pulumi.Input<boolean>;
/**
* Timestamp when a core network was created.
*/
createdAt?: pulumi.Input<string>;
/**
* Description of the Core Network.
*/
description?: pulumi.Input<string>;
/**
* One or more blocks detailing the edges within a core network. Detailed below.
*/
edges?: pulumi.Input<pulumi.Input<inputs.networkmanager.CoreNetworkEdge>[]>;
/**
* ID of the global network that a core network will be a part of.
*
* The following arguments are optional:
*/
globalNetworkId?: pulumi.Input<string>;
/**
* One or more blocks detailing the segments within a core network. Detailed below.
*/
segments?: pulumi.Input<pulumi.Input<inputs.networkmanager.CoreNetworkSegment>[]>;
/**
* Current state of a core network.
*/
state?: pulumi.Input<string>;
/**
* Key-value tags for the Core Network. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
*/
tagsAll?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
}
/**
* The set of arguments for constructing a CoreNetwork resource.
*/
export interface CoreNetworkArgs {
/**
* Sets the base policy document for the core network. Refer to the [Core network policies documentation](https://docs.aws.amazon.com/network-manager/latest/cloudwan/cloudwan-policy-change-sets.html) for more information.
*/
basePolicyDocument?: pulumi.Input<string>;
/**
* List of regions to add to the base policy. The base policy created by setting the `createBasePolicy` argument to `true` requires one or more regions to be set in the `edge-locations`, `location` key. If `basePolicyRegions` is not specified, the region used in the base policy defaults to the region specified in the `provider` block.
*/
basePolicyRegions?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Whether to create a base policy when a core network is created or updated. A base policy is created and set to `LIVE` to allow attachments to the core network (e.g. VPC Attachments) before applying a policy document provided using the `aws.networkmanager.CoreNetworkPolicyAttachment` resource. This base policy is needed if your core network does not have any `LIVE` policies and your policy document has static routes pointing to VPC attachments and you want to attach your VPCs to the core network before applying the desired policy document. Valid values are `true` or `false`. An example of this Pulumi snippet can be found above for VPC Attachment in a single region and for VPC Attachment multi-region. An example base policy is shown below. This base policy is overridden with the policy that you specify in the `aws.networkmanager.CoreNetworkPolicyAttachment` resource.
*
* ```json
* {
* "version": "2021.12",
* "core-network-configuration": {
* "asn-ranges": [
* "64512-65534"
* ],
* "vpn-ecmp-support": false,
* "edge-locations": [
* {
* "location": "us-east-1"
* }
* ]
* },
* "segments": [
* {
* "name": "segment",
* "description": "base-policy",
* "isolate-attachments": false,
* "require-attachment-acceptance": false
* }
* ]
* }
* ```
*/
createBasePolicy?: pulumi.Input<boolean>;
/**
* Description of the Core Network.
*/
description?: pulumi.Input<string>;
/**
* ID of the global network that a core network will be a part of.
*
* The following arguments are optional:
*/
globalNetworkId: pulumi.Input<string>;
/**
* Key-value tags for the Core Network. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
}