UNPKG

@pulumi/awsx

Version:

[![Actions Status](https://github.com/pulumi/pulumi-awsx/workflows/master/badge.svg)](https://github.com/pulumi/pulumi-awsx/actions) [![Slack](http://www.pulumi.com/images/docs/badges/slack.svg)](https://slack.pulumi.com) [![NPM version](https://badge.fur

pulumi.com

pulumi/pulumi-awsx

231 lines (230 loc) • 9.19 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
import * as aws from "@pulumi/aws"; import * as pulumi from "@pulumi/pulumi"; import { SecurityGroup } from "./securityGroup"; export interface SecurityGroupRuleLocation { /** * List of CIDR blocks. Cannot be specified with `sourceSecurityGroupId`. */ cidrBlocks?: pulumi.Input<pulumi.Input<string>[]>; /** * List of IPv6 CIDR blocks. */ ipv6CidrBlocks?: pulumi.Input<pulumi.Input<string>[]>; /** * The security group id to allow access to/from, depending on the `type`. Cannot be specified * with `cidrblocks`. */ sourceSecurityGroupId?: pulumi.Input<string>; } export type SecurityGroupRuleProtocol = "-1" | "tcp" | "udp" | "icmp"; export interface SecurityGroupRulePorts { /** * The protocol. If not icmp, tcp, udp, or all use the [protocol * number](https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml) */ protocol: pulumi.Input<SecurityGroupRuleProtocol>; /** * The start port (or ICMP type number if protocol is "icmp"). */ fromPort: pulumi.Input<number>; /** * The end port (or ICMP code if protocol is "icmp"). Defaults to 'fromPort' if not specified. */ toPort?: pulumi.Input<number>; } export declare class AnyIPv4Location implements SecurityGroupRuleLocation { readonly cidrBlocks: string[]; } export declare class AnyIPv6Location implements SecurityGroupRuleLocation { readonly ipv6CidrBlocks: string[]; } export declare class TcpPorts implements SecurityGroupRulePorts { readonly fromPort: pulumi.Input<number>; readonly toPort?: pulumi.Input<number> | undefined; readonly protocol = "tcp"; constructor(fromPort: pulumi.Input<number>, toPort?: pulumi.Input<number> | undefined); } export declare class AllTcpPorts extends TcpPorts { constructor(); } export declare class UdpPorts implements SecurityGroupRulePorts { readonly fromPort: pulumi.Input<number>; readonly toPort?: pulumi.Input<number> | undefined; readonly protocol = "udp"; constructor(fromPort: pulumi.Input<number>, toPort?: pulumi.Input<number> | undefined); } export declare class AllUdpPorts extends UdpPorts { constructor(); } export declare class IcmpPorts implements SecurityGroupRulePorts { readonly fromPort: pulumi.Input<number>; readonly toPort?: pulumi.Input<number> | undefined; readonly protocol = "icmp"; constructor(fromPort: pulumi.Input<number>, toPort?: pulumi.Input<number> | undefined); } export declare class AllTraffic implements SecurityGroupRulePorts { readonly protocol = "-1"; readonly fromPort = 0; readonly toPort = 0; } export declare abstract class SecurityGroupRule extends pulumi.ComponentResource { readonly securityGroupRule: aws.ec2.SecurityGroupRule; readonly securityGroup: SecurityGroup; constructor(type: string, name: string, securityGroup: SecurityGroup, args: SecurityGroupRuleArgs, opts: pulumi.ComponentResourceOptions); static egressArgs(destination: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>): EgressSecurityGroupRuleArgs; static ingressArgs(source: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>): IngressSecurityGroupRuleArgs; private static createArgs; static egress(name: string, securityGroup: SecurityGroup, destination: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>, opts?: pulumi.ComponentResourceOptions): EgressSecurityGroupRule; static ingress(name: string, securityGroup: SecurityGroup, source: SecurityGroupRuleLocation, ports: SecurityGroupRulePorts, description?: pulumi.Input<string>, opts?: pulumi.ComponentResourceOptions): IngressSecurityGroupRule; } export declare class EgressSecurityGroupRule extends SecurityGroupRule { constructor(name: string, securityGroup: SecurityGroup, args: SimpleSecurityGroupRuleArgs | EgressSecurityGroupRuleArgs, opts?: pulumi.ComponentResourceOptions); } export declare class IngressSecurityGroupRule extends SecurityGroupRule { constructor(name: string, securityGroup: SecurityGroup, args: SimpleSecurityGroupRuleArgs | IngressSecurityGroupRuleArgs, opts?: pulumi.ComponentResourceOptions); } export interface SecurityGroupRuleArgs { /** * List of CIDR blocks. Cannot be specified with `source_security_group_id`. */ cidrBlocks?: pulumi.Input<pulumi.Input<string>[]>; /** * Description of the rule. */ description?: pulumi.Input<string>; /** * The start port (or ICMP type number if protocol is "icmp"). */ fromPort: pulumi.Input<number>; /** * List of IPv6 CIDR blocks. */ ipv6CidrBlocks?: pulumi.Input<pulumi.Input<string>[]>; /** * List of prefix list IDs (for allowing access to VPC endpoints). Only valid with `egress`. */ prefixListIds?: pulumi.Input<pulumi.Input<string>[]>; /** * The protocol. If not icmp, tcp, udp, or all use the [protocol * number](https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml) */ protocol: pulumi.Input<string>; /** * If true, the security group itself will be added as * a source to this ingress rule. */ self?: pulumi.Input<boolean>; /** * The security group id to allow access to/from, depending on the `type`. Cannot be specified * with `cidr_blocks`. */ sourceSecurityGroupId?: pulumi.Input<string>; /** * The end port (or ICMP code if protocol is "icmp"). */ toPort: pulumi.Input<number>; /** * The type of rule being created. Valid options are `ingress` (inbound) * or `egress` (outbound). */ type: pulumi.Input<"ingress" | "egress">; } export interface SimpleSecurityGroupRuleArgs { /** * The source or destination location of the rule. This allows controlling of the ipv4 or ipv6 * cidr blocks for the rule, or the source security group. * * There are easy ways to provide ingress or egress to the entirety of the ipv4 or ipv6 space by * using the AnyIPv4Location and AnyIPv6Location types. */ location: SecurityGroupRuleLocation; /** * The ports and protocol this rule allows access to/from. There are easy ways to open anything * from a single port, to a wide set of ports, to all ports and all protocols using: * * [TcpPorts], [AllTcpPorts], [UdpPorts], [AllUdpPorts], [IcmpPorts], [AllTraffic] */ ports: SecurityGroupRulePorts; /** * Optional description for the rule to make it easier to document in the AWS console. */ description?: pulumi.Input<string>; } export interface EgressSecurityGroupRuleArgs { /** * List of CIDR blocks. Cannot be specified with `source_security_group_id`. */ cidrBlocks?: pulumi.Input<pulumi.Input<string>[]>; /** * Description of the rule. */ description?: pulumi.Input<string>; /** * The start port (or ICMP type number if protocol is "icmp"). */ fromPort: pulumi.Input<number>; /** * List of IPv6 CIDR blocks. */ ipv6CidrBlocks?: pulumi.Input<pulumi.Input<string>[]>; /** * List of prefix list IDs (for allowing access to VPC endpoints). */ prefixListIds?: pulumi.Input<pulumi.Input<string>[]>; /** * The protocol. If not icmp, tcp, udp, or all use the [protocol * number](https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml) */ protocol: pulumi.Input<string>; /** * If true, the security group itself will be added as * a source to this ingress rule. */ self?: pulumi.Input<boolean>; /** * The security group id to allow access to/from, * depending on the `type`. Cannot be specified with `cidr_blocks`. */ sourceSecurityGroupId?: pulumi.Input<string>; /** * The end port (or ICMP code if protocol is "icmp"). */ toPort: pulumi.Input<number>; } export interface IngressSecurityGroupRuleArgs { /** * List of CIDR blocks. Cannot be specified with `source_security_group_id`. */ cidrBlocks?: pulumi.Input<pulumi.Input<string>[]>; /** * Description of the rule. */ description?: pulumi.Input<string>; /** * The start port (or ICMP type number if protocol is "icmp"). */ fromPort: pulumi.Input<number>; /** * List of IPv6 CIDR blocks. */ ipv6CidrBlocks?: pulumi.Input<pulumi.Input<string>[]>; /** * The protocol. If not icmp, tcp, udp, or all use the [protocol * number](https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml) */ protocol: pulumi.Input<string>; /** * If true, the security group itself will be added as * a source to this ingress rule. */ self?: pulumi.Input<boolean>; /** * The security group id to allow access to/from, * depending on the `type`. Cannot be specified with `cidr_blocks`. */ sourceSecurityGroupId?: pulumi.Input<string>; /** * The end port (or ICMP code if protocol is "icmp"). */ toPort: pulumi.Input<number>; }