@pulumi/awsx
Version:
[](https://github.com/pulumi/pulumi-awsx/actions) [](https://slack.pulumi.com) [![NPM version](https://badge.fur
1,232 lines • 179 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as enums from "../types/enums";
import * as pulumiAws from "@pulumi/aws";
export declare namespace awsx {
/**
* The set of arguments for constructing a Bucket resource.
*/
interface BucketArgs {
/**
* Sets the accelerate configuration of an existing bucket. Can be `Enabled` or `Suspended`. Cannot be used in `cn-north-1` or `us-gov-west-1`. This provider will only perform drift detection if a configuration value is provided.
* Use the resource `aws.s3.BucketAccelerateConfiguration` instead.
*
* @deprecated acceleration_status is deprecated. Use the aws.s3.BucketAccelerateConfiguration resource instead.
*/
accelerationStatus?: pulumi.Input<string>;
/**
* The [canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) to apply. Valid values are `private`, `public-read`, `public-read-write`, `aws-exec-read`, `authenticated-read`, and `log-delivery-write`. Defaults to `private`. Conflicts with `grant`. The provider will only perform drift detection if a configuration value is provided. Use the resource `aws.s3.BucketAcl` instead.
*/
acl?: pulumi.Input<string>;
/**
* Name of the bucket. If omitted, the provider will assign a random, unique name. Must be lowercase and less than or equal to 63 characters in length. A full list of bucket naming rules [may be found here](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html). The name must not be in the format `[bucket_name]--[azid]--x-s3`. Use the `aws.s3.DirectoryBucket` resource to manage S3 Express buckets.
*/
bucket?: pulumi.Input<string>;
/**
* Creates a unique bucket name beginning with the specified prefix. Conflicts with `bucket`. Must be lowercase and less than or equal to 37 characters in length. A full list of bucket naming rules [may be found here](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html).
*/
bucketPrefix?: pulumi.Input<string>;
/**
* Rule of [Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html). See CORS rule below for details. This provider will only perform drift detection if a configuration value is provided. Use the resource `aws.s3.BucketCorsConfiguration` instead.
*
* @deprecated cors_rule is deprecated. Use the aws.s3.BucketCorsConfiguration resource instead.
*/
corsRules?: pulumi.Input<pulumi.Input<pulumiAws.types.input.s3.BucketCorsRule>[]>;
/**
* Boolean that indicates all objects (including any [locked objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html)) should be deleted from the bucket *when the bucket is destroyed* so that the bucket can be destroyed without error. These objects are *not* recoverable. This only deletes objects when the bucket is destroyed, *not* when setting this parameter to `true`. Once this parameter is set to `true`, there must be a successful `pulumi up` run before a destroy is required to update this value in the resource state. Without a successful `pulumi up` after this parameter is set, this flag will have no effect. If setting this field in the same operation that would require replacing the bucket or destroying the bucket, this flag will not work. Additionally when importing a bucket, a successful `pulumi up` is required to set this value in state before it will take effect on a destroy operation.
*/
forceDestroy?: pulumi.Input<boolean>;
/**
* An [ACL policy grant](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#sample-acl). See Grant below for details. Conflicts with `acl`. The provider will only perform drift detection if a configuration value is provided. Use the resource `aws.s3.BucketAcl` instead.
*
* @deprecated grant is deprecated. Use the aws.s3.BucketAcl resource instead.
*/
grants?: pulumi.Input<pulumi.Input<pulumiAws.types.input.s3.BucketGrant>[]>;
/**
* Configuration of [object lifecycle management](http://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html). See Lifecycle Rule below for details. The provider will only perform drift detection if a configuration value is provided.
* Use the resource `aws.s3.BucketLifecycleConfiguration` instead.
*
* @deprecated lifecycle_rule is deprecated. Use the aws.s3.BucketLifecycleConfiguration resource instead.
*/
lifecycleRules?: pulumi.Input<pulumi.Input<pulumiAws.types.input.s3.BucketLifecycleRule>[]>;
/**
* Configuration of [S3 bucket logging](https://docs.aws.amazon.com/AmazonS3/latest/UG/ManagingBucketLogging.html) parameters. See Logging below for details. The provider will only perform drift detection if a configuration value is provided.
* Use the resource `aws.s3.BucketLogging` instead.
*
* @deprecated logging is deprecated. Use the aws.s3.BucketLogging resource instead.
*/
logging?: pulumi.Input<pulumiAws.types.input.s3.BucketLogging>;
/**
* Configuration of [S3 object locking](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html). See Object Lock Configuration below for details.
* The provider wil only perform drift detection if a configuration value is provided.
* Use the `object_lock_enabled` parameter and the resource `aws.s3.BucketObjectLockConfiguration` instead.
*
* @deprecated object_lock_configuration is deprecated. Use the top-level parameter object_lock_enabled and the aws.s3.BucketObjectLockConfiguration resource instead.
*/
objectLockConfiguration?: pulumi.Input<pulumiAws.types.input.s3.BucketObjectLockConfiguration>;
/**
* Indicates whether this bucket has an Object Lock configuration enabled. Valid values are `true` or `false`. This argument is not supported in all regions or partitions.
*/
objectLockEnabled?: pulumi.Input<boolean>;
/**
* Valid [bucket policy](https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html) JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing. In this case, please make sure you use the verbose/specific version of the policy. For more information about building AWS IAM policy documents with this provider, see the AWS IAM Policy Document Guide.
* The provider will only perform drift detection if a configuration value is provided.
* Use the resource `aws.s3.BucketPolicy` instead.
*/
policy?: pulumi.Input<string>;
/**
* Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
*/
region?: pulumi.Input<string>;
/**
* Configuration of [replication configuration](http://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html). See Replication Configuration below for details. The provider will only perform drift detection if a configuration value is provided.
* Use the resource `aws.s3.BucketReplicationConfig` instead.
*
* @deprecated replication_configuration is deprecated. Use the aws.s3.BucketReplicationConfig resource instead.
*/
replicationConfiguration?: pulumi.Input<pulumiAws.types.input.s3.BucketReplicationConfiguration>;
/**
* Specifies who should bear the cost of Amazon S3 data transfer.
* Can be either `BucketOwner` or `Requester`. By default, the owner of the S3 bucket would incur the costs of any data transfer.
* See [Requester Pays Buckets](http://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html) developer guide for more information.
* The provider will only perform drift detection if a configuration value is provided.
* Use the resource `aws.s3.BucketRequestPaymentConfiguration` instead.
*
* @deprecated request_payer is deprecated. Use the aws.s3.BucketRequestPaymentConfiguration resource instead.
*/
requestPayer?: pulumi.Input<string>;
/**
* Configuration of [server-side encryption configuration](http://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html). See Server Side Encryption Configuration below for details.
* The provider will only perform drift detection if a configuration value is provided.
* Use the resource `aws.s3.BucketServerSideEncryptionConfiguration` instead.
*
* @deprecated server_side_encryption_configuration is deprecated. Use the aws.s3.BucketServerSideEncryptionConfiguration resource instead.
*/
serverSideEncryptionConfiguration?: pulumi.Input<pulumiAws.types.input.s3.BucketServerSideEncryptionConfiguration>;
/**
* Map of tags to assign to the bucket. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*
* The following arguments are deprecated, and will be removed in a future major version:
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* Configuration of the [S3 bucket versioning state](https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html). See Versioning below for details. The provider will only perform drift detection if a configuration value is provided. Use the resource `aws.s3.BucketVersioning` instead.
*
* @deprecated versioning is deprecated. Use the aws.s3.BucketVersioning resource instead.
*/
versioning?: pulumi.Input<pulumiAws.types.input.s3.BucketVersioning>;
/**
* Configuration of the [S3 bucket website](https://docs.aws.amazon.com/AmazonS3/latest/userguide/WebsiteHosting.html). See Website below for details. The provider will only perform drift detection if a configuration value is provided.
* Use the resource `aws.s3.BucketWebsiteConfiguration` instead.
*
* @deprecated website is deprecated. Use the aws.s3.BucketWebsiteConfiguration resource instead.
*/
website?: pulumi.Input<pulumiAws.types.input.s3.BucketWebsite>;
}
/**
* Log group with default setup unless explicitly skipped.
*/
interface DefaultLogGroupArgs {
/**
* Arguments to use instead of the default values during creation.
*/
args?: inputs.awsx.LogGroupArgs;
/**
* Identity of an existing log group to use. Cannot be used in combination with `args` or `opts`.
*/
existing?: inputs.awsx.ExistingLogGroupArgs;
/**
* Skip creation of the log group.
*/
skip?: boolean;
}
/**
* Role and policy attachments with default setup unless explicitly skipped or an existing role ARN provided.
*/
interface DefaultRoleWithPolicyArgs {
/**
* Args to use when creating the role and policies. Can't be specified if `roleArn` is used.
*/
args?: inputs.awsx.RoleWithPolicyArgs;
/**
* ARN of existing role to use instead of creating a new role. Cannot be used in combination with `args` or `opts`.
*/
roleArn?: pulumi.Input<string>;
/**
* Skips creation of the role if set to `true`.
*/
skip?: boolean;
}
/**
* Security Group with default setup unless explicitly skipped or an existing security group id provided.
*/
interface DefaultSecurityGroupArgs {
/**
* Args to use when creating the security group. Can't be specified if `securityGroupId` is used.
*/
args?: inputs.awsx.SecurityGroupArgs;
/**
* Id of existing security group to use instead of creating a new security group. Cannot be used in combination with `args` or `opts`.
*/
securityGroupId?: pulumi.Input<string>;
/**
* Skips creation of the security group if set to `true`.
*/
skip?: boolean;
}
/**
* defaultSecurityGroupArgsProvideDefaults sets the appropriate defaults for DefaultSecurityGroupArgs
*/
function defaultSecurityGroupArgsProvideDefaults(val: DefaultSecurityGroupArgs): DefaultSecurityGroupArgs;
/**
* Reference to an existing bucket.
*/
interface ExistingBucketArgs {
/**
* Arn of the bucket. Only one of [arn] or [name] can be specified.
*/
arn?: pulumi.Input<string>;
/**
* Name of the bucket. Only one of [arn] or [name] can be specified.
*/
name?: pulumi.Input<string>;
}
/**
* Reference to an existing log group.
*/
interface ExistingLogGroupArgs {
/**
* Arn of the log group. Only one of [arn] or [name] can be specified.
*/
arn?: pulumi.Input<string>;
/**
* Name of the log group. Only one of [arn] or [name] can be specified.
*/
name?: pulumi.Input<string>;
/**
* Region of the log group. If not specified, the provider region will be used.
*/
region?: pulumi.Input<string>;
}
/**
* The set of arguments for constructing a LogGroup resource.
*/
interface LogGroupArgs {
/**
* The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group,
* AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires
* permissions for the CMK whenever the encrypted data is requested.
*/
kmsKeyId?: pulumi.Input<string>;
/**
* Specified the log class of the log group. Possible values are: `STANDARD`, `INFREQUENT_ACCESS`, or `DELIVERY`.
*/
logGroupClass?: pulumi.Input<string>;
/**
* The name of the log group. If omitted, this provider will assign a random, unique name.
*/
name?: pulumi.Input<string>;
/**
* Creates a unique name beginning with the specified prefix. Conflicts with `name`.
*/
namePrefix?: pulumi.Input<string>;
/**
* Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
*/
region?: pulumi.Input<string>;
/**
* Specifies the number of days
* you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1096, 1827, 2192, 2557, 2922, 3288, 3653, and 0.
* If you select 0, the events in the log group are always retained and never expire. If `log_group_class` is set to `DELIVERY`, this argument is ignored and `retention_in_days` is forcibly set to 2.
*/
retentionInDays?: pulumi.Input<number>;
/**
* Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time, and instead just remove the log group from the state.
*/
skipDestroy?: pulumi.Input<boolean>;
/**
* A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
}
/**
* Log group which is only created if enabled.
*/
interface OptionalLogGroupArgs {
/**
* Arguments to use instead of the default values during creation.
*/
args?: inputs.awsx.LogGroupArgs;
/**
* Enable creation of the log group.
*/
enable?: boolean;
/**
* Identity of an existing log group to use. Cannot be used in combination with `args` or `opts`.
*/
existing?: inputs.awsx.ExistingLogGroupArgs;
}
/**
* Bucket with default setup.
*/
interface RequiredBucketArgs {
/**
* Arguments to use instead of the default values during creation.
*/
args?: inputs.awsx.BucketArgs;
/**
* Identity of an existing bucket to use. Cannot be used in combination with `args`.
*/
existing?: inputs.awsx.ExistingBucketArgs;
}
/**
* The set of arguments for constructing a Role resource and Policy attachments.
*/
interface RoleWithPolicyArgs {
/**
* Description of the role.
*/
description?: pulumi.Input<string>;
/**
* Whether to force detaching any policies the role has before destroying it. Defaults to `false`.
*/
forceDetachPolicies?: pulumi.Input<boolean>;
/**
* Configuration block defining an exclusive set of IAM inline policies associated with the IAM role. See below. If no blocks are configured, Pulumi will not manage any inline policies in this resource. Configuring one empty block (i.e., `inline_policy {}`) will cause Pulumi to remove _all_ inline policies added out of band on `apply`.
*/
inlinePolicies?: pulumi.Input<pulumi.Input<pulumiAws.types.input.iam.RoleInlinePolicy>[]>;
/**
* Set of exclusive IAM managed policy ARNs to attach to the IAM role. If this attribute is not configured, Pulumi will ignore policy attachments to this resource. When configured, Pulumi will align the role's managed policy attachments with this set by attaching or detaching managed policies. Configuring an empty set (i.e., `managed_policy_arns = []`) will cause Pulumi to remove _all_ managed policy attachments.
*/
managedPolicyArns?: pulumi.Input<pulumi.Input<string>[]>;
/**
* Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.
*/
maxSessionDuration?: pulumi.Input<number>;
/**
* Friendly name of the role. If omitted, the provider will assign a random, unique name. See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information.
*/
name?: pulumi.Input<string>;
/**
* Creates a unique friendly name beginning with the specified prefix. Conflicts with `name`.
*/
namePrefix?: pulumi.Input<string>;
/**
* Path to the role. See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information.
*/
path?: pulumi.Input<string>;
/**
* ARN of the policy that is used to set the permissions boundary for the role.
*/
permissionsBoundary?: pulumi.Input<string>;
/**
* ARNs of the policies to attach to the created role.
*/
policyArns?: string[];
/**
* Key-value mapping of tags for the IAM role. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
}
/**
* The set of arguments for constructing a Security Group resource.
*/
interface SecurityGroupArgs {
/**
* Security group description. Defaults to `Managed by Pulumi`. Cannot be `""`. **NOTE**: This field maps to the AWS `GroupDescription` attribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, use `tags`.
*/
description?: pulumi.Input<string>;
/**
* Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
*/
egress?: pulumi.Input<pulumi.Input<pulumiAws.types.input.ec2.SecurityGroupEgress>[]>;
/**
* Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
*/
ingress?: pulumi.Input<pulumi.Input<pulumiAws.types.input.ec2.SecurityGroupIngress>[]>;
/**
* Name of the security group. If omitted, the provider will assign a random, unique name.
*/
name?: pulumi.Input<string>;
/**
* Creates a unique name beginning with the specified prefix. Conflicts with `name`.
*/
namePrefix?: pulumi.Input<string>;
/**
* Region where this resource will be [managed](https://docs.aws.amazon.com/general/latest/gr/rande.html#regional-endpoints). Defaults to the Region set in the provider configuration.
*/
region?: pulumi.Input<string>;
/**
* Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default `false`.
*/
revokeRulesOnDelete?: pulumi.Input<boolean>;
/**
* Map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* VPC ID. Defaults to the region's default VPC.
*/
vpcId?: pulumi.Input<string>;
}
/**
* securityGroupArgsProvideDefaults sets the appropriate defaults for SecurityGroupArgs
*/
function securityGroupArgsProvideDefaults(val: SecurityGroupArgs): SecurityGroupArgs;
}
export declare namespace cloudtrail {
}
export declare namespace ec2 {
/**
* Configuration for NAT Gateways.
*/
interface NatGatewayConfigurationArgs {
/**
* A list of EIP allocation IDs to assign to the NAT Gateways. Optional. If specified, the number of supplied values must match the chosen strategy (either one, or the number of availability zones).
*/
elasticIpAllocationIds?: pulumi.Input<string>[];
/**
* The strategy for deploying NAT Gateways.
*/
strategy: enums.ec2.NatGatewayStrategy;
}
/**
* Configuration for a VPC subnet.
*/
interface SubnetSpecArgs {
/**
* An optional list of CIDR blocks to assign to the subnet spec for each AZ. If specified, the count must match the number of AZs being used for the VPC, and must also be specified for all other subnet specs.
*/
cidrBlocks?: string[];
/**
* The netmask for the subnet's CIDR block. This is optional, the default value is inferred from the `cidrMask`, `cidrBlocks` or based on an even distribution of available space from the VPC's CIDR block after being divided evenly by availability zone.
*/
cidrMask?: number;
/**
* The subnet's name. Will be templated upon creation.
*/
name?: string;
/**
* Optional size of the subnet's CIDR block - the number of hosts. This value must be a power of 2 (e.g. 256, 512, 1024, etc.). This is optional, the default value is inferred from the `cidrMask`, `cidrBlocks` or based on an even distribution of available space from the VPC's CIDR block after being divided evenly by availability zone.
*/
size?: number;
/**
* A map of tags to assign to the resource.
*/
tags?: pulumi.Input<{
[key: string]: pulumi.Input<string>;
}>;
/**
* The type of subnet.
*/
type: enums.ec2.SubnetType;
}
/**
* Provides a VPC Endpoint resource.
*
* > **NOTE on VPC Endpoints and VPC Endpoint Associations:** The provider provides both standalone VPC Endpoint Associations for
* Route Tables - (an association between a VPC endpoint and a single `route_table_id`),
* Security Groups - (an association between a VPC endpoint and a single `security_group_id`),
* and Subnets - (an association between a VPC endpoint and a single `subnet_id`) and
* a VPC Endpoint resource with `route_table_ids` and `subnet_ids` attributes.
* Do not use the same resource ID in both a VPC Endpoint resource and a VPC Endpoint Association resource.
* Doing so will cause a conflict of associations and will overwrite the association.
*
* ## Example Usage
*
* ### Basic
*
* <!--Start PulumiCodeChooser -->
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const s3 = new aws.ec2.VpcEndpoint("s3", {
* vpcId: main.id,
* serviceName: "com.amazonaws.us-west-2.s3",
* });
* ```
* ```python
* import pulumi
* import pulumi_aws as aws
*
* s3 = aws.ec2.VpcEndpoint("s3",
* vpc_id=main["id"],
* service_name="com.amazonaws.us-west-2.s3")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Aws = Pulumi.Aws;
*
* return await Deployment.RunAsync(() =>
* {
* var s3 = new Aws.Ec2.VpcEndpoint("s3", new()
* {
* VpcId = main.Id,
* ServiceName = "com.amazonaws.us-west-2.s3",
* });
*
* });
* ```
* ```go
* package main
*
* import (
* "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ec2"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
*
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := ec2.NewVpcEndpoint(ctx, "s3", &ec2.VpcEndpointArgs{
* VpcId: pulumi.Any(main.Id),
* ServiceName: pulumi.String("com.amazonaws.us-west-2.s3"),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.aws.ec2.VpcEndpoint;
* import com.pulumi.aws.ec2.VpcEndpointArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
*
* public static void stack(Context ctx) {
* var s3 = new VpcEndpoint("s3", VpcEndpointArgs.builder()
* .vpcId(main.id())
* .serviceName("com.amazonaws.us-west-2.s3")
* .build());
*
* }
* }
* ```
* ```yaml
* resources:
* s3:
* type: aws:ec2:VpcEndpoint
* properties:
* vpcId: ${main.id}
* serviceName: com.amazonaws.us-west-2.s3
* ```
* <!--End PulumiCodeChooser -->
*
* ### Basic w/ Tags
*
* <!--Start PulumiCodeChooser -->
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const s3 = new aws.ec2.VpcEndpoint("s3", {
* vpcId: main.id,
* serviceName: "com.amazonaws.us-west-2.s3",
* tags: {
* Environment: "test",
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_aws as aws
*
* s3 = aws.ec2.VpcEndpoint("s3",
* vpc_id=main["id"],
* service_name="com.amazonaws.us-west-2.s3",
* tags={
* "Environment": "test",
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Aws = Pulumi.Aws;
*
* return await Deployment.RunAsync(() =>
* {
* var s3 = new Aws.Ec2.VpcEndpoint("s3", new()
* {
* VpcId = main.Id,
* ServiceName = "com.amazonaws.us-west-2.s3",
* Tags =
* {
* { "Environment", "test" },
* },
* });
*
* });
* ```
* ```go
* package main
*
* import (
* "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ec2"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
*
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := ec2.NewVpcEndpoint(ctx, "s3", &ec2.VpcEndpointArgs{
* VpcId: pulumi.Any(main.Id),
* ServiceName: pulumi.String("com.amazonaws.us-west-2.s3"),
* Tags: pulumi.StringMap{
* "Environment": pulumi.String("test"),
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.aws.ec2.VpcEndpoint;
* import com.pulumi.aws.ec2.VpcEndpointArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
*
* public static void stack(Context ctx) {
* var s3 = new VpcEndpoint("s3", VpcEndpointArgs.builder()
* .vpcId(main.id())
* .serviceName("com.amazonaws.us-west-2.s3")
* .tags(Map.of("Environment", "test"))
* .build());
*
* }
* }
* ```
* ```yaml
* resources:
* s3:
* type: aws:ec2:VpcEndpoint
* properties:
* vpcId: ${main.id}
* serviceName: com.amazonaws.us-west-2.s3
* tags:
* Environment: test
* ```
* <!--End PulumiCodeChooser -->
*
* ### Interface Endpoint Type
*
* <!--Start PulumiCodeChooser -->
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const ec2 = new aws.ec2.VpcEndpoint("ec2", {
* vpcId: main.id,
* serviceName: "com.amazonaws.us-west-2.ec2",
* vpcEndpointType: "Interface",
* securityGroupIds: [sg1.id],
* privateDnsEnabled: true,
* });
* ```
* ```python
* import pulumi
* import pulumi_aws as aws
*
* ec2 = aws.ec2.VpcEndpoint("ec2",
* vpc_id=main["id"],
* service_name="com.amazonaws.us-west-2.ec2",
* vpc_endpoint_type="Interface",
* security_group_ids=[sg1["id"]],
* private_dns_enabled=True)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Aws = Pulumi.Aws;
*
* return await Deployment.RunAsync(() =>
* {
* var ec2 = new Aws.Ec2.VpcEndpoint("ec2", new()
* {
* VpcId = main.Id,
* ServiceName = "com.amazonaws.us-west-2.ec2",
* VpcEndpointType = "Interface",
* SecurityGroupIds = new[]
* {
* sg1.Id,
* },
* PrivateDnsEnabled = true,
* });
*
* });
* ```
* ```go
* package main
*
* import (
* "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ec2"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
*
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := ec2.NewVpcEndpoint(ctx, "ec2", &ec2.VpcEndpointArgs{
* VpcId: pulumi.Any(main.Id),
* ServiceName: pulumi.String("com.amazonaws.us-west-2.ec2"),
* VpcEndpointType: pulumi.String("Interface"),
* SecurityGroupIds: pulumi.StringArray{
* sg1.Id,
* },
* PrivateDnsEnabled: pulumi.Bool(true),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.aws.ec2.VpcEndpoint;
* import com.pulumi.aws.ec2.VpcEndpointArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
*
* public static void stack(Context ctx) {
* var ec2 = new VpcEndpoint("ec2", VpcEndpointArgs.builder()
* .vpcId(main.id())
* .serviceName("com.amazonaws.us-west-2.ec2")
* .vpcEndpointType("Interface")
* .securityGroupIds(sg1.id())
* .privateDnsEnabled(true)
* .build());
*
* }
* }
* ```
* ```yaml
* resources:
* ec2:
* type: aws:ec2:VpcEndpoint
* properties:
* vpcId: ${main.id}
* serviceName: com.amazonaws.us-west-2.ec2
* vpcEndpointType: Interface
* securityGroupIds:
* - ${sg1.id}
* privateDnsEnabled: true
* ```
* <!--End PulumiCodeChooser -->
*
* ### Interface Endpoint Type with User-Defined IP Address
*
* <!--Start PulumiCodeChooser -->
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const ec2 = new aws.ec2.VpcEndpoint("ec2", {
* vpcId: example.id,
* serviceName: "com.amazonaws.us-west-2.ec2",
* vpcEndpointType: "Interface",
* subnetConfigurations: [
* {
* ipv4: "10.0.1.10",
* subnetId: example1.id,
* },
* {
* ipv4: "10.0.2.10",
* subnetId: example2.id,
* },
* ],
* subnetIds: [
* example1.id,
* example2.id,
* ],
* });
* ```
* ```python
* import pulumi
* import pulumi_aws as aws
*
* ec2 = aws.ec2.VpcEndpoint("ec2",
* vpc_id=example["id"],
* service_name="com.amazonaws.us-west-2.ec2",
* vpc_endpoint_type="Interface",
* subnet_configurations=[
* {
* "ipv4": "10.0.1.10",
* "subnet_id": example1["id"],
* },
* {
* "ipv4": "10.0.2.10",
* "subnet_id": example2["id"],
* },
* ],
* subnet_ids=[
* example1["id"],
* example2["id"],
* ])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Aws = Pulumi.Aws;
*
* return await Deployment.RunAsync(() =>
* {
* var ec2 = new Aws.Ec2.VpcEndpoint("ec2", new()
* {
* VpcId = example.Id,
* ServiceName = "com.amazonaws.us-west-2.ec2",
* VpcEndpointType = "Interface",
* SubnetConfigurations = new[]
* {
* new Aws.Ec2.Inputs.VpcEndpointSubnetConfigurationArgs
* {
* Ipv4 = "10.0.1.10",
* SubnetId = example1.Id,
* },
* new Aws.Ec2.Inputs.VpcEndpointSubnetConfigurationArgs
* {
* Ipv4 = "10.0.2.10",
* SubnetId = example2.Id,
* },
* },
* SubnetIds = new[]
* {
* example1.Id,
* example2.Id,
* },
* });
*
* });
* ```
* ```go
* package main
*
* import (
* "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ec2"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
*
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := ec2.NewVpcEndpoint(ctx, "ec2", &ec2.VpcEndpointArgs{
* VpcId: pulumi.Any(example.Id),
* ServiceName: pulumi.String("com.amazonaws.us-west-2.ec2"),
* VpcEndpointType: pulumi.String("Interface"),
* SubnetConfigurations: ec2.VpcEndpointSubnetConfigurationArray{
* &ec2.VpcEndpointSubnetConfigurationArgs{
* Ipv4: pulumi.String("10.0.1.10"),
* SubnetId: pulumi.Any(example1.Id),
* },
* &ec2.VpcEndpointSubnetConfigurationArgs{
* Ipv4: pulumi.String("10.0.2.10"),
* SubnetId: pulumi.Any(example2.Id),
* },
* },
* SubnetIds: pulumi.StringArray{
* example1.Id,
* example2.Id,
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.aws.ec2.VpcEndpoint;
* import com.pulumi.aws.ec2.VpcEndpointArgs;
* import com.pulumi.aws.ec2.inputs.VpcEndpointSubnetConfigurationArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
*
* public static void stack(Context ctx) {
* var ec2 = new VpcEndpoint("ec2", VpcEndpointArgs.builder()
* .vpcId(example.id())
* .serviceName("com.amazonaws.us-west-2.ec2")
* .vpcEndpointType("Interface")
* .subnetConfigurations(
* VpcEndpointSubnetConfigurationArgs.builder()
* .ipv4("10.0.1.10")
* .subnetId(example1.id())
* .build(),
* VpcEndpointSubnetConfigurationArgs.builder()
* .ipv4("10.0.2.10")
* .subnetId(example2.id())
* .build())
* .subnetIds(
* example1.id(),
* example2.id())
* .build());
*
* }
* }
* ```
* ```yaml
* resources:
* ec2:
* type: aws:ec2:VpcEndpoint
* properties:
* vpcId: ${example.id}
* serviceName: com.amazonaws.us-west-2.ec2
* vpcEndpointType: Interface
* subnetConfigurations:
* - ipv4: 10.0.1.10
* subnetId: ${example1.id}
* - ipv4: 10.0.2.10
* subnetId: ${example2.id}
* subnetIds:
* - ${example1.id}
* - ${example2.id}
* ```
* <!--End PulumiCodeChooser -->
*
* ### Gateway Load Balancer Endpoint Type
*
* <!--Start PulumiCodeChooser -->
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const current = aws.getCallerIdentity({});
* const example = new aws.ec2.VpcEndpointService("example", {
* acceptanceRequired: false,
* allowedPrincipals: [current.then(current => current.arn)],
* gatewayLoadBalancerArns: [exampleAwsLb.arn],
* });
* const exampleVpcEndpoint = new aws.ec2.VpcEndpoint("example", {
* serviceName: example.serviceName,
* subnetIds: [exampleAwsSubnet.id],
* vpcEndpointType: example.serviceType,
* vpcId: exampleAwsVpc.id,
* });
* ```
* ```python
* import pulumi
* import pulumi_aws as aws
*
* current = aws.get_caller_identity()
* example = aws.ec2.VpcEndpointService("example",
* acceptance_required=False,
* allowed_principals=[current.arn],
* gateway_load_balancer_arns=[example_aws_lb["arn"]])
* example_vpc_endpoint = aws.ec2.VpcEndpoint("example",
* service_name=example.service_name,
* subnet_ids=[example_aws_subnet["id"]],
* vpc_endpoint_type=example.service_type,
* vpc_id=example_aws_vpc["id"])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Aws = Pulumi.Aws;
*
* return await Deployment.RunAsync(() =>
* {
* var current = Aws.GetCallerIdentity.Invoke();
*
* var example = new Aws.Ec2.VpcEndpointService("example", new()
* {
* AcceptanceRequired = false,
* AllowedPrincipals = new[]
* {
* current.Apply(getCallerIdentityResult => getCallerIdentityResult.Arn),
* },
* GatewayLoadBalancerArns = new[]
* {
* exampleAwsLb.Arn,
* },
* });
*
* var exampleVpcEndpoint = new Aws.Ec2.VpcEndpoint("example", new()
* {
* ServiceName = example.ServiceName,
* SubnetIds = new[]
* {
* exampleAwsSubnet.Id,
* },
* VpcEndpointType = example.ServiceType,
* VpcId = exampleAwsVpc.Id,
* });
*
* });
* ```
* ```go
* package main
*
* import (
* "github.com/pulumi/pulumi-aws/sdk/v7/go/aws"
* "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ec2"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
*
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* current, err := aws.GetCallerIdentity(ctx, &aws.GetCallerIdentityArgs{}, nil)
* if err != nil {
* return err
* }
* example, err := ec2.NewVpcEndpointService(ctx, "example", &ec2.VpcEndpointServiceArgs{
* AcceptanceRequired: pulumi.Bool(false),
* AllowedPrincipals: pulumi.StringArray{
* pulumi.String(current.Arn),
* },
* GatewayLoadBalancerArns: pulumi.StringArray{
* exampleAwsLb.Arn,
* },
* })
* if err != nil {
* return err
* }
* _, err = ec2.NewVpcEndpoint(ctx, "example", &ec2.VpcEndpointArgs{
* ServiceName: example.ServiceName,
* SubnetIds: pulumi.StringArray{
* exampleAwsSubnet.Id,
* },
* VpcEndpointType: example.ServiceType,
* VpcId: pulumi.Any(exampleAwsVpc.Id),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.aws.AwsFunctions;
* import com.pulumi.aws.inputs.GetCallerIdentityArgs;
* import com.pulumi.aws.ec2.VpcEndpointService;
* import com.pulumi.aws.ec2.VpcEndpointServiceArgs;
* import com.pulumi.aws.ec2.VpcEndpoint;
* import com.pulumi.aws.ec2.VpcEndpointArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
*
* public static void stack(Context ctx) {
* final var current = AwsFunctions.getCallerIdentity(GetCallerIdentityArgs.builder()
* .build());
*
* var example = new VpcEndpointService("example", VpcEndpointServiceArgs.builder()
* .acceptanceRequired(false)
* .allowedPrincipals(current.arn())
* .gatewayLoadBalancerArns(exampleAwsLb.arn())
* .build());
*
* var exampleVpcEndpoint = new VpcEndpoint("exampleVpcEndpoint", VpcEndpointArgs.builder()
* .serviceName(example.serviceName())
* .subnetIds(exampleAwsSubnet.id())
* .vpcEndpointType(example.serviceType())
* .vpcId(exampleAwsVpc.id())
* .build());
*
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: aws:ec2:VpcEndpointService
* properties:
* acceptanceRequired: false
* allowedPrincipals:
* - ${current.arn}
* gatewayLoadBalancerArns:
* - ${exampleAwsLb.arn}
* exampleVpcEndpoint:
* type: aws:ec2:VpcEndpoint
* name: example
* properties:
* serviceName: ${example.serviceName}
* subnetIds:
* - ${exampleAwsSubnet.id}
* vpcEndpointType: ${example.serviceType}
* vpcId: ${exampleAwsVpc.id}
* variables:
* current:
* fn::invoke:
* function: aws:getCallerIdentity
* arguments: {}
* ```
* <!--End PulumiCodeChooser -->
*
* ### VPC Lattice Resource Configuration Endpoint Type
*
* <!--Start PulumiCodeChooser -->
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
*
* const example = new aws.ec2.VpcEndpoint("example", {
* resourceConfigurationArn: exampleAwsVpclatticeResourceConfiguration.arn,
* subnetIds: [exampleAwsSubnet.id],
* vpcEndpointType: "Resource",
* vpcId: exampleAwsVpc.id,
* });
* ```
* ```python
* import pulumi
* import pulumi_aws as aws
*
* example = aws.ec2.VpcEndpoint("example",
* resource_configuration_arn=example_aws_vpclattice_resource_configuration["arn"],
* subnet_ids=[example_aws_subnet["id"]],
* vpc_endpoint_type="Resource",
* vpc_id=example_aws_vpc["id"])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Aws = Pulumi.Aws;
*
* return await Deployment.RunAsync(() =>
* {
* var example = new Aws.Ec2.VpcEndpoint("example", new()
* {
* ResourceConfigurationArn = exampleAwsVpclatticeResourceConfiguration.Arn,
* SubnetIds = new[]
* {
* exampleAwsSubnet.Id,
* },
* VpcEndpointType = "Resource",
* VpcId = exampleAwsVpc.Id,
* });
*
* });
* ```
* ```go
* package main
*
* import (
* "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/ec2"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
*
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := ec2.NewVpcEndpoint(ctx, "example", &ec2.VpcEndpointArgs{
* ResourceConfigurationArn: pulumi.Any(exampleAwsVpclatticeResourceConfiguration.Arn),
* SubnetIds: pulumi.StringArray{
* exampleAwsSubnet.Id,
* },
* VpcEndpointType: pulumi.String("Resource"),
* VpcId: pulumi.Any(exampleAwsVpc.Id),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
*
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.aws.ec2.VpcEndpoint;
* import com.pulumi.aws.ec2.VpcEndpointArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
*
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
*
* public static void stack(Context ctx) {
* var example = new VpcEndpoint("example", VpcEndpointArgs.builder()
* .resourceConfigurationArn(exampleAwsVpclatticeResourc